last executing test programs:

12m36.658645487s ago: executing program 0 (id=493):
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f0000005b574e69622bf85eda07b3"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGUCODE(r1, 0xc018480d, &(0x7f00000011c0)={0x3, 0x100, 0x10000, 0x5, 0x590f, 0x2})

12m33.918053071s ago: executing program 0 (id=514):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0xb0, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_DEFAULT_TYPES={0x14, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "66ed63743e"}, @NL80211_ATTR_KEY={0x48, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "84c1482405"}, @NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_SEQ={0xd, 0x4, "1e3fdce5b397ffaadb"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "106e0b480d"}, @NL80211_KEY_MODE={0x5, 0x9, 0x1}, @NL80211_KEY_MODE={0x5, 0x9, 0x1}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_KEY_SEQ={0x14, 0xa, "73cc0dde16f08a5416c3394ce3e17810"}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}]}, 0xb0}}, 0x4000004)
ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00')
syz_emit_ethernet(0x6a, &(0x7f0000001800)=ANY=[@ANYBLOB="0180c200000050a245d5cde008004500001c000007000002907800000000f0ffd47df88398ffff120090"], 0x0)

12m33.860087217s ago: executing program 0 (id=516):
r0 = openat$pmem0(0xffffffffffffff9c, 0x0, 0x80d01, 0x0)
ioctl$BLKRRPART(r0, 0x125f, 0x0)
pwrite64(r0, &(0x7f0000000000)="a5", 0xfffffe8c, 0x2)

12m33.740541311s ago: executing program 0 (id=517):
socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_setup(0x38a9, &(0x7f0000000300)={0x0, 0xce49, 0x4, 0x2, 0x242}, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x22100})
r2 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f00000004c0)=ANY=[@ANYRES16=r2, @ANYRESDEC=r2, @ANYRES32=r2, @ANYRESDEC], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x14, &(0x7f0000000240)={<r4=>0xffffffffffffffff}, 0x106, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r3, &(0x7f0000000040)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0xe24, 0x4, @remote, 0x100}, r4}}, 0x30)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x9)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0)
r8 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r8, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r9 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r9, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101})
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000600), 0x0)

12m32.800767452s ago: executing program 0 (id=522):
openat$cdrom(0xffffff9c, &(0x7f0000000400), 0x101000, 0x0)
socket$kcm(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$pptp(0x18, 0x1, 0x2)
connect$pptp(r3, &(0x7f0000000040)={0x18, 0x2, {0xfffc, @initdev={0xac, 0x1e, 0x5, 0x0}}}, 0x1e)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r6, 0x401c5820, &(0x7f0000000080)={0x8})
fstat(r6, &(0x7f00000007c0))
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x503}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8, 0x2, 0x80}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r7 = openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r8 = syz_open_procfs(0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r8, @ANYBLOB=',wfdno=', @ANYRESHEX=r7, @ANYBLOB="2c00b7aceb7e4d447e283c8a567204cb92fc26d5abc456dc0e6f7109d9cf3706636d77e960f3036ab08d32c0e1157adbe51a565c1de9d88b447b4bcbfb0b28f9fd100f832049e6c349b05093c0197fc2ac8ba5f96967b0c36bdaeeac143f73b38c53de4a374b6aa09abda02d26938f048e9300c7fad7faef7517adda39536f6bf836feae80a9a2c99cfbc9df4128578a5e20a561c88dbb114a349f9046ef65cf35666d5b7746073259c4f61c7f0c39045b0bd2ed921d36ab73fab9e0947719d52ec48e5e7e14a913dcfbce6803"])
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x200, 0x2f5380, 0x41414770, 0x58595556, 0x425, 0x10001, 0xa, 0x9e0, 0x1, 0x3, 0x0, 0x7}})
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)

12m31.859542069s ago: executing program 0 (id=525):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
io_setup(0x9, &(0x7f0000000240)=<r1=>0x0)
connect$can_bcm(r0, &(0x7f0000000040), 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
renameat2(r2, &(0x7f0000000380)='./mnt\x00', r2, 0x0, 0x4)
io_submit(r1, 0x1, &(0x7f00000012c0)=[&(0x7f00000000c0)={0x400000, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000200)="0500000093cb1faf16da39de706f646800580f02000000043f420f0000000000ff030f02000000003f420f00000000003bf81b05ff000000", 0x38}])
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {0xa, 0x0, 0xa}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x4}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f00000000c0)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0x1}, @exit, @printk={@ld={0x18, 0x0}, {0x3, 0x3, 0x3, 0xa, 0x1, 0xfe00}, {0x5}, {}, {}, {}, {0x85, 0x0, 0x0, 0x76}}]}, &(0x7f0000000180)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

12m16.761553996s ago: executing program 32 (id=525):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
io_setup(0x9, &(0x7f0000000240)=<r1=>0x0)
connect$can_bcm(r0, &(0x7f0000000040), 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
renameat2(r2, &(0x7f0000000380)='./mnt\x00', r2, 0x0, 0x4)
io_submit(r1, 0x1, &(0x7f00000012c0)=[&(0x7f00000000c0)={0x400000, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000200)="0500000093cb1faf16da39de706f646800580f02000000043f420f0000000000ff030f02000000003f420f00000000003bf81b05ff000000", 0x38}])
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {0xa, 0x0, 0xa}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x4}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f00000000c0)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0x1}, @exit, @printk={@ld={0x18, 0x0}, {0x3, 0x3, 0x3, 0xa, 0x1, 0xfe00}, {0x5}, {}, {}, {}, {0x85, 0x0, 0x0, 0x76}}]}, &(0x7f0000000180)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

12m8.409359398s ago: executing program 3 (id=677):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x7831c1)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000100)={0x28, 0x0, 0x2710, @host}, 0x10)
syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x3, &(0x7f0000000680)=ANY=[@ANYRES16=r1, @ANYRES8=<r3=>r0, @ANYRESOCT=r2, @ANYBLOB="98595111821f6522128979856f4d19577c4b8d438e482528212b0ef7c77b8115f225cd0174e89504f588db83e1309743e4bb07f599734025ed4289dc35dee4fe6b92e603d2265a62aab9cc6d6bca051c3a", @ANYRESDEC=r1, @ANYBLOB="ba228982073d7d3eaeb6cde5c285d0bddbc2c6d600b3dffdb24f0390f0c7d82adc2b0ba48dba760b44292c8970fb5783c035c720bca29cc695943efef1df9b4d1bd7520219d11247e147d36daba388944e5c7ff91514b356cb1715fdf2c9b04324acaa3ab13feaf72766e8d8ac25dd901d90aaf7176107e25ce405fc40d87f0a960e97e21fb4b93f757f68f2efec67a06853a3b46287886397cae3e40d96a2c6c06a3e66ffede511da5de8aa75", @ANYRES64=r1, @ANYRESDEC=r0, @ANYRES32], &(0x7f00000000c0)='GPL\x00', 0x6, 0xba, &(0x7f0000000800)=""/187, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee5, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x0, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x0, 0x40000100, 0x0)
sendmsg(0xffffffffffffffff, 0x0, 0xd)
madvise(&(0x7f000018e000/0x3000)=nil, 0x3000, 0x19)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x20000, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x2})
ioctl$TUNSETOFFLOAD(r7, 0x400454c9, 0xba98575a95aeb70d)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="020300093400000000000000000000000300060000000e00020000007f000001000000000000000002000100000000000300020100000000030005000000000002000000e0000001000000000000000002000a0003000000f8ffffffffffffff12000800200400002490cf6710fdb471532b8b52fef5681c66c8335136fc6e89f451b489718f179ff9082dc4c9ff9a6982e9d522d900b32cd583a46cdbbb568ce8b536385e0b2ad555b5d702f96e2bf8d59657bdc237fc9d87be5e96cac6dfad7eee355fc19b8878bb4970a42d80435d628118d18304a7fa4a1bcadf03b125843c3ed673dbe4a31269b25136000000000e001800050362005a3983fbad079c31dc1db609d41612c6e273de07dc4601a1514029dcf81dd3296f13221ee3f8d4834c8643e87e9dbecf2b649731bd61163f4949b02623e3ccd854e21d78b3397b81957bcfa5bf6e994d0b15b5ccbfc154f6630fd8c5a91772b0c66e000000000000080012"], 0x1a0}}, 0x0)
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="1387d21c944a1c33fc713d06fb85d9fc3691ee45ac072b31ab925ebf0b95e8f49b40e2bb87d09b222d4089e343a31024a5efae18d22cf38fb2996cff549583c4961851256f368fb918dd20b84ecedf800d468ddce1034413f055504828e9ead660aeb524332fe1012f0d75145cd44710d29660cde1", @ANYBLOB="5a108f290d4db1c150a0a13e248a8076daaf7a0cb7e6f345a10c195ee1a534fb586a4b63fb727c", @ANYRESDEC=r5, @ANYRES16=r3, @ANYRESDEC=r6], 0x0)

12m5.33056012s ago: executing program 3 (id=711):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'bridge_slave_0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x28}, 0x1, 0x1000000000000000}, 0x0)

12m5.330252401s ago: executing program 3 (id=712):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='htcp\x00', 0x5)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
rt_tgsigqueueinfo(r3, r3, 0x10, &(0x7f0000000140)={0x3d, 0x3, 0xfffffff9})
rt_tgsigqueueinfo(r3, r3, 0x14, &(0x7f0000000600)={0x32, 0xfff, 0xfffffff7})
ptrace$peeksig(0x4209, r3, &(0x7f0000000580)={0x1, 0x0, 0xff8f}, &(0x7f0000000480)=[{}])
write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d)
sendfile(r0, r1, 0x0, 0x8000002b)

12m5.050508523s ago: executing program 3 (id=716):
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000340)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x36c18523, 0x401, 0x4, 0x3, 0x0, 0x0, 0x0, 0x0, 0xa4001f7e}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000002100)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65be667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x20, 0x0, 0x20000000000, {0x0, 0xe4344d65f2857863}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x20c01, 0x0)
io_setup(0xa1, &(0x7f0000000400)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0xfffe, r2, &(0x7f00000000c0)='!', 0x1}])
dup3(r2, r0, 0x0)

12m4.929829559s ago: executing program 3 (id=719):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x44)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(0xffffffffffffffff)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}, 0x0, 0x0, 0xff}, 0x20)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
read$midi(r3, &(0x7f0000000380)=""/62, 0x3e) (fail_nth: 1)
bind$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10)

12m3.990012554s ago: executing program 3 (id=731):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = fsopen(&(0x7f0000000340)='hpfs\x00', 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002)
r6 = dup(r5)
r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r7}})
r8 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000480), 0x4)
r9 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x10001, '\x00', r4, 0xffffffffffffffff, 0x4, 0x1, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
r10 = fcntl$dupfd(r1, 0x406, r0)
r11 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000540)={0xffffffffffffffff, 0x1, 0x8}, 0xc)
r12 = openat$ndctl0(0xffffff9c, &(0x7f0000000580), 0x100, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{0x1, <r13=>0xffffffffffffffff}, &(0x7f00000005c0), &(0x7f0000000600)}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xa, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8001}, [@call={0x85, 0x0, 0x0, 0xaa}, @jmp={0x5, 0x1, 0x2, 0x1, 0x9, 0x100, 0x1}, @printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x400}}, @jmp={0x5, 0x1, 0x3, 0x4, 0x4, 0x100, 0xfffffffffffffffc}, @jmp={0x5, 0x1, 0xd, 0x8, 0x0, 0xffffffffffffffff, 0x42d2d2254ca9a13a}, @ldst={0x0, 0x3, 0x2, 0x6, 0x2, 0x50}]}, &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x39, &(0x7f0000000240)=""/57, 0x41100, 0x30, '\x00', r4, @fallback=0x1d, r6, 0x8, &(0x7f0000000280)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0xb, 0x0, 0x2}, 0x10, 0xffffffffffffffff, r8, 0x5, &(0x7f0000000680)=[r9, r2, r10, r11, r12, r13], &(0x7f00000006c0)=[{0x1, 0x4, 0x7, 0x3}, {0x3, 0x2, 0x9, 0xc}, {0x0, 0x2, 0xb, 0xb}, {0x2, 0x2, 0x1, 0x7}, {0x4, 0x5, 0x10, 0x2}], 0x10, 0x81000, @void, @value}, 0x94)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r4, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
r14 = socket(0x1, 0x803, 0x0)
r15 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r15, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r15, 0x117, 0x1, &(0x7f0000000440)="cb56b6cc04f01f56bb6e284f5fab5c66", 0x10)
setsockopt$ALG_SET_KEY(r15, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10)
gettid()
getsockname$packet(r14, &(0x7f0000000100)={0x11, 0x0, <r16=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r16}]}, 0x3c}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

11m48.918372894s ago: executing program 33 (id=731):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = fsopen(&(0x7f0000000340)='hpfs\x00', 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002)
r6 = dup(r5)
r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r7}})
r8 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000480), 0x4)
r9 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x10001, '\x00', r4, 0xffffffffffffffff, 0x4, 0x1, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
r10 = fcntl$dupfd(r1, 0x406, r0)
r11 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000540)={0xffffffffffffffff, 0x1, 0x8}, 0xc)
r12 = openat$ndctl0(0xffffff9c, &(0x7f0000000580), 0x100, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{0x1, <r13=>0xffffffffffffffff}, &(0x7f00000005c0), &(0x7f0000000600)}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xa, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8001}, [@call={0x85, 0x0, 0x0, 0xaa}, @jmp={0x5, 0x1, 0x2, 0x1, 0x9, 0x100, 0x1}, @printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x400}}, @jmp={0x5, 0x1, 0x3, 0x4, 0x4, 0x100, 0xfffffffffffffffc}, @jmp={0x5, 0x1, 0xd, 0x8, 0x0, 0xffffffffffffffff, 0x42d2d2254ca9a13a}, @ldst={0x0, 0x3, 0x2, 0x6, 0x2, 0x50}]}, &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x39, &(0x7f0000000240)=""/57, 0x41100, 0x30, '\x00', r4, @fallback=0x1d, r6, 0x8, &(0x7f0000000280)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0xb, 0x0, 0x2}, 0x10, 0xffffffffffffffff, r8, 0x5, &(0x7f0000000680)=[r9, r2, r10, r11, r12, r13], &(0x7f00000006c0)=[{0x1, 0x4, 0x7, 0x3}, {0x3, 0x2, 0x9, 0xc}, {0x0, 0x2, 0xb, 0xb}, {0x2, 0x2, 0x1, 0x7}, {0x4, 0x5, 0x10, 0x2}], 0x10, 0x81000, @void, @value}, 0x94)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r4, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
r14 = socket(0x1, 0x803, 0x0)
r15 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r15, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r15, 0x117, 0x1, &(0x7f0000000440)="cb56b6cc04f01f56bb6e284f5fab5c66", 0x10)
setsockopt$ALG_SET_KEY(r15, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10)
gettid()
getsockname$packet(r14, &(0x7f0000000100)={0x11, 0x0, <r16=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r16}]}, 0x3c}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

8.213178686s ago: executing program 1 (id=4177):
socket(0x10, 0x3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
iopl(0x3)
rt_sigsuspend(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000002c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xf, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = io_uring_setup(0x1de0, &(0x7f0000000440))
io_uring_register$IORING_REGISTER_FILES2(r3, 0x8, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x20)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000000)=0x7fffffff)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r4, 0x11c, 0x4, 0x0, &(0x7f00000000c0))
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={'\x00', 0x7ff, 0x200006, 0x2, 0x4964, 0x9})
ioctl$SG_BLKTRACETEARDOWN(r5, 0x1276, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x803, 0x2)

7.300547587s ago: executing program 1 (id=4180):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
r2 = mq_open(&(0x7f00005a1ffb)='e\x00\x00\x00\x00', 0x2, 0x42, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x8004, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x1)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000003c0)={&(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0], 0x3, 0x2, 0x7, 0x1})
ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06464ce, &(0x7f0000000440)={r5, 0x8, 0x7, 0x7f000, 0x0, [], [0x7, 0x7f, 0x7, 0x4], [0x7, 0x6, 0x7fffffff, 0xffffffff], [0x0, 0x6, 0xb, 0x5eb]})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x0, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x8}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0a00000004000000080000000b00000002000000", @ANYRES32=r4, @ANYBLOB="0000000000000000000004000000000000400000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
creat(&(0x7f0000000400)='./bus\x00', 0x0)
lsetxattr$security_ima(&(0x7f0000000280)='./bus\x00', &(0x7f0000000180), &(0x7f0000000440)=ANY=[@ANYBLOB], 0x2, 0x1)
mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0)
syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x14d002)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
mq_notify(r2, &(0x7f00000000c0)={0x0, 0xc, 0x0, @thr={0x0, 0x0}})
close_range(r1, 0xffffffffffffffff, 0x0)

6.422727522s ago: executing program 2 (id=4187):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x2a, &(0x7f0000000000)=@raw=[@printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}, @call={0x85, 0x0, 0x0, 0x8}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_fd={0x18, 0x4, 0x1, 0x0, 0x1}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}], &(0x7f0000000180)='syzkaller\x00', 0xbf6b, 0xac, &(0x7f00000001c0)=""/172, 0x41100, 0x22, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x4, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x0, 0x1, 0x8, 0x9}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000300)=[0x1], &(0x7f0000000340)=[{0x4, 0x3, 0xd, 0x4}], 0x10, 0x401, @void, @value}, 0x94)
socket$nl_crypto(0x10, 0x3, 0x15)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000003c0)=0xd)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000540)={0x3, 0x1, 0x8000000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x2, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000140)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x1)
fchdir(r4)
getdents(0xffffffffffffffff, &(0x7f0000000200)=""/223, 0xdf)
lseek(0xffffffffffffffff, 0x101, 0x1)
getdents64(0xffffffffffffffff, &(0x7f0000003340)=""/48, 0x30)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r5, 0x400455c8, 0x4)

5.569957834s ago: executing program 1 (id=4188):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000002000)=ANY=[@ANYBLOB="4001000010003306000000000400000000000000000000000000000000000001fe8000"/63, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000000000000032000000ac1414aa00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800180003000000"], 0x140}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
openat$cuse(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
r6 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
r8 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3)
ftruncate(r8, 0xffff)
r9 = ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f00000002c0)={r8, 0x0, 0x0, 0x8000})
r10 = fcntl$dupfd(r9, 0x406, r4)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r10})
close_range(r5, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})

4.67893897s ago: executing program 4 (id=4193):
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @loopback}, @in6={0xa, 0x0, 0xffffffff, @private0}], 0x38)
r0 = syz_io_uring_setup(0x32e9, &(0x7f0000000b80)={0x0, 0x873f, 0x10100}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.freeze\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x50, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x2d3e, 0xff00, 0x0, 0x0, 0x0)

4.476897624s ago: executing program 4 (id=4194):
r0 = syz_open_procfs(0x0, &(0x7f00000009c0)='net/tcp6\x00')
read$FUSE(r0, &(0x7f00000082c0)={0x2020}, 0x2020)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
read$FUSE(r0, &(0x7f0000012400)={0x2020}, 0x2020) (fail_nth: 2)

4.476472065s ago: executing program 1 (id=4195):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x4, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES64=r0, @ANYRES16=r0, @ANYRES32, @ANYRESDEC=r0, @ANYRESHEX=r0], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000280))
recvmmsg(r3, &(0x7f0000000880), 0x1, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000240)=0x28e)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000007640)=ANY=[], 0x3aa0}}, 0x0)
recvmsg(r6, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002ac0)=[{&(0x7f0000000980)=""/4096, 0x1000}], 0x1}, 0x0)
r7 = socket(0x25, 0x2400000001, 0x3)
setsockopt$EBT_SO_SET_ENTRIES(r7, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x5, 0x15e, [0x80000700, 0x0, 0x0, 0x80000988, 0x80000bc8], 0x0, 0x0, &(0x7f0000000700)=[{0x0, '\x00', 0x0, 0xfffffffffffffffc, 0x1, [{0x0, 0x0, 0x200, 'veth0_to_bridge\x00', 'gretap0\x00', 'veth1_to_hsr\x00', 'veth1_macvtap\x00', @broadcast, [0xff, 0x0, 0x0, 0x0, 0x0, 0xff], @remote, [0x0, 0x0, 0xff], 0x6e, 0x9e, 0xce, [], [@arpreply={'arpreply\x00', 0xc, {{@empty, 0xfffffffffffffffd}}}], @arpreply={'arpreply\x00', 0xc, {{@remote, 0xfffffffffffffffd}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffe}, {0x0, '\x00', 0x4, 0xffffffffffffffff}]}, 0x1ae)
r8 = openat$vhost_vsock(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f00000004c0)={0x2, 0x1, &(0x7f0000000300)=""/64, &(0x7f0000000340)=""/131, &(0x7f0000000400)=""/157, 0xf000})

4.423388943s ago: executing program 4 (id=4196):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
r2 = mq_open(&(0x7f00005a1ffb)='e\x00\x00\x00\x00', 0x2, 0x42, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x8004, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x1)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000003c0)={&(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0], 0x3, 0x2, 0x7, 0x1})
ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06464ce, &(0x7f0000000440)={r5, 0x8, 0x7, 0x7f000, 0x0, [], [0x7, 0x7f, 0x7, 0x4], [0x7, 0x6, 0x7fffffff, 0xffffffff], [0x0, 0x6, 0xb, 0x5eb]})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x0, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x8}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0a00000004000000080000000b00000002000000", @ANYRES32=r4, @ANYBLOB="0000000000000000000004000000000000400000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
creat(&(0x7f0000000400)='./bus\x00', 0x0)
lsetxattr$security_ima(&(0x7f0000000280)='./bus\x00', &(0x7f0000000180), &(0x7f0000000440)=ANY=[@ANYBLOB], 0x2, 0x1)
mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0)
syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x14d002)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
mq_notify(r2, &(0x7f00000000c0)={0x0, 0xc, 0x0, @thr={0x0, 0x0}})
close_range(r1, 0xffffffffffffffff, 0x0)

3.833780572s ago: executing program 4 (id=4197):
syz_open_procfs$pagemap(0x0, &(0x7f0000000140))
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x40, 0x7ffc1ffb}]})
mlock2(&(0x7f0000000000/0x8000)=nil, 0x8000, 0x0)
socket$inet6(0xa, 0x2, 0x3a)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000001d00)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
munmap(&(0x7f0000006000/0x4000)=nil, 0x4000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r4, 0x4068aea3, &(0x7f0000000140)={0xc4, 0x0, 0x5})
sendmmsg$inet(r2, &(0x7f00000007c0)=[{{&(0x7f00000002c0)={0x2, 0x4e22, @local}, 0x10, 0x0}}], 0x400005c, 0x2400c8a0)

3.270623003s ago: executing program 1 (id=4198):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x2a, &(0x7f0000000000)=@raw=[@printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}, @call={0x85, 0x0, 0x0, 0x8}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_fd={0x18, 0x4, 0x1, 0x0, 0x1}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}], &(0x7f0000000180)='syzkaller\x00', 0xbf6b, 0xac, &(0x7f00000001c0)=""/172, 0x41100, 0x22, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x4, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x0, 0x1, 0x8, 0x9}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000300)=[0x1], &(0x7f0000000340)=[{0x4, 0x3, 0xd, 0x4}], 0x10, 0x401, @void, @value}, 0x94)
socket$nl_crypto(0x10, 0x3, 0x15)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000003c0)=0xd)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000540)={0x3, 0x1, 0x8000000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x2, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000140)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x1)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0, 0x4d)
getdents(r4, &(0x7f0000000200)=""/223, 0xdf)
lseek(r4, 0x101, 0x1)
getdents64(r4, &(0x7f0000003340)=""/48, 0x30)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r5, 0x400455c8, 0x4)

