last executing test programs:

3m49.213873627s ago: executing program 2 (id=1715):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x38}}, 0x0)

3m49.16145145s ago: executing program 2 (id=1716):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
keyctl$get_persistent(0x16, 0xee01, 0xffffffffffffffff)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000100000024000180060005004e230007060001000200000008000300ac1414aa08000600010000"], 0x38}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000580)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r4, @ANYBLOB="0a0001"], 0x48}, 0x1, 0x0, 0x0, 0x45844}, 0x4000080)
listen(r0, 0xc)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
fgetxattr(r3, &(0x7f0000000140)=@random={'btrfs.', 'mptcp_pm\x00'}, &(0x7f0000000440)=""/218, 0xda)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01090000000000000000010000001c000180060001000200000008000300ac1414aa080006000300"], 0x30}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDADDENTROPY(r0, 0x40085203, 0x0)
fcntl$setpipe(r3, 0x407, 0xfffffff1)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000001c0), r6)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x74, r9, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x60, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x8}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x74}, 0x1, 0x0, 0x0, 0xc081}, 0x800)

3m48.32724595s ago: executing program 2 (id=1721):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x8e40, 0x0)
close(r1)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sched_getaffinity(0x0, 0x4, &(0x7f0000000100))
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000a00)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0xffff}, {0xffff, 0xffff}, {0x2, 0xfff1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x9, 0x8, 0x7, 0x1, 0x4], 0x3, [0xb, 0x3, 0x1, 0x2002, 0x1, 0x4, 0x4, 0x2, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x2, 0xd, 0x100], [0xbff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x3ff, 0x2, 0xc, 0x42, 0xfffc, 0x3, 0x1, 0xe]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r8, 0x0, 0x0, 0x48040, &(0x7f00000001c0)={0x11, 0x7, r7, 0x1, 0x6, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14)

3m48.182424365s ago: executing program 2 (id=1722):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0)
mount$bind(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x98d0d9, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f00000003c0)='./file0\x00', 0xa) (fail_nth: 1)

3m48.062446968s ago: executing program 2 (id=1723):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
mkdir(0x0, 0x261)
mount$9p_virtio(&(0x7f00000002c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
r1 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x6000, {}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_PORT={0x6}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x5c}}, 0x0)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c000000090605000000000000000000060000000900020073797a300000000014000780060004404e20000006000540362100000500010007"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x804)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r4 = syz_create_resource$binfmt(&(0x7f0000000000)='./file0\x00')
r5 = openat$binfmt(0xffffffffffffff9c, r4, 0x41, 0x1ff)
fcntl$setlease(r5, 0x400, 0x1)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r6=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r6, 0x1, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x0, 0x204031, r0, 0x42795000)
creat(&(0x7f0000000140)='./file0\x00', 0x160)
open$dir(&(0x7f0000000100)='./file0\x00', 0x4000, 0xd)
timer_getoverrun(r6)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/locks\x00', 0x0, 0x0)
open(&(0x7f0000000080)='./file0\x00', 0x80, 0x78e22799f4a46f40)
read$watch_queue(r7, &(0x7f00000001c0)=""/178, 0xb2)
setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {r2}}, './file0/file0\x00'})
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
dup(r8)

3m47.902802658s ago: executing program 2 (id=1724):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000480)=ANY=[], 0x38}}, 0x0)

3m47.8166182s ago: executing program 32 (id=1724):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000480)=ANY=[], 0x38}}, 0x0)

16.565110204s ago: executing program 3 (id=2570):
bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f00000005c0)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$unix(r1, &(0x7f00000000c0)=@file={0x1, './cgroup.cpu/cgroup.procs\x00'}, 0x6e)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
listen(r1, 0xff)
syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYRESOCT=r2], 0x1c}, 0x1, 0x0, 0x0, 0x815}, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4a102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
memfd_create(&(0x7f00000005c0)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x99\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8\xfb\x16\x8e\x8b-W\xd4\xc9\xbc\x94CR[Du8U^\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xbd+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18', 0x0)
r5 = socket$kcm(0x2b, 0x1, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=<r6=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_submit(0x0, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r6, 0x0}])
sendmsg$inet(r5, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000c08d)
shutdown(r5, 0x1)
listen(r4, 0xfffffffc)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, 0x0, 0x4008015)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r7)
sendmsg$nl_generic(r7, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="20000023100001072abd7000000000000a0000000c0002006e6c383032313100"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

15.275243158s ago: executing program 3 (id=2576):
bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f00000005c0)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$unix(r1, &(0x7f00000000c0)=@file={0x1, './cgroup.cpu/cgroup.procs\x00'}, 0x6e)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
listen(r1, 0xff)
syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYRESOCT=r2], 0x1c}, 0x1, 0x0, 0x0, 0x815}, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4a102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
memfd_create(&(0x7f00000005c0)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x99\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8\xfb\x16\x8e\x8b-W\xd4\xc9\xbc\x94CR[Du8U^\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xbd+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18', 0x0)
r5 = socket$kcm(0x2b, 0x1, 0x0)
io_setup(0x8, &(0x7f0000000280)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, 0xffffffffffffffff, 0x0}])
sendmsg$inet(r5, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000c08d)
shutdown(r5, 0x1)
listen(r4, 0xfffffffc)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, 0x0, 0x4008015)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r7)
sendmsg$nl_generic(r7, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="20000023100001072abd7000000000000a0000000c0002006e6c383032313100"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

12.89916443s ago: executing program 3 (id=2582):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3e616dc4010203010902120001000000000904"], 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80648c2566e506bce1e800"/20, 0x14}], 0x1}, 0x4004000)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x18, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0})
r1 = fsopen(&(0x7f00000000c0)='jffs2\x00', 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e21, @local}}}, 0x84)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000005c0), r2)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000680)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd70000400000011000000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x2048050}, 0x880)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x80)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\xfbM:', 0x0)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x13})
syz_usb_connect$uac3(0x5, 0x8c, &(0x7f0000000800)=ANY=[@ANYBLOB], 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000002, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_usb_connect(0x0, 0x3d7, &(0x7f00000007c0)=ANY=[@ANYBLOB="120100004cefc008e10593085bfd010203010902c503"], 0x0)
syz_usb_control_io$hid(r5, 0x0, &(0x7f0000000000)={0x2c, &(0x7f0000000040)={0x0, 0x0, 0x1, "ff"}, 0x0, 0x0, 0x0, 0x0})
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x2, 0xa, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@empty, @in=@broadcast, 0x28, 0x0, 0x10}, @sadb_x_policy={0x8, 0x12, 0x0, 0x4, 0x0, 0x0, 0x0, {0x6, 0x32, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@empty, @in=@broadcast}}, @sadb_x_nat_t_port={0x1, 0x15, 0x4e24}]}, 0x80}}, 0x0)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r6 = syz_io_uring_complete(0x0, 0x0)
getsockopt$inet_sctp_SCTP_RTOINFO(r6, 0x84, 0x0, &(0x7f0000000440)={0x0, 0x4, 0x7a, 0x733}, &(0x7f0000000480)=0x10)

9.587052052s ago: executing program 3 (id=2593):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
listen(r0, 0x0)
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x20fffe82)
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
socket$inet6(0xa, 0x805, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$FS_IOC_GETFSUUID(r4, 0x80111500, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="6400000000010104000000000000000002000000240001801400018008000100e000000108000200000000000c0002800500010000000000240002800c00028005000100000000001400018008000100e000000108000200e00000020800074000000005498fc341f5ea9f304793f3e91ec7a14fecdc719f2b6112d56cef9c75c2377c37dbdbe4aaa5df90a47d5c359f09c1b9476e40c27918d156337f497d9c839ede6931dd48d21106592e6c698478b9c2933b7d7f7d8ab1ad5ecf9b0882f17ee5d6318215752a91dbae20a6d9ce5a7c72962f73e8d04efd376d7342bd8d96add5e8d33baa0411c8a77511c72c587a7cdab8"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="1400000002010500000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
r6 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="40000000000000ffdbdf25000000000000000000", @ANYRES32=r7, @ANYBLOB="00000000080000002000128009000100766c616e00000000100002800c000200120000001f000000"], 0x40}, 0x1, 0x0, 0x0, 0x11}, 0x0)

7.482096512s ago: executing program 3 (id=2598):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_ABORT_SCAN(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="020026bd7000fddbdf257200000008000300", @ANYRES32=r2, @ANYRESHEX=r1], 0x1c}, 0x1, 0x0, 0x0, 0x24000801}, 0x40)
sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000000780)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000331a0c1900"/28], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x8, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0)=r6, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r7 = getpid()
syz_pidfd_open(r7, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r8 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r8, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_open_dev$cec(0x0, 0x0, 0x180)
ioctl$CEC_ADAP_S_LOG_ADDRS(r9, 0xc05c6104, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
r10 = socket(0x10, 0x3, 0x0)
write(r10, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800040001000000", 0x24)

6.154025263s ago: executing program 3 (id=2605):
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000002100), 0x80, 0x0)
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0, <r1=>0x0}, 0x2020)
openat$dir(0xffffffffffffff9c, 0x0, 0x4102, 0x1c)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100007f}, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x0, 0x0, 0x0, 0x3}, 0x1c)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000003c0)={{{@in=@multicast2, @in6=@private1, 0x2, 0x0, 0x0, 0x0, 0x2, 0x20, 0x20, 0x0, 0x0, r1}, {0x0, 0x0, 0x1, 0x4, 0x0, 0xfffffffffffffff5, 0xfffffffffffffffe, 0x3}, {0xfffffffffffffffd, 0x200000000000000, 0x400000002, 0xfffffffffffffffc}, 0x1, 0x0, 0x2, 0x0, 0x0, 0x3}, {{@in=@broadcast, 0x4d3, 0x32}, 0x2, @in=@loopback, 0x0, 0x1, 0x1, 0xb7, 0x3, 0xfffffffe}}, 0xe4)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='cdg', 0x3)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x9}}, &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/hibernate_compression_threads', 0x161a02, 0x0)
lseek(r6, 0x9, 0x4)

4.367253521s ago: executing program 4 (id=2613):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$kcm(0xa, 0x2, 0x73)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x26e1, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0), 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x1f, 0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a7000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000280)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x19}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000ff07000009"], 0x50)
socket(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x2, 0x300)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000002c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm(aes))\x00'}, 0x58)
accept4(r3, 0x0, 0x0, 0x800)
setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r5}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