3.261185278s ago: executing program 2 (id=4199):
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
socket$netlink(0x10, 0x3, 0x15)
r3 = socket$rxrpc(0x21, 0x2, 0xa)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b0000001f0000000200000022bf000001000000", @ANYRES32, @ANYBLOB="000000000000000000000000000018f67f550965ae62d2ab1ec052b5000000000c00", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000400), 0x401, r4, 0x0, 0xa002a0}, 0x38)
r5 = openat$sequencer(0xffffff9c, &(0x7f0000001bc0), 0x88302, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r5, 0x4004510d, &(0x7f0000000000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800050001000000140007000000000000000005000000000000000108000f"], 0x74}}, 0x0)
bind$rxrpc(r3, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x3, @empty, 0xd}}, 0x24)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0xb, 0x0, &(0x7f00000000c0)="ff07000000000000ab5bec", 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@empty, 0x0, 0x2, 0xff, 0xf, 0x4, 0x8000}, 0x0)

3.260644723s ago: executing program 4 (id=4200):
close(0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="400000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000080004004402000008001b000000000010001a800c000a800500080003000000"], 0x40}}, 0x0)
recvmmsg(r0, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x1, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000040), 0x10)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x7fff, 0x40024e, 0x0, r4}, 0x0, &(0x7f0000000040)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(0x0, r6, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x44, 0x0, r5, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r5, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x1e, &(0x7f0000000200)=0x1, 0x4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendto$inet6(r7, 0x0, 0x0, 0x20000045, &(0x7f00000002c0)={0xa, 0x2, 0x395, @empty}, 0x1c)
msync(&(0x7f0000bdc000/0x2000)=nil, 0x2000, 0x5)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r8, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x0, 0x0, @private2}}, 0x4, 0x0, 0x1000000, 0x0, 0x0, 0xfffffffc, 0xf7}, 0x0)

2.322783005s ago: executing program 4 (id=4203):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x2a, &(0x7f0000000000)=@raw=[@printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}, @call={0x85, 0x0, 0x0, 0x8}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_fd={0x18, 0x4, 0x1, 0x0, 0x1}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}], &(0x7f0000000180)='syzkaller\x00', 0xbf6b, 0xac, &(0x7f00000001c0)=""/172, 0x41100, 0x22, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x4, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x0, 0x1, 0x8, 0x9}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000300)=[0x1], &(0x7f0000000340)=[{0x4, 0x3, 0xd, 0x4}], 0x10, 0x401, @void, @value}, 0x94)
socket$nl_crypto(0x10, 0x3, 0x15)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000003c0)=0xd)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000540)={0x3, 0x1, 0x8000000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x2, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000140)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x1)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0, 0x4d)
getdents(r4, &(0x7f0000000200)=""/223, 0xdf)
lseek(r4, 0x101, 0x1)
getdents64(r4, &(0x7f0000003340)=""/48, 0x30)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r5, 0x400455c8, 0x4)

2.086103396s ago: executing program 2 (id=4204):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f04000000000000000000850000000f000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xa8\xc4\xd2o\xae\xb4W`\xfd\x196\xa0Rd\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7', 0x42, 0x1f0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x143c62, 0x0)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x6, 0x7fffffff})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x9)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000000)={0x0, 0x1})
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x15)
setrlimit(0x9, &(0x7f0000000000))
io_setup(0x2004, &(0x7f0000000680))
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

2.023741366s ago: executing program 5 (id=4205):
ioperm(0x284, 0x7f, 0xe3)
r0 = socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
openat$misdntimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r6 = socket(0x10, 0x3, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$igmp6(0xa, 0x3, 0x2)
sendto$inet6(r8, &(0x7f0000001480)="484e0ea0546cd3057ca1c9660e75fabf89d3c9aa24666ed7ebf66abc30f5df7fc74ae4d304847835979b78fa5b98f2ed43bc72eb43eb5de256184a7981633877136c93b4d1e1137c460f22d39675c1c4158df87a446c98d68e21a3fb745bddb301784c18cb143f4ca61eb4abcb32c5fa2a280a07016bea41e9f39ad88ff106c045e9412382510bf79cd81428625c3ad75fe8f852dd574102189f464365d730e3a82410457f629446de846f01da2fa194c9ac9d24db75977abf0b1338a8980e1345262f915a0795d78ff14159240a687d14ed2737195df93903fc53d200f2dc2bb9a3aa7df2a9659d8854af251cda6112bb453d56a23422efb0a64ec1d654df8b3ed6c44722bc2f98747429da65e70c08781f3d7c893109d7b9681626f20443b063220d5e85892005b9fed18d51ffb39ef2a2fd409a18d268ecaf19fd1970974f8607b7041f656e781638e51015b8c7f0f01a522204d1a3f761752f58038bb5b3383764d13ccf747fb6a592beccc81f0f1e5c15ea79ead9ce07aeb2bf542e8b4b6708fd2fc1db70c685ed6aa9589ac3b8bdfb0987dcb0f2ed720d92c185c1ca593a761ceeaef7e6c0d13796cf114fc6fdbbf673358db2ba9167d2d57adb343a02253661c1b246d3733af770aa283a9590a4fc6dfcdab1e16b61f946463c6a136c7b7eb0980dcb7329baf402982d1146101674db0b43aaf4709ddcaeabb5938646bd6d428767a7d503aff0eb3aa36a4aac836a79a31e6672b4587bf7f3ea77083c731ac5d1e4384da97d2dc72dc09a870d963e8c04bee7369154849a6f420c792dee3fece0b590812368ecbee7c1b3a63115dc7e1918a3b08c5ec23f08ea18510f3fffbba78ed7d720982adc3ecefe4b3e8601e28938aba660752061c3b4ab48e759032f1a6ef120706980a80e58461ccf07d9f3411a1fbdc6dfcf67eb0d9012d72450b0db68ef2d38fd95e029364785dfe633f1605a47ce74e175330a2aef02c876080e3e4accfe60af1c7da1ada12f652a2f3e632c9d88bc67d4cf009c2efbda79e520ef4de6a97d437521a9a37741735574d08ef04ecd8cc90037676f5df4ee3426ba5a6dd8f0d3f50cdd89db57284ff35b911efdff22940fc32894d3b17d8fd2b3fcd4abb43d01a599d51bfd53f41d299a52de2fdd7150a5d000c71f9cc540b040bb7ead2485bfe604a9b649a41e35732c958e14d77f31cab6ae943ca03ee507d924a1d6483c2501889ca4eff721ca2f7c7b44d898ae9089af50cf4311aeaf619360681258b0605f47aeb2c2674a3b895643c932415a0d20837ec17fef96a2d7bede12a78998d4fec5e07da4d58102f17773b4ac0ce68eae2dede4b5ebfabe164a042e30cfc684197434ffd34afe21248bf28829239a060e62dbd1cf38ec966d285f003e9c630daad17e279a60e6b8d6826cfca03fd31b8bd636a76a6dd07ce971627f86d60f9fc460cf49b7365bb0e4a85c480c276957a5cb87b8bd15594d86541c4464d0725c8b7f6e50cf6841218b3fafd6868c1f9ffaece0118511bf709bda3360aaa3062c45a8682dd966acdcb58c4cff28a295239c94af5f4ad0ebdca2b6b3fc36e9db2f21b6f151fe864dc250817c430848fc94a0f87b871bf83394e4f54e5f7c25422bbd50dd116aca1e44eded971e5049ea05e4f9b6f1bf3b95387a7637f859b365c2fade6a3f742520ab7e56d8f6b65716f7963ecdcb96f6e5c001ac1e028b842d7fb88b6bbbe3002a80bff9d33cd9d72f3ca57b37e8ab1c31582454a5617a4a930486b6713318eb08f470616a7a1ffc6343dc12bc8cb8ad370b09865ed5ebcd78d0b06cff6ceef04cb7afdbd2bdc7544bf115f76afa38bafed1b8f3e6a6140b881973226c345aec7b847dc4b749e1ed8dda315b7f0b7fca42ba07ab2ffdbc2f0a63141c958389c78414e56c6923af782fd02d7d10d88ace55e10270e6b9d719758a30791e8bb6721fde3834d4b1fb597eeaf34a4ac4027c151f754c5528f7454aa22d751378db10155c2f36d37d3cee76e8fcbe18fdae2f0bcf85a96b4543d608d0098eb00095de70096410044bd0d9e43079a872a7dfb20b2784a2f7af3ef27c177f33e2bdc2b7c0143d7df1f69b3a14b72f095aafcc91af8b141f62e6958a378f83542efa50f557bbaf681dd8a3d558b3880478f022ae8edfb34e741103b8d06208bd8f606139b028827c3a0be2d25b26fd9e50b458e8ae6302b309028c8dd9646549f63e4437dc225caa7b10caaf11967b4ff43c6d4683e8acdcc4f6e645fa38abb0821a6b6583183d74a8cf3c8f4b96394bc3fff05a436e8548eceff9be18f330fdc6c70fe57e3a895eb8f3e141711b56b732dca00fbfa633547839826eb60a6a619b192d439ea15f2422dbb417e4448e0d8799899a81b13762967e20431abc9165ebf2635b0bc05cd2a894e8d9f9a565b9edfad080bb13c0180c3b35ac0905e66af9712d2c745ba801e500f73a871d0ffabbfeb5f54ba40a8bdc6e1cdd66d2080c1bc479ebd69c79ac3eb22f808f1c883a45ee36e52dd131e661778b09975292f243ec16425a0c358b442a6919af67a1d588265646fab2d5a07ec68f105214b1695a34b583696e5cd5f0e2d9bcc97ee09d31a15a768f0077020cf65a5eb3984ded820d27753af3491656e4f34988d64a683c3bc7a2708d9f9b4a939cb560fc0239b8b1ef3c11f2495805b34344b02dea9bf7ff820db7362d6f05cdfe695ae53ec2eb8cc91c933d6aeb9d5a261048e765ea6c1ae46ffea54d8e22df0bbf7af960249111610eae661da18545f64f144839a13d75c0b93c0e31428b80ad5e64291e8444a46df05ff34795c90895b497fc50312ffbee434ceaa7fe29dd4542ddb4922373960fcb527adbdd09195d93c662902109c9f484bb5c46e4f18288385199ab393adacca7ef92e136323251703911fa059a239f216adfaf2d3b831de5312e9a83924add165b382fc7971901a3c7811e0c1826c5640f7d8dbebc866c114b4dd20e988297b2313f6994daafcbb3113b9cc5dda5bcb555ed41bd285a9cc4ac9194dac99d7577cbf309d9a62c66f8dc5e9b53ed11999e9f13a6525b92411ca91676e1d93c375e3013e1a980cf7c1000d63433fe58d34d04401a2fe1839f2148f497e804d77f68883c1af55d5f6f5755b4452324816ba47c34ae0a907f040f43444500694c5b3ef3c56de9366cc11f79bae15161e5b32d969248c0ce4c764bbe015deb4a5c3f8ce4ab0fcad9def42a866cc21abdfd30907c8adc725c295d784f57c87b136d240045172eee79da5b82ddb65398330b5b88baafaaee7268de5a761f7cf476c750147d13e0952d33bea40241295682484029bb65c40c36b4f76776cf8e39d192129c01882acc71eb07fc2ed48717fcce68c4846325cb0c66b86305a42ee0b2f4e716c28a7986e891744b2b4d671c0020e47029a19388a0363cb80d8dc7f587a295020cfce99735344f0b9b8ab3a88334b2c65ea716ed9fda2d2fa84ec3b74126ce0e404e577114d5cd28f7935cd424cc7af0f528d76489fa14cf5357edfed413be7d97c58db4bdd4c3b43d2ddf3c00eb5a1374203572b635d61b04b87cccde2a01476a017de51af55cbf3324ecca052fcc3e32313a31a9e49d6e24e790542b1e0bdff6992b62b8537971c089f805f1d326600e765ab96f2738bfabfc3b983ca0fbba7b024474f6071c7557c650abf0650a9cfe25110a7273759b5995649cec911392a49643cd259347bdca07f09803c517cdf8476d1b4ef9245895d90dc1f2c9755757669957fd5ed7f17400a9c804511652f672b8b4090577a57ac6d1f967de373fa859682ba2a1da043a2b9ae01c4d07a5809abba51ea2469a586e994b2b1ae7e406c83cf19d6b8d3f6b4514a15cfddc23fb820c80cbb0997ab98c6e2671994445e3ff027e90eff3f02eeeabda0f6eb25e913d18e846fff16dcab40fb97837498a2756cab5413246d6f239eb7b25b177068884305f69ba16a5b3cb0cf1a28598557a4c269790193cf222690bb4d597c28714a5a4bbe1bd62bcb5058961524d121a267b6090263046b1798c4e9c7df0cd924dc3c313c16d52db77b4b19b082ff1ee480defeae8679dfb071baf22991c228f1c81099ff7830b96149283030527c55de42636e6f5a97c020fe97241cd4e51300701550bbfdcb84d11f0f4209054659365d607e6e7c8aa79e6a31c5442a707f2a56d659fdf990950d3c8656b732ee9082eaa662c91269e756fdf85951a93df6b472b93495855ce93e39926c69644149fae7508f41140fcc5c720a86e4656096ee67788a2b4cda8007ef6e4327da571be5a7ad54d1d950a8cf87e5d92ee2bfea8323d436a906f62ef24b5f02da2f4bfb854e0f5453436e30e38109f31bd1c758d7e52b0af92a4e88f491068e0c894145a4da159618fa5719fea9542894cac60863a5bed16c6fc4c4b6af6592cc77f383893cba9dd091d2d85ff637fb6cbd56e2320823e99cf85d5c2e3986fda40a5fc192947e3c1f371f4cc1f0d9874d72c88d4d43fe0a50e2e6827ff4b81afe1c909cd334b764c12dc510f13629ce4859af163b876e17a595c63030f4b3f08e65539ab89e83b8b332657d457c46068318bfce1509bc6b526b67e344f7ca1785f90eb36d2e08391a72f4743938d622b18ac960a11672a12fa88e6768b991a0f4c7d95b2c74fa22a448fd1e22c18d7007f844af2581620f4f0643063fa91ca88acd60f04706e2fe0d51daecd3539574c2a7e18bb3a6160c1f6ceb19d9aa63711ca0262598d80d1419f8594177ef4ea784e7af2a5986589a06180133c54f94fbbc1953787dc05112f490cd33f8555717fdd3e86c1bcc42a129820c3e1500c54213b632be870461aceb20b77f82cee4c4571032c10becd03c47f562eaad1a96eeac2e946af5034cf07d654dfe1b44de7fea0af5b5691f65f37b965b7c8c4c5fda51477893a71a861c9e1f7586b1fbe6dd92508e5562c9388330e3ebd6c67dac76690f6e8e1088682bc5ea2b98e1dc2bd6ec7b1c0f23727ec436d607c583387adf27f7d3ffbe1184d11daa402cc19a8ed5db654703b1f2d", 0xe00, 0x8890, &(0x7f0000000280)={0xa, 0x4e20, 0x200, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}, 0x1c)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x20048005}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000001e00b90000000002000000", @ANYRES32=0x0], 0x1c}}, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f00000000c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000007c0)=ANY=[@ANYBLOB="98060000", @ANYRES16=r6, @ANYRES32=r4], 0x698}, 0x1, 0x0, 0x0, 0x40}, 0x840)
r9 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'ip6gretap0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x60, 0x0, 0x0, r10, {0x0, 0x3}, {0xffff, 0xffff}, {0x2, 0xd}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24040800}, 0x0)
r11 = memfd_create(&(0x7f0000001240)='[\v\xdbX\xae[\x1a\xad\xd1md\xc8\x85HX\xa9%\f\x1a,\xe2\x9c\xb4\xd7\xbc\xf1\xb3\x86\xe2/Op\xd0\xa2\x82\x1eb;(\xb5\xe1j\xc8\f\xe5\x89\x17\xee|J\x90=5\xed\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q%\x8a\xda\x05\x00f\xe3j%\x00\x00\x1c#\xc6\xd8\xdbD\x92P\xe16W\x10\xdau\xc7\x8f\xaa\x8d\xa9\x97\x9d\xcb\x1e\x80\xe7\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\xbdD\xcc\'\xa2\xaf`\xf6L\x0e\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecM\xe4H\xb7\xaf\xa8\x96dh\xa9\xab > \xac\x00O^\x14\xcbv\x17Hkb\xe7\xcb\x9d;\xd2\x9f\x05\xd1\x00\x8b\xd3\x9f\a\x99^v\xf7\xfa\xe5\xf0h\x87l\xd9\x15\xd2\x87~?\xb1\x9d\xc1\x92`\x8a\r\xfc\xeb\x14\xd1\x94\fv\x8a\xe3\x1d\x0fj}\x9f\xedsc\xd3\xee\xe6cXw\xa1\xbc\xd0o\xf9\x9cJ\b\x00\xd8;\\ik0+\xc8\xf2\x87\xdf\t\x97\x9dB\xc1\xa0\xa71\xf25GU|]A\x1eel \x8ff\xc6\nt\xd0\x91\x9d\x8c\xa4\xe5\xde\x06\x00\xffE\xf4\x96#\x92-9\xe5\xa7\xf8%\xb0I\xd4\x91r\xbf\x1bOS\xee}\x16\x87\x05\xf2\xb9\x81\x14\xe2NZ\\I\xd0[\xc4\xf2\"\x87\xf5\xb8\x95.M\xb1S\xbd\xe4i\x00\xc1b\t]?}0\t\xebV\xbci\xa5\x05\xca\xb6\xc22\x7fL\x89&\xa0\xcfMULr0rs\xb4\n\xa6)\xe23\xf0\x8d\x9dO\xb9\xc9\x83\xabS\x013\"\x1b\x97K\x17\x16\x89\a\xee\xc903\xad\x15\x1cH\xd2\x95\x91\xb4$\x1b\xbf\xaf\xf5\x9b\xc2\x85\xe7[\xe5\xfb}\x1d@f2\x11\x13Y\x98\xa4\xecWEE\x9eI\x05\v\x11\xad\x93!^T\xe5N\xf6LI\x9a6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\x1a\xc9(a\x06>g\xe5\x00:\x9au\xef\x14\t\x1f8E\x86\xcb\xd0e\x17\xfb\xc1', 0x1)
fsetxattr$security_ima(r11, &(0x7f0000000080), &(0x7f0000000540)=@v2={0x3, 0x2, 0x14, 0xb0f, 0x2, "ec61"}, 0xb, 0x0)
openat$binfmt(0xffffff9c, 0x0, 0x41, 0x1ff)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0)
r12 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/image_size', 0x20202, 0x0)
sendfile(r12, r12, 0x0, 0x1c3)

1.832989556s ago: executing program 2 (id=4206):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f00000003c0)=ANY=[@ANYBLOB="040100002b000b000000000000000000060000000400030011029578eefe7664ef3dfea3155e870fef5040304872f86556cb0a7ddb653c61c1cb6557167f4c5579142f165dc512a50c8718d127cbc39b47713fc5fcf3e9c49312ba02f91016e8976479285df311482a97dd57861ade3e31b28381423d8bb77524d59bfa8c5fe6c981f9af4bb9fc6dfb32bb77d91d195f4da2021550e743b61b9450804ea450a6112e31be786e0013ab2d94a0e427a763b5a54757e883e10183d5f095af75b30b30c6a51d40cf7add7bab1074c1ac1bcfa8f09d04ecd752e6e5d0f134f8bd7bd42313c562e37c4b0a6d40aebccd85d309177977b6c045d8b88c2f5117d35f6dfbe8aa85"], 0x104}}, 0xc00)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="0a10000007feff42ffffbd70"], 0x10}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00'}, 0x18)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/96, 0x2329000, 0x800}, 0x20)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000002d00090027bd7000fedbdf250500000008000a"], 0x1c}}, 0x20000086)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff}, 0x13f}}, 0x20)
syz_emit_ethernet(0x2e, &(0x7f0000000140)=ANY=[@ANYBLOB="bbbb81000000080045fc001c000000000033907800000000000000000000000000089078"], 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
setrlimit(0x7, &(0x7f0000000000)={0x4, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f0000000300)={0x0, 0x0, 0x80000})
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r4, 0xfffffffd, 0x0, 0x30, 0x0, @in={0x2, 0x4e23, @loopback}, @ib={0x1b, 0x0, 0x9, {"7d0300"}, 0x0, 0x0, 0x2}}}, 0x118)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000bc0)={{{@in6=@remote, @in6=@dev={0xfe, 0x80, '\x00', 0x41}, 0x0, 0xa, 0x0, 0xfffd, 0x2, 0x0, 0x0, 0x3c}, {0x0, 0x0, 0x2, 0x0, 0x8, 0x8, 0x4}, {0x4}, 0xfffffff9, 0x0, 0x0, 0x1}, {{@in6=@mcast1, 0x80, 0x32}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x8}}, 0xe4)
r8 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01002cbd7010040100000500000006000100050000000800090002000000081d0b000000000008000c00a80a0000"], 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
r10 = socket$unix(0x1, 0x2, 0x0)
recvmmsg$unix(r10, &(0x7f0000000dc0)=[{{&(0x7f0000000e80), 0x6e, &(0x7f0000000080)=[{&(0x7f0000000580)=""/166, 0xa6}], 0x1}}, {{&(0x7f0000000640), 0x6e, &(0x7f0000000c00)=[{&(0x7f0000000500)=""/87, 0x57}, {&(0x7f00000007c0)=""/118, 0x76}, {&(0x7f0000000840)=""/158, 0x9e}, {&(0x7f0000000900)=""/75, 0x4b}, {&(0x7f0000000240)=""/2, 0x2}, {&(0x7f0000000980)=""/193, 0xc1}, {&(0x7f0000000a80)=""/97, 0x61}, {&(0x7f00000023c0)=""/4087, 0xff7}, {&(0x7f0000000b00)=""/217, 0xd9}], 0x9, &(0x7f0000001040)=[@cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x90}}, {{&(0x7f0000000d00)=@abs, 0x6e, &(0x7f0000000d80)=[{&(0x7f0000000740)=""/92, 0x5c}, {&(0x7f0000000f00)=""/65, 0x41}], 0x2}}], 0x3, 0x10101, &(0x7f0000000e40)={0x77359400})
write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r4, 0xffffffef}}, 0x10)
r11 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000001c0), 0x35c, 0x0)
preadv(r11, &(0x7f0000000040)=[{&(0x7f00000013c0)=""/4096, 0x5}], 0x1, 0x0, 0x0)
close(0xffffffffffffffff)

1.642530166s ago: executing program 5 (id=4207):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0xe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000002000)=ANY=[@ANYBLOB="4001000010003306000000000400000000000000000000000000000000000001fe8000"/48, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000000000000032000000ac1414aa00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000048000200656362286369706865725f6e"], 0x140}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
openat$cuse(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
syz_open_dev$sg(0x0, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
r6 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
r8 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3)
ftruncate(r8, 0xffff)
fcntl$addseals(r8, 0x409, 0x7)
r9 = ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f00000002c0)={r8, 0x0, 0x0, 0x8000})
r10 = fcntl$dupfd(r9, 0x406, r4)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r10})
close_range(r5, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})