4.288910949s ago: executing program 0 (id=2615):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
keyctl$get_persistent(0x16, 0xee01, 0xffffffffffffffff)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000100000024000180060005004e2300"], 0x38}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
listen(r0, 0xc)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
fgetxattr(r3, &(0x7f0000000140)=@random={'btrfs.', 'mptcp_pm\x00'}, &(0x7f0000000440)=""/218, 0xda)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01090000000000000000010000001c000180060001000200000008000300ac1414aa080006000300"], 0x30}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDADDENTROPY(r0, 0x40085203, 0x0)
fcntl$setpipe(r3, 0x407, 0xfffffff1)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000001c0), r5)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x74, r8, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x60, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x8}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x74}, 0x1, 0x0, 0x0, 0xc081}, 0x800)

4.275437565s ago: executing program 0 (id=2616):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r4 = socket$netlink(0x10, 0x3, 0x4)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r4, 0x10e, 0x5, 0x0, 0x0)
writev(r4, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1)
syz_genetlink_get_family_id$gtp(&(0x7f0000001100), r4)
socket$phonet_pipe(0x23, 0x5, 0x2)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f00000000c0)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r5 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x8c, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}})
ioctl$FE_SET_FRONTEND(r5, 0x40246f4c, &(0x7f0000000280)={0x10001, 0x0, @qpsk={0x5c, 0x1d}})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0xffea)
pwritev2(r2, &(0x7f0000000380), 0x0, 0x5, 0x1d, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="7961c60005000000000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x4040800)

4.123224667s ago: executing program 1 (id=2617):
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000002100), 0x80, 0x0)
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0, <r1=>0x0}, 0x2020)
openat$dir(0xffffffffffffff9c, 0x0, 0x4102, 0x1c)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100007f}, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x0, 0x0, 0x0, 0x3}, 0x1c)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000003c0)={{{@in=@multicast2, @in6=@private1, 0x2, 0x0, 0x0, 0x0, 0x2, 0x20, 0x20, 0x0, 0x0, r1}, {0x0, 0x0, 0x1, 0x4, 0x0, 0xfffffffffffffff5, 0xfffffffffffffffe, 0x3}, {0xfffffffffffffffd, 0x200000000000000, 0x400000002, 0xfffffffffffffffc}, 0x1, 0x0, 0x2, 0x0, 0x0, 0x3}, {{@in=@broadcast, 0x4d3, 0x32}, 0x2, @in=@loopback, 0x0, 0x1, 0x1, 0xb7, 0x3, 0xfffffffe}}, 0xe4)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='cdg', 0x3)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x9}}, &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/hibernate_compression_threads', 0x161a02, 0x0)
lseek(r6, 0x9, 0x4)

4.102135097s ago: executing program 4 (id=2618):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r4 = socket$netlink(0x10, 0x3, 0x4)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r4, 0x10e, 0x5, 0x0, 0x0)
writev(r4, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1)
socket$phonet_pipe(0x23, 0x5, 0x2)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f00000000c0)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r5 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x8c, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}})
ioctl$FE_SET_FRONTEND(r5, 0x40246f4c, &(0x7f0000000280)={0x10001, 0x0, @qpsk={0x5c, 0x1d}})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0xffea)
pwritev2(r2, &(0x7f0000000380), 0x0, 0x5, 0x1d, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="7961c60005000000000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x4040800)

3.059375769s ago: executing program 1 (id=2619):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r0 = socket(0x10, 0x3, 0x9)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000940)=ANY=[@ANYBLOB="14000000530401021d800000000000000500000a1400fffff80300000000000a00000a0000000000"], 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x24040020)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = fsopen(&(0x7f00000001c0)='9p\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r6, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r6, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8004001}, 0x94)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@volatile}]})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
syz_usbip_server_init(0x6)
socket$key(0xf, 0x3, 0x2)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff, 0x6})
prctl$PR_SET_IO_FLUSHER(0x39, 0x1)

2.549381048s ago: executing program 0 (id=2620):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
keyctl$get_persistent(0x16, 0xee01, 0xffffffffffffffff)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000100000024000180060005004e2300070600010002000000080003"], 0x38}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
listen(r0, 0xc)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
fgetxattr(r3, &(0x7f0000000140)=@random={'btrfs.', 'mptcp_pm\x00'}, &(0x7f0000000440)=""/218, 0xda)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01090000000000000000010000001c000180060001000200000008000300ac1414aa080006000300"], 0x30}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$RNDADDENTROPY(r0, 0x40085203, 0x0)
fcntl$setpipe(r3, 0x407, 0xfffffff1)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000001c0), r5)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x74, r8, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x60, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x8}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x74}, 0x1, 0x0, 0x0, 0xc081}, 0x800)

2.27142756s ago: executing program 4 (id=2621):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000ac0), 0xffffffffffffffff)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000000)=0xf, 0x4)
sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000240)={0x14, r1, 0x682acf9d6d501cc9, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4)

2.167899336s ago: executing program 4 (id=2622):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket(0x10, 0x803, 0x2)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
recvfrom(r0, &(0x7f0000000340)=""/229, 0xe5, 0x40010162, &(0x7f0000000440)=@l2tp={0x2, 0x0, @multicast1, 0x3}, 0x80)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r6, @ANYRES16=r5], 0x3c}, 0x1, 0x0, 0x0, 0x40020c1}, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000100)={@ipv4={'\x00', '\xff\xff', @multicast2}, 0x56, r2})
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, 0x0)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$EBT_SO_GET_INFO(r8, 0x0, 0x80, &(0x7f0000000280)={'broute\x00', 0x0, 0x0, 0x0, [0x4, 0x200000003, 0xfdffffffffffb5b2, 0x3a8e5b7e, 0xc, 0x8000000000000000]}, &(0x7f0000000200)=0x50)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1006}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x440b0)

2.167540184s ago: executing program 0 (id=2623):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x1, &(0x7f0000000040)=@raw=[@call={0x85, 0x0, 0x0, 0x30}], &(0x7f0000000180)='GPL\x00', 0xfffffff8, 0xe2, &(0x7f0000000280)=""/226, 0x41000, 0x4c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x3, 0xc, 0x9, 0x4}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000003c0)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000400)=[{0x4, 0x5, 0x7, 0x4}], 0x10, 0x400}, 0x94)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newlink={0x5c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8, 0x8, r1}]}, @IFLA_IFNAME={0x14, 0x3, 'ipvlan0\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6}]}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x840}, 0x6000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syncfs(r2)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000ac0), 0xffffffffffffffff)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000000)=0xf, 0x4)
sendmsg$IPVS_CMD_FLUSH(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000240)={0x14, r3, 0x682acf9d6d501cc9, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4)

1.589562289s ago: executing program 0 (id=2624):
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_connect(0x4, 0x24, &(0x7f00000000c0)=ANY=[], 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)={0x2})
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x6, 0x8, 0x8, 0x40}, 0x50)
close(0x3)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r3}, 0xc)
syz_usb_connect(0x6, 0x36, &(0x7f0000000000)=ANY=[@ANYRES16=r2, @ANYRES64], 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x10, &(0x7f0000000000)=@ready={0x0, 0x0, 0x8, 'BBBB'})

1.40931781s ago: executing program 1 (id=2625):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="280000000000000000000000070000000717a87f000001ac141400e0000001ac1e0001ac1414bb011c000000000000000000000008000000", @ANYRES64], 0x48}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04", 0x13}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81ffffffffb9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33)

1.309521905s ago: executing program 1 (id=2626):
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000002100), 0x80, 0x0)
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0, <r1=>0x0}, 0x2020)
openat$dir(0xffffffffffffff9c, 0x0, 0x4102, 0x1c)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100007f}, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x0, 0x0, 0x0, 0x3}, 0x1c)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000003c0)={{{@in=@multicast2, @in6=@private1, 0x2, 0x0, 0x0, 0x0, 0x2, 0x20, 0x20, 0x0, 0x0, r1}, {0x0, 0x0, 0x1, 0x4, 0x0, 0xfffffffffffffff5, 0xfffffffffffffffe, 0x3}, {0xfffffffffffffffd, 0x200000000000000, 0x400000002, 0xfffffffffffffffc}, 0x1, 0x0, 0x2, 0x0, 0x0, 0x3}, {{@in=@broadcast, 0x4d3, 0x32}, 0x2, @in=@loopback, 0x0, 0x1, 0x1, 0xb7, 0x3, 0xfffffffe}}, 0xe4)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='cdg', 0x3)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x9}}, &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/hibernate_compression_threads', 0x161a02, 0x0)
lseek(r6, 0x9, 0x4)

1.18759s ago: executing program 1 (id=2627):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000380)={0x64, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0xfffe}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x3}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xfff}]}]}, 0x64}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r2=>0x0)
sched_setscheduler(0x0, 0x1, 0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x80242)
readv(r3, &(0x7f00000000c0)=[{&(0x7f0000001000)=""/4096, 0x18}], 0x1)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB='t\x00\x00\x00\n'], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0xc)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r4, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x30, 0x140b, 0x100, 0x70bd29, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x3}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0xc}, 0x20008001)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x60042, 0x1)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f00000001c0)={0x3, 0xfffffffd, 0x0, 'queue0\x00', 0x4})
syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), r5)
socket$rxrpc(0x21, 0x2, 0xa)
syz_open_dev$usbfs(&(0x7f0000000000), 0x2, 0x40)

459.417501ms ago: executing program 4 (id=2628):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x6, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x24}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000003880)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c9f4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75055df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83766b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b556381768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42ddd5f393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8dc0d472672286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8455029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a82a6ef09d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197adb1b16ad83a1a9b420e74c6bcdf1ed0b306141a83bf1268e954ad069257fbfaa1a7ea582badc1a7f2a5b0965f3535872d85c0bc3a233a3ea85df6a8ed76f0f803d54b7bef77d8ea71621f8a78dd17c3b58c5c7476ed6191acbb949e77f7cac81c543f7751e5e1000"/4545], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00', @ANYRES8=r1], 0x54}, 0x1, 0x0, 0x0, 0x81}, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x20)