1.633919526s ago: executing program 2 (id=4208):
syz_open_procfs(0x0, &(0x7f00000009c0)='net/tcp6\x00')
r0 = gettid()
timer_create(0xb, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x2182)
ioctl$CEC_RECEIVE(r1, 0xc0386106, &(0x7f0000000000)={0x0, 0x7, 0x1, 0x0, 0x0, 0x9, '&\x00', 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0xe})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYRESDEC=r3, @ANYRES32=r2, @ANYRESDEC=r2, @ANYRESHEX=0x0, @ANYBLOB="9a0fdb17b69d02ca523766ec42e8ebc5839cb9740dc9bb7d503c26c94b063850ce1a96c759fae5f64d0e8eb665a38d51d43400152d54a9291a0501ffb28e8f99c4913f5bf546b6263752ed11a70fcd110d68854052dc81bcd32d8c5dac7e426dc8f26cfb78891e3d4a81180f539d5d41c5dcc627fdd371a9eb8f3edcb10496cc33569a241156be1c0a44ebff948c63b16ff0a0a64b92d21d98491b3c1eefaaf036e904a2d6748e73bac4882caae91d454d55b50454ffece138693309880d903908c96a9ff31d2acb74301b8eb66dd8cf0c096733be990274af931d14d1b8248208279df177fd99850831fd19b6c67160ac50", @ANYRESOCT=r3, @ANYRES64=0x0, @ANYRES32=r4], 0x50)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r5, 0x58, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x87)
syz_open_dev$evdev(0x0, 0x0, 0x60000)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
r7 = openat$incfs(0xffffffffffffffff, &(0x7f0000000180)='.log\x00', 0x24000, 0x122)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@bloom_filter={0x1e, 0x0, 0x6, 0x3f58, 0x400, r7, 0x5, '\x00', r6, r7, 0x1, 0x4, 0x4, 0x4, @void, @value, @void, @value}, 0x50)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r8, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6", 0xb7)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r9, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8)
r10 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x12, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
io_setup(0x6, &(0x7f0000001380)=<r11=>0x0)
r12 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r12, &(0x7f0000002080)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9903f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928d28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f2730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b81305c038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849cd9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484539ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1f93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b2804563407308c58c89d9e99c81769177e6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463373b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e080000007ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e3933ed07c2b8081c128ad2706f48261ff07000000000000613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59500000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
io_submit(r11, 0x1, &(0x7f0000001140)=[0x0])
bpf$PROG_LOAD(0x5, 0x0, 0x0)

625.179918ms ago: executing program 2 (id=4209):
socket$kcm(0x10, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000)
mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f00000005c0)='./bus\x00', 0x145842, 0x0)
pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x100000}], 0x2, 0x0, 0x0, 0xb)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x2)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x200004, 0x2, 0x1}})
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x0, [0x0, 0x10000]}})
r6 = openat$rdma_cm(0xffffff9c, &(0x7f0000000140), 0x2, 0x0)
r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
pwritev(r7, &(0x7f0000000240)=[{&(0x7f0000000140)="f9", 0x1}], 0x1, 0x3, 0xd4bd)
ioctl$VIDIOC_S_STD(r7, 0x40085618, &(0x7f00000001c0)=0x1700)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r6, &(0x7f0000000300)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0xc, 0x0, 0x0, 0x0, @in={0x2, 0x4e21, @private=0xa010100}, @in6={0xa, 0x4e21, 0x9, @mcast2, 0x2}}}, 0x118)
ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x800})
sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x100}, 0x1, 0x0, 0x0, 0x20000044}, 0x4000040)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c00000003060500005f820eaeb2d2bb9e06ce8bb6756f0000000000786433b180c410eaa695b762cbb4769782b4a22b63d520f78b8eb7f30ad886c97b4316bc6d12bb8ca25ada657bad18aa6258b843d063ad620b993f11f668e5f6ee3fb9eb8f61193b62a6607bb535af1511a7"], 0x1c}, 0x1, 0x0, 0x0, 0x24040800}, 0x8d0)

624.786456ms ago: executing program 5 (id=4210):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b000000", @ANYRES32=r3, @ANYBLOB="1f003300d0000000080211000001080211000000505050505050"], 0x3c}}, 0x10)

616.853837ms ago: executing program 1 (id=4211):
socket(0x10, 0x3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
iopl(0x3)
rt_sigsuspend(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000002c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xf, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_uring_setup(0x1de0, &(0x7f0000000440))
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000000)=0x7fffffff)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r4, 0x11c, 0x4, 0x0, &(0x7f00000000c0))
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={'\x00', 0x7ff, 0x200006, 0x2, 0x4964, 0x9})
ioctl$SG_BLKTRACETEARDOWN(r5, 0x1276, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x803, 0x2)

512.847661ms ago: executing program 5 (id=4212):
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2000007, 0x2172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000001000/0x4000)=nil)
pipe2$9p(&(0x7f0000000240), 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
epoll_create(0xdb9)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x3, 0x300, 0xc, 0x200, 0x300}})
syz_genetlink_get_family_id$nl802154(&(0x7f00000010c0), 0xffffffffffffffff)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="160000000000000061b1000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r5}, 0x0, &(0x7f0000000040)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000200)={r5, 0x0, &(0x7f0000001740)=""/4085}, 0x20)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r4, 0x0)
write$tun(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="000100000500ff0f14"], 0x3a)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x15, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, @void, @value}, 0x94)
r7 = openat$cgroup_root(0xffffff9c, &(0x7f0000000180)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r9 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r8, &(0x7f0000001700)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x1, 0x0, 0x14}, @ipv4=@generic={{0x6, 0x4, 0x2, 0x2, 0xfc0, 0x64, 0x0, 0xb, 0x88, 0x0, @private=0xa0100fe, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp_prespec={0x44, 0x4, 0x51}]}}, "3297e3ba0fa8a2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed03a977a3df4224895629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6a9a9885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88569ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f63148179fe2c2f6d40987b63a6e384e63027f03d8039d707522942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f1e41d59470decee7b0cc41ac49e4b75a9ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9cc5b72d0210e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b0c94594588c00e0fe911bbf1c12eb6c37ce05674a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cabffbe32e23659121fde8e4e346e0f595aaf3666a5f6f118c1a1128039502ac04c40b85eb4c54e6c95b8d1c2aac74ae9e1c355ccde9d54d5d833293f5df09224482179e5bcd8e227c9eaacb5793498be490de32baba49172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db95104a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19411e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d0143973286e87070754025c1a6fccfdc6858eaca8c35ecb19584ce7141cc79a5bc813469161b87a19fc21f3373d1f25b3427916dd1be2a589b70ea3b39fcc7801e13beaf19b76164faf3dc4ab8faa5648d24eddd6caceaa0d5ac9cad633c19a4a4d059ee823a49b7cf82c5777d376c111f58ea8fd473429907852301a2c856f27bd0c687ab5be0e2bbef64ddee1601375a4440e3f59d60f57caebfe457f82432523ec4a61cdbb7f1e91e4b05fda892df131c274b19929d26f7a5a6d3ca487983f729601ed9bb4bf5c1cc3d453d406e9534688dec6a2dd0b9db149365c125a95e129565e62cc91f7d960abe1055b730ae0994e7eb08392d5745d0e4f529c4defc3d3e43d0815b0cc63effa88d20c13b14e780c2f6c89a1ee5e4db45a5c272186cc3e51b13dab3add5f467e8ca0f4c45a1fc76db2f0cbf794102946aafcd8cd8a3e935a606b9721645c4d550ae0907f345593736506efc626498c974753d474a73626041d3a54f8fb50de2a6335611a3779da3a02daceb2256d9b102d4d30dd3cd389a04b1a7a6076879f36534bb3379debb46ed1fa2c40096c752017dd024345c58313b43070ff7bef94dc3cafbe6ec20d59e5ea3c196ba3b783bfa87384407efc664cd350c80ac397516018e35371956e414755cde304d2a228c1540ba6fd6a7402d11c666964f024da4c016eb556ba2c5fab86c60c12efb1496295d80f0383526e8e0fc55a287bbd3cb966a916f57958d8b6ef97aa0c4b47f7746bab6b99698c1c96b25c4e2e084147866fe0970b109dd26984adc0758eb6442712cc46dcd8ed3038b0595252eed1b8a46525862662d1e67eba66ac341f8d27853eed54854f488f079bd48df6ce7a4be8b1b61fd23a2dc4d3ade0992011539cc63f80fcfc75008c20cb639348cb218f8f476a6d56917f4ca07e67fc20ea2e9642eaf2182b397e279f5f6c70438fb8aa39cba788588c181461ea7efe1a0dd5b95eb26f7158b91012f7ce0ee1b4e79ce4da377bea4551738a0f491a84f19b3be9827b4469c299527aa9c20b8bf12f919976a0356bba720fb97800763c79bcbb10d89280f0f97cdd19aa0d54828b308195fac170613cf4b515e340a9ef2c97f618a9f50b30ae34ebeed9a38b4c6969680accc740b154ecb014fb5d543a59ccb98a7de2823a2dec39f331cb503eb74fef61262c6d4050bc723caee834eb28c64ce007f6027375e936b62387cf1778970e88b0574a0106d4c855be7425767c551b2fa644d9d8a59f787e7610581b768057d229673344571c3d6e3f10975b2859f568398b1f38f89524d9ad0c1588617c3883a1227b714c81cdf28da54f33968c1c50f28da01c308eb31d319b3e77f96bec001c9300000000000000009cc0062283ac112868592619db14d629c47bfb793a723dcd2f7b07ae4ec14ca3ef4b955ea5b2b153a279b080f6236d418075b86850974c8850efb306d5c304e726bf2643b4403e6d46b0e0395b02e93308b4b2c3e957308d497dc51c753344a7878f1f0c91295fd76e3d1cc9ef813161c6b92b7ea6068ceb97d8f45a4ce57af7d7632d699951f7fe3c71c3a32b014c74425c67e5030546b10cf7edcec2eca5ba31dc62c08f83f35bc2e36b93f15f071bc2537ebe9ca19f86dce4e84272e10323d0ceaa2cc47fe4f6ad101d454c761f9863e94af91199ce5f12469bca7ba39314b84aa7efa4bdc18f7700c19511d48d6132450111d70401a8ac73565d5386ca12345e884d08b23f9c901000a95eb4167865e58c28b112f47c96beeaa6657c923e25e56529107c5c30e65bb485d5ed21b91332db4e09df7e59dcfa05c994570deb3f9b838e22ae4abbf9a9a8c319cc9112c8dba7c2278f78b9578b0254c46a4c04b8fa4fedad6bd275f70b1618971ef6503379bfb0a508c9944328af2c820091a89e3f75e68e7f980ddc9154d273f7f2ce7a6294aefe93136860786679b80e41f6636ff45efeacfb52e2ba2bd9bd9c9030079a46caca5c4b340c17d01ba8ecbc5c561b2038481a8321c009d12136a3ad5461881d998eeaac5236fdcd8f81fb5e53848bb096d9198fd0d38830d1809f2a632b31e2b67754140c907ed58aead048b2d8af9a1c407e48db815212cfdcca97222dabdfe01f311a73e1e82c3e189ec5add48d3f8190eb9e14b58e540f7f1388a7c687629eadb19fd8a133dc8177629270ecaabff79efb6c1f750d89b9e6c5f34c6238066f8e3e425e46a27b3c0d2e9e2ed3cffe2a6f39b8e0137ea5de689b94107fb4748a5feb3902f0feba64dae4c2e69bc8d86463575c6b0ef4a8a64fef41121e57a8c67eda07e9fc8f98299677de198ea0a649ef3c00591940b2c27ba1414aaa1633deb52e3a44cfa8d7a00d014317c026a7d7f42a34b97128e1bf9cda4d8315819ac73ed5061bf9b5631d07b09b85b78ff1b6eb86e9e8c4faa0f991cd6fa0b0eb71b39c20ca9bc7c156f3bd255a5b408df172396bafd7f0fb11c6eaf1eb0a06576d37bee00424bf699584b1dfed68f0d8d8a35f0427c783fe2d79b4373628971e87501a5e4bb05b5058d0b2132741f26e76065b6f4017d963c8ee5605c4c5b6eebb96fca0a41893cb6add3fb0d728abeb860f22cedbd36e464bdaf124a7041460f7af3d64b54e9ffd240b5afad9baf6e5dd8406bc1b205da5848f51fc9dd5197716e144e1b0386614bd3cfd5ddb80ada1e5ca74c8960093a553b1f6288aa7f53663cdd867f658e51b95772dc7a6fa45fa03e14988a33250e6c16fbf0351769080d64ddfbdbf77e1215563bf2e82ecc38a682846d7e2e2ac4e87d715f97f15e84c3df04affee49612a735907d3c4d310a54a6f60"}}, 0xfce)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x30, 0x0, @val=@iter={&(0x7f0000000340)=@cgroup={0x3, r7, 0xf}, 0x10}}, 0x18)
ioctl$NBD_DO_IT(r3, 0xab03)
setsockopt$inet_int(r2, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB="2a000032f489766f075100670000000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES64=0x0], 0x20)
syz_emit_ethernet(0xbe, &(0x7f0000000280)=ANY=[@ANYBLOB="ffffffffffff0180c20000010800450000b00000000000019078ac1e0001ac1400aa0300907803270000450000000000000000010000ac1414aaffffffff867100000000000ce256b28c5988160031520009020007651442eb050e7434954373561de5840203c80009e706d30bd224f80007cfa11cab1a02108475be675de6a70a05a0dc91e5c6000a6580a5e907020086001273bc00000000000000000000000000f6000cc8f46976e79e56c7a95e860c0000000006067f36c525000000"], 0x0)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000001100)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x4004800)

303.469525ms ago: executing program 5 (id=4213):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000))
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f000060c000/0x4000)=nil, 0x4000, 0x16)
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f00001b8000/0x2000)=nil, &(0x7f000064f000/0x2000)=nil, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x59})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)}}], 0x1, 0x4000)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x0, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r5)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
r7 = syz_open_dev$hidraw(&(0x7f0000002300), 0x1, 0x14a042)
ioctl$HIDIOCGRDESC(r7, 0x40305829, &(0x7f0000000000)={0xd, "7154bbc8aae250bd23544617d5"})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000300)={0x0, 0x0, r8, <r9=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000600)={r9, 0x0, 0x5, 0x4000000, 0x2, [], [0xbc2], [0x805, 0x1001000, 0x0, 0x3], [0x0, 0x1, 0xe8a6]})
ioctl$DRM_IOCTL_MODE_ADDFB(r4, 0xc01c64ae, &(0x7f0000000040)={r9, 0x7, 0x6, 0x4, 0x3, 0x8, 0x4})

0s ago: executing program 5 (id=4214):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100, r2}, 0x14)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
syz_open_dev$midi(&(0x7f00000000c0), 0x2, 0x2c40)
r3 = syz_io_uring_setup(0x7f18, &(0x7f0000000200)={0x0, 0x84f7, 0x10100, 0x1}, &(0x7f0000002000)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r3, 0x48e9, 0x0, 0x2, 0x0, 0x0)
ioctl$KVM_SET_CLOCK(r0, 0x4188aec6, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x20000000000000, 0x4})
r6 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r6, 0x4610, &(0x7f0000000180)={0x1})
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2b, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x101, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback={0x100000000000000}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd"]}]}, 0x114}], 0x1}, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r6, 0x4610, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
quotactl$Q_SYNC(0xd4f0e92bb52efa8b, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000024000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000280)="66b9800000c00f326635010000000f3064660f38828e4258660f08676ac744240012e93bf96766c744240201000000f20f78ecf5543e660f3829544e66b9800000c00f326635002000000f300f01df66b80500000066b900200000a90a000f01c40f019c09000f01c2", 0x69}], 0x1, 0x1c, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
r8 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r8, &(0x7f0000000000)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e20, @empty}}, 0x24)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(r8, 0x110, 0x4, &(0x7f0000000080)=0x1, 0x4)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r0, 0x4068aea3, &(0x7f0000000100)={0xbc, 0x0, 0x4})
r9 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_int(r9, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmmsg(r9, &(0x7f0000000340)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0x80000000, @empty, 0x71b1, 0x3}, 0x80, 0x0}, 0x5b4}], 0x1, 0x0)
syz_emit_ethernet(0xb2, &(0x7f00000006c0)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb0800450000a400000000000110780a010102ac1414aa040090780100000042000000000000000011000000000000ac1e000144040001443c0001e0000001000000000000000000000000ac1414000000000000000002000000000000000000000000ac1e000100080000ac14140000000000830fede0000001ac14140aac1414aa4424a5500000001a000000810000000403000000000000000000adb200000003fffffff800c694a0c41f8decf13920c383f15a0ca9ce2097d2df333c316ef913802f7358ddc6d9387c275b494bf6a0360a283d1f63ab40245beaa11052c606af5a81962330b083f8784aa86d49119916a83c4c91ab396c524ecbecec180c75d14e913d746d398c5f2872cbddf7f4ab34dfe93c40eff9436bb8cd3757c571a67ca87353f694b11f70d9591b67c0ce7d7d0e56c7d4e7b2abca534b35c1f5d7f33ea454a395fd8ef8905f705cf5e68332d41f44198dd4260bfdfbdb6bae8b7f7c7926a5d56fc8ddf7a4ba18da18b5a9f389b561bd102e031c932fc9f49a92fa116e3278b26d67d239e060758886e05098a50860a0844cfeae0beda6ba6ff2a3571ec87ca6326dc74ba14b7eb420b914c48a0d61dbe509cf5309975fdcd2292e0d5fe8e0e90c76aae947b9bae48fd183e183e8ba26caf778d4147784791c77ecc12ec4bfc256e60e85586b9fc95fb6237c2ec5b9777418379cd860ec90d15e68c1431890b0a9d25f627eac3d51a844027c890b85cd64c6f99d55e2ad56eac11715e2549ccac304dee2ab8a9b937c536391a444b9aa4b3dbcd148c81d973124562628dd7ae74ad77924b6c76c0e809adc8eac9151683095d845e1612b6599eccf46189c3508924241886573c6e397febfd4cc80d04a3b0d6b42f85df580dee951b218e1b0130736be799860cbc5a44fe51094a1fd"], 0x0)

kernel console output (not intermixed with test programs):

xd7/0x110
[  761.923322][T19545]  genl_rcv_msg+0x55c/0x800
[  761.923351][T19545]  ? __pfx_genl_rcv_msg+0x10/0x10
[  761.923377][T19545]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  761.923406][T19545]  ? __lock_acquire+0x622/0x1c90
[  761.923434][T19545]  netlink_rcv_skb+0x155/0x420
[  761.923456][T19545]  ? __pfx_genl_rcv_msg+0x10/0x10
[  761.923482][T19545]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  761.923516][T19545]  ? netlink_deliver_tap+0x1ae/0xd30
[  761.923535][T19545]  ? is_vmalloc_addr+0x86/0xa0
[  761.923566][T19545]  genl_rcv+0x28/0x40
[  761.923598][T19545]  netlink_unicast+0x53a/0x7f0
[  761.923624][T19545]  ? __pfx_netlink_unicast+0x10/0x10
[  761.923657][T19545]  netlink_sendmsg+0x8d1/0xdd0
[  761.923687][T19545]  ? __pfx_netlink_sendmsg+0x10/0x10
[  761.923713][T19545]  ? __import_iovec+0x1dd/0x650
[  761.923752][T19545]  ____sys_sendmsg+0xa95/0xc70
[  761.923777][T19545]  ? __pfx_____sys_sendmsg+0x10/0x10
[  761.923797][T19545]  ? get_compat_msghdr+0x11a/0x170
[  761.923822][T19545]  ? __pfx_futex_wake_mark+0x10/0x10
[  761.923853][T19545]  ___sys_sendmsg+0x134/0x1d0
[  761.923881][T19545]  ? __pfx____sys_sendmsg+0x10/0x10
[  761.923924][T19545]  ? find_held_lock+0x2b/0x80
[  761.923981][T19545]  __sys_sendmsg+0x16d/0x220
[  761.924012][T19545]  ? __pfx___sys_sendmsg+0x10/0x10
[  761.924042][T19545]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  761.924081][T19545]  ? rcu_is_watching+0x12/0xc0
[  761.924103][T19545]  __do_fast_syscall_32+0x7c/0x3a0
[  761.924134][T19545]  do_fast_syscall_32+0x32/0x80
[  761.924160][T19545]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  761.924184][T19545] RIP: 0023:0xf7ff2579
[  761.924202][T19545] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  761.924220][T19545] RSP: 002b:00000000f50f555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  761.924239][T19545] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000040
[  761.924251][T19545] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  761.924277][T19545] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  761.924290][T19545] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  761.924302][T19545] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  761.924329][T19545]  </TASK>
[  762.597969][T19559] blktrace: Concurrent blktraces are not allowed on sg0
[  763.188736][T19564] netlink: 592 bytes leftover after parsing attributes in process `syz.2.3723'.
[  763.459124][T19573] netlink: 'syz.4.3725': attribute type 1 has an invalid length.
[  763.459137][T19573] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3725'.
[  763.905075][T19580] netlink: 180 bytes leftover after parsing attributes in process `syz.4.3728'.
[  764.535937][T19592] syzkaller0: entered promiscuous mode
[  764.538320][T19592] syzkaller0: entered allmulticast mode
[  764.548481][T19592] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  764.551757][T19591] tipc: Resetting bearer <eth:syzkaller0>
[  764.563932][T19591] tipc: Disabling bearer <eth:syzkaller0>
[  764.608113][ T1137] Bluetooth: hci1: Frame reassembly failed (-84)
[  765.255537][T19601] block nbd4: shutting down sockets
[  765.792319][T19607] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3735'.
[  765.853042][T19610] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3736'.
[  765.857301][T19610] afs: Bad value for 'source'
[  766.124466][T19613] netlink: 180 bytes leftover after parsing attributes in process `syz.2.3737'.
[  766.536847][T19616] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌ'
[  766.539436][T19616] CPU: 0 UID: 0 PID: 19616 Comm: syz.2.3738 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  766.539452][T19616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  766.539460][T19616] Call Trace:
[  766.539465][T19616]  <TASK>
[  766.539470][T19616]  dump_stack_lvl+0x16c/0x1f0
[  766.539492][T19616]  sysfs_warn_dup+0x7f/0xa0
[  766.539509][T19616]  sysfs_do_create_link_sd+0x124/0x140
[  766.539528][T19616]  sysfs_create_link+0x61/0xc0
[  766.539544][T19616]  device_add+0x62c/0x1a70
[  766.539559][T19616]  ? __pfx_device_add+0x10/0x10
[  766.539570][T19616]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  766.539588][T19616]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  766.539610][T19616]  wiphy_register+0x1c9c/0x2850
[  766.539623][T19616]  ? netdev_run_todo+0x864/0x1320
[  766.539641][T19616]  ? __pfx_wiphy_register+0x10/0x10
[  766.539658][T19616]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  766.539672][T19616]  ieee80211_register_hw+0x24ac/0x4140
[  766.539690][T19616]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  766.539704][T19616]  ? find_held_lock+0x2b/0x80
[  766.539716][T19616]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  766.539732][T19616]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  766.539745][T19616]  ? __hrtimer_setup+0x176/0x280
[  766.539763][T19616]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  766.539786][T19616]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  766.539804][T19616]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  766.539822][T19616]  ? __asan_memcpy+0x3c/0x60
[  766.539839][T19616]  hwsim_new_radio_nl+0xb51/0x12c0
[  766.539856][T19616]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  766.539876][T19616]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  766.539891][T19616]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  766.539909][T19616]  genl_family_rcv_msg_doit+0x206/0x2f0
[  766.539924][T19616]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  766.539938][T19616]  ? trace_cap_capable+0x18d/0x200
[  766.539953][T19616]  ? bpf_lsm_capable+0x9/0x10
[  766.539966][T19616]  ? security_capable+0x7e/0x260
[  766.539985][T19616]  ? ns_capable+0xd7/0x110
[  766.539997][T19616]  genl_rcv_msg+0x55c/0x800
[  766.540012][T19616]  ? __pfx_genl_rcv_msg+0x10/0x10
[  766.540026][T19616]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  766.540044][T19616]  ? __lock_acquire+0x622/0x1c90
[  766.540060][T19616]  netlink_rcv_skb+0x155/0x420
[  766.540072][T19616]  ? __pfx_genl_rcv_msg+0x10/0x10
[  766.540086][T19616]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  766.540104][T19616]  ? netlink_deliver_tap+0x1ae/0xd30
[  766.540115][T19616]  ? is_vmalloc_addr+0x86/0xa0
[  766.540133][T19616]  genl_rcv+0x28/0x40
[  766.540145][T19616]  netlink_unicast+0x53a/0x7f0
[  766.540159][T19616]  ? __pfx_netlink_unicast+0x10/0x10
[  766.540175][T19616]  netlink_sendmsg+0x8d1/0xdd0
[  766.540189][T19616]  ? __pfx_netlink_sendmsg+0x10/0x10
[  766.540202][T19616]  ? __import_iovec+0x1dd/0x650
[  766.540223][T19616]  ____sys_sendmsg+0xa95/0xc70
[  766.540238][T19616]  ? __pfx_____sys_sendmsg+0x10/0x10
[  766.540250][T19616]  ? get_compat_msghdr+0x11a/0x170
[  766.540263][T19616]  ? __pfx_futex_wake_mark+0x10/0x10
[  766.540289][T19616]  ___sys_sendmsg+0x134/0x1d0
[  766.540308][T19616]  ? __pfx____sys_sendmsg+0x10/0x10
[  766.540332][T19616]  ? find_held_lock+0x2b/0x80
[  766.540379][T19616]  __sys_sendmsg+0x16d/0x220
[  766.540399][T19616]  ? __pfx___sys_sendmsg+0x10/0x10
[  766.540416][T19616]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  766.540438][T19616]  ? rcu_is_watching+0x12/0xc0
[  766.540452][T19616]  __do_fast_syscall_32+0x7c/0x3a0
[  766.540472][T19616]  do_fast_syscall_32+0x32/0x80
[  766.540491][T19616]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  766.540505][T19616] RIP: 0023:0xf704e579
[  766.540514][T19616] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  766.540525][T19616] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  766.540536][T19616] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000040
[  766.540543][T19616] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  766.540549][T19616] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  766.540555][T19616] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  766.540562][T19616] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  766.540575][T19616]  </TASK>
[  766.683024][T15022] Bluetooth: hci1: command 0x1003 tx timeout
[  766.683540][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  766.715084][ T1142] Bluetooth: hci5: Frame reassembly failed (-84)
[  767.231919][ T1137] bridge_slave_1: left allmulticast mode
[  767.234639][ T1137] bridge_slave_1: left promiscuous mode
[  767.237184][ T1137] bridge0: port 2(bridge_slave_1) entered disabled state
[  767.440583][ T1137] bridge_slave_0: left allmulticast mode
[  767.442529][ T1137] bridge_slave_0: left promiscuous mode
[  767.451331][ T1137] bridge0: port 1(bridge_slave_0) entered disabled state
[  767.927833][ T1137] bond1 (unregistering): (slave gretap1): Releasing active interface
[  768.144105][T19642] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3744'.
[  768.289545][ T1137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  768.295618][ T1137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  768.301621][ T1137] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  768.305812][ T1137] bond0 (unregistering): Released all slaves
[  768.559285][ T1137] bond1 (unregistering): Released all slaves
[  768.656459][ T1137] tipc: Left network mode
[  768.724775][ T5946] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  769.012498][T19659] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3748'.
[  769.031332][T19659] afs: Bad value for 'source'
[  769.062590][ T1137] hsr_slave_0: left promiscuous mode
[  769.067266][ T1137] hsr_slave_1: left promiscuous mode
[  769.069506][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  769.071973][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_0
[  769.075125][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  769.077564][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_1
[  769.137391][ T1137] veth1_macvtap: left promiscuous mode
[  769.139244][ T1137] veth0_macvtap: left promiscuous mode
[  769.141164][ T1137] veth1_vlan: left promiscuous mode
[  769.145855][ T1137] veth0_vlan: left promiscuous mode
[  769.212954][ T1137] pimreg (unregistering): left allmulticast mode
[  769.229746][ T1137] pimreg3 (unregistering): left allmulticast mode
[  770.410848][ T1137] team0 (unregistering): Port device team_slave_1 removed
[  770.538683][ T1137] team0 (unregistering): Port device team_slave_0 removed
[  771.293285][T17847] smc: removing ib device s
z1
[  771.299326][  T836] lo speed is unknown, defaulting to 1000
[  771.301672][  T836] s
z1: Port: 1 Link DOWN
[  771.340721][T19681] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌ'
[  771.347001][T19681] CPU: 1 UID: 0 PID: 19681 Comm: syz.4.3754 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  771.347028][T19681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  771.347039][T19681] Call Trace:
[  771.347047][T19681]  <TASK>
[  771.347056][T19681]  dump_stack_lvl+0x16c/0x1f0
[  771.347089][T19681]  sysfs_warn_dup+0x7f/0xa0
[  771.347114][T19681]  sysfs_do_create_link_sd+0x124/0x140
[  771.347142][T19681]  sysfs_create_link+0x61/0xc0
[  771.347168][T19681]  device_add+0x62c/0x1a70
[  771.347192][T19681]  ? __pfx_device_add+0x10/0x10
[  771.347217][T19681]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  771.347249][T19681]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  771.347284][T19681]  wiphy_register+0x1c9c/0x2850
[  771.347304][T19681]  ? netdev_run_todo+0x864/0x1320
[  771.347331][T19681]  ? __pfx_wiphy_register+0x10/0x10
[  771.347362][T19681]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  771.347386][T19681]  ieee80211_register_hw+0x24ac/0x4140
[  771.347417][T19681]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  771.347443][T19681]  ? find_held_lock+0x2b/0x80
[  771.347463][T19681]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  771.347491][T19681]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  771.347513][T19681]  ? __hrtimer_setup+0x176/0x280
[  771.347543][T19681]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  771.347583][T19681]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  771.347614][T19681]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  771.347641][T19681]  ? __asan_memcpy+0x3c/0x60
[  771.347669][T19681]  hwsim_new_radio_nl+0xb51/0x12c0
[  771.347696][T19681]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  771.347729][T19681]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  771.347753][T19681]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  771.347783][T19681]  genl_family_rcv_msg_doit+0x206/0x2f0
[  771.347807][T19681]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  771.347831][T19681]  ? trace_cap_capable+0x18d/0x200
[  771.347856][T19681]  ? bpf_lsm_capable+0x9/0x10
[  771.347878][T19681]  ? security_capable+0x7e/0x260
[  771.347905][T19681]  ? ns_capable+0xd7/0x110
[  771.347926][T19681]  genl_rcv_msg+0x55c/0x800
[  771.347951][T19681]  ? __pfx_genl_rcv_msg+0x10/0x10
[  771.347973][T19681]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  771.348001][T19681]  ? __lock_acquire+0x622/0x1c90
[  771.348026][T19681]  netlink_rcv_skb+0x155/0x420
[  771.348046][T19681]  ? __pfx_genl_rcv_msg+0x10/0x10
[  771.348066][T19681]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  771.348097][T19681]  ? netlink_deliver_tap+0x1ae/0xd30
[  771.348116][T19681]  ? is_vmalloc_addr+0x86/0xa0
[  771.348145][T19681]  genl_rcv+0x28/0x40
[  771.348164][T19681]  netlink_unicast+0x53a/0x7f0
[  771.348186][T19681]  ? __pfx_netlink_unicast+0x10/0x10
[  771.348222][T19681]  netlink_sendmsg+0x8d1/0xdd0
[  771.348252][T19681]  ? __pfx_netlink_sendmsg+0x10/0x10
[  771.348277][T19681]  ? __import_iovec+0x1dd/0x650
[  771.348316][T19681]  ____sys_sendmsg+0xa95/0xc70
[  771.348342][T19681]  ? __pfx_____sys_sendmsg+0x10/0x10
[  771.348364][T19681]  ? get_compat_msghdr+0x11a/0x170
[  771.348387][T19681]  ? try_to_wake_up+0xa2f/0x1680
[  771.348413][T19681]  ___sys_sendmsg+0x134/0x1d0
[  771.348445][T19681]  ? __pfx____sys_sendmsg+0x10/0x10
[  771.348487][T19681]  ? find_held_lock+0x2b/0x80
[  771.348523][T19681]  __sys_sendmsg+0x16d/0x220
[  771.348552][T19681]  ? __pfx___sys_sendmsg+0x10/0x10
[  771.348579][T19681]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  771.348616][T19681]  ? rcu_is_watching+0x12/0xc0
[  771.348638][T19681]  __do_fast_syscall_32+0x7c/0x3a0
[  771.348669][T19681]  do_fast_syscall_32+0x32/0x80
[  771.348699][T19681]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  771.348722][T19681] RIP: 0023:0xf704e579
[  771.348738][T19681] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  771.348754][T19681] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  771.348773][T19681] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000040
[  771.348786][T19681] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  771.348798][T19681] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  771.348809][T19681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  771.348820][T19681] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  771.348844][T19681]  </TASK>
[  771.661673][T19690] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3757'.
[  771.842888][T19686] netlink: 'syz.2.3756': attribute type 1 has an invalid length.
[  771.847735][T19686] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3756'.
[  772.569629][ T1137] IPVS: stop unused estimator thread 0...
[  773.086238][T19716] block nbd4: shutting down sockets
[  773.383911][T19722] QAT: Device 7 not found
[  773.709843][T19728] netlink: 180 bytes leftover after parsing attributes in process `syz.5.3768'.
[  773.876382][T19733] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3770'.
[  773.953104][T19735] netlink: 'syz.5.3769': attribute type 1 has an invalid length.
[  773.953407][T19735] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3769'.
[  774.686373][T19751] netlink: 'syz.2.3773': attribute type 303 has an invalid length.
[  775.438060][   T74] Bluetooth: hci1: Frame reassembly failed (-84)
[  775.476661][T19772] block nbd4: shutting down sockets
[  777.170727][T19790] netlink: 'syz.2.3783': attribute type 1 has an invalid length.
[  777.170740][T19790] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3783'.
[  777.444320][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  778.533178][T19815] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3788'.
[  779.255507][T19828] block nbd1: shutting down sockets
[  779.310697][T19827] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌ'
[  779.314840][T19827] CPU: 0 UID: 0 PID: 19827 Comm: syz.2.3789 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  779.314868][T19827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  779.314879][T19827] Call Trace:
[  779.314887][T19827]  <TASK>
[  779.314896][T19827]  dump_stack_lvl+0x16c/0x1f0
[  779.314928][T19827]  sysfs_warn_dup+0x7f/0xa0
[  779.314952][T19827]  sysfs_do_create_link_sd+0x124/0x140
[  779.314981][T19827]  sysfs_create_link+0x61/0xc0
[  779.315006][T19827]  device_add+0x62c/0x1a70
[  779.315028][T19827]  ? __pfx_device_add+0x10/0x10
[  779.315047][T19827]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  779.315077][T19827]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  779.315114][T19827]  wiphy_register+0x1c9c/0x2850
[  779.315135][T19827]  ? netdev_run_todo+0x864/0x1320
[  779.315165][T19827]  ? __pfx_wiphy_register+0x10/0x10
[  779.315204][T19827]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  779.315229][T19827]  ieee80211_register_hw+0x24ac/0x4140
[  779.315262][T19827]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  779.315287][T19827]  ? find_held_lock+0x2b/0x80
[  779.315306][T19827]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  779.315335][T19827]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  779.315355][T19827]  ? __hrtimer_setup+0x176/0x280
[  779.315386][T19827]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  779.315429][T19827]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  779.315477][T19827]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  779.315508][T19827]  ? __asan_memcpy+0x3c/0x60
[  779.315537][T19827]  hwsim_new_radio_nl+0xb51/0x12c0
[  779.315568][T19827]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  779.315605][T19827]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  779.315631][T19827]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  779.315662][T19827]  genl_family_rcv_msg_doit+0x206/0x2f0
[  779.315688][T19827]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  779.315714][T19827]  ? trace_cap_capable+0x18d/0x200
[  779.315742][T19827]  ? bpf_lsm_capable+0x9/0x10
[  779.315764][T19827]  ? security_capable+0x7e/0x260
[  779.315795][T19827]  ? ns_capable+0xd7/0x110
[  779.315817][T19827]  genl_rcv_msg+0x55c/0x800
[  779.315846][T19827]  ? __pfx_genl_rcv_msg+0x10/0x10
[  779.315870][T19827]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  779.315901][T19827]  ? __lock_acquire+0x622/0x1c90
[  779.315929][T19827]  netlink_rcv_skb+0x155/0x420
[  779.315950][T19827]  ? __pfx_genl_rcv_msg+0x10/0x10
[  779.315976][T19827]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  779.316008][T19827]  ? netlink_deliver_tap+0x1ae/0xd30
[  779.316027][T19827]  ? is_vmalloc_addr+0x86/0xa0
[  779.316058][T19827]  genl_rcv+0x28/0x40
[  779.316078][T19827]  netlink_unicast+0x53a/0x7f0
[  779.316103][T19827]  ? __pfx_netlink_unicast+0x10/0x10
[  779.316132][T19827]  netlink_sendmsg+0x8d1/0xdd0
[  779.316156][T19827]  ? __pfx_netlink_sendmsg+0x10/0x10
[  779.316187][T19827]  ? __import_iovec+0x1dd/0x650
[  779.316224][T19827]  ____sys_sendmsg+0xa95/0xc70
[  779.316252][T19827]  ? __pfx_____sys_sendmsg+0x10/0x10
[  779.316272][T19827]  ? get_compat_msghdr+0x11a/0x170
[  779.316295][T19827]  ? __pfx_futex_wake_mark+0x10/0x10
[  779.316326][T19827]  ___sys_sendmsg+0x134/0x1d0
[  779.316354][T19827]  ? __pfx____sys_sendmsg+0x10/0x10
[  779.316394][T19827]  ? find_held_lock+0x2b/0x80
[  779.316429][T19827]  __sys_sendmsg+0x16d/0x220
[  779.316456][T19827]  ? __pfx___sys_sendmsg+0x10/0x10
[  779.316484][T19827]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  779.316518][T19827]  ? rcu_is_watching+0x12/0xc0
[  779.316542][T19827]  __do_fast_syscall_32+0x7c/0x3a0
[  779.316575][T19827]  do_fast_syscall_32+0x32/0x80
[  779.316602][T19827]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  779.316624][T19827] RIP: 0023:0xf704e579
[  779.316640][T19827] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  779.316656][T19827] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  779.316677][T19827] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000040
[  779.316689][T19827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  779.316702][T19827] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  779.316714][T19827] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  779.316724][T19827] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  779.316750][T19827]  </TASK>
[  780.182756][   T40] kauditd_printk_skb: 110 callbacks suppressed
[  780.182767][   T40] audit: type=1326 audit(2000000592.449:61891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.4.3795" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  780.195315][T19846] xt_TCPMSS: Only works on TCP SYN packets
[  780.196021][   T40] audit: type=1326 audit(2000000592.459:61892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.4.3795" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  780.214155][   T40] audit: type=1326 audit(2000000592.459:61893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.4.3795" exe="/syz-executor" sig=0 arch=40000003 syscall=162 compat=1 ip=0xf704e579 code=0x7ffc0000
[  780.221238][   T40] audit: type=1326 audit(2000000592.459:61894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.4.3795" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  780.231427][   T40] audit: type=1326 audit(2000000592.469:61895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.4.3795" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  780.239530][   T40] audit: type=1326 audit(2000000592.469:61896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.4.3795" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf704e579 code=0x7ffc0000
[  780.246278][   T40] audit: type=1326 audit(2000000592.469:61897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.4.3795" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  780.252871][   T40] audit: type=1326 audit(2000000592.469:61898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.4.3795" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  780.261698][   T40] audit: type=1326 audit(2000000592.469:61899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.4.3795" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf704e579 code=0x7ffc0000
[  780.271873][   T40] audit: type=1326 audit(2000000592.469:61900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.4.3795" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  781.219800][T19865] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3796'.
[  781.222710][T19865] netlink: 'syz.4.3796': attribute type 5 has an invalid length.
[  781.225371][T19865] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3796'.
[  781.259096][T19858] block nbd2: shutting down sockets
[  782.632097][T19890] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3805'.
[  782.886663][T19892] block nbd1: shutting down sockets
[  782.941324][   T74] Bluetooth: hci1: Frame reassembly failed (-84)
[  784.001909][T19908] block nbd1: shutting down sockets
[  784.249534][T19910] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌ'
[  784.252070][T19910] CPU: 1 UID: 0 PID: 19910 Comm: syz.5.3809 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  784.252085][T19910] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  784.252092][T19910] Call Trace:
[  784.252097][T19910]  <TASK>
[  784.252102][T19910]  dump_stack_lvl+0x16c/0x1f0
[  784.252123][T19910]  sysfs_warn_dup+0x7f/0xa0
[  784.252139][T19910]  sysfs_do_create_link_sd+0x124/0x140
[  784.252156][T19910]  sysfs_create_link+0x61/0xc0
[  784.252171][T19910]  device_add+0x62c/0x1a70
[  784.252186][T19910]  ? __pfx_device_add+0x10/0x10
[  784.252196][T19910]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  784.252214][T19910]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  784.252236][T19910]  wiphy_register+0x1c9c/0x2850
[  784.252249][T19910]  ? netdev_run_todo+0x864/0x1320
[  784.252265][T19910]  ? __pfx_wiphy_register+0x10/0x10
[  784.252282][T19910]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  784.252296][T19910]  ieee80211_register_hw+0x24ac/0x4140
[  784.252314][T19910]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  784.252329][T19910]  ? find_held_lock+0x2b/0x80
[  784.252340][T19910]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  784.252362][T19910]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  784.252375][T19910]  ? __hrtimer_setup+0x176/0x280
[  784.252392][T19910]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  784.252416][T19910]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  784.252436][T19910]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  784.252455][T19910]  ? __asan_memcpy+0x3c/0x60
[  784.252471][T19910]  hwsim_new_radio_nl+0xb51/0x12c0
[  784.252488][T19910]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  784.252509][T19910]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  784.252524][T19910]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  784.252542][T19910]  genl_family_rcv_msg_doit+0x206/0x2f0
[  784.252557][T19910]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  784.252571][T19910]  ? trace_cap_capable+0x18d/0x200
[  784.252586][T19910]  ? bpf_lsm_capable+0x9/0x10
[  784.252600][T19910]  ? security_capable+0x7e/0x260
[  784.252617][T19910]  ? ns_capable+0xd7/0x110
[  784.252630][T19910]  genl_rcv_msg+0x55c/0x800
[  784.252646][T19910]  ? __pfx_genl_rcv_msg+0x10/0x10
[  784.252660][T19910]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  784.252677][T19910]  ? __lock_acquire+0x622/0x1c90
[  784.252694][T19910]  netlink_rcv_skb+0x155/0x420
[  784.252706][T19910]  ? __pfx_genl_rcv_msg+0x10/0x10
[  784.252721][T19910]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  784.252739][T19910]  ? netlink_deliver_tap+0x1ae/0xd30
[  784.252750][T19910]  ? is_vmalloc_addr+0x86/0xa0
[  784.252767][T19910]  genl_rcv+0x28/0x40
[  784.252779][T19910]  netlink_unicast+0x53a/0x7f0
[  784.252793][T19910]  ? __pfx_netlink_unicast+0x10/0x10
[  784.252809][T19910]  netlink_sendmsg+0x8d1/0xdd0
[  784.252824][T19910]  ? __pfx_netlink_sendmsg+0x10/0x10
[  784.252837][T19910]  ? __import_iovec+0x1dd/0x650
[  784.252859][T19910]  ____sys_sendmsg+0xa95/0xc70
[  784.252873][T19910]  ? __pfx_____sys_sendmsg+0x10/0x10
[  784.252885][T19910]  ? get_compat_msghdr+0x11a/0x170
[  784.252898][T19910]  ? try_to_wake_up+0xa2f/0x1680
[  784.252912][T19910]  ___sys_sendmsg+0x134/0x1d0
[  784.252955][T19910]  ? __pfx____sys_sendmsg+0x10/0x10
[  784.252982][T19910]  ? find_held_lock+0x2b/0x80
[  784.253003][T19910]  __sys_sendmsg+0x16d/0x220
[  784.253021][T19910]  ? __pfx___sys_sendmsg+0x10/0x10
[  784.253038][T19910]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  784.253059][T19910]  ? rcu_is_watching+0x12/0xc0
[  784.253072][T19910]  __do_fast_syscall_32+0x7c/0x3a0
[  784.253092][T19910]  do_fast_syscall_32+0x32/0x80
[  784.253109][T19910]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  784.253123][T19910] RIP: 0023:0xf7ff2579
[  784.253133][T19910] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  784.253144][T19910] RSP: 002b:00000000f50d455c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  784.253155][T19910] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000040
[  784.253162][T19910] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  784.253169][T19910] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  784.253175][T19910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  784.253182][T19910] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  784.253196][T19910]  </TASK>
[  784.585470][T19915] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3808'.
[  784.588406][T19915] netlink: 'syz.2.3808': attribute type 5 has an invalid length.
[  784.591070][T19915] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3808'.
[  784.695181][T19918] bpf: Bad value for 'gid'
[  784.697428][T19918] fuse: Bad value for 'fd'
[  784.974221][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  785.042817][T19927] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3813'.
[  785.045886][T19927] netlink: 'syz.1.3813': attribute type 5 has an invalid length.
[  785.048302][T19927] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3813'.
[  785.394693][ T1331] usb 10-1: new high-speed USB device number 20 using dummy_hcd
[  785.423406][T19945] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3818'.
[  785.544844][ T1331] usb 10-1: Using ep0 maxpacket: 32
[  785.555084][ T1331] usb 10-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  785.558138][ T1331] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  785.562009][ T1331] usb 10-1: config 0 descriptor??
[  785.571538][ T1331] as10x_usb: device has been detected
[  785.573572][ T1331] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  785.589287][ T1331] usb 10-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  785.608209][ T1331] as10x_usb: error during firmware upload part1
[  785.610709][ T1331] Registered device nBox DVB-T Dongle
[  785.775898][ T5976] usb 10-1: USB disconnect, device number 20
[  785.798380][ T5976] Unregistered device nBox DVB-T Dongle
[  785.800098][ T5976] as10x_usb: device has been disconnected
[  785.821795][T19948] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌ'
[  785.825810][T19948] CPU: 2 UID: 0 PID: 19948 Comm: syz.4.3819 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  785.825828][T19948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  785.825835][T19948] Call Trace:
[  785.825840][T19948]  <TASK>
[  785.825846][T19948]  dump_stack_lvl+0x16c/0x1f0
[  785.825872][T19948]  sysfs_warn_dup+0x7f/0xa0
[  785.825904][T19948]  sysfs_do_create_link_sd+0x124/0x140
[  785.825922][T19948]  sysfs_create_link+0x61/0xc0
[  785.825938][T19948]  device_add+0x62c/0x1a70
[  785.825953][T19948]  ? __pfx_device_add+0x10/0x10
[  785.825964][T19948]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  785.825982][T19948]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  785.826002][T19948]  wiphy_register+0x1c9c/0x2850
[  785.826015][T19948]  ? netdev_run_todo+0x864/0x1320
[  785.826031][T19948]  ? __pfx_wiphy_register+0x10/0x10
[  785.826052][T19948]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  785.826073][T19948]  ieee80211_register_hw+0x24ac/0x4140
[  785.826096][T19948]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  785.826111][T19948]  ? find_held_lock+0x2b/0x80
[  785.826123][T19948]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  785.826139][T19948]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  785.826153][T19948]  ? __hrtimer_setup+0x176/0x280
[  785.826170][T19948]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  785.826194][T19948]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  785.826213][T19948]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  785.826229][T19948]  ? __asan_memcpy+0x3c/0x60
[  785.826246][T19948]  hwsim_new_radio_nl+0xb51/0x12c0
[  785.826263][T19948]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  785.826283][T19948]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  785.826299][T19948]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  785.826316][T19948]  genl_family_rcv_msg_doit+0x206/0x2f0
[  785.826331][T19948]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  785.826345][T19948]  ? trace_cap_capable+0x18d/0x200
[  785.826361][T19948]  ? bpf_lsm_capable+0x9/0x10
[  785.826374][T19948]  ? security_capable+0x7e/0x260
[  785.826391][T19948]  ? ns_capable+0xd7/0x110
[  785.826410][T19948]  genl_rcv_msg+0x55c/0x800
[  785.826426][T19948]  ? __pfx_genl_rcv_msg+0x10/0x10
[  785.826442][T19948]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  785.826460][T19948]  ? __lock_acquire+0x622/0x1c90
[  785.826479][T19948]  netlink_rcv_skb+0x155/0x420
[  785.826491][T19948]  ? __pfx_genl_rcv_msg+0x10/0x10
[  785.826512][T19948]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  785.826536][T19948]  ? netlink_deliver_tap+0x1ae/0xd30
[  785.826547][T19948]  ? is_vmalloc_addr+0x86/0xa0
[  785.826564][T19948]  genl_rcv+0x28/0x40