319.21138ms ago: executing program 1 (id=2629):
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000002100), 0x80, 0x0)
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0, <r1=>0x0}, 0x2020)
openat$dir(0xffffffffffffff9c, 0x0, 0x4102, 0x1c)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100007f}, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x0, 0x0, 0x0, 0x3}, 0x1c)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000003c0)={{{@in=@multicast2, @in6=@private1, 0x2, 0x0, 0x0, 0x0, 0x2, 0x20, 0x20, 0x0, 0x0, r1}, {0x0, 0x0, 0x1, 0x4, 0x0, 0xfffffffffffffff5, 0xfffffffffffffffe, 0x3}, {0xfffffffffffffffd, 0x200000000000000, 0x400000002, 0xfffffffffffffffc}, 0x1, 0x0, 0x2, 0x0, 0x0, 0x3}, {{@in=@broadcast, 0x4d3, 0x32}, 0x2, @in=@loopback, 0x0, 0x1, 0x1, 0xb7, 0x3, 0xfffffffe}}, 0xe4)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='cdg', 0x3)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/hibernate_compression_threads', 0x161a02, 0x0)
lseek(r5, 0x9, 0x4)

59.900391ms ago: executing program 4 (id=2630):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3800000010005fba00"/20, @ANYRES32=0x0, @ANYBLOB="800002010800000008001b000000000008000d"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x8}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {0xffe0}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x8, '\x00', 0x7, 0x7f, 0x9, 0x7}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x14028010}, 0x4004000)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)

0s ago: executing program 0 (id=2631):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3800000010005fba00"/20, @ANYRES32=0x0, @ANYBLOB="800002010800000008001b000000000008000d"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x8}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {0xffe0}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x8, '\x00', 0x7, 0x7f, 0x9, 0x7}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x14028010}, 0x4004000)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) (fail_nth: 1)

kernel console output (not intermixed with test programs):