[  785.826577][T19948]  netlink_unicast+0x53a/0x7f0
[  785.826591][T19948]  ? __pfx_netlink_unicast+0x10/0x10
[  785.826607][T19948]  netlink_sendmsg+0x8d1/0xdd0
[  785.826621][T19948]  ? __pfx_netlink_sendmsg+0x10/0x10
[  785.826635][T19948]  ? __import_iovec+0x1dd/0x650
[  785.826655][T19948]  ____sys_sendmsg+0xa95/0xc70
[  785.826671][T19948]  ? __pfx_____sys_sendmsg+0x10/0x10
[  785.826683][T19948]  ? get_compat_msghdr+0x11a/0x170
[  785.826696][T19948]  ? try_to_wake_up+0xa2f/0x1680
[  785.826710][T19948]  ___sys_sendmsg+0x134/0x1d0
[  785.826728][T19948]  ? __pfx____sys_sendmsg+0x10/0x10
[  785.826751][T19948]  ? find_held_lock+0x2b/0x80
[  785.826772][T19948]  __sys_sendmsg+0x16d/0x220
[  785.826789][T19948]  ? __pfx___sys_sendmsg+0x10/0x10
[  785.826805][T19948]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  785.826826][T19948]  ? rcu_is_watching+0x12/0xc0
[  785.826840][T19948]  __do_fast_syscall_32+0x7c/0x3a0
[  785.826859][T19948]  do_fast_syscall_32+0x32/0x80
[  785.826876][T19948]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  785.826890][T19948] RIP: 0023:0xf704e579
[  785.826900][T19948] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  785.826912][T19948] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  785.826923][T19948] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000040
[  785.826929][T19948] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  785.826936][T19948] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  785.826942][T19948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  785.826948][T19948] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  785.826962][T19948]  </TASK>
[  786.700798][T19963] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3821'.
[  786.703919][T19963] netlink: 'syz.2.3821': attribute type 5 has an invalid length.
[  786.706739][T19963] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3821'.
[  786.881200][   T74] Bluetooth: hci1: Frame reassembly failed (-84)
[  786.883246][   T74] Bluetooth: hci1: Frame reassembly failed (-84)
[  787.087784][   T40] kauditd_printk_skb: 51 callbacks suppressed
[  787.087795][   T40] audit: type=1326 audit(2000000599.359:61952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19967 comm="syz.4.3824" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  787.099905][T19968] xt_TCPMSS: Only works on TCP SYN packets
[  787.103340][   T40] audit: type=1326 audit(2000000599.369:61953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19967 comm="syz.4.3824" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  787.117033][   T40] audit: type=1326 audit(2000000599.369:61954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19967 comm="syz.4.3824" exe="/syz-executor" sig=0 arch=40000003 syscall=162 compat=1 ip=0xf704e579 code=0x7ffc0000
[  787.123747][   T40] audit: type=1326 audit(2000000599.369:61955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19967 comm="syz.4.3824" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  787.131644][   T40] audit: type=1326 audit(2000000599.369:61956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19967 comm="syz.4.3824" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  787.141041][   T40] audit: type=1326 audit(2000000599.369:61957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19967 comm="syz.4.3824" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf704e579 code=0x7ffc0000
[  787.149015][   T40] audit: type=1326 audit(2000000599.369:61958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19967 comm="syz.4.3824" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  787.159841][   T40] audit: type=1326 audit(2000000599.369:61959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19967 comm="syz.4.3824" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  787.167062][   T40] audit: type=1326 audit(2000000599.369:61960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19967 comm="syz.4.3824" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf704e579 code=0x7ffc0000
[  787.173696][   T40] audit: type=1326 audit(2000000599.369:61961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19967 comm="syz.4.3824" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  787.275673][T19974] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3827'.
[  787.711243][T19988] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3830'.
[  787.714326][T19988] netlink: 'syz.1.3830': attribute type 5 has an invalid length.
[  787.716884][T19988] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3830'.
[  788.636228][T19995] batman_adv: batadv0: Adding interface: ip6gretap1
[  788.638947][T19995] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  788.648820][T19995] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active
[  788.884357][T15022] Bluetooth: hci1: command 0x1003 tx timeout
[  788.889285][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  789.252548][T20002] xt_TCPMSS: Only works on TCP SYN packets
[  789.587422][T20013] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌ'
[  789.590702][T20013] CPU: 3 UID: 0 PID: 20013 Comm: syz.2.3837 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  789.590727][T20013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  789.590739][T20013] Call Trace:
[  789.590746][T20013]  <TASK>
[  789.590754][T20013]  dump_stack_lvl+0x16c/0x1f0
[  789.590787][T20013]  sysfs_warn_dup+0x7f/0xa0
[  789.590813][T20013]  sysfs_do_create_link_sd+0x124/0x140
[  789.590839][T20013]  sysfs_create_link+0x61/0xc0
[  789.590862][T20013]  device_add+0x62c/0x1a70
[  789.590884][T20013]  ? __pfx_device_add+0x10/0x10
[  789.590902][T20013]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  789.590931][T20013]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  789.590965][T20013]  wiphy_register+0x1c9c/0x2850
[  789.590984][T20013]  ? netdev_run_todo+0x864/0x1320
[  789.591011][T20013]  ? __pfx_wiphy_register+0x10/0x10
[  789.591040][T20013]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  789.591063][T20013]  ieee80211_register_hw+0x24ac/0x4140
[  789.591093][T20013]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  789.591122][T20013]  ? find_held_lock+0x2b/0x80
[  789.591140][T20013]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  789.591167][T20013]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  789.591187][T20013]  ? __hrtimer_setup+0x176/0x280
[  789.591218][T20013]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  789.591259][T20013]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  789.591289][T20013]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  789.591317][T20013]  ? __asan_memcpy+0x3c/0x60
[  789.591343][T20013]  hwsim_new_radio_nl+0xb51/0x12c0
[  789.591370][T20013]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  789.591404][T20013]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  789.591428][T20013]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  789.591458][T20013]  genl_family_rcv_msg_doit+0x206/0x2f0
[  789.591482][T20013]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  789.591503][T20013]  ? trace_cap_capable+0x18d/0x200
[  789.591527][T20013]  ? bpf_lsm_capable+0x9/0x10
[  789.591547][T20013]  ? security_capable+0x7e/0x260
[  789.591575][T20013]  ? ns_capable+0xd7/0x110
[  789.591596][T20013]  genl_rcv_msg+0x55c/0x800
[  789.591621][T20013]  ? __pfx_genl_rcv_msg+0x10/0x10
[  789.591643][T20013]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  789.591671][T20013]  ? __lock_acquire+0x622/0x1c90
[  789.591697][T20013]  netlink_rcv_skb+0x155/0x420
[  789.591716][T20013]  ? __pfx_genl_rcv_msg+0x10/0x10
[  789.591739][T20013]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  789.591770][T20013]  ? netlink_deliver_tap+0x1ae/0xd30
[  789.591786][T20013]  ? is_vmalloc_addr+0x86/0xa0
[  789.591815][T20013]  genl_rcv+0x28/0x40
[  789.591833][T20013]  netlink_unicast+0x53a/0x7f0
[  789.591855][T20013]  ? __pfx_netlink_unicast+0x10/0x10
[  789.591881][T20013]  netlink_sendmsg+0x8d1/0xdd0
[  789.591904][T20013]  ? __pfx_netlink_sendmsg+0x10/0x10
[  789.591925][T20013]  ? __import_iovec+0x1dd/0x650
[  789.591958][T20013]  ____sys_sendmsg+0xa95/0xc70
[  789.591982][T20013]  ? __pfx_____sys_sendmsg+0x10/0x10
[  789.592000][T20013]  ? get_compat_msghdr+0x11a/0x170
[  789.592021][T20013]  ? __pfx_futex_wake_mark+0x10/0x10
[  789.592050][T20013]  ___sys_sendmsg+0x134/0x1d0
[  789.592078][T20013]  ? __pfx____sys_sendmsg+0x10/0x10
[  789.592123][T20013]  ? find_held_lock+0x2b/0x80
[  789.592157][T20013]  __sys_sendmsg+0x16d/0x220
[  789.592184][T20013]  ? __pfx___sys_sendmsg+0x10/0x10
[  789.592212][T20013]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  789.592248][T20013]  ? rcu_is_watching+0x12/0xc0
[  789.592271][T20013]  __do_fast_syscall_32+0x7c/0x3a0
[  789.592302][T20013]  do_fast_syscall_32+0x32/0x80
[  789.592329][T20013]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  789.592351][T20013] RIP: 0023:0xf704e579
[  789.592363][T20013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  789.592379][T20013] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  789.592396][T20013] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000040
[  789.592407][T20013] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  789.592417][T20013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  789.592428][T20013] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  789.592438][T20013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  789.592461][T20013]  </TASK>
[  789.865878][T20020] netlink: 'syz.1.3840': attribute type 1 has an invalid length.
[  789.865900][T20020] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3840'.
[  790.156560][T20030] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3841'.
[  790.159632][T20029] xt_TCPMSS: Only works on TCP SYN packets
[  790.160493][T20030] netlink: 'syz.5.3841': attribute type 5 has an invalid length.
[  790.165922][T20030] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3841'.
[  790.208576][T20033] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3844'.
[  790.899745][T20040] FAULT_INJECTION: forcing a failure.
[  790.899745][T20040] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  790.919172][T20040] CPU: 1 UID: 0 PID: 20040 Comm: syz.4.3845 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  790.919190][T20040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  790.919197][T20040] Call Trace:
[  790.919202][T20040]  <TASK>
[  790.919207][T20040]  dump_stack_lvl+0x16c/0x1f0
[  790.919230][T20040]  should_fail_ex+0x512/0x640
[  790.919249][T20040]  _copy_from_iter+0x29f/0x16f0
[  790.919268][T20040]  ? __alloc_skb+0x200/0x380
[  790.919289][T20040]  ? __pfx__copy_from_iter+0x10/0x10
[  790.919310][T20040]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  790.919330][T20040]  netlink_sendmsg+0x829/0xdd0
[  790.919344][T20040]  ? __pfx_netlink_sendmsg+0x10/0x10
[  790.919363][T20040]  ? __import_iovec+0x1dd/0x650
[  790.919383][T20040]  ____sys_sendmsg+0xa95/0xc70
[  790.919397][T20040]  ? __pfx_____sys_sendmsg+0x10/0x10
[  790.919410][T20040]  ? get_compat_msghdr+0x11a/0x170
[  790.919428][T20040]  ___sys_sendmsg+0x134/0x1d0
[  790.919447][T20040]  ? __pfx____sys_sendmsg+0x10/0x10
[  790.919470][T20040]  ? find_held_lock+0x2b/0x80
[  790.919490][T20040]  __sys_sendmsg+0x16d/0x220
[  790.919508][T20040]  ? __pfx___sys_sendmsg+0x10/0x10
[  790.919530][T20040]  ? rcu_is_watching+0x12/0xc0
[  790.919544][T20040]  __do_fast_syscall_32+0x7c/0x3a0
[  790.919564][T20040]  do_fast_syscall_32+0x32/0x80
[  790.919582][T20040]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  790.919596][T20040] RIP: 0023:0xf704e579
[  790.919605][T20040] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  790.919616][T20040] RSP: 002b:00000000f4ffc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  790.919627][T20040] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000080
[  790.919634][T20040] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  790.919640][T20040] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  790.919646][T20040] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  790.919653][T20040] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  790.919666][T20040]  </TASK>
[  791.534322][T20043] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3846'.
[  792.106856][   T12] Bluetooth: hci1: Frame reassembly failed (-84)
[  792.167587][T20061] netlink: 'syz.2.3852': attribute type 1 has an invalid length.
[  792.167601][T20061] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3852'.
[  792.351329][   T40] kauditd_printk_skb: 173 callbacks suppressed
[  792.351341][   T40] audit: type=1326 audit(2000000604.619:62135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20064 comm="syz.1.3853" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000
[  792.352940][   T40] audit: type=1326 audit(2000000604.619:62136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20064 comm="syz.1.3853" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000
[  792.353720][   T40] audit: type=1326 audit(2000000604.619:62137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20064 comm="syz.1.3853" exe="/syz-executor" sig=0 arch=40000003 syscall=162 compat=1 ip=0xf711e579 code=0x7ffc0000
[  792.354102][   T40] audit: type=1326 audit(2000000604.619:62138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20064 comm="syz.1.3853" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000
[  792.354214][   T40] audit: type=1326 audit(2000000604.629:62139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20064 comm="syz.1.3853" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000
[  792.354595][   T40] audit: type=1326 audit(2000000604.629:62140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20064 comm="syz.1.3853" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf711e579 code=0x7ffc0000
[  792.355377][   T40] audit: type=1326 audit(2000000604.629:62141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20064 comm="syz.1.3853" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000
[  792.355571][   T40] audit: type=1326 audit(2000000604.629:62142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20064 comm="syz.1.3853" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf711e579 code=0x7ffc0000
[  792.355830][   T40] audit: type=1326 audit(2000000604.629:62143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20064 comm="syz.1.3853" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000
[  792.356201][   T40] audit: type=1326 audit(2000000604.629:62144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20064 comm="syz.1.3853" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf711e579 code=0x7ffc0000
[  792.356573][T20065] xt_TCPMSS: Only works on TCP SYN packets
[  792.629602][T20068] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌ'
[  792.632354][T20068] CPU: 3 UID: 0 PID: 20068 Comm: syz.1.3854 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  792.632370][T20068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  792.632377][T20068] Call Trace:
[  792.632382][T20068]  <TASK>
[  792.632387][T20068]  dump_stack_lvl+0x16c/0x1f0
[  792.632411][T20068]  sysfs_warn_dup+0x7f/0xa0
[  792.632428][T20068]  sysfs_do_create_link_sd+0x124/0x140
[  792.632445][T20068]  sysfs_create_link+0x61/0xc0
[  792.632461][T20068]  device_add+0x62c/0x1a70
[  792.632475][T20068]  ? __pfx_device_add+0x10/0x10
[  792.632485][T20068]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  792.632504][T20068]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  792.632528][T20068]  wiphy_register+0x1c9c/0x2850
[  792.632541][T20068]  ? netdev_run_todo+0x864/0x1320
[  792.632557][T20068]  ? __pfx_wiphy_register+0x10/0x10
[  792.632575][T20068]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  792.632589][T20068]  ieee80211_register_hw+0x24ac/0x4140
[  792.632607][T20068]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  792.632622][T20068]  ? find_held_lock+0x2b/0x80
[  792.632634][T20068]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  792.632651][T20068]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  792.632664][T20068]  ? __hrtimer_setup+0x176/0x280
[  792.632682][T20068]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  792.632706][T20068]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  792.632725][T20068]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  792.632743][T20068]  ? __asan_memcpy+0x3c/0x60
[  792.632760][T20068]  hwsim_new_radio_nl+0xb51/0x12c0
[  792.632778][T20068]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  792.632798][T20068]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  792.632815][T20068]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  792.632833][T20068]  genl_family_rcv_msg_doit+0x206/0x2f0
[  792.632871][T20068]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  792.632887][T20068]  ? trace_cap_capable+0x18d/0x200
[  792.632903][T20068]  ? bpf_lsm_capable+0x9/0x10
[  792.632919][T20068]  ? security_capable+0x7e/0x260
[  792.632939][T20068]  ? ns_capable+0xd7/0x110
[  792.632953][T20068]  genl_rcv_msg+0x55c/0x800
[  792.632970][T20068]  ? __pfx_genl_rcv_msg+0x10/0x10
[  792.632985][T20068]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  792.633003][T20068]  ? __lock_acquire+0x622/0x1c90
[  792.633020][T20068]  netlink_rcv_skb+0x155/0x420
[  792.633032][T20068]  ? __pfx_genl_rcv_msg+0x10/0x10
[  792.633046][T20068]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  792.633065][T20068]  ? netlink_deliver_tap+0x1ae/0xd30
[  792.633076][T20068]  ? is_vmalloc_addr+0x86/0xa0
[  792.633094][T20068]  genl_rcv+0x28/0x40
[  792.633106][T20068]  netlink_unicast+0x53a/0x7f0
[  792.633120][T20068]  ? __pfx_netlink_unicast+0x10/0x10
[  792.633137][T20068]  netlink_sendmsg+0x8d1/0xdd0
[  792.633152][T20068]  ? __pfx_netlink_sendmsg+0x10/0x10
[  792.633166][T20068]  ? __import_iovec+0x1dd/0x650
[  792.633187][T20068]  ____sys_sendmsg+0xa95/0xc70
[  792.633202][T20068]  ? __pfx_____sys_sendmsg+0x10/0x10
[  792.633215][T20068]  ? get_compat_msghdr+0x11a/0x170
[  792.633229][T20068]  ? __pfx_futex_wake_mark+0x10/0x10
[  792.633248][T20068]  ___sys_sendmsg+0x134/0x1d0
[  792.633266][T20068]  ? __pfx____sys_sendmsg+0x10/0x10
[  792.633296][T20068]  ? find_held_lock+0x2b/0x80
[  792.633316][T20068]  __sys_sendmsg+0x16d/0x220
[  792.633335][T20068]  ? __pfx___sys_sendmsg+0x10/0x10
[  792.633353][T20068]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  792.633375][T20068]  ? rcu_is_watching+0x12/0xc0
[  792.633391][T20068]  __do_fast_syscall_32+0x7c/0x3a0
[  792.633413][T20068]  do_fast_syscall_32+0x32/0x80
[  792.633432][T20068]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  792.633448][T20068] RIP: 0023:0xf711e579
[  792.633457][T20068] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  792.633469][T20068] RSP: 002b:00000000f50ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  792.633482][T20068] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000040
[  792.633490][T20068] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  792.633497][T20068] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  792.633503][T20068] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  792.633510][T20068] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  792.633525][T20068]  </TASK>
[  793.743363][T20081] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3858'.
[  793.747468][T20081] netlink: 'syz.2.3858': attribute type 5 has an invalid length.
[  793.750147][T20081] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3858'.
[  794.122208][T20097] netlink: 'syz.5.3863': attribute type 1 has an invalid length.
[  794.130311][T20097] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3863'.
[  794.164192][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  796.236688][T20126] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3867'.
[  796.590328][T20139] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3873'.
[  796.809696][T20147] blktrace: Concurrent blktraces are not allowed on sg0
[  798.683917][T20177] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌ'
[  798.690984][T20171] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3880'.
[  798.700000][T20177] CPU: 2 UID: 0 PID: 20177 Comm: syz.2.3882 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  798.700019][T20177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  798.700028][T20177] Call Trace:
[  798.700034][T20177]  <TASK>
[  798.700040][T20177]  dump_stack_lvl+0x16c/0x1f0
[  798.700061][T20177]  sysfs_warn_dup+0x7f/0xa0
[  798.700078][T20177]  sysfs_do_create_link_sd+0x124/0x140
[  798.700096][T20177]  sysfs_create_link+0x61/0xc0
[  798.700111][T20177]  device_add+0x62c/0x1a70
[  798.700125][T20177]  ? __pfx_device_add+0x10/0x10
[  798.700136][T20177]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  798.700155][T20177]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  798.700176][T20177]  wiphy_register+0x1c9c/0x2850
[  798.700189][T20177]  ? netdev_run_todo+0x864/0x1320
[  798.700205][T20177]  ? __pfx_wiphy_register+0x10/0x10
[  798.700223][T20177]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  798.700237][T20177]  ieee80211_register_hw+0x24ac/0x4140
[  798.700256][T20177]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  798.700270][T20177]  ? find_held_lock+0x2b/0x80
[  798.700287][T20177]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  798.700306][T20177]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  798.700319][T20177]  ? __hrtimer_setup+0x176/0x280
[  798.700339][T20177]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  798.700366][T20177]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  798.700386][T20177]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  798.700404][T20177]  ? __asan_memcpy+0x3c/0x60
[  798.700421][T20177]  hwsim_new_radio_nl+0xb51/0x12c0
[  798.700438][T20177]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  798.700458][T20177]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  798.700474][T20177]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  798.700492][T20177]  genl_family_rcv_msg_doit+0x206/0x2f0
[  798.700507][T20177]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  798.700521][T20177]  ? trace_cap_capable+0x18d/0x200
[  798.700536][T20177]  ? bpf_lsm_capable+0x9/0x10
[  798.700549][T20177]  ? security_capable+0x7e/0x260
[  798.700567][T20177]  ? ns_capable+0xd7/0x110
[  798.700579][T20177]  genl_rcv_msg+0x55c/0x800
[  798.700595][T20177]  ? __pfx_genl_rcv_msg+0x10/0x10
[  798.700609][T20177]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  798.700641][T20177]  ? __lock_acquire+0x622/0x1c90
[  798.700660][T20177]  netlink_rcv_skb+0x155/0x420
[  798.700673][T20177]  ? __pfx_genl_rcv_msg+0x10/0x10
[  798.700688][T20177]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  798.700711][T20177]  genl_rcv+0x28/0x40
[  798.700724][T20177]  netlink_unicast+0x53a/0x7f0
[  798.700738][T20177]  ? __pfx_netlink_unicast+0x10/0x10
[  798.700755][T20177]  netlink_sendmsg+0x8d1/0xdd0
[  798.700770][T20177]  ? __pfx_netlink_sendmsg+0x10/0x10
[  798.700784][T20177]  ? __import_iovec+0x1dd/0x650
[  798.700838][T20177]  ____sys_sendmsg+0xa95/0xc70
[  798.700857][T20177]  ? __pfx_____sys_sendmsg+0x10/0x10
[  798.700871][T20177]  ? get_compat_msghdr+0x11a/0x170
[  798.700884][T20177]  ? __pfx_futex_wake_mark+0x10/0x10
[  798.700902][T20177]  ___sys_sendmsg+0x134/0x1d0
[  798.700920][T20177]  ? __pfx____sys_sendmsg+0x10/0x10
[  798.700944][T20177]  ? find_held_lock+0x2b/0x80
[  798.700964][T20177]  __sys_sendmsg+0x16d/0x220
[  798.700981][T20177]  ? __pfx___sys_sendmsg+0x10/0x10
[  798.700998][T20177]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  798.701018][T20177]  ? rcu_is_watching+0x12/0xc0
[  798.701031][T20177]  __do_fast_syscall_32+0x7c/0x3a0
[  798.701051][T20177]  do_fast_syscall_32+0x32/0x80
[  798.701068][T20177]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  798.701082][T20177] RIP: 0023:0xf704e579
[  798.701092][T20177] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  798.701102][T20177] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  798.701113][T20177] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000040
[  798.701120][T20177] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  798.701127][T20177] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  798.701133][T20177] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  798.701141][T20177] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  798.701156][T20177]  </TASK>
[  798.959190][T20182] netlink: 'syz.4.3883': attribute type 1 has an invalid length.
[  798.959209][T20182] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3883'.
[  799.404159][T20190] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3885'.
[  800.434175][T20207] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  800.809092][T20213] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3890'.
[  800.812153][T20213] netlink: 'syz.5.3890': attribute type 5 has an invalid length.
[  800.815565][T20213] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3890'.
[  801.724189][   T13] Bluetooth: hci1: Frame reassembly failed (-84)
[  801.730923][   T13] Bluetooth: hci1: Frame reassembly failed (-84)
[  801.908610][   T40] kauditd_printk_skb: 51 callbacks suppressed
[  801.908621][   T40] audit: type=1326 audit(2000000614.179:62196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20232 comm="syz.5.3894" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x7ffc0000
[  801.918019][   T40] audit: type=1326 audit(2000000614.189:62197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20232 comm="syz.5.3894" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x7ffc0000
[  801.918030][T20233] xt_TCPMSS: Only works on TCP SYN packets
[  801.926817][   T40] audit: type=1326 audit(2000000614.189:62198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20232 comm="syz.5.3894" exe="/syz-executor" sig=0 arch=40000003 syscall=162 compat=1 ip=0xf7ff2579 code=0x7ffc0000
[  801.935681][   T40] audit: type=1326 audit(2000000614.189:62199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20232 comm="syz.5.3894" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x7ffc0000
[  801.942649][   T40] audit: type=1326 audit(2000000614.189:62200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20232 comm="syz.5.3894" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x7ffc0000
[  801.949486][   T40] audit: type=1326 audit(2000000614.189:62201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20232 comm="syz.5.3894" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7ff2579 code=0x7ffc0000
[  801.956584][   T40] audit: type=1326 audit(2000000614.189:62202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20232 comm="syz.5.3894" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x7ffc0000
[  801.963281][   T40] audit: type=1326 audit(2000000614.189:62203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20232 comm="syz.5.3894" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x7ffc0000
[  801.970179][   T40] audit: type=1326 audit(2000000614.189:62204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20232 comm="syz.5.3894" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff2579 code=0x7ffc0000
[  801.977978][   T40] audit: type=1326 audit(2000000614.189:62205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20232 comm="syz.5.3894" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x7ffc0000
[  802.132213][T20238] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3896'.
[  802.140402][T20236] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌ'
[  802.143243][T20236] CPU: 3 UID: 0 PID: 20236 Comm: syz.2.3895 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  802.143259][T20236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  802.143269][T20236] Call Trace:
[  802.143275][T20236]  <TASK>
[  802.143280][T20236]  dump_stack_lvl+0x16c/0x1f0
[  802.143302][T20236]  sysfs_warn_dup+0x7f/0xa0
[  802.143320][T20236]  sysfs_do_create_link_sd+0x124/0x140
[  802.143338][T20236]  sysfs_create_link+0x61/0xc0
[  802.143355][T20236]  device_add+0x62c/0x1a70
[  802.143369][T20236]  ? __pfx_device_add+0x10/0x10
[  802.143380][T20236]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  802.143399][T20236]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  802.143423][T20236]  wiphy_register+0x1c9c/0x2850
[  802.143436][T20236]  ? netdev_run_todo+0x864/0x1320
[  802.143453][T20236]  ? __pfx_wiphy_register+0x10/0x10
[  802.143471][T20236]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  802.143486][T20236]  ieee80211_register_hw+0x24ac/0x4140
[  802.143505][T20236]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  802.143520][T20236]  ? find_held_lock+0x2b/0x80
[  802.143532][T20236]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  802.143549][T20236]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  802.143564][T20236]  ? __hrtimer_setup+0x176/0x280
[  802.143583][T20236]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  802.143608][T20236]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  802.143628][T20236]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  802.143647][T20236]  ? __asan_memcpy+0x3c/0x60
[  802.143664][T20236]  hwsim_new_radio_nl+0xb51/0x12c0
[  802.143683][T20236]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  802.143704][T20236]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  802.143722][T20236]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  802.143741][T20236]  genl_family_rcv_msg_doit+0x206/0x2f0
[  802.143763][T20236]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  802.143785][T20236]  ? trace_cap_capable+0x18d/0x200
[  802.143813][T20236]  ? bpf_lsm_capable+0x9/0x10
[  802.143837][T20236]  ? security_capable+0x7e/0x260
[  802.143868][T20236]  ? ns_capable+0xd7/0x110
[  802.143892][T20236]  genl_rcv_msg+0x55c/0x800
[  802.143918][T20236]  ? __pfx_genl_rcv_msg+0x10/0x10
[  802.143936][T20236]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  802.143955][T20236]  ? __lock_acquire+0x622/0x1c90
[  802.143990][T20236]  netlink_rcv_skb+0x155/0x420
[  802.144004][T20236]  ? __pfx_genl_rcv_msg+0x10/0x10
[  802.144025][T20236]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  802.144045][T20236]  ? netlink_deliver_tap+0x1ae/0xd30
[  802.144057][T20236]  ? is_vmalloc_addr+0x86/0xa0
[  802.144076][T20236]  genl_rcv+0x28/0x40
[  802.144088][T20236]  netlink_unicast+0x53a/0x7f0
[  802.144104][T20236]  ? __pfx_netlink_unicast+0x10/0x10
[  802.144167][T20236]  netlink_sendmsg+0x8d1/0xdd0
[  802.144221][T20236]  ? __pfx_netlink_sendmsg+0x10/0x10
[  802.144237][T20236]  ? __import_iovec+0x1dd/0x650
[  802.144262][T20236]  ____sys_sendmsg+0xa95/0xc70
[  802.144283][T20236]  ? __pfx_____sys_sendmsg+0x10/0x10
[  802.144297][T20236]  ? get_compat_msghdr+0x11a/0x170
[  802.144313][T20236]  ? __pfx_futex_wake_mark+0x10/0x10
[  802.144335][T20236]  ___sys_sendmsg+0x134/0x1d0
[  802.144355][T20236]  ? __pfx____sys_sendmsg+0x10/0x10
[  802.144383][T20236]  ? find_held_lock+0x2b/0x80
[  802.144405][T20236]  __sys_sendmsg+0x16d/0x220
[  802.144427][T20236]  ? __pfx___sys_sendmsg+0x10/0x10
[  802.144445][T20236]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  802.144467][T20236]  ? rcu_is_watching+0x12/0xc0
[  802.144481][T20236]  __do_fast_syscall_32+0x7c/0x3a0
[  802.144502][T20236]  do_fast_syscall_32+0x32/0x80
[  802.144521][T20236]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  802.144535][T20236] RIP: 0023:0xf704e579
[  802.144546][T20236] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  802.144559][T20236] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  802.144571][T20236] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000040
[  802.144579][T20236] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  802.144586][T20236] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  802.144593][T20236] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  802.144600][T20236] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  802.144615][T20236]  </TASK>
[  802.319683][T20242] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3897'.
[  803.512180][T20258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3899'.
[  803.520034][T20258] netlink: 'syz.1.3899': attribute type 5 has an invalid length.
[  803.522944][T20258] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3899'.
[  803.656163][T20258] geneve3: entered promiscuous mode