number 6 using vhci_hcd
[  519.968128][T12762] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  519.977051][T12762] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  520.005877][T12762] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  520.026020][T12762] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  520.078622][ T8954] gspca_sonixj: reg_w1 err -71
[  520.082070][ T8954] sonixj 6-1:0.0: probe with driver sonixj failed with error -71
[  520.103738][ T8954] usb 6-1: USB disconnect, device number 126
[  520.187917][T12773] vhci_hcd: connection reset by peer
[  520.190691][T12683] vhci_hcd vhci_hcd.0: stop threads
[  520.194162][T12683] vhci_hcd vhci_hcd.0: release socket
[  520.196904][T12683] vhci_hcd vhci_hcd.0: disconnect device
[  520.396842][T12777] netlink: 400 bytes leftover after parsing attributes in process `syz.3.2294'.
[  520.711993][T12782] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input89
[  523.135530][T12811] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2305'.
[  523.140468][T12811] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2305'.
[  523.370013][  T844] usb 6-1: new high-speed USB device number 127 using dummy_hcd
[  523.521656][  T844] usb 6-1: Using ep0 maxpacket: 8
[  523.553381][  T844] usb 6-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  523.556696][  T844] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.559990][  T844] usb 6-1: Product: syz
[  523.564235][  T844] usb 6-1: Manufacturer: syz
[  523.566682][  T844] usb 6-1: SerialNumber: syz
[  523.595738][  T844] usb 6-1: config 0 descriptor??
[  523.607362][  T844] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  524.244295][T12809] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  524.251641][T12809] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.258872][T12809] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  524.264016][T12809] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.271695][  T844] gspca_sonixj: reg_w1 err -71
[  524.275522][  T844] sonixj 6-1:0.0: probe with driver sonixj failed with error -71
[  524.284964][  T844] usb 6-1: USB disconnect, device number 127
[  524.454236][T12825] FAULT_INJECTION: forcing a failure.
[  524.454236][T12825] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  524.459439][T12825] CPU: 1 UID: 0 PID: 12825 Comm: syz.4.2310 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  524.459467][T12825] Tainted: [L]=SOFTLOCKUP
[  524.459474][T12825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  524.459485][T12825] Call Trace:
[  524.459492][T12825]  <TASK>
[  524.459499][T12825]  dump_stack_lvl+0x100/0x190
[  524.459522][T12825]  should_fail_ex.cold+0x5/0xa
[  524.459554][T12825]  _copy_to_user+0x32/0xd0
[  524.459582][T12825]  simple_read_from_buffer+0xcb/0x170
[  524.459606][T12825]  proc_fail_nth_read+0x1af/0x230
[  524.459635][T12825]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  524.459665][T12825]  ? rw_verify_area+0xce/0x6d0
[  524.459684][T12825]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  524.459712][T12825]  vfs_read+0x1e4/0xb30
[  524.459735][T12825]  ? __pfx_vfs_read+0x10/0x10
[  524.459753][T12825]  ? find_held_lock+0x2b/0x80
[  524.459774][T12825]  ? __fget_files+0x215/0x3d0
[  524.459798][T12825]  ? __fget_files+0x21f/0x3d0
[  524.459826][T12825]  ksys_read+0x12a/0x250
[  524.459846][T12825]  ? __pfx_ksys_read+0x10/0x10
[  524.459874][T12825]  do_int80_emulation+0x14b/0x720
[  524.459904][T12825]  asm_int80_emulation+0x1a/0x20
[  524.459923][T12825] RIP: 0023:0xf71961ab
[  524.459938][T12825] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  524.459954][T12825] RSP: 002b:00000000f542c4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  524.459971][T12825] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f542c5d0
[  524.459982][T12825] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  524.459994][T12825] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  524.460003][T12825] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  524.460012][T12825] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  524.460036][T12825]  </TASK>
[  524.567134][T12827] syz.4.2311: vmalloc error: size 34359742464, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  524.585665][T12827] CPU: 0 UID: 0 PID: 12827 Comm: syz.4.2311 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  524.585697][T12827] Tainted: [L]=SOFTLOCKUP
[  524.585703][T12827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  524.585713][T12827] Call Trace:
[  524.585719][T12827]  <TASK>
[  524.585726][T12827]  dump_stack_lvl+0x100/0x190
[  524.585750][T12827]  warn_alloc.cold+0x95/0x1c1
[  524.585772][T12827]  ? __pfx_warn_alloc+0x10/0x10
[  524.585809][T12827]  ? stack_depot_save_flags+0x27/0x9d0
[  524.585840][T12827]  ? __lock_acquire+0x4a5/0x2630
[  524.585877][T12827]  ? xskq_create+0xfb/0x1d0
[  524.585899][T12827]  __vmalloc_node_range_noprof+0x136c/0x1630
[  524.585925][T12827]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  524.585957][T12827]  ? xskq_create+0xfb/0x1d0
[  524.585985][T12827]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  524.586021][T12827]  ? xskq_create+0xfb/0x1d0
[  524.586040][T12827]  vmalloc_user_noprof+0x9e/0xe0
[  524.586071][T12827]  ? xskq_create+0xfb/0x1d0
[  524.586094][T12827]  xskq_create+0xfb/0x1d0
[  524.586145][T12827]  xsk_setsockopt+0x56f/0xab0
[  524.586171][T12827]  ? __pfx_xsk_setsockopt+0x10/0x10
[  524.586191][T12827]  ? find_held_lock+0x2b/0x80
[  524.586215][T12827]  ? aa_sock_opt_perm+0xfe/0x1b0
[  524.586244][T12827]  ? __pfx_xsk_setsockopt+0x10/0x10
[  524.586265][T12827]  do_sock_setsockopt+0xf3/0x1d0
[  524.586292][T12827]  __sys_setsockopt+0x119/0x190
[  524.586315][T12827]  __ia32_sys_setsockopt+0xbc/0x160
[  524.586334][T12827]  ? __do_fast_syscall_32+0x98/0x970
[  524.586362][T12827]  ? lockdep_hardirqs_on+0x78/0x100
[  524.586387][T12827]  __do_fast_syscall_32+0xe7/0x970
[  524.586413][T12827]  ? lockdep_hardirqs_on+0x78/0x100
[  524.586440][T12827]  do_fast_syscall_32+0x32/0x70
[  524.586468][T12827]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  524.586493][T12827] RIP: 0023:0xf705ef7c
[  524.586509][T12827] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  524.586527][T12827] RSP: 002b:00000000f544d50c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  524.586546][T12827] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b
[  524.586557][T12827] RDX: 0000000000000002 RSI: 0000000080000080 RDI: 000000000000001c
[  524.586568][T12827] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  524.586579][T12827] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  524.586590][T12827] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  524.586615][T12827]  </TASK>
[  524.586622][T12827] Mem-Info:
[  524.699196][T12827] active_anon:6504 inactive_anon:37 isolated_anon:0
[  524.699196][T12827]  active_file:21141 inactive_file:13490 isolated_file:0
[  524.699196][T12827]  unevictable:1768 dirty:653 writeback:0
[  524.699196][T12827]  slab_reclaimable:7127 slab_unreclaimable:62652
[  524.699196][T12827]  mapped:25179 shmem:2191 pagetables:1457
[  524.699196][T12827]  sec_pagetables:308 bounce:0
[  524.699196][T12827]  kernel_misc_reclaimable:0
[  524.699196][T12827]  free:44782 free_pcp:16698 free_cma:0
[  524.718910][T12827] Node 0 active_anon:296kB inactive_anon:72kB active_file:2572kB inactive_file:40kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8492kB pagetables:2000kB sec_pagetables:1128kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  524.729996][T12827] Node 1 active_anon:25720kB inactive_anon:76kB active_file:81992kB inactive_file:53920kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:100680kB dirty:2612kB writeback:0kB shmem:5224kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:5848kB pagetables:3828kB sec_pagetables:104kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  524.741056][T12827] Node 0 DMA free:2980kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  524.751069][T12827] lowmem_reserve[]: 0 285 285 285 285
[  524.752926][T12827] Node 0 DMA32 free:15108kB boost:0kB min:13096kB low:16368kB high:19640kB reserved_highatomic:0KB free_highatomic:0KB active_anon:296kB inactive_anon:72kB active_file:2572kB inactive_file:40kB unevictable:3536kB writepending:0kB zspages:0kB present:1032196kB managed:292748kB mlocked:0kB bounce:0kB free_pcp:10164kB local_pcp:3748kB free_cma:0kB
[  524.763916][T12827] lowmem_reserve[]: 0 0 0 0 0
[  524.766976][T12827] Node 1 DMA32 free:161040kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:25720kB inactive_anon:76kB active_file:81992kB inactive_file:53920kB unevictable:3536kB writepending:2612kB zspages:3288kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:56736kB local_pcp:14928kB free_cma:0kB
[  524.780431][T12827] lowmem_reserve[]: 0 0 0 0 0
[  524.782434][T12827] Node 0 DMA: 113*4kB (U) 32*8kB (U) 18*16kB (U) 18*32kB (U) 4*64kB (U) 1*128kB (U) 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 2980kB
[  524.787932][T12827] Node 0 DMA32: 361*4kB (UE) 154*8kB (UME) 125*16kB (UME) 128*32kB (UME) 27*64kB (UM) 10*128kB (U) 5*256kB (U) 2*512kB (UM) 1*1024kB (U) 0*2048kB 0*4096kB = 15108kB
[  524.793986][T12827] Node 1 DMA32: 1908*4kB (UME) 2338*8kB (UM) 1685*16kB (UME) 203*32kB (UME) 37*64kB (UME) 3*128kB (ME) 114*256kB (UME) 63*512kB (UM) 19*1024kB (UME) 7*2048kB (UME) 1*4096kB (U) = 161872kB
[  524.800714][T12827] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  524.804071][T12827] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  524.807319][T12827] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  524.811529][T12827] Node 1 hugepages_total=4 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  524.815236][T12827] 37247 total pagecache pages
[  524.816764][T12827] 428 pages in swap cache
[  524.818317][T12827] Free swap  = 115336kB
[  524.820324][T12827] Total swap = 124996kB
[  524.821945][T12827] 524155 pages RAM
[  524.823610][T12827] 0 pages HighMem/MovableOnly
[  524.825248][T12827] 210075 pages reserved
[  524.826583][T12827] 0 pages cma reserved
[  524.875345][T12835] netlink: 'syz.1.2314': attribute type 1 has an invalid length.
[  524.892382][T12835] bond6: entered promiscuous mode
[  524.894667][T12835] 8021q: adding VLAN 0 to HW filter on device bond6
[  524.916577][T12835] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2314'.
[  524.921023][T12835] bond6: entered allmulticast mode
[  525.184804][T12835] bond6: (slave bridge2): making interface the new active one
[  525.187826][T12835] bridge2: entered promiscuous mode
[  525.189920][T12835] bridge2: entered allmulticast mode
[  525.192963][T12835] bond6: (slave bridge2): Enslaving as an active interface with an up link
[  525.416749][ T6726] usb 38-1: device descriptor read/8, error -110
[  525.683026][T12849] netlink: 15 bytes leftover after parsing attributes in process `syz.0.2317'.
[  525.692133][T12849] binder: 12847:12849 ioctl c0285840 80000000 returned -22
[  525.765261][T12853] overlayfs: missing 'lowerdir'
[  525.879976][ T6726] usb usb38-port1: attempt power cycle
[  526.498024][    C3] ip6_tunnel:  xmit: Local address not yet configured!
[  527.376003][ T6726] usb usb38-port1: unable to enumerate USB device
[  528.878009][ T5911] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[  529.037871][ T5911] usb 5-1: Using ep0 maxpacket: 8
[  529.121991][ T5911] usb 5-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  530.004718][ T3535] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  530.019081][ T3535] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  530.024890][ T3535] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  530.035822][ T3535] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  530.094542][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  530.097681][ T5911] usb 5-1: Product: syz
[  530.099442][ T5911] usb 5-1: Manufacturer: syz
[  530.101277][ T5911] usb 5-1: SerialNumber: syz
[  530.105418][ T5911] usb 5-1: config 0 descriptor??
[  530.202028][ T5911] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  530.809418][T12872] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  530.812266][T12872] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  530.815959][T12872] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  530.818942][T12872] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  530.823984][ T5911] gspca_sonixj: reg_w1 err -71