[  803.658439][T20258] geneve3: entered allmulticast mode
[  803.668538][T20257] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3900'.
[  803.671400][T20257] netlink: 'syz.2.3900': attribute type 5 has an invalid length.
[  803.673836][T20257] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3900'.
[  803.764151][T15022] Bluetooth: hci1: command 0x1003 tx timeout
[  803.774560][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  804.539941][T20275] netlink: 592 bytes leftover after parsing attributes in process `syz.5.3904'.
[  804.876182][T20280] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3903'.
[  805.626104][   T46] Bluetooth: hci1: Frame reassembly failed (-84)
[  805.818489][T20293] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌ'
[  805.821999][T20293] CPU: 2 UID: 0 PID: 20293 Comm: syz.1.3908 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  805.822017][T20293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  805.822024][T20293] Call Trace:
[  805.822029][T20293]  <TASK>
[  805.822034][T20293]  dump_stack_lvl+0x16c/0x1f0
[  805.822056][T20293]  sysfs_warn_dup+0x7f/0xa0
[  805.822072][T20293]  sysfs_do_create_link_sd+0x124/0x140
[  805.822089][T20293]  sysfs_create_link+0x61/0xc0
[  805.822104][T20293]  device_add+0x62c/0x1a70
[  805.822118][T20293]  ? __pfx_device_add+0x10/0x10
[  805.822129][T20293]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  805.822153][T20293]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  805.822186][T20293]  wiphy_register+0x1c9c/0x2850
[  805.822204][T20293]  ? netdev_run_todo+0x864/0x1320
[  805.822228][T20293]  ? __pfx_wiphy_register+0x10/0x10
[  805.822258][T20293]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  805.822283][T20293]  ieee80211_register_hw+0x24ac/0x4140
[  805.822313][T20293]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  805.822335][T20293]  ? find_held_lock+0x2b/0x80
[  805.822354][T20293]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  805.822380][T20293]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  805.822401][T20293]  ? __hrtimer_setup+0x176/0x280
[  805.822428][T20293]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  805.822467][T20293]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  805.822499][T20293]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  805.822543][T20293]  ? __asan_memcpy+0x3c/0x60
[  805.822576][T20293]  hwsim_new_radio_nl+0xb51/0x12c0
[  805.822608][T20293]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  805.822642][T20293]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  805.822668][T20293]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  805.822698][T20293]  genl_family_rcv_msg_doit+0x206/0x2f0
[  805.822725][T20293]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  805.822746][T20293]  ? trace_cap_capable+0x18d/0x200
[  805.822771][T20293]  ? bpf_lsm_capable+0x9/0x10
[  805.822792][T20293]  ? security_capable+0x7e/0x260
[  805.822821][T20293]  ? ns_capable+0xd7/0x110
[  805.822841][T20293]  genl_rcv_msg+0x55c/0x800
[  805.822867][T20293]  ? __pfx_genl_rcv_msg+0x10/0x10
[  805.822890][T20293]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  805.822919][T20293]  ? __lock_acquire+0x622/0x1c90
[  805.822946][T20293]  netlink_rcv_skb+0x155/0x420
[  805.822974][T20293]  ? __pfx_genl_rcv_msg+0x10/0x10
[  805.823013][T20293]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  805.823049][T20293]  ? netlink_deliver_tap+0x1ae/0xd30
[  805.823069][T20293]  ? is_vmalloc_addr+0x86/0xa0
[  805.823101][T20293]  genl_rcv+0x28/0x40
[  805.823119][T20293]  netlink_unicast+0x53a/0x7f0
[  805.823140][T20293]  ? __pfx_netlink_unicast+0x10/0x10
[  805.823166][T20293]  netlink_sendmsg+0x8d1/0xdd0
[  805.823188][T20293]  ? __pfx_netlink_sendmsg+0x10/0x10
[  805.823208][T20293]  ? __import_iovec+0x1dd/0x650
[  805.823241][T20293]  ____sys_sendmsg+0xa95/0xc70
[  805.823265][T20293]  ? __pfx_____sys_sendmsg+0x10/0x10
[  805.823283][T20293]  ? get_compat_msghdr+0x11a/0x170
[  805.823305][T20293]  ? __pfx_futex_wake_mark+0x10/0x10
[  805.823330][T20293]  ___sys_sendmsg+0x134/0x1d0
[  805.823348][T20293]  ? __pfx____sys_sendmsg+0x10/0x10
[  805.823371][T20293]  ? find_held_lock+0x2b/0x80
[  805.823391][T20293]  __sys_sendmsg+0x16d/0x220
[  805.823408][T20293]  ? __pfx___sys_sendmsg+0x10/0x10
[  805.823425][T20293]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  805.823445][T20293]  ? rcu_is_watching+0x12/0xc0
[  805.823459][T20293]  __do_fast_syscall_32+0x7c/0x3a0
[  805.823478][T20293]  do_fast_syscall_32+0x32/0x80
[  805.823495][T20293]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  805.823509][T20293] RIP: 0023:0xf711e579
[  805.823518][T20293] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  805.823532][T20293] RSP: 002b:00000000f50ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  805.823548][T20293] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000040
[  805.823559][T20293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  805.823570][T20293] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  805.823580][T20293] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  805.823589][T20293] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  805.823609][T20293]  </TASK>
[  807.036936][T20307] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3910'.
[  807.684317][T15022] Bluetooth: hci1: command 0x1003 tx timeout
[  807.685964][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  807.869286][T20314] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3913'.
[  809.072906][T20336] 9pnet_fd: Insufficient options for proto=fd
[  809.559266][T20227] Bluetooth: hci1: Frame reassembly failed (-84)
[  809.850052][T20331] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3916'.
[  810.133360][T20348] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3921'.
[  811.205768][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  812.136694][T20374] block nbd2: shutting down sockets
[  813.770255][ T1138] Bluetooth: hci1: Frame reassembly failed (-84)
[  814.685931][T20413] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3938'.
[  814.688843][T20413] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3938'.
[  815.352256][T20421] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3939'.
[  815.844304][T15022] Bluetooth: hci1: command 0x1003 tx timeout
[  815.894395][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  816.256437][T20436] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌ'
[  816.259028][T20436] CPU: 3 UID: 0 PID: 20436 Comm: syz.1.3943 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  816.259043][T20436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  816.259055][T20436] Call Trace:
[  816.259060][T20436]  <TASK>
[  816.259065][T20436]  dump_stack_lvl+0x16c/0x1f0
[  816.259087][T20436]  sysfs_warn_dup+0x7f/0xa0
[  816.259104][T20436]  sysfs_do_create_link_sd+0x124/0x140
[  816.259121][T20436]  sysfs_create_link+0x61/0xc0
[  816.259136][T20436]  device_add+0x62c/0x1a70
[  816.259150][T20436]  ? __pfx_device_add+0x10/0x10
[  816.259160][T20436]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  816.259180][T20436]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  816.259201][T20436]  wiphy_register+0x1c9c/0x2850
[  816.259213][T20436]  ? netdev_run_todo+0x864/0x1320
[  816.259229][T20436]  ? __pfx_wiphy_register+0x10/0x10
[  816.259247][T20436]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  816.259260][T20436]  ieee80211_register_hw+0x24ac/0x4140
[  816.259278][T20436]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  816.259292][T20436]  ? find_held_lock+0x2b/0x80
[  816.259305][T20436]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  816.259322][T20436]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  816.259334][T20436]  ? __hrtimer_setup+0x176/0x280
[  816.259352][T20436]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  816.259376][T20436]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  816.259395][T20436]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  816.259412][T20436]  ? __asan_memcpy+0x3c/0x60
[  816.259429][T20436]  hwsim_new_radio_nl+0xb51/0x12c0
[  816.259446][T20436]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  816.259466][T20436]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  816.259482][T20436]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  816.259499][T20436]  genl_family_rcv_msg_doit+0x206/0x2f0
[  816.259514][T20436]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  816.259529][T20436]  ? trace_cap_capable+0x18d/0x200
[  816.259543][T20436]  ? bpf_lsm_capable+0x9/0x10
[  816.259556][T20436]  ? security_capable+0x7e/0x260
[  816.259575][T20436]  ? ns_capable+0xd7/0x110
[  816.259587][T20436]  genl_rcv_msg+0x55c/0x800
[  816.259603][T20436]  ? __pfx_genl_rcv_msg+0x10/0x10
[  816.259617][T20436]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  816.259635][T20436]  ? __lock_acquire+0x622/0x1c90
[  816.259651][T20436]  netlink_rcv_skb+0x155/0x420
[  816.259663][T20436]  ? __pfx_genl_rcv_msg+0x10/0x10
[  816.259678][T20436]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  816.259696][T20436]  ? netlink_deliver_tap+0x1ae/0xd30
[  816.259706][T20436]  ? is_vmalloc_addr+0x86/0xa0
[  816.259724][T20436]  genl_rcv+0x28/0x40
[  816.259736][T20436]  netlink_unicast+0x53a/0x7f0
[  816.259750][T20436]  ? __pfx_netlink_unicast+0x10/0x10
[  816.259766][T20436]  netlink_sendmsg+0x8d1/0xdd0
[  816.259780][T20436]  ? __pfx_netlink_sendmsg+0x10/0x10
[  816.259793][T20436]  ? __import_iovec+0x1dd/0x650
[  816.259814][T20436]  ____sys_sendmsg+0xa95/0xc70
[  816.259829][T20436]  ? __pfx_____sys_sendmsg+0x10/0x10
[  816.259841][T20436]  ? get_compat_msghdr+0x11a/0x170
[  816.259855][T20436]  ? __pfx_futex_wake_mark+0x10/0x10
[  816.259873][T20436]  ___sys_sendmsg+0x134/0x1d0
[  816.259891][T20436]  ? __pfx____sys_sendmsg+0x10/0x10
[  816.259922][T20436]  ? find_held_lock+0x2b/0x80
[  816.259950][T20436]  __sys_sendmsg+0x16d/0x220
[  816.259973][T20436]  ? __pfx___sys_sendmsg+0x10/0x10
[  816.259998][T20436]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  816.260020][T20436]  ? rcu_is_watching+0x12/0xc0
[  816.260034][T20436]  __do_fast_syscall_32+0x7c/0x3a0
[  816.260058][T20436]  do_fast_syscall_32+0x32/0x80
[  816.260075][T20436]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  816.260090][T20436] RIP: 0023:0xf711e579
[  816.260101][T20436] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  816.260112][T20436] RSP: 002b:00000000f50ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  816.260124][T20436] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000040
[  816.260131][T20436] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  816.260138][T20436] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  816.260146][T20436] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  816.260153][T20436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  816.260169][T20436]  </TASK>
[  817.444851][T20451] block nbd2: shutting down sockets
[  817.729665][T20463] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3949'.
[  817.732526][T20463] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3949'.
[  817.803230][T20450] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3947'.
[  819.566333][   T46] Bluetooth: hci1: Frame reassembly failed (-84)
[  819.945769][T20490] block nbd4: shutting down sockets
[  820.524808][T20496] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌ'
[  820.528034][T20496] CPU: 3 UID: 0 PID: 20496 Comm: syz.2.3957 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  820.528059][T20496] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  820.528071][T20496] Call Trace:
[  820.528078][T20496]  <TASK>
[  820.528086][T20496]  dump_stack_lvl+0x16c/0x1f0
[  820.528118][T20496]  sysfs_warn_dup+0x7f/0xa0
[  820.528143][T20496]  sysfs_do_create_link_sd+0x124/0x140
[  820.528168][T20496]  sysfs_create_link+0x61/0xc0
[  820.528190][T20496]  device_add+0x62c/0x1a70
[  820.528210][T20496]  ? __pfx_device_add+0x10/0x10
[  820.528226][T20496]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  820.528253][T20496]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  820.528286][T20496]  wiphy_register+0x1c9c/0x2850
[  820.528304][T20496]  ? netdev_run_todo+0x864/0x1320
[  820.528326][T20496]  ? __pfx_wiphy_register+0x10/0x10
[  820.528354][T20496]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  820.528376][T20496]  ieee80211_register_hw+0x24ac/0x4140
[  820.528405][T20496]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  820.528425][T20496]  ? find_held_lock+0x2b/0x80
[  820.528444][T20496]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  820.528471][T20496]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  820.528490][T20496]  ? __hrtimer_setup+0x176/0x280
[  820.528518][T20496]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  820.528548][T20496]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  820.528576][T20496]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  820.528629][T20496]  ? __asan_memcpy+0x3c/0x60
[  820.528658][T20496]  hwsim_new_radio_nl+0xb51/0x12c0
[  820.528682][T20496]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  820.528717][T20496]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  820.528740][T20496]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  820.528768][T20496]  genl_family_rcv_msg_doit+0x206/0x2f0
[  820.528791][T20496]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  820.528816][T20496]  ? trace_cap_capable+0x18d/0x200
[  820.528841][T20496]  ? bpf_lsm_capable+0x9/0x10
[  820.528864][T20496]  ? security_capable+0x7e/0x260
[  820.528893][T20496]  ? ns_capable+0xd7/0x110
[  820.528911][T20496]  genl_rcv_msg+0x55c/0x800
[  820.528933][T20496]  ? __pfx_genl_rcv_msg+0x10/0x10
[  820.528955][T20496]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  820.528982][T20496]  ? __lock_acquire+0x622/0x1c90
[  820.529008][T20496]  netlink_rcv_skb+0x155/0x420
[  820.529025][T20496]  ? __pfx_genl_rcv_msg+0x10/0x10
[  820.529043][T20496]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  820.529073][T20496]  ? netlink_deliver_tap+0x1ae/0xd30
[  820.529089][T20496]  ? is_vmalloc_addr+0x86/0xa0
[  820.529115][T20496]  genl_rcv+0x28/0x40
[  820.529134][T20496]  netlink_unicast+0x53a/0x7f0
[  820.529152][T20496]  ? __pfx_netlink_unicast+0x10/0x10
[  820.529175][T20496]  netlink_sendmsg+0x8d1/0xdd0
[  820.529199][T20496]  ? __pfx_netlink_sendmsg+0x10/0x10
[  820.529219][T20496]  ? __import_iovec+0x1dd/0x650
[  820.529251][T20496]  ____sys_sendmsg+0xa95/0xc70
[  820.529269][T20496]  ? __pfx_____sys_sendmsg+0x10/0x10
[  820.529286][T20496]  ? get_compat_msghdr+0x11a/0x170
[  820.529308][T20496]  ? __pfx_futex_wake_mark+0x10/0x10
[  820.529337][T20496]  ___sys_sendmsg+0x134/0x1d0
[  820.529364][T20496]  ? __pfx____sys_sendmsg+0x10/0x10
[  820.529398][T20496]  ? find_held_lock+0x2b/0x80
[  820.529429][T20496]  __sys_sendmsg+0x16d/0x220
[  820.529456][T20496]  ? __pfx___sys_sendmsg+0x10/0x10
[  820.529481][T20496]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  820.529508][T20496]  ? rcu_is_watching+0x12/0xc0
[  820.529527][T20496]  __do_fast_syscall_32+0x7c/0x3a0
[  820.529557][T20496]  do_fast_syscall_32+0x32/0x80
[  820.529583][T20496]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  820.529604][T20496] RIP: 0023:0xf704e579
[  820.529618][T20496] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  820.529630][T20496] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  820.529646][T20496] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000040
[  820.529657][T20496] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  820.529667][T20496] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  820.529677][T20496] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  820.529687][T20496] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  820.529707][T20496]  </TASK>
[  821.604128][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  822.684902][ T1137] Bluetooth: hci1: Frame reassembly failed (-84)
[  822.999048][T20521] batman_adv: batadv0: Removing interface: ip6gretap1
[  823.542992][T20530] blktrace: Concurrent blktraces are not allowed on sg0
[  824.206966][T20538] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3967'.
[  824.458540][T20227] Bluetooth: hci5: Frame reassembly failed (-84)
[  824.685197][T20547] netlink: 'syz.2.3969': attribute type 1 has an invalid length.
[  824.688271][T20547] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3969'.
[  824.724330][T15022] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  825.167382][T20557] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3970'.
[  825.883091][T20570] loop6: detected capacity change from 0 to 524287999
[  825.903045][T20570] netlink: 'syz.2.3974': attribute type 12 has an invalid length.
[  826.484146][T15022] Bluetooth: hci5: command 0x1003 tx timeout
[  826.484585][ T5946] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  826.722171][T20581] netlink: 'syz.4.3978': attribute type 1 has an invalid length.
[  826.725212][T20581] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3978'.
[  827.481941][   T46] Bluetooth: hci1: Frame reassembly failed (-84)
[  828.009810][T20604] hfs: unable to load iocharset "io#harset"
[  828.653870][T20619] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3988'.
[  829.065841][T20626] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3989'.
[  829.069096][T20626] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3989'.
[  829.072296][T20626] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3989'.
[  829.524406][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  829.602533][T20634] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  829.606687][T20634] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  829.762266][T20634] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  829.768859][T20634] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  829.949119][T20634] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  829.954432][T20634] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  829.993225][T20646] FAULT_INJECTION: forcing a failure.
[  829.993225][T20646] name failslab, interval 1, probability 0, space 0, times 0
[  830.004231][T20646] CPU: 2 UID: 0 PID: 20646 Comm: syz.4.3996 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  830.004249][T20646] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  830.004257][T20646] Call Trace:
[  830.004261][T20646]  <TASK>
[  830.004265][T20646]  dump_stack_lvl+0x16c/0x1f0
[  830.004286][T20646]  should_fail_ex+0x512/0x640
[  830.004302][T20646]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  830.004321][T20646]  should_failslab+0xc2/0x120
[  830.004333][T20646]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  830.004349][T20646]  ? d_instantiate+0x77/0x90
[  830.004359][T20646]  ? alloc_empty_file+0x55/0x1e0
[  830.004373][T20646]  alloc_empty_file+0x55/0x1e0
[  830.004385][T20646]  alloc_file_pseudo+0x13a/0x230
[  830.004397][T20646]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  830.004413][T20646]  sock_alloc_file+0x50/0x210
[  830.004425][T20646]  do_accept+0x240/0x530
[  830.004440][T20646]  ? do_raw_spin_lock+0x12c/0x2b0
[  830.004458][T20646]  ? __pfx_do_accept+0x10/0x10
[  830.004481][T20646]  __sys_accept4+0x100/0x1c0
[  830.004496][T20646]  ? __pfx___sys_accept4+0x10/0x10
[  830.004550][T20646]  ? __pfx_ksys_write+0x10/0x10
[  830.004569][T20646]  __ia32_sys_accept4+0x94/0x100
[  830.004585][T20646]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  830.004610][T20646]  __do_fast_syscall_32+0x7c/0x3a0
[  830.004638][T20646]  do_fast_syscall_32+0x32/0x80
[  830.004665][T20646]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  830.004686][T20646] RIP: 0023:0xf704e579
[  830.004702][T20646] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  830.004718][T20646] RSP: 002b:00000000f4ffc55c EFLAGS: 00000296 ORIG_RAX: 000000000000016c
[  830.004736][T20646] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000000000000
[  830.004744][T20646] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  830.004750][T20646] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  830.004757][T20646] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  830.004763][T20646] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  830.004777][T20646]  </TASK>
[  830.058645][T20648] FAULT_INJECTION: forcing a failure.
[  830.058645][T20648] name failslab, interval 1, probability 0, space 0, times 0
[  830.060058][    C2] vkms_vblank_simulate: vblank timer overrun
[  830.094321][T20648] CPU: 1 UID: 0 PID: 20648 Comm: syz.2.3993 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  830.094349][T20648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  830.094357][T20648] Call Trace:
[  830.094362][T20648]  <TASK>
[  830.094366][T20648]  dump_stack_lvl+0x16c/0x1f0
[  830.094388][T20648]  should_fail_ex+0x512/0x640
[  830.094404][T20648]  ? __kmalloc_cache_node_noprof+0x5a/0x420
[  830.094422][T20648]  should_failslab+0xc2/0x120
[  830.094433][T20648]  __kmalloc_cache_node_noprof+0x6d/0x420
[  830.094450][T20648]  ? __get_vm_area_node+0x101/0x330
[  830.094466][T20648]  __get_vm_area_node+0x101/0x330
[  830.094480][T20648]  ? xdp_umem_create+0xde7/0x1270
[  830.094495][T20648]  get_vm_area_caller+0x71/0xa0
[  830.094508][T20648]  ? xdp_umem_create+0xde7/0x1270
[  830.094524][T20648]  vmap+0x135/0x320
[  830.094536][T20648]  ? __pfx_vmap+0x10/0x10
[  830.094548][T20648]  ? xdp_umem_create+0x781/0x1270
[  830.094566][T20648]  xdp_umem_create+0xde7/0x1270
[  830.094585][T20648]  xsk_setsockopt+0x5b2/0x840
[  830.094600][T20648]  ? __pfx_xsk_setsockopt+0x10/0x10
[  830.094613][T20648]  ? __pfx_aa_sk_perm+0x10/0x10
[  830.094630][T20648]  ? __pfx_xsk_setsockopt+0x10/0x10
[  830.094644][T20648]  do_sock_setsockopt+0x221/0x470
[  830.094657][T20648]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  830.094678][T20648]  __sys_setsockopt+0x120/0x1a0
[  830.094696][T20648]  __ia32_sys_setsockopt+0xbc/0x160
[  830.094712][T20648]  ? lockdep_hardirqs_on+0x7c/0x110
[  830.094730][T20648]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  830.094748][T20648]  __do_fast_syscall_32+0x7c/0x3a0
[  830.094768][T20648]  do_fast_syscall_32+0x32/0x80
[  830.094785][T20648]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  830.094799][T20648] RIP: 0023:0xf704e579
[  830.094808][T20648] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  830.094819][T20648] RSP: 002b:00000000f4ffc55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  830.094830][T20648] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000011b
[  830.094837][T20648] RDX: 0000000000000004 RSI: 00000000800000c0 RDI: 000000000000001c
[  830.094844][T20648] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  830.094850][T20648] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  830.094857][T20648] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  830.094870][T20648]  </TASK>
[  830.186567][T20634] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  830.191011][T20634] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  830.443062][T20634] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  830.447795][T20634] netdevsim netdevsim5 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  830.459554][T20634] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  830.462979][T20634] netdevsim netdevsim5 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  830.478697][T20634] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  830.482293][T20634] netdevsim netdevsim5 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  830.489370][T20634] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  830.491999][T20634] netdevsim netdevsim5 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  830.579198][T20654] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3997'.
[  830.583026][T20654] netlink: 'syz.2.3997': attribute type 5 has an invalid length.
[  830.586312][T20654] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3997'.
[  831.525778][ T1137] Bluetooth: hci1: Frame reassembly failed (-84)
[  832.355390][T20670] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4002'.
[  833.216129][ T1142] Bluetooth: hci5: Frame reassembly failed (-84)
[  833.524781][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  834.189176][T20688] ceph: No mds server is up or the cluster is laggy
[  834.193570][   T60] libceph: connect (1)[c::]:6789 error -101
[  834.202729][   T60] libceph: mon0 (1)[c::]:6789 connect error
[  834.454138][   T61] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  834.614108][   T61] usb 7-1: Using ep0 maxpacket: 32
[  834.621055][   T61] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  834.629728][   T61] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  834.633762][   T61] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  834.637908][   T61] usb 7-1: Product: syz
[  834.639880][   T61] usb 7-1: Manufacturer: syz
[  834.642058][   T61] usb 7-1: SerialNumber: syz
[  834.652119][   T61] usb 7-1: config 0 descriptor??
[  834.658038][T20694] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  834.667992][   T61] hub 7-1:0.0: bad descriptor, ignoring hub
[  834.670050][   T61] hub 7-1:0.0: probe with driver hub failed with error -5
[  834.794649][T20708] block nbd5: shutting down sockets
[  835.284155][ T5946] Bluetooth: hci5: command 0x1003 tx timeout
[  835.286452][T15022] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  835.464762][T20719] block nbd5: shutting down sockets
[  835.565960][T20694] usb 7-1: reset high-speed USB device number 20 using dummy_hcd
[  835.571507][T20694] usb 7-1: device reset changed ep0 maxpacket size!
[  835.576827][   T61] usb 7-1: USB disconnect, device number 20
[  835.724959][   T61] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  835.789992][T20730] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4013'.
[  835.876434][   T61] usb 7-1: unable to get BOS descriptor or descriptor too short
[  835.881015][   T61] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  835.884965][   T61] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  835.887866][   T61] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  835.894767][   T61] usb 7-1: string descriptor 0 read error: -22
[  835.896820][   T61] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  835.899720][   T61] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  835.910378][   T61] cdc_ncm 7-1:1.0: CDC Union missing and no IAD found
[  835.912824][   T61] cdc_ncm 7-1:1.0: bind() failure
[  836.125531][ T5976] usb 7-1: USB disconnect, device number 21
[  836.307655][T20737] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4016'.
[  836.311364][T20737] netlink: 'syz.5.4016': attribute type 5 has an invalid length.
[  836.324186][T20737] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4016'.
[  837.294533][T20749] block nbd2: shutting down sockets
[  838.966012][T20773] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4024'.
[  839.666759][T20784] overlay: Unknown parameter 'defcontext'
[  839.810401][T20786] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4026'.
[  839.910392][T20791] netlink: 236 bytes leftover after parsing attributes in process `syz.2.4030'.
[  839.925604][T20789] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4029'.
[  840.955131][T20801] netlink: 236 bytes leftover after parsing attributes in process `syz.1.4033'.
[  842.052721][T20828] netlink: 'syz.1.4040': attribute type 1 has an invalid length.
[  842.053001][T20828] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4040'.
[  842.125498][T20833] netlink: 236 bytes leftover after parsing attributes in process `syz.4.4042'.
[  842.305758][T20838] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4041'.
[  842.379120][T20840] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4044'.
[  842.445354][T20843] netlink: 'syz.4.4043': attribute type 1 has an invalid length.
[  842.445368][T20843] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4043'.
[  842.564687][T20829] netlink: 'syz.5.4039': attribute type 4 has an invalid length.
[  842.571390][T20829] netlink: 'syz.5.4039': attribute type 4 has an invalid length.
[  842.820022][T20823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  843.090220][T20853] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4045'.
[  844.501270][T20874] netlink: 236 bytes leftover after parsing attributes in process `syz.1.4051'.
[  844.687201][T20882] netlink: 'syz.5.4052': attribute type 1 has an invalid length.
[  844.689665][T20882] netlink: 224 bytes leftover after parsing attributes in process `syz.5.4052'.
[  846.377448][T20908] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  846.650250][T20912] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4060'.
[  846.704907][T20916] netlink: 236 bytes leftover after parsing attributes in process `syz.4.4062'.
[  847.755918][ T1137] Bluetooth: hci1: Frame reassembly failed (-84)
[  848.041759][T20936] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4064'.
[  848.077004][ T1137] Bluetooth: hci5: Frame reassembly failed (-84)
[  848.426888][T20938] block nbd1: shutting down sockets
[  849.686214][T15022] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  849.686497][T19292] Bluetooth: hci1: command 0x1003 tx timeout
[  849.826343][T20954] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4071'.
[  849.837351][T20956] netlink: 892 bytes leftover after parsing attributes in process `syz.4.4070'.
[  849.946833][T20957] block nbd4: shutting down sockets
[  850.084133][T15022] Bluetooth: hci5: command 0x1003 tx timeout
[  850.084189][ T5946] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  850.777299][T20967] block nbd5: shutting down sockets
[  851.011727][T20976] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4076'.
[  851.682240][T20981] netlink: 56 bytes leftover after parsing attributes in process `syz.5.4077'.
[  852.042353][T20987] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4078'.
[  852.045590][T20987] netlink: 'syz.1.4078': attribute type 5 has an invalid length.
[  852.048157][T20987] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4078'.
[  854.504088][T21024] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4087'.
[  854.815559][T21027] block nbd2: shutting down sockets
[  854.938194][T21031] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4086'.
[  855.785789][T21044] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4092'.
[  856.105882][T21046] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4091'.
[  856.662486][T21052] netlink: 'syz.1.4093': attribute type 1 has an invalid length.
[  856.662500][T21052] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4093'.
[  856.883490][T21056] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌ'
[  856.883525][T21056] CPU: 0 UID: 0 PID: 21056 Comm: syz.2.4094 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  856.883541][T21056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  856.883557][T21056] Call Trace:
[  856.883561][T21056]  <TASK>
[  856.883567][T21056]  dump_stack_lvl+0x16c/0x1f0
[  856.883588][T21056]  sysfs_warn_dup+0x7f/0xa0
[  856.883605][T21056]  sysfs_do_create_link_sd+0x124/0x140
[  856.883623][T21056]  sysfs_create_link+0x61/0xc0
[  856.883639][T21056]  device_add+0x62c/0x1a70
[  856.883655][T21056]  ? __pfx_device_add+0x10/0x10
[  856.883666][T21056]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  856.883684][T21056]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  856.883707][T21056]  wiphy_register+0x1c9c/0x2850
[  856.883719][T21056]  ? netdev_run_todo+0x864/0x1320
[  856.883735][T21056]  ? __pfx_wiphy_register+0x10/0x10
[  856.883753][T21056]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  856.883767][T21056]  ieee80211_register_hw+0x24ac/0x4140
[  856.883785][T21056]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  856.883801][T21056]  ? find_held_lock+0x2b/0x80
[  856.883813][T21056]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  856.883830][T21056]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  856.883842][T21056]  ? __hrtimer_setup+0x176/0x280
[  856.883861][T21056]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  856.883895][T21056]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  856.883920][T21056]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  856.883943][T21056]  ? __asan_memcpy+0x3c/0x60