[  530.825538][ T5911] sonixj 5-1:0.0: probe with driver sonixj failed with error -71
[  530.829137][ T5911] usb 5-1: USB disconnect, device number 112
[  531.183834][T12910] netlink: 'syz.4.2331': attribute type 1 has an invalid length.
[  531.237804][T12910] bond4: entered promiscuous mode
[  531.238365][T12912] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2331'.
[  531.246725][T12910] 8021q: adding VLAN 0 to HW filter on device bond4
[  531.255884][T12912] bond4: entered allmulticast mode
[  531.483150][T12910] bond4: (slave bridge3): making interface the new active one
[  531.486390][T12910] bridge3: entered promiscuous mode
[  531.489212][T12910] bridge3: entered allmulticast mode
[  531.492836][T12910] bond4: (slave bridge3): Enslaving as an active interface with an up link
[  532.366057][T12934] vivid-000: =================  START STATUS  =================
[  532.372124][T12934] vivid-000: Test Pattern: 75% Colorbar
[  532.389720][T12934] vivid-000: Fill Percentage of Frame: 100
[  532.410931][T12934] vivid-000: Horizontal Movement: No Movement
[  532.421724][T12934] vivid-000: Vertical Movement: No Movement
[  532.429436][T12934] vivid-000: OSD Text Mode: All
[  532.435010][T12934] vivid-000: Show Border: false
[  532.441066][T12934] vivid-000: Show Square: false
[  532.446655][T12934] vivid-000: Sensor Flipped Horizontally: false
[  532.455147][T12934] vivid-000: Sensor Flipped Vertically: false
[  532.462282][T12934] vivid-000: Insert SAV Code in Image: false
[  532.469471][T12934] vivid-000: Insert EAV Code in Image: false
[  532.479576][T12934] vivid-000: Insert Video Guard Band: false
[  532.486204][T12934] vivid-000: Reduced Framerate: false
[  532.494951][T12934] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  532.503687][T12934] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  532.515069][T12934] vivid-000: Enable Capture Cropping: true grabbed
[  532.521802][T12934] vivid-000: Enable Capture Composing: true grabbed
[  532.529772][T12934] vivid-000: Enable Capture Scaler: true grabbed
[  532.537075][T12934] vivid-000: Timestamp Source: End of Frame
[  532.543922][T12934] vivid-000: Colorspace: sRGB
[  532.549779][T12934] vivid-000: Transfer Function: Default
[  532.555937][T12934] vivid-000: Y'CbCr Encoding: Default
[  532.562353][T12934] vivid-000: HSV Encoding: Hue 0-179
[  532.568851][T12934] vivid-000: Quantization: Default
[  532.574559][T12934] vivid-000: Apply Alpha To Red Only: false
[  532.581816][T12934] vivid-000: Standard Aspect Ratio: 4x3
[  532.588257][T12934] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  532.596311][T12934] vivid-000: DV Timings: 640x480p59 inactive
[  532.602785][T12934] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  532.608617][T12934] vivid-000: Maximum EDID Blocks: 2
[  532.612577][T12934] vivid-000: Limited RGB Range (16-235): false
[  532.617186][T12934] vivid-000: Rx RGB Quantization Range: Automatic
[  532.623390][T12934] vivid-000: Power Present: 0x00000001
[  532.627488][T12934] tpg source WxH: 320x240 (Y'CbCr)
[  532.631884][T12934] tpg field: 1
[  532.637495][T12934] tpg crop: (0,0)/320x240
[  532.641561][T12934] tpg compose: (0,0)/320x240
[  532.645630][T12934] tpg colorspace: 8
[  532.648971][T12934] tpg transfer function: 0/2
[  532.652257][T12934] tpg Y'CbCr encoding: 0/1
[  532.655286][T12934] tpg quantization: 0/2
[  532.658266][T12934] tpg RGB range: 0/2
[  532.661183][T12934] vivid-000: ==================  END STATUS  ==================
[  533.092145][T12949] tmpfs: Bad value for 'mpol'
[  533.100799][T12949] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  533.102995][T12949] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  533.109002][T12949] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  533.112364][T12949] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  533.129246][T12949] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  533.131309][T12949] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  533.133359][T12949] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  533.135368][T12949] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  533.137446][T12949] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  533.139555][T12949] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  534.452855][T12985] FAULT_INJECTION: forcing a failure.
[  534.452855][T12985] name failslab, interval 1, probability 0, space 0, times 0
[  534.458107][T12985] CPU: 0 UID: 0 PID: 12985 Comm: syz.0.2345 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  534.458133][T12985] Tainted: [L]=SOFTLOCKUP
[  534.458139][T12985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  534.458148][T12985] Call Trace:
[  534.458154][T12985]  <TASK>
[  534.458160][T12985]  dump_stack_lvl+0x100/0x190
[  534.458182][T12985]  should_fail_ex.cold+0x5/0xa
[  534.458203][T12985]  ? tomoyo_realpath_from_path+0xb6/0x690
[  534.458226][T12985]  should_failslab+0xc2/0x120
[  534.458245][T12985]  __kmalloc_noprof+0xe0/0x850
[  534.458260][T12985]  ? kfree+0x1dd/0x6c0
[  534.458285][T12985]  tomoyo_realpath_from_path+0xb6/0x690
[  534.458312][T12985]  tomoyo_path_number_perm+0x23c/0x580
[  534.458330][T12985]  ? tomoyo_path_number_perm+0x22e/0x580
[  534.458351][T12985]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  534.458371][T12985]  ? get_pid_task+0x106/0x250
[  534.458414][T12985]  ? find_held_lock+0x2b/0x80
[  534.458433][T12985]  ? __fget_files+0x215/0x3d0
[  534.458450][T12985]  ? hook_file_ioctl_common+0x149/0x410
[  534.458470][T12985]  ? __fget_files+0x215/0x3d0
[  534.458502][T12985]  ? __fget_files+0x21f/0x3d0
[  534.458524][T12985]  security_file_ioctl_compat+0xd3/0x230
[  534.458545][T12985]  __ia32_compat_sys_ioctl+0xc2/0x360
[  534.458566][T12985]  __do_fast_syscall_32+0xe7/0x970
[  534.458589][T12985]  ? lockdep_hardirqs_on+0x78/0x100
[  534.458613][T12985]  do_fast_syscall_32+0x32/0x70
[  534.458636][T12985]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  534.458656][T12985] RIP: 0023:0xf7f25f7c
[  534.458669][T12985] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  534.458684][T12985] RSP: 002b:00000000f53e650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  534.458702][T12985] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040047435
[  534.458712][T12985] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000
[  534.458721][T12985] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  534.458730][T12985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  534.458739][T12985] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  534.458760][T12985]  </TASK>
[  534.458767][T12985] ERROR: Out of memory at tomoyo_realpath_from_path.
[  534.720958][T11710] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  534.731836][T11710] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  534.735088][T11710] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  534.739508][T11710] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  534.743731][T11710] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  534.950744][T10920] syz_tun (unregistering): left allmulticast mode
[  535.207938][T12029] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  535.317276][T12988] bridge0: port 1(bridge_slave_0) entered blocking state
[  535.319815][T12988] bridge0: port 1(bridge_slave_0) entered disabled state
[  535.322103][T12988] bridge_slave_0: entered allmulticast mode
[  535.325114][T12988] bridge_slave_0: entered promiscuous mode
[  535.328537][T12988] bridge0: port 2(bridge_slave_1) entered blocking state
[  535.331194][T12988] bridge0: port 2(bridge_slave_1) entered disabled state
[  535.333521][T12988] bridge_slave_1: entered allmulticast mode
[  535.336176][T12988] bridge_slave_1: entered promiscuous mode
[  535.354724][T12988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  535.358003][T12029] usb 6-1: Using ep0 maxpacket: 32
[  535.361720][T12988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  535.366272][T12029] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  535.374106][T12029] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  535.387807][T12029] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  535.390318][T12029] usb 6-1: Product: syz
[  535.391569][T12029] usb 6-1: Manufacturer: syz
[  535.392948][T12029] usb 6-1: SerialNumber: syz
[  535.395804][T12029] usb 6-1: config 0 descriptor??
[  535.398630][T12988] team0: Port device team_slave_0 added
[  535.402766][T13012] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  535.404405][T12988] team0: Port device team_slave_1 added
[  535.435456][T12988] batman_adv: batadv0: Adding interface: batadv_slave_0
[  535.437545][T12988] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  535.447363][T12988] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  535.451856][T12988] batman_adv: batadv0: Adding interface: batadv_slave_1
[  535.454019][T12988] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  535.462710][T12988] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  535.486018][T12988] hsr_slave_0: entered promiscuous mode
[  535.488546][T12988] hsr_slave_1: entered promiscuous mode
[  535.490510][T12988] debugfs: 'hsr0' already exists in 'hsr'
[  535.492180][T12988] Cannot create hsr debugfs directory
[  535.580278][T12988] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.654418][T12988] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.735818][T12988] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.824417][T12988] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.947794][T13036] netlink: 'syz.4.2354': attribute type 1 has an invalid length.
[  535.963541][T13036] bond5: entered promiscuous mode
[  535.965398][T13036] 8021q: adding VLAN 0 to HW filter on device bond5
[  535.982177][T13036] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2354'.
[  536.145907][T12988] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  536.160966][T12988] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  536.166953][T12988] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  536.177601][T12988] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  536.183582][T12988] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  536.199660][T12988] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  536.202368][T12988] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  536.212028][T12988] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  536.314269][T12988] 8021q: adding VLAN 0 to HW filter on device bond0
[  536.332541][T12988] 8021q: adding VLAN 0 to HW filter on device team0
[  536.341443][   T78] bridge0: port 1(bridge_slave_0) entered blocking state
[  536.343752][   T78] bridge0: port 1(bridge_slave_0) entered forwarding state
[  536.357110][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[  536.359368][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[  536.444390][T13038] bond5: (slave bridge4): making interface the new active one
[  536.446920][T13038] bridge4: entered promiscuous mode
[  536.453020][T13038] bond5: (slave bridge4): Enslaving as an active interface with an up link
[  536.808001][ T5103] Bluetooth: hci4: command tx timeout
[  536.962101][T12988] 8021q: adding VLAN 0 to HW filter on device batadv0
[  536.993854][T12988] veth0_vlan: entered promiscuous mode
[  537.001760][T12988] veth1_vlan: entered promiscuous mode
[  537.017047][T12988] veth0_macvtap: entered promiscuous mode
[  537.023334][T12988] veth1_macvtap: entered promiscuous mode
[  537.033027][T12988] batman_adv: batadv0: Interface activated: batadv_slave_0
[  537.044875][T12988] batman_adv: batadv0: Interface activated: batadv_slave_1
[  537.052036][   T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  537.063327][   T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  537.073649][   T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  537.084386][   T46] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  537.964625][ T5912] usb 6-1: USB disconnect, device number 2
[  538.151764][ T3535] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  538.165670][ T3535] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  538.209854][  T102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  538.212866][  T102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  538.255736][T13069] FAULT_INJECTION: forcing a failure.