[  856.883985][T21056]  hwsim_new_radio_nl+0xb51/0x12c0
[  856.884004][T21056]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  856.884027][T21056]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  856.884048][T21056]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  856.884067][T21056]  genl_family_rcv_msg_doit+0x206/0x2f0
[  856.884082][T21056]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  856.884101][T21056]  ? trace_cap_capable+0x18d/0x200
[  856.884117][T21056]  ? bpf_lsm_capable+0x9/0x10
[  856.884130][T21056]  ? security_capable+0x7e/0x260
[  856.884148][T21056]  ? ns_capable+0xd7/0x110
[  856.884161][T21056]  genl_rcv_msg+0x55c/0x800
[  856.884177][T21056]  ? __pfx_genl_rcv_msg+0x10/0x10
[  856.884193][T21056]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  856.884229][T21056]  ? __lock_acquire+0x622/0x1c90
[  856.884247][T21056]  netlink_rcv_skb+0x155/0x420
[  856.884285][T21056]  ? __pfx_genl_rcv_msg+0x10/0x10
[  856.884308][T21056]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  856.884327][T21056]  ? netlink_deliver_tap+0x1ae/0xd30
[  856.884338][T21056]  ? is_vmalloc_addr+0x86/0xa0
[  856.884358][T21056]  genl_rcv+0x28/0x40
[  856.884370][T21056]  netlink_unicast+0x53a/0x7f0
[  856.884386][T21056]  ? __pfx_netlink_unicast+0x10/0x10
[  856.884403][T21056]  netlink_sendmsg+0x8d1/0xdd0
[  856.884419][T21056]  ? __pfx_netlink_sendmsg+0x10/0x10
[  856.884433][T21056]  ? __import_iovec+0x1dd/0x650
[  856.884455][T21056]  ____sys_sendmsg+0xa95/0xc70
[  856.884470][T21056]  ? __pfx_____sys_sendmsg+0x10/0x10
[  856.884482][T21056]  ? get_compat_msghdr+0x11a/0x170
[  856.884495][T21056]  ? __pfx_futex_wake_mark+0x10/0x10
[  856.884514][T21056]  ___sys_sendmsg+0x134/0x1d0
[  856.884532][T21056]  ? __pfx____sys_sendmsg+0x10/0x10
[  856.884562][T21056]  ? find_held_lock+0x2b/0x80
[  856.884583][T21056]  __sys_sendmsg+0x16d/0x220
[  856.884601][T21056]  ? __pfx___sys_sendmsg+0x10/0x10
[  856.884618][T21056]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  856.884640][T21056]  ? rcu_is_watching+0x12/0xc0
[  856.884654][T21056]  __do_fast_syscall_32+0x7c/0x3a0
[  856.884676][T21056]  do_fast_syscall_32+0x32/0x80
[  856.884694][T21056]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  856.884708][T21056] RIP: 0023:0xf704e579
[  856.884717][T21056] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  856.884729][T21056] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  856.884741][T21056] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000040
[  856.884749][T21056] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  856.884756][T21056] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  856.884762][T21056] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  856.884769][T21056] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  856.884783][T21056]  </TASK>
[  857.326989][T21063] netlink: 236 bytes leftover after parsing attributes in process `syz.1.4096'.
[  857.681659][T20227] Bluetooth: hci1: Frame reassembly failed (-84)
[  857.927673][T21072] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  858.090411][T21076] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4100'.
[  859.447073][T21096] netlink: 236 bytes leftover after parsing attributes in process `syz.5.4105'.
[  859.486667][ T1138] Bluetooth: hci5: Frame reassembly failed (-84)
[  859.684134][T19292] Bluetooth: hci1: command 0x1003 tx timeout
[  859.684160][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  860.455216][T21105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4107'.
[  861.524396][T15022] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  861.525195][ T5946] Bluetooth: hci5: command 0x1003 tx timeout
[  861.971456][T21119] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4110'.
[  862.672806][T21130] netlink: 236 bytes leftover after parsing attributes in process `syz.4.4114'.
[  863.186532][T21142] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4117'.
[  863.314147][ T6040] usb 10-1: new high-speed USB device number 21 using dummy_hcd
[  863.444720][T20227] Bluetooth: hci1: Frame reassembly failed (-84)
[  863.459148][ T6040] usb 10-1: device descriptor read/64, error -71
[  863.523498][T21144] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌ'
[  863.526421][T21144] CPU: 1 UID: 0 PID: 21144 Comm: syz.1.4118 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  863.526450][T21144] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  863.526458][T21144] Call Trace:
[  863.526463][T21144]  <TASK>
[  863.526468][T21144]  dump_stack_lvl+0x16c/0x1f0
[  863.526490][T21144]  sysfs_warn_dup+0x7f/0xa0
[  863.526508][T21144]  sysfs_do_create_link_sd+0x124/0x140
[  863.526526][T21144]  sysfs_create_link+0x61/0xc0
[  863.526542][T21144]  device_add+0x62c/0x1a70
[  863.526555][T21144]  ? __pfx_device_add+0x10/0x10
[  863.526566][T21144]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  863.526586][T21144]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  863.526607][T21144]  wiphy_register+0x1c9c/0x2850
[  863.526621][T21144]  ? netdev_run_todo+0x864/0x1320
[  863.526638][T21144]  ? __pfx_wiphy_register+0x10/0x10
[  863.526656][T21144]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  863.526670][T21144]  ieee80211_register_hw+0x24ac/0x4140
[  863.526689][T21144]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  863.526703][T21144]  ? find_held_lock+0x2b/0x80
[  863.526715][T21144]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  863.526732][T21144]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  863.526745][T21144]  ? __hrtimer_setup+0x176/0x280
[  863.526763][T21144]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  863.526787][T21144]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  863.526806][T21144]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  863.526823][T21144]  ? __asan_memcpy+0x3c/0x60
[  863.526840][T21144]  hwsim_new_radio_nl+0xb51/0x12c0
[  863.526857][T21144]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  863.526877][T21144]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  863.526893][T21144]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  863.526911][T21144]  genl_family_rcv_msg_doit+0x206/0x2f0
[  863.526926][T21144]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  863.526940][T21144]  ? trace_cap_capable+0x18d/0x200
[  863.526955][T21144]  ? bpf_lsm_capable+0x9/0x10
[  863.526969][T21144]  ? security_capable+0x7e/0x260
[  863.526988][T21144]  ? ns_capable+0xd7/0x110
[  863.527001][T21144]  genl_rcv_msg+0x55c/0x800
[  863.527016][T21144]  ? __pfx_genl_rcv_msg+0x10/0x10
[  863.527031][T21144]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  863.527048][T21144]  ? __lock_acquire+0x622/0x1c90
[  863.527065][T21144]  netlink_rcv_skb+0x155/0x420
[  863.527077][T21144]  ? __pfx_genl_rcv_msg+0x10/0x10
[  863.527091][T21144]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  863.527110][T21144]  ? netlink_deliver_tap+0x1ae/0xd30
[  863.527121][T21144]  ? is_vmalloc_addr+0x86/0xa0
[  863.527138][T21144]  genl_rcv+0x28/0x40
[  863.527150][T21144]  netlink_unicast+0x53a/0x7f0
[  863.527164][T21144]  ? __pfx_netlink_unicast+0x10/0x10
[  863.527181][T21144]  netlink_sendmsg+0x8d1/0xdd0
[  863.527196][T21144]  ? __pfx_netlink_sendmsg+0x10/0x10
[  863.527209][T21144]  ? __import_iovec+0x1dd/0x650
[  863.527230][T21144]  ____sys_sendmsg+0xa95/0xc70
[  863.527245][T21144]  ? __pfx_____sys_sendmsg+0x10/0x10
[  863.527257][T21144]  ? get_compat_msghdr+0x11a/0x170
[  863.527270][T21144]  ? __pfx_futex_wake_mark+0x10/0x10
[  863.527308][T21144]  ___sys_sendmsg+0x134/0x1d0
[  863.527327][T21144]  ? __pfx____sys_sendmsg+0x10/0x10
[  863.527353][T21144]  ? find_held_lock+0x2b/0x80
[  863.527378][T21144]  __sys_sendmsg+0x16d/0x220
[  863.527395][T21144]  ? __pfx___sys_sendmsg+0x10/0x10
[  863.527413][T21144]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  863.527436][T21144]  ? rcu_is_watching+0x12/0xc0
[  863.527450][T21144]  __do_fast_syscall_32+0x7c/0x3a0
[  863.527471][T21144]  do_fast_syscall_32+0x32/0x80
[  863.527490][T21144]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  863.527504][T21144] RIP: 0023:0xf711e579
[  863.527514][T21144] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  863.527524][T21144] RSP: 002b:00000000f50ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  863.527536][T21144] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000040
[  863.527543][T21144] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  863.527549][T21144] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  863.527556][T21144] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  863.527562][T21144] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  863.527577][T21144]  </TASK>
[  863.828715][ T6040] usb 10-1: new high-speed USB device number 22 using dummy_hcd
[  864.014232][ T6040] usb 10-1: device descriptor read/64, error -71
[  864.131830][T21149] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4119'.
[  864.135922][T21149] netlink: 'syz.2.4119': attribute type 5 has an invalid length.
[  864.139307][T21149] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4119'.
[  864.155311][ T6040] usb usb10-port1: attempt power cycle
[  864.408038][T21152] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4120'.
[  864.504228][ T6040] usb 10-1: new high-speed USB device number 23 using dummy_hcd
[  864.524937][ T6040] usb 10-1: device descriptor read/8, error -71
[  864.774337][ T6040] usb 10-1: new high-speed USB device number 24 using dummy_hcd
[  864.795217][ T6040] usb 10-1: device descriptor read/8, error -71
[  864.916975][ T6040] usb usb10-port1: unable to enumerate USB device
[  865.364166][T15022] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  865.364608][ T5946] Bluetooth: hci1: command 0x1003 tx timeout
[  866.115492][T21170] block nbd5: shutting down sockets
[  867.553376][T21196] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4130'.
[  867.557853][T21196] netlink: 'syz.5.4130': attribute type 5 has an invalid length.
[  867.615785][T21196] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4130'.
[  868.038463][T21204] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4133'.
[  868.263392][T21209] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4134'.
[  868.267893][T21209] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4134'.
[  868.271186][T21209] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4134'.
[  868.277065][T21209] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4134'.
[  868.280104][T21209] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4134'.
[  868.283507][T21209] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4134'.
[  868.297140][T21209] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4134'.
[  868.303111][T21209] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4134'.
[  868.306652][T21209] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4134'.
[  870.113935][T21243] block nbd4: shutting down sockets
[  870.204908][T21248] FAULT_INJECTION: forcing a failure.
[  870.204908][T21248] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  870.210362][T21248] CPU: 2 UID: 0 PID: 21248 Comm: syz.1.4144 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  870.210387][T21248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  870.210399][T21248] Call Trace:
[  870.210406][T21248]  <TASK>
[  870.210415][T21248]  dump_stack_lvl+0x16c/0x1f0
[  870.210449][T21248]  should_fail_ex+0x512/0x640
[  870.210480][T21248]  _copy_from_iter+0x29f/0x16f0
[  870.210510][T21248]  ? __alloc_skb+0x200/0x380
[  870.210539][T21248]  ? __pfx__copy_from_iter+0x10/0x10
[  870.210568][T21248]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  870.210595][T21248]  netlink_sendmsg+0x829/0xdd0
[  870.210621][T21248]  ? __pfx_netlink_sendmsg+0x10/0x10
[  870.210643][T21248]  ? __import_iovec+0x1dd/0x650
[  870.210676][T21248]  ____sys_sendmsg+0xa95/0xc70
[  870.210699][T21248]  ? __pfx_____sys_sendmsg+0x10/0x10
[  870.210719][T21248]  ? get_compat_msghdr+0x11a/0x170
[  870.210747][T21248]  ___sys_sendmsg+0x134/0x1d0
[  870.210778][T21248]  ? __pfx____sys_sendmsg+0x10/0x10
[  870.210815][T21248]  ? find_held_lock+0x2b/0x80
[  870.210850][T21248]  __sys_sendmsg+0x16d/0x220
[  870.210893][T21248]  ? __pfx___sys_sendmsg+0x10/0x10
[  870.210932][T21248]  ? rcu_is_watching+0x12/0xc0
[  870.210956][T21248]  __do_fast_syscall_32+0x7c/0x3a0
[  870.210988][T21248]  do_fast_syscall_32+0x32/0x80
[  870.211016][T21248]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  870.211039][T21248] RIP: 0023:0xf711e579
[  870.211054][T21248] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  870.211071][T21248] RSP: 002b:00000000f510e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  870.211089][T21248] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340
[  870.211102][T21248] RDX: 0000000000008002 RSI: 0000000000000000 RDI: 0000000000000000
[  870.211112][T21248] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  870.211122][T21248] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  870.211133][T21248] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  870.211156][T21248]  </TASK>
[  870.403767][T21257] netlink: 'syz.1.4147': attribute type 1 has an invalid length.
[  870.890550][T21264] input: syz0 as /devices/virtual/input/input26
[  871.142526][   T12] Bluetooth: hci1: Frame reassembly failed (-84)
[  873.049792][T21294] netlink: 'syz.2.4156': attribute type 1 has an invalid length.
[  873.049811][T21294] __nla_validate_parse: 3 callbacks suppressed
[  873.049819][T21294] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4156'.
[  873.205085][T15022] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  873.551142][T21306] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4161'.
[  874.324665][T21317] netlink: 236 bytes leftover after parsing attributes in process `syz.1.4165'.
[  875.045487][ T1137] Bluetooth: hci1: Frame reassembly failed (-84)
[  875.364794][T21337] netlink: 'syz.1.4169': attribute type 1 has an invalid length.
[  875.364816][T21337] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4169'.
[  875.398883][T21341] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4171'.
[  875.762711][T11815] Bluetooth: hci5: Frame reassembly failed (-84)
[  875.762797][T11815] Bluetooth: hci5: Frame reassembly failed (-84)
[  875.762847][T11815] Bluetooth: hci5: Frame reassembly failed (-84)
[  875.762897][T11815] Bluetooth: hci5: Frame reassembly failed (-84)
[  875.762946][T11815] Bluetooth: hci5: Frame reassembly failed (-84)
[  877.045178][T15022] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  877.765324][T15022] Bluetooth: hci5: command 0x1003 tx timeout
[  877.771958][ T5946] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  878.476600][T21388] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4183'.
[  878.479872][T21388] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4183'.
[  878.666172][T21392] netlink: 236 bytes leftover after parsing attributes in process `syz.4.4184'.
[  879.244236][T21401] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4186'.
[  879.300665][T21401] netlink: 'syz.4.4186': attribute type 5 has an invalid length.
[  879.310346][T21401] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4186'.
[  879.513631][T21405] Bluetooth: hci1: Frame reassembly failed (-84)
[  880.363530][T21418] vlan2: entered allmulticast mode
[  880.365604][T21418] bond0: entered allmulticast mode
[  880.388894][T21419] vlan2: entered allmulticast mode
[  880.561891][T21427] FAULT_INJECTION: forcing a failure.
[  880.561891][T21427] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  880.567267][T21427] CPU: 0 UID: 0 PID: 21427 Comm: syz.4.4194 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  880.567284][T21427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  880.567292][T21427] Call Trace:
[  880.567296][T21427]  <TASK>
[  880.567302][T21427]  dump_stack_lvl+0x16c/0x1f0
[  880.567328][T21427]  should_fail_ex+0x512/0x640
[  880.567347][T21427]  should_fail_alloc_page+0xe7/0x130
[  880.567360][T21427]  prepare_alloc_pages+0x3c2/0x610
[  880.567376][T21427]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  880.567396][T21427]  ? find_held_lock+0x2b/0x80
[  880.567408][T21427]  ? is_bpf_text_address+0x8a/0x1a0
[  880.567424][T21427]  ? bpf_ksym_find+0x124/0x1c0
[  880.567436][T21427]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  880.567449][T21427]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  880.567466][T21427]  ? kernel_text_address+0x8d/0x100
[  880.567483][T21427]  ? __kernel_text_address+0xd/0x40
[  880.567500][T21427]  ? unwind_get_return_address+0x59/0xa0
[  880.567518][T21427]  ? arch_stack_walk+0xa6/0x100
[  880.567537][T21427]  ? number+0x9aa/0xc70
[  880.567552][T21427]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  880.567570][T21427]  ? policy_nodemask+0xea/0x4e0
[  880.567582][T21427]  alloc_pages_mpol+0x1fb/0x550
[  880.567593][T21427]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  880.567608][T21427]  folio_alloc_mpol_noprof+0x36/0x2f0
[  880.567622][T21427]  vma_alloc_folio_noprof+0xed/0x1e0
[  880.567635][T21427]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  880.567646][T21427]  ? find_held_lock+0x2b/0x80
[  880.567658][T21427]  ? __handle_mm_fault+0x1092/0x5490
[  880.567675][T21427]  __handle_mm_fault+0x2f21/0x5490
[  880.567693][T21427]  ? __pfx___handle_mm_fault+0x10/0x10
[  880.567707][T21427]  ? __pfx_mt_find+0x10/0x10
[  880.567726][T21427]  ? find_vma+0xbf/0x140
[  880.567736][T21427]  ? __pfx_find_vma+0x10/0x10
[  880.567749][T21427]  handle_mm_fault+0x589/0xd10
[  880.567764][T21427]  ? __pkru_allows_pkey+0x41/0xb0
[  880.567780][T21427]  do_user_addr_fault+0x7a6/0x1370
[  880.567796][T21427]  ? rcu_is_watching+0x12/0xc0
[  880.567810][T21427]  exc_page_fault+0x5c/0xb0
[  880.567826][T21427]  asm_exc_page_fault+0x26/0x30
[  880.567838][T21427] RIP: 0010:_copy_to_iter+0x4e6/0x16f0
[  880.567856][T21427] Code: 45 e8 3e 5d e4 fc 48 8b 4c 24 18 48 8b 44 24 28 89 ee 4c 8d 34 01 4c 89 f7 e8 76 47 4a fd 0f 01 cb 48 89 e9 4c 89 ff 4c 89 f6 <f3> a4 0f 1f 00 0f 01 ca 48 89 e8 48 29 eb 48 29 c8 48 01 44 24 28
[  880.567867][T21427] RSP: 0018:ffffc9000363f9a8 EFLAGS: 00050246
[  880.567877][T21427] RAX: 0000000000000001 RBX: 00000000000000b1 RCX: 00000000000000b1
[  880.567884][T21427] RDX: ffffed10050d4017 RSI: ffff8880286a0000 RDI: 0000000080012400
[  880.567891][T21427] RBP: 00000000000000b1 R08: 0000000000000000 R09: ffffed10050d4016
[  880.567898][T21427] R10: ffff8880286a00b0 R11: 0000000000000000 R12: 0000000000000000
[  880.567905][T21427] R13: ffffc9000363fbb8 R14: ffff8880286a0000 R15: 0000000080012400
[  880.567920][T21427]  ? _copy_to_iter+0x4da/0x16f0
[  880.567939][T21427]  ? established_get_first+0x4ee/0x700
[  880.567954][T21427]  ? __pfx__copy_to_iter+0x10/0x10
[  880.567975][T21427]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  880.567994][T21427]  seq_read_iter+0xcf8/0x12c0
[  880.568015][T21427]  seq_read+0x39e/0x4e0
[  880.568028][T21427]  ? __pfx_seq_read+0x10/0x10
[  880.568074][T21427]  ? __pfx_seq_read+0x10/0x10
[  880.568089][T21427]  proc_reg_read+0x240/0x330
[  880.568106][T21427]  ? __pfx_proc_reg_read+0x10/0x10
[  880.568122][T21427]  vfs_read+0x1e1/0xc60
[  880.568138][T21427]  ? fdget_pos+0x2a2/0x370
[  880.568155][T21427]  ? __pfx_vfs_read+0x10/0x10
[  880.568169][T21427]  ? find_held_lock+0x2b/0x80
[  880.568184][T21427]  ? __fget_files+0x20e/0x3c0
[  880.568203][T21427]  ksys_read+0x12a/0x250
[  880.568218][T21427]  ? __pfx_ksys_read+0x10/0x10
[  880.568234][T21427]  ? rcu_is_watching+0x12/0xc0
[  880.568247][T21427]  __do_fast_syscall_32+0x7c/0x3a0
[  880.568266][T21427]  do_fast_syscall_32+0x32/0x80
[  880.568283][T21427]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  880.568297][T21427] RIP: 0023:0xf704e579
[  880.568307][T21427] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  880.568323][T21427] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000003
[  880.568333][T21427] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080012400
[  880.568340][T21427] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000
[  880.568346][T21427] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  880.568352][T21427] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  880.568359][T21427] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  880.568373][T21427]  </TASK>
[  880.949111][T21434] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4191'.
[  881.395949][   T40] kauditd_printk_skb: 50 callbacks suppressed
[  881.395964][   T40] audit: type=1326 audit(2000000693.669:62256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21438 comm="syz.4.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  881.405016][   T40] audit: type=1326 audit(2000000693.669:62257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21438 comm="syz.4.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=376 compat=1 ip=0xf704e579 code=0x7ffc0000
[  881.411721][   T40] audit: type=1326 audit(2000000693.669:62258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21438 comm="syz.4.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  881.419325][   T40] audit: type=1326 audit(2000000693.669:62259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21438 comm="syz.4.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  881.427342][   T40] audit: type=1326 audit(2000000693.669:62260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21438 comm="syz.4.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf704e579 code=0x7ffc0000
[  881.434387][   T40] audit: type=1326 audit(2000000693.669:62261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21438 comm="syz.4.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  881.442175][   T40] audit: type=1326 audit(2000000693.669:62262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21438 comm="syz.4.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  881.453949][   T40] audit: type=1326 audit(2000000693.669:62263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21438 comm="syz.4.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf704e579 code=0x7ffc0000
[  881.463473][   T40] audit: type=1326 audit(2000000693.669:62264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21438 comm="syz.4.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  881.472578][   T40] audit: type=1326 audit(2000000693.669:62265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21438 comm="syz.4.4197" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  881.524146][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  881.524637][T15022] Bluetooth: hci1: command 0x1003 tx timeout
[  882.353542][T21455] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4199'.
[  882.356636][T21455] netlink: 'syz.2.4199': attribute type 5 has an invalid length.
[  882.362522][T21455] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4199'.
[  882.393577][ T1137] Bluetooth: hci1: Frame reassembly failed (-84)
[  882.398174][ T1137] Bluetooth: hci1: Frame reassembly failed (-84)
[  883.180841][T21465] tmpfs: Unknown parameter 'usrquotama'
[  883.215096][T11815] Bluetooth: hci5: Frame reassembly failed (-84)
[  883.389517][T21473] netlink: 236 bytes leftover after parsing attributes in process `syz.2.4206'.
[  884.415307][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  884.595372][T21488] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4210'.
[  884.687964][T21490] syzkaller1: entered promiscuous mode
[  884.689996][T21490] syzkaller1: entered allmulticast mode
[  885.098517][T21492] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4209'.
[  885.226149][T21502] ==================================================================
[  885.226160][T21502] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1a6f/0x1e60
[  885.226179][T21502] Write of size 8 at addr ffffc90004c4c000 by task syz.5.4214/21502
[  885.226190][T21502] 
[  885.226196][T21502] CPU: 3 UID: 0 PID: 21502 Comm: syz.5.4214 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  885.226211][T21502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  885.226220][T21502] Call Trace:
[  885.226223][T21502]  <TASK>
[  885.226229][T21502]  dump_stack_lvl+0x116/0x1f0
[  885.226248][T21502]  print_report+0xcd/0x680
[  885.226258][T21502]  ? __virt_addr_valid+0x81/0x610
[  885.226271][T21502]  ? sys_imageblit+0x1a6f/0x1e60
[  885.226286][T21502]  kasan_report+0xe0/0x110
[  885.226296][T21502]  ? sys_imageblit+0x1a6f/0x1e60
[  885.226310][T21502]  sys_imageblit+0x1a6f/0x1e60
[  885.226324][T21502]  ? __pfx_sys_imageblit+0x10/0x10
[  885.226337][T21502]  ? lock_acquire+0x179/0x350
[  885.226352][T21502]  ? __page_table_check_ptes_set+0x1ae/0x420
[  885.226370][T21502]  ? find_held_lock+0x2b/0x80
[  885.226380][T21502]  ? __pfx___page_table_check_ptes_set+0x10/0x10
[  885.226397][T21502]  ? pfn_valid+0x26a/0x4d0
[  885.226408][T21502]  ? fb_pad_unaligned_buffer+0x38d/0x440
[  885.226426][T21502]  drm_fbdev_shmem_defio_imageblit+0x20/0x130
[  885.226441][T21502]  bit_putcs+0x90f/0xde0
[  885.226461][T21502]  ? __pfx_bit_putcs+0x10/0x10
[  885.226478][T21502]  ? __vmap_pages_range_noflush+0x1d0/0x230
[  885.226491][T21502]  ? fb_get_color_depth+0x120/0x250
[  885.226507][T21502]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  885.226525][T21502]  ? __pfx_bit_putcs+0x10/0x10
[  885.226548][T21502]  fbcon_putcs+0x383/0x4a0
[  885.226565][T21502]  do_update_region+0x2e6/0x3f0
[  885.226580][T21502]  invert_screen+0x1e4/0x590
[  885.226602][T21502]  ? __pfx_invert_screen+0x10/0x10
[  885.226623][T21502]  ? __pfx_complement_pos+0x10/0x10
[  885.226645][T21502]  ? vc_do_resize+0x24d/0x10e0
[  885.226660][T21502]  ? __vmalloc_node_noprof+0xad/0xf0
[  885.226674][T21502]  clear_selection+0x59/0x70
[  885.226688][T21502]  vc_do_resize+0xd9b/0x10e0
[  885.226706][T21502]  ? __pfx_vc_do_resize+0x10/0x10
[  885.226722][T21502]  fbcon_set_disp+0x7ad/0xe40
[  885.226737][T21502]  set_con2fb_map+0x703/0x1060
[  885.226754][T21502]  fbcon_set_con2fb_map_ioctl+0x16c/0x220
[  885.226772][T21502]  ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10
[  885.226790][T21502]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  885.226806][T21502]  do_fb_ioctl+0x328/0x7e0
[  885.226817][T21502]  ? __pfx_do_fb_ioctl+0x10/0x10
[  885.226828][T21502]  ? lockdep_hardirqs_on+0x7c/0x110
[  885.226845][T21502]  ? find_held_lock+0x2b/0x80
[  885.226858][T21502]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  885.226880][T21502]  fb_compat_ioctl+0x55e/0x670
[  885.226891][T21502]  ? __pfx_fb_compat_ioctl+0x10/0x10
[  885.226902][T21502]  ? hook_file_ioctl_common+0x145/0x410
[  885.226916][T21502]  ? __fget_files+0x20e/0x3c0
[  885.226930][T21502]  ? __ia32_compat_sys_openat+0x150/0x210
[  885.226945][T21502]  ? __pfx_fb_compat_ioctl+0x10/0x10
[  885.226956][T21502]  __ia32_compat_sys_ioctl+0x242/0x370
[  885.226970][T21502]  __do_fast_syscall_32+0x7c/0x3a0
[  885.226987][T21502]  do_fast_syscall_32+0x32/0x80
[  885.227004][T21502]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  885.227018][T21502] RIP: 0023:0xf7ff2579
[  885.227028][T21502] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  885.227039][T21502] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  885.227050][T21502] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000004610
[  885.227057][T21502] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  885.227064][T21502] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  885.227070][T21502] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  885.227077][T21502] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  885.227087][T21502]  </TASK>
[  885.227091][T21502] 
[  885.227106][T21502] The buggy address ffffc90004c4c000 belongs to a vmalloc virtual mapping
[  885.227112][T21502] Memory state around the buggy address:
[  885.227119][T21502]  ffffc90004c4bf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  885.227128][T21502]  ffffc90004c4bf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  885.227136][T21502] >ffffc90004c4c000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  885.227143][T21502]                    ^
[  885.227149][T21502]  ffffc90004c4c080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  885.227158][T21502]  ffffc90004c4c100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  885.227164][T21502] ==================================================================
[  885.227172][T21502] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  885.227180][T21502] CPU: 3 UID: 0 PID: 21502 Comm: syz.5.4214 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  885.227194][T21502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  885.227201][T21502] Call Trace:
[  885.227205][T21502]  <TASK>
[  885.227209][T21502]  dump_stack_lvl+0x3d/0x1f0
[  885.227226][T21502]  panic+0x71c/0x800
[  885.227243][T21502]  ? __pfx_panic+0x10/0x10
[  885.227258][T21502]  ? __pfx__printk+0x10/0x10
[  885.227272][T21502]  ? rcu_is_watching+0x12/0xc0
[  885.227287][T21502]  ? sys_imageblit+0x1a6f/0x1e60
[  885.227300][T21502]  check_panic_on_warn+0xab/0xb0
[  885.227316][T21502]  end_report+0x107/0x170
[  885.227333][T21502]  kasan_report+0xee/0x110
[  885.227343][T21502]  ? sys_imageblit+0x1a6f/0x1e60
[  885.227357][T21502]  sys_imageblit+0x1a6f/0x1e60
[  885.227371][T21502]  ? __pfx_sys_imageblit+0x10/0x10
[  885.227384][T21502]  ? lock_acquire+0x179/0x350
[  885.227398][T21502]  ? __page_table_check_ptes_set+0x1ae/0x420
[  885.227415][T21502]  ? find_held_lock+0x2b/0x80
[  885.227426][T21502]  ? __pfx___page_table_check_ptes_set+0x10/0x10
[  885.227443][T21502]  ? pfn_valid+0x26a/0x4d0
[  885.227453][T21502]  ? fb_pad_unaligned_buffer+0x38d/0x440
[  885.227470][T21502]  drm_fbdev_shmem_defio_imageblit+0x20/0x130
[  885.227485][T21502]  bit_putcs+0x90f/0xde0
[  885.227505][T21502]  ? __pfx_bit_putcs+0x10/0x10
[  885.227521][T21502]  ? __vmap_pages_range_noflush+0x1d0/0x230
[  885.227543][T21502]  ? fb_get_color_depth+0x120/0x250
[  885.227559][T21502]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  885.227577][T21502]  ? __pfx_bit_putcs+0x10/0x10
[  885.227594][T21502]  fbcon_putcs+0x383/0x4a0
[  885.227611][T21502]  do_update_region+0x2e6/0x3f0
[  885.227626][T21502]  invert_screen+0x1e4/0x590
[  885.227643][T21502]  ? __pfx_invert_screen+0x10/0x10
[  885.227659][T21502]  ? __pfx_complement_pos+0x10/0x10
[  885.227675][T21502]  ? vc_do_resize+0x24d/0x10e0
[  885.227689][T21502]  ? __vmalloc_node_noprof+0xad/0xf0
[  885.227703][T21502]  clear_selection+0x59/0x70
[  885.227717][T21502]  vc_do_resize+0xd9b/0x10e0
[  885.227735][T21502]  ? __pfx_vc_do_resize+0x10/0x10
[  885.227752][T21502]  fbcon_set_disp+0x7ad/0xe40
[  885.227767][T21502]  set_con2fb_map+0x703/0x1060
[  885.227784][T21502]  fbcon_set_con2fb_map_ioctl+0x16c/0x220
[  885.227802][T21502]  ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10
[  885.227820][T21502]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  885.227836][T21502]  do_fb_ioctl+0x328/0x7e0
[  885.227848][T21502]  ? __pfx_do_fb_ioctl+0x10/0x10
[  885.227859][T21502]  ? lockdep_hardirqs_on+0x7c/0x110
[  885.227875][T21502]  ? find_held_lock+0x2b/0x80
[  885.227887][T21502]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  885.227909][T21502]  fb_compat_ioctl+0x55e/0x670
[  885.227920][T21502]  ? __pfx_fb_compat_ioctl+0x10/0x10
[  885.227932][T21502]  ? hook_file_ioctl_common+0x145/0x410
[  885.227945][T21502]  ? __fget_files+0x20e/0x3c0
[  885.227959][T21502]  ? __ia32_compat_sys_openat+0x150/0x210
[  885.227974][T21502]  ? __pfx_fb_compat_ioctl+0x10/0x10
[  885.227985][T21502]  __ia32_compat_sys_ioctl+0x242/0x370
[  885.228033][T21502]  __do_fast_syscall_32+0x7c/0x3a0
[  885.228059][T21502]  do_fast_syscall_32+0x32/0x80
[  885.228078][T21502]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  885.228093][T21502] RIP: 0023:0xf7ff2579
[  885.228101][T21502] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  885.228112][T21502] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  885.228123][T21502] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000004610
[  885.228130][T21502] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  885.228137][T21502] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  885.228143][T21502] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  885.228150][T21502] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  885.228160][T21502]  </TASK>
[  885.228955][T21502] Kernel Offset: disabled