[  538.255736][T13069] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  538.263268][T13069] CPU: 1 UID: 0 PID: 13069 Comm: syz.1.2357 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  538.263298][T13069] Tainted: [L]=SOFTLOCKUP
[  538.263304][T13069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  538.263315][T13069] Call Trace:
[  538.263321][T13069]  <TASK>
[  538.263329][T13069]  dump_stack_lvl+0x100/0x190
[  538.263354][T13069]  should_fail_ex.cold+0x5/0xa
[  538.263378][T13069]  _copy_to_user+0x32/0xd0
[  538.263405][T13069]  simple_read_from_buffer+0xcb/0x170
[  538.263429][T13069]  proc_fail_nth_read+0x1af/0x230
[  538.263458][T13069]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  538.263493][T13069]  ? rw_verify_area+0xce/0x6d0
[  538.263511][T13069]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  538.263538][T13069]  vfs_read+0x1e4/0xb30
[  538.263562][T13069]  ? __pfx_vfs_read+0x10/0x10
[  538.263579][T13069]  ? find_held_lock+0x2b/0x80
[  538.263603][T13069]  ? __fget_files+0x215/0x3d0
[  538.263628][T13069]  ? __fget_files+0x21f/0x3d0
[  538.263655][T13069]  ksys_read+0x12a/0x250
[  538.263675][T13069]  ? __pfx_ksys_read+0x10/0x10
[  538.263702][T13069]  do_int80_emulation+0x14b/0x720
[  538.263732][T13069]  asm_int80_emulation+0x1a/0x20
[  538.263751][T13069] RIP: 0023:0xf71b61ab
[  538.263766][T13069] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  538.263783][T13069] RSP: 002b:00000000f54764bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  538.263801][T13069] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f54765d0
[  538.263812][T13069] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  538.263823][T13069] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  538.263832][T13069] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  538.263842][T13069] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  538.263865][T13069]  </TASK>
[  538.888175][ T5103] Bluetooth: hci4: command tx timeout
[  539.212443][T13089] FAULT_INJECTION: forcing a failure.
[  539.212443][T13089] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  539.217660][T13089] CPU: 3 UID: 0 PID: 13089 Comm: syz.3.2363 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  539.217687][T13089] Tainted: [L]=SOFTLOCKUP
[  539.217694][T13089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  539.217705][T13089] Call Trace:
[  539.217711][T13089]  <TASK>
[  539.217719][T13089]  dump_stack_lvl+0x100/0x190
[  539.217760][T13089]  should_fail_ex.cold+0x5/0xa
[  539.217784][T13089]  _copy_from_user+0x2e/0xd0
[  539.217810][T13089]  get_compat_msghdr+0xb3/0x4b0
[  539.217832][T13089]  ? __pfx_get_compat_msghdr+0x10/0x10
[  539.217861][T13089]  ___sys_sendmsg+0x1b6/0x1e0
[  539.217888][T13089]  ? __pfx____sys_sendmsg+0x10/0x10
[  539.217942][T13089]  ? find_held_lock+0x2b/0x80
[  539.217980][T13089]  __sys_sendmsg+0x170/0x220
[  539.218000][T13089]  ? __pfx___sys_sendmsg+0x10/0x10
[  539.218021][T13089]  ? __fget_files+0x21f/0x3d0
[  539.218050][T13089]  ? ksys_write+0x1ac/0x250
[  539.218072][T13089]  ? rcu_is_watching+0x12/0xc0
[  539.218096][T13089]  __do_fast_syscall_32+0xe7/0x970
[  539.218122][T13089]  ? lockdep_hardirqs_on+0x78/0x100
[  539.218148][T13089]  do_fast_syscall_32+0x32/0x70
[  539.218174][T13089]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  539.218196][T13089] RIP: 0023:0xf6ffef7c
[  539.218211][T13089] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  539.218229][T13089] RSP: 002b:00000000f53ed50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  539.218246][T13089] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000240
[  539.218258][T13089] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  539.218268][T13089] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  539.218278][T13089] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  539.218289][T13089] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  539.218313][T13089]  </TASK>
[  540.981185][ T5103] Bluetooth: hci4: command tx timeout
[  541.759896][T11710] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  541.768854][T11710] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  541.773723][T11710] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  541.776664][T11710] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  541.780132][T11710] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  542.190438][T13135] bridge0: port 1(bridge_slave_0) entered blocking state
[  542.193438][T13135] bridge0: port 1(bridge_slave_0) entered disabled state
[  542.196563][T13135] bridge_slave_0: entered allmulticast mode
[  542.200097][T13135] bridge_slave_0: entered promiscuous mode
[  542.204696][T13135] bridge0: port 2(bridge_slave_1) entered blocking state
[  542.207133][T13135] bridge0: port 2(bridge_slave_1) entered disabled state
[  542.210323][T13135] bridge_slave_1: entered allmulticast mode
[  542.213045][T13135] bridge_slave_1: entered promiscuous mode
[  542.233936][T13135] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  542.239940][T13135] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  542.256558][T13135] team0: Port device team_slave_0 added
[  542.260219][T13135] team0: Port device team_slave_1 added
[  542.275058][T13135] batman_adv: batadv0: Adding interface: batadv_slave_0
[  542.277312][T13135] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  542.286400][T13135] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  542.290872][T13135] batman_adv: batadv0: Adding interface: batadv_slave_1
[  542.293082][T13135] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  542.301176][T13135] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  543.060038][ T5103] Bluetooth: hci4: command tx timeout
[  543.333653][ T9753] syz_tun (unregistering): left allmulticast mode
[  543.370498][T13135] hsr_slave_0: entered promiscuous mode
[  543.372660][T13135] hsr_slave_1: entered promiscuous mode
[  543.374646][T13135] debugfs: 'hsr0' already exists in 'hsr'
[  543.376422][T13135] Cannot create hsr debugfs directory
[  543.392800][T13155] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2379'.
[  543.397939][T13155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2379'.
[  543.514479][T13162] FAULT_INJECTION: forcing a failure.
[  543.514479][T13162] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  543.519999][T13162] CPU: 0 UID: 0 PID: 13162 Comm: syz.0.2382 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  543.520026][T13162] Tainted: [L]=SOFTLOCKUP
[  543.520032][T13162] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  543.520042][T13162] Call Trace:
[  543.520048][T13162]  <TASK>
[  543.520054][T13162]  dump_stack_lvl+0x100/0x190
[  543.520077][T13162]  should_fail_ex.cold+0x5/0xa
[  543.520098][T13162]  _copy_from_user+0x2e/0xd0
[  543.520137][T13162]  packet_setsockopt+0x1a14/0x2380
[  543.520164][T13162]  ? __lock_acquire+0x4a5/0x2630
[  543.520191][T13162]  ? __pfx_packet_setsockopt+0x10/0x10
[  543.520212][T13162]  ? aa_sk_perm+0x309/0xaa0
[  543.520234][T13162]  ? ksys_write+0x190/0x250
[  543.520253][T13162]  ? __pfx_aa_sk_perm+0x10/0x10
[  543.520275][T13162]  ? find_held_lock+0x2b/0x80
[  543.520297][T13162]  ? aa_sock_opt_perm+0xfe/0x1b0
[  543.520323][T13162]  ? __pfx_packet_setsockopt+0x10/0x10
[  543.520347][T13162]  do_sock_setsockopt+0xf3/0x1d0
[  543.520370][T13162]  __sys_setsockopt+0x119/0x190
[  543.520395][T13162]  __ia32_sys_setsockopt+0xbc/0x160
[  543.520411][T13162]  ? __do_fast_syscall_32+0x98/0x970
[  543.520436][T13162]  ? lockdep_hardirqs_on+0x78/0x100
[  543.520458][T13162]  __do_fast_syscall_32+0xe7/0x970
[  543.520480][T13162]  ? lockdep_hardirqs_on+0x78/0x100
[  543.520504][T13162]  do_fast_syscall_32+0x32/0x70
[  543.520528][T13162]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  543.520550][T13162] RIP: 0023:0xf7f56f7c
[  543.520564][T13162] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  543.520580][T13162] RSP: 002b:00000000f541650c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  543.520597][T13162] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000107
[  543.520608][T13162] RDX: 0000000000000012 RSI: 0000000080000000 RDI: 0000000000000008
[  543.520618][T13162] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  543.520628][T13162] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  543.520638][T13162] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  543.520659][T13162]  </TASK>
[  543.622674][T13135] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.636253][T13160] warn_alloc: 2 callbacks suppressed
[  543.636268][T13160] syz.3.2383: vmalloc error: size 34359742464, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  543.645879][T13160] CPU: 2 UID: 0 PID: 13160 Comm: syz.3.2383 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  543.645916][T13160] Tainted: [L]=SOFTLOCKUP
[  543.645923][T13160] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  543.645933][T13160] Call Trace:
[  543.645940][T13160]  <TASK>
[  543.645946][T13160]  dump_stack_lvl+0x100/0x190
[  543.645971][T13160]  warn_alloc.cold+0x95/0x1c1
[  543.645991][T13160]  ? __pfx_warn_alloc+0x10/0x10
[  543.646021][T13160]  ? stack_depot_save_flags+0x27/0x9d0
[  543.646045][T13160]  ? __lock_acquire+0x4a5/0x2630
[  543.646074][T13160]  ? xskq_create+0xfb/0x1d0
[  543.646093][T13160]  __vmalloc_node_range_noprof+0x136c/0x1630
[  543.646114][T13160]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  543.646139][T13160]  ? xskq_create+0xfb/0x1d0
[  543.646161][T13160]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  543.646188][T13160]  ? xskq_create+0xfb/0x1d0
[  543.646206][T13160]  vmalloc_user_noprof+0x9e/0xe0
[  543.646226][T13160]  ? xskq_create+0xfb/0x1d0
[  543.646245][T13160]  xskq_create+0xfb/0x1d0
[  543.646264][T13160]  xsk_setsockopt+0x56f/0xab0
[  543.646283][T13160]  ? __pfx_xsk_setsockopt+0x10/0x10
[  543.646300][T13160]  ? find_held_lock+0x2b/0x80
[  543.646322][T13160]  ? aa_sock_opt_perm+0xfe/0x1b0
[  543.646349][T13160]  ? __pfx_xsk_setsockopt+0x10/0x10
[  543.646379][T13160]  do_sock_setsockopt+0xf3/0x1d0
[  543.646404][T13160]  __sys_setsockopt+0x119/0x190
[  543.646425][T13160]  __ia32_sys_setsockopt+0xbc/0x160
[  543.646439][T13160]  ? __do_fast_syscall_32+0x98/0x970
[  543.646460][T13160]  ? lockdep_hardirqs_on+0x78/0x100
[  543.646478][T13160]  __do_fast_syscall_32+0xe7/0x970
[  543.646500][T13160]  ? lockdep_hardirqs_on+0x78/0x100
[  543.646530][T13160]  do_fast_syscall_32+0x32/0x70
[  543.646554][T13160]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  543.646576][T13160] RIP: 0023:0xf6ffef7c
[  543.646590][T13160] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  543.646606][T13160] RSP: 002b:00000000f53ed50c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  543.646623][T13160] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b
[  543.646633][T13160] RDX: 0000000000000002 RSI: 0000000080000080 RDI: 000000000000001c
[  543.646642][T13160] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  543.646650][T13160] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  543.646660][T13160] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  543.646679][T13160]  </TASK>
[  543.646686][T13160] Mem-Info:
[  543.757233][T13160] active_anon:6617 inactive_anon:5535 isolated_anon:0
[  543.757233][T13160]  active_file:13262 inactive_file:17508 isolated_file:0
[  543.757233][T13160]  unevictable:1768 dirty:167 writeback:0
[  543.757233][T13160]  slab_reclaimable:7331 slab_unreclaimable:67167
[  543.757233][T13160]  mapped:28013 shmem:7926 pagetables:1373
[  543.757233][T13160]  sec_pagetables:308 bounce:0
[  543.757233][T13160]  kernel_misc_reclaimable:0
[  543.757233][T13160]  free:49022 free_pcp:6355 free_cma:0
[  543.774611][T13160] Node 0 active_anon:128kB inactive_anon:72kB active_file:2572kB inactive_file:40kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8468kB pagetables:1780kB sec_pagetables:1128kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  543.787733][T13160] Node 1 active_anon:26340kB inactive_anon:22068kB active_file:50476kB inactive_file:69992kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:112016kB dirty:668kB writeback:0kB shmem:28164kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:6252kB pagetables:3712kB sec_pagetables:104kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  543.801888][T13160] Node 0 DMA free:2980kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:112kB local_pcp:92kB free_cma:0kB
[  543.813940][T13160] lowmem_reserve[]: 0 285 285 285 285
[  543.816125][T13160] Node 0 DMA32 free:13980kB boost:0kB min:13096kB low:16368kB high:19640kB reserved_highatomic:0KB free_highatomic:0KB active_anon:128kB inactive_anon:72kB active_file:2572kB inactive_file:40kB unevictable:3536kB writepending:0kB zspages:0kB present:1032196kB managed:292748kB mlocked:0kB bounce:0kB free_pcp:12604kB local_pcp:2592kB free_cma:0kB
[  543.828597][T13160] lowmem_reserve[]: 0 0 0 0 0
[  543.830715][T13160] Node 1 DMA32 free:179128kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:26340kB inactive_anon:22068kB active_file:50476kB inactive_file:69992kB unevictable:3536kB writepending:668kB zspages:3288kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:12616kB local_pcp:1956kB free_cma:0kB
[  543.844738][T13160] lowmem_reserve[]: 0 0 0 0 0
[  543.847022][T13160] Node 0 DMA: 113*4kB (U) 32*8kB (U) 18*16kB (U) 18*32kB (U) 4*64kB (U) 1*128kB (U) 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 2980kB
[  543.853349][T13160] Node 0 DMA32: 361*4kB (UE) 147*8kB (UME) 122*16kB (UME) 128*32kB (UME) 27*64kB (UM) 10*128kB (U) 5*256kB (U) 2*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 13980kB
[  543.860103][T13160] Node 1 
[  543.860102][ T5103] Bluetooth: hci1: command tx timeout
[  543.861320][T13160] DMA32: 552*4kB (UME) 2222*8kB (UME) 1484*16kB (UME) 16*32kB (UME) 100*64kB (UME) 92*128kB (UME) 115*256kB (UME) 72*512kB (UME) 11*1024kB (UME) 3*2048kB (M) 8*4096kB (U) = 178896kB
[  543.870657][T13160] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  543.874363][T13160] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  543.878060][T13160] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  543.881771][T13160] Node 1 hugepages_total=4 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  543.885381][T13160] 39114 total pagecache pages
[  543.887259][T13160] 421 pages in swap cache
[  543.889017][T13160] Free swap  = 115452kB
[  543.890804][T13160] Total swap = 124996kB
[  543.892498][T13160] 524155 pages RAM
[  543.894219][T13160] 0 pages HighMem/MovableOnly
[  543.896133][T13160] 210075 pages reserved
[  543.897977][T13160] 0 pages cma reserved
[  544.014247][T13135] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.032215][T13169] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2381'.
[  544.035391][T13169] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2381'.
[  544.082112][T13135] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.206365][T13135] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.441267][T13135] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  544.450738][T13135] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  544.455525][T13135] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  544.460683][T13135] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  544.463972][T13135] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  544.470895][T13135] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  544.474734][T13135] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  544.480629][T13135] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  544.535523][T13135] 8021q: adding VLAN 0 to HW filter on device bond0
[  544.545554][T13135] 8021q: adding VLAN 0 to HW filter on device team0
[  544.553097][  T668] bridge0: port 1(bridge_slave_0) entered blocking state
[  544.555296][  T668] bridge0: port 1(bridge_slave_0) entered forwarding state
[  544.562120][  T668] bridge0: port 2(bridge_slave_1) entered blocking state
[  544.564271][  T668] bridge0: port 2(bridge_slave_1) entered forwarding state
[  544.884246][T13135] 8021q: adding VLAN 0 to HW filter on device batadv0
[  544.913226][T13135] veth0_vlan: entered promiscuous mode
[  544.922377][T13135] veth1_vlan: entered promiscuous mode
[  544.952535][T13135] veth0_macvtap: entered promiscuous mode
[  544.958081][T13135] veth1_macvtap: entered promiscuous mode
[  544.971531][T13135] batman_adv: batadv0: Interface activated: batadv_slave_0
[  544.987125][T13135] batman_adv: batadv0: Interface activated: batadv_slave_1
[  544.996000][  T102] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  544.998949][  T102] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  545.002154][  T102] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  545.004840][  T102] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  545.075704][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  545.081752][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  545.099150][   T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  545.105088][   T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  545.155147][   T40] audit: type=1326 audit(1780414395.465:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13195 comm="syz.1.2377" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf702ef7c code=0x0
[  545.271464][   T40] audit: type=1800 audit(1780414395.585:725): pid=13198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2377" name="file0" dev="overlay" ino=26 res=0 errno=0
[  545.776854][   T40] audit: type=1800 audit(1780414396.085:726): pid=13198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2377" name="file1" dev="overlay" ino=27 res=0 errno=0
[  545.935877][T13198] evm: overlay not supported
[  545.939214][ T5103] Bluetooth: hci1: command tx timeout
[  546.600698][T13203] netdevsim netdevsim1 netdevsim0: IPsec offload requires 128 bit authentication
[  547.354955][T13217] FAULT_INJECTION: forcing a failure.
[  547.354955][T13217] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  547.360840][T13217] CPU: 1 UID: 0 PID: 13217 Comm: syz.1.2390 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  547.360868][T13217] Tainted: [L]=SOFTLOCKUP
[  547.360874][T13217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  547.360884][T13217] Call Trace:
[  547.360891][T13217]  <TASK>
[  547.360899][T13217]  dump_stack_lvl+0x100/0x190
[  547.360922][T13217]  should_fail_ex.cold+0x5/0xa
[  547.360948][T13217]  _copy_from_user+0x2e/0xd0
[  547.360974][T13217]  __sys_bpf+0x243/0x4b90
[  547.360995][T13217]  ? __pfx___sys_bpf+0x10/0x10
[  547.361011][T13217]  ? get_pid_task+0x106/0x250
[  547.361038][T13217]  ? proc_fail_nth_write+0x9f/0x220
[  547.361065][T13217]  ? find_held_lock+0x2b/0x80
[  547.361091][T13217]  ? find_held_lock+0x2b/0x80
[  547.361114][T13217]  ? ksys_write+0x190/0x250
[  547.361138][T13217]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  547.361166][T13217]  ? kernel_write+0x683/0x6c0
[  547.361199][T13217]  ? fput+0x79/0x100
[  547.361233][T13217]  ? ksys_write+0x1ac/0x250
[  547.361255][T13217]  __ia32_sys_bpf+0x79/0xf0
[  547.361279][T13217]  ? lockdep_hardirqs_on+0x78/0x100
[  547.361308][T13217]  __do_fast_syscall_32+0xe7/0x970
[  547.361333][T13217]  ? lockdep_hardirqs_on+0x78/0x100
[  547.361359][T13217]  do_fast_syscall_32+0x32/0x70
[  547.361393][T13217]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  547.361412][T13217] RIP: 0023:0xf702ef7c
[  547.361427][T13217] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  547.361443][T13217] RSP: 002b:00000000f541d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  547.361462][T13217] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800003c0
[  547.361473][T13217] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[  547.361482][T13217] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  547.361493][T13217] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  547.361503][T13217] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  547.361526][T13217]  </TASK>
[  547.460396][ T5103] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  547.465624][ T5103] Bluetooth: hci4: Injecting HCI hardware error event
[  547.470864][T11710] Bluetooth: hci4: hardware error 0x00
[  548.015367][T13238] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.2397'.
[  548.021423][ T5103] Bluetooth: hci1: command tx timeout
[  549.697935][T11710] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  550.091473][T11710] Bluetooth: hci1: command tx timeout
[  550.297904][ T8954] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  550.457884][ T8954] usb 9-1: Using ep0 maxpacket: 8
[  550.463638][ T8954] usb 9-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  550.467667][ T8954] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  550.473550][ T8954] usb 9-1: Product: syz
[  550.475291][ T8954] usb 9-1: Manufacturer: syz
[  550.477301][ T8954] usb 9-1: SerialNumber: syz
[  550.482760][ T8954] usb 9-1: config 0 descriptor??
[  550.491332][ T8954] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  550.869548][T13278] netlink: 'syz.0.2401': attribute type 1 has an invalid length.
[  551.116736][T13255] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  551.122112][T13255] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  551.128330][T13255] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  551.131104][T13255] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  551.139124][ T8954] gspca_sonixj: reg_w1 err -71
[  551.143035][ T8954] sonixj 9-1:0.0: probe with driver sonixj failed with error -71
[  551.152761][ T8954] usb 9-1: USB disconnect, device number 17
[  551.351407][T13285] 9pnet_virtio: no channels available for device syz
[  553.117887][ T5891] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[  553.184599][T13322] FAULT_INJECTION: forcing a failure.
[  553.184599][T13322] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  553.193368][T13322] CPU: 1 UID: 0 PID: 13322 Comm: syz.3.2408 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  553.193391][T13322] Tainted: [L]=SOFTLOCKUP
[  553.193395][T13322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  553.193402][T13322] Call Trace:
[  553.193407][T13322]  <TASK>
[  553.193412][T13322]  dump_stack_lvl+0x100/0x190
[  553.193429][T13322]  should_fail_ex.cold+0x5/0xa
[  553.193444][T13322]  _copy_from_user+0x2e/0xd0
[  553.193462][T13322]  move_addr_to_kernel+0x65/0x170
[  553.193480][T13322]  __sys_connect+0xb5/0x170
[  553.193498][T13322]  ? __pfx___sys_connect+0x10/0x10
[  553.193521][T13322]  ? ksys_write+0x1ac/0x250
[  553.193538][T13322]  __ia32_sys_connect+0x71/0xb0
[  553.193556][T13322]  ? lockdep_hardirqs_on+0x78/0x100
[  553.193573][T13322]  __do_fast_syscall_32+0xe7/0x970
[  553.193592][T13322]  ? lockdep_hardirqs_on+0x78/0x100
[  553.193610][T13322]  do_fast_syscall_32+0x32/0x70
[  553.193627][T13322]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  553.193644][T13322] RIP: 0023:0xf6ffef7c
[  553.193656][T13322] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  553.193668][T13322] RSP: 002b:00000000f53ed50c EFLAGS: 00000292 ORIG_RAX: 000000000000016a
[  553.193680][T13322] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000180
[  553.193688][T13322] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000
[  553.193695][T13322] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  553.193702][T13322] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  553.193732][T13322] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  553.193746][T13322]  </TASK>
[  553.287845][ T5891] usb 5-1: Using ep0 maxpacket: 32
[  553.291093][ T5891] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  553.295808][ T5891] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  553.298629][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  553.301076][ T5891] usb 5-1: Product: syz
[  553.302463][ T5891] usb 5-1: Manufacturer: syz
[  553.304009][ T5891] usb 5-1: SerialNumber: syz
[  553.313541][ T5891] usb 5-1: config 0 descriptor??
[  553.315735][T13293] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  553.573566][  T844] usb 5-1: USB disconnect, device number 113
[  553.668378][T13340] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2413'.
[  553.672548][T13340] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2413'.
[  553.730031][T13343] warn_alloc: 1 callbacks suppressed
[  553.730044][T13343] syz.4.2414: vmalloc error: size 34359742464, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  553.736468][T13343] CPU: 2 UID: 0 PID: 13343 Comm: syz.4.2414 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  553.736486][T13343] Tainted: [L]=SOFTLOCKUP