VM DIAGNOSIS:
13:27:15  Registers:
info registers vcpu 0

CPU#0
RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff816048c0 RDX=ffffffff8e297780
RSI=ffffffff81604908 RDI=ffffffff93d13080 RBP=0000000000000000 RSP=ffffc90000007fd0
R8 =0000000000000001 R9 =fffffbfff27a2610 R10=ffffffff93d13087 R11=0000000000000001
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81604909 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809755f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080002000 CR3=00000000617b2000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000010000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff816048c0 RDX=ffff88801dee2440
RSI=ffffffff81604908 RDI=ffffffff93d13080 RBP=0000000000000001 RSP=ffffc90000590fd0
R8 =0000000000000001 R9 =fffffbfff27a2610 R10=ffffffff93d13087 R11=0000000000000001
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81604909 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809765f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7376948 CR3=000000002916b000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff816048c0 RDX=ffff88801dee4880
RSI=ffffffff81604908 RDI=ffffffff93d13080 RBP=0000000000000002 RSP=ffffc90000538fd0
R8 =0000000000000001 R9 =fffffbfff27a2610 R10=ffffffff93d13087 R11=0000000000000001
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81604909 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809775f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c38fe7d CR3=00000000282c1000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000c400000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85580b15 RDI=ffffffff9b06da00 RBP=ffffffff9b06d9c0 RSP=ffffc90003926e88
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3030303963666657
R12=0000000000000000 R13=0000000000000020 R14=ffffffff9b06d9c0 R15=ffffffff85580ab0
RIP=ffffffff85580b3f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809785f000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7484c2c CR3=000000006eb36000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000