[  553.736490][T13343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  553.736497][T13343] Call Trace:
[  553.736502][T13343]  <TASK>
[  553.736506][T13343]  dump_stack_lvl+0x100/0x190
[  553.736521][T13343]  warn_alloc.cold+0x95/0x1c1
[  553.736534][T13343]  ? __pfx_warn_alloc+0x10/0x10
[  553.736555][T13343]  ? stack_depot_save_flags+0x27/0x9d0
[  553.736573][T13343]  ? __lock_acquire+0x4a5/0x2630
[  553.736594][T13343]  ? xskq_create+0xfb/0x1d0
[  553.736607][T13343]  __vmalloc_node_range_noprof+0x136c/0x1630
[  553.736624][T13343]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  553.736642][T13343]  ? xskq_create+0xfb/0x1d0
[  553.736658][T13343]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  553.736679][T13343]  ? xskq_create+0xfb/0x1d0
[  553.736691][T13343]  vmalloc_user_noprof+0x9e/0xe0
[  553.736706][T13343]  ? xskq_create+0xfb/0x1d0
[  553.736719][T13343]  xskq_create+0xfb/0x1d0
[  553.736732][T13343]  xsk_setsockopt+0x56f/0xab0
[  553.736745][T13343]  ? __pfx_xsk_setsockopt+0x10/0x10
[  553.736757][T13343]  ? find_held_lock+0x2b/0x80
[  553.736772][T13343]  ? aa_sock_opt_perm+0xfe/0x1b0
[  553.736791][T13343]  ? __pfx_xsk_setsockopt+0x10/0x10
[  553.736804][T13343]  do_sock_setsockopt+0xf3/0x1d0
[  553.736820][T13343]  __sys_setsockopt+0x119/0x190
[  553.736834][T13343]  __ia32_sys_setsockopt+0xbc/0x160
[  553.736844][T13343]  ? __do_fast_syscall_32+0x98/0x970
[  553.736860][T13343]  ? lockdep_hardirqs_on+0x78/0x100
[  553.736875][T13343]  __do_fast_syscall_32+0xe7/0x970
[  553.736891][T13343]  ? lockdep_hardirqs_on+0x78/0x100
[  553.736907][T13343]  do_fast_syscall_32+0x32/0x70
[  553.736924][T13343]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  553.736939][T13343] RIP: 0023:0xf705ef7c
[  553.736948][T13343] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  553.736959][T13343] RSP: 002b:00000000f544d50c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  553.736970][T13343] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b
[  553.736977][T13343] RDX: 0000000000000002 RSI: 0000000080000080 RDI: 000000000000001c
[  553.736983][T13343] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  553.736989][T13343] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  553.736996][T13343] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  553.737009][T13343]  </TASK>
[  553.737013][T13343] Mem-Info:
[  553.820274][T13343] active_anon:3893 inactive_anon:5529 isolated_anon:0
[  553.820274][T13343]  active_file:13264 inactive_file:17513 isolated_file:0
[  553.820274][T13343]  unevictable:1768 dirty:493 writeback:0
[  553.820274][T13343]  slab_reclaimable:7430 slab_unreclaimable:68938
[  553.820274][T13343]  mapped:26257 shmem:5082 pagetables:1427
[  553.820274][T13343]  sec_pagetables:308 bounce:0
[  553.820274][T13343]  kernel_misc_reclaimable:0
[  553.820274][T13343]  free:41636 free_pcp:13869 free_cma:0
[  553.836201][T13343] Node 0 active_anon:128kB inactive_anon:72kB active_file:2572kB inactive_file:40kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8460kB pagetables:1780kB sec_pagetables:1128kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  553.847287][T13343] Node 1 active_anon:15444kB inactive_anon:22044kB active_file:50484kB inactive_file:70012kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:104992kB dirty:1972kB writeback:0kB shmem:16788kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:6712kB pagetables:3928kB sec_pagetables:104kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  553.858264][T13343] Node 0 DMA free:2980kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:112kB local_pcp:92kB free_cma:0kB
[  553.869760][T13343] lowmem_reserve[]: 0 285 285 285 285
[  553.872223][T13343] Node 0 DMA32 free:13980kB boost:0kB min:13096kB low:16368kB high:19640kB reserved_highatomic:0KB free_highatomic:0KB active_anon:128kB inactive_anon:72kB active_file:2572kB inactive_file:40kB unevictable:3536kB writepending:0kB zspages:0kB present:1032196kB managed:292748kB mlocked:0kB bounce:0kB free_pcp:12780kB local_pcp:2632kB free_cma:0kB
[  553.885197][T13343] lowmem_reserve[]: 0 0 0 0 0
[  553.887181][T13343] Node 1 DMA32 free:149584kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:15444kB inactive_anon:22044kB active_file:50484kB inactive_file:70012kB unevictable:3536kB writepending:1972kB zspages:3288kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:42460kB local_pcp:10480kB free_cma:0kB
[  553.897999][T13343] lowmem_reserve[]: 0 0 0 0 0
[  553.899687][T13343] Node 0 DMA: 113*4kB (U) 32*8kB (U) 18*16kB (U) 18*32kB (U) 4*64kB (U) 1*128kB (U) 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 2980kB
[  553.905302][T13343] Node 0 DMA32: 361*4kB (UE) 147*8kB (UME) 122*16kB (UME) 128*32kB (UME) 27*64kB (UM) 10*128kB (U) 5*256kB (U) 2*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 13980kB
[  553.911044][T13343] Node 1 DMA32: 964*4kB (UME) 2214*8kB (UME) 1501*16kB (UM) 111*32kB (UME) 95*64kB (UME) 16*128kB (M) 112*256kB (UM) 54*512kB (UME) 9*1024kB (UME) 1*2048kB (M) 6*4096kB (U) = 149424kB
[  553.918759][T13343] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  553.922805][T13343] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  553.926785][T13343] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  553.931136][T13343] Node 1 hugepages_total=4 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  553.934458][T13343] 36277 total pagecache pages
[  553.936384][T13343] 421 pages in swap cache
[  553.938278][T13343] Free swap  = 115452kB
[  553.940149][T13343] Total swap = 124996kB
[  553.941948][T13343] 524155 pages RAM
[  553.943640][T13343] 0 pages HighMem/MovableOnly
[  553.945748][T13343] 210075 pages reserved
[  553.947876][T13343] 0 pages cma reserved
[  555.037144][ T6726] libceph: connect (1)[c::]:6789 error -101
[  555.040335][ T6726] libceph: mon0 (1)[c::]:6789 connect error
[  555.060958][T13355] ceph: No mds server is up or the cluster is laggy
[  555.066025][ T6726] libceph: connect (1)[c::]:6789 error -101
[  555.068914][ T6726] libceph: mon0 (1)[c::]:6789 connect error
[  557.902805][T13385] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2425'.
[  559.415089][T13411] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2435'.
[  559.768498][    C3] ip6_tunnel:  xmit: Local address not yet configured!
[  561.595064][T13431] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2441'.
[  561.614724][ T5912] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  561.671209][ T5912] hid-generic 0000:0000:0000.0019: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  562.376242][T13443] FAULT_INJECTION: forcing a failure.
[  562.376242][T13443] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  562.397211][T13443] CPU: 0 UID: 0 PID: 13443 Comm: syz.4.2444 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  562.397231][T13443] Tainted: [L]=SOFTLOCKUP
[  562.397236][T13443] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  562.397242][T13443] Call Trace:
[  562.397248][T13443]  <TASK>
[  562.397253][T13443]  dump_stack_lvl+0x100/0x190
[  562.397269][T13443]  should_fail_ex.cold+0x5/0xa
[  562.397284][T13443]  _copy_to_user+0x32/0xd0
[  562.397301][T13443]  simple_read_from_buffer+0xcb/0x170
[  562.397316][T13443]  proc_fail_nth_read+0x1af/0x230
[  562.397335][T13443]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  562.397354][T13443]  ? rw_verify_area+0xce/0x6d0
[  562.397365][T13443]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  562.397382][T13443]  vfs_read+0x1e4/0xb30
[  562.397397][T13443]  ? __pfx_vfs_read+0x10/0x10
[  562.397408][T13443]  ? find_held_lock+0x2b/0x80
[  562.397423][T13443]  ? __fget_files+0x215/0x3d0
[  562.397439][T13443]  ? __fget_files+0x21f/0x3d0
[  562.397455][T13443]  ksys_read+0x12a/0x250
[  562.397468][T13443]  ? __pfx_ksys_read+0x10/0x10
[  562.397481][T13443]  ? rcu_is_watching+0x12/0xc0
[  562.397494][T13443]  ? rcu_is_watching+0x12/0xc0
[  562.397509][T13443]  do_int80_emulation+0x14b/0x720
[  562.397528][T13443]  asm_int80_emulation+0x1a/0x20
[  562.397540][T13443] RIP: 0023:0xf71961ab
[  562.397550][T13443] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  562.397561][T13443] RSP: 002b:00000000f544d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  562.397572][T13443] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f544d5d0
[  562.397707][T13443] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  562.397716][T13443] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  562.397724][T13443] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  562.397733][T13443] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  562.397774][T13443]  </TASK>
[  564.438923][T13474] netlink: 'syz.4.2451': attribute type 1 has an invalid length.
[  564.445387][T13474] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2451'.
[  564.896819][ T5891] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[  564.911836][ T5891] hid-generic 0000:0000:0000.001A: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  564.950853][ T5912] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[  564.978231][ T8954] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  565.097995][ T5912] usb 5-1: Using ep0 maxpacket: 32
[  565.102420][ T5912] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  565.107943][ T5912] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  565.111189][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  565.113696][ T5912] usb 5-1: Product: syz
[  565.114984][ T5912] usb 5-1: Manufacturer: syz
[  565.116540][ T5912] usb 5-1: SerialNumber: syz
[  565.120222][ T5912] usb 5-1: config 0 descriptor??
[  565.122445][T13481] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  565.128262][ T8954] usb 6-1: Using ep0 maxpacket: 32
[  565.135042][ T8954] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  565.141971][ T8954] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  565.145986][ T8954] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  565.150064][ T8954] usb 6-1: Product: syz
[  565.151806][ T8954] usb 6-1: Manufacturer: syz
[  565.153728][ T8954] usb 6-1: SerialNumber: syz
[  565.158343][ T8954] usb 6-1: config 0 descriptor??
[  565.161146][T13484] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  565.167709][ T8954] chaoskey 6-1:0.0: Unable to register with hwrng
[  565.382374][ T5912] usb 5-1: USB disconnect, device number 114
[  565.388892][ T5891] usb 6-1: USB disconnect, device number 3
[  565.766087][T13501] warn_alloc: 1 callbacks suppressed
[  565.766105][T13501] syz.3.2458: vmalloc error: size 34359742464, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  565.776861][T13501] CPU: 1 UID: 0 PID: 13501 Comm: syz.3.2458 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  565.776893][T13501] Tainted: [L]=SOFTLOCKUP
[  565.776902][T13501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  565.776914][T13501] Call Trace:
[  565.776923][T13501]  <TASK>
[  565.776930][T13501]  dump_stack_lvl+0x100/0x190
[  565.776964][T13501]  warn_alloc.cold+0x95/0x1c1
[  565.776986][T13501]  ? __pfx_warn_alloc+0x10/0x10
[  565.777020][T13501]  ? stack_depot_save_flags+0x27/0x9d0
[  565.777051][T13501]  ? __lock_acquire+0x4a5/0x2630
[  565.777083][T13501]  ? xskq_create+0xfb/0x1d0
[  565.777106][T13501]  __vmalloc_node_range_noprof+0x136c/0x1630
[  565.777131][T13501]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  565.777162][T13501]  ? xskq_create+0xfb/0x1d0
[  565.777189][T13501]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  565.777223][T13501]  ? xskq_create+0xfb/0x1d0
[  565.777239][T13501]  vmalloc_user_noprof+0x9e/0xe0
[  565.777254][T13501]  ? xskq_create+0xfb/0x1d0
[  565.777266][T13501]  xskq_create+0xfb/0x1d0
[  565.777286][T13501]  xsk_setsockopt+0x56f/0xab0
[  565.777306][T13501]  ? __pfx_xsk_setsockopt+0x10/0x10
[  565.777327][T13501]  ? find_held_lock+0x2b/0x80
[  565.777352][T13501]  ? aa_sock_opt_perm+0xfe/0x1b0
[  565.777382][T13501]  ? __pfx_xsk_setsockopt+0x10/0x10
[  565.777405][T13501]  do_sock_setsockopt+0xf3/0x1d0
[  565.777433][T13501]  __sys_setsockopt+0x119/0x190
[  565.777456][T13501]  __ia32_sys_setsockopt+0xbc/0x160
[  565.777473][T13501]  ? __do_fast_syscall_32+0x98/0x970
[  565.777500][T13501]  ? lockdep_hardirqs_on+0x78/0x100
[  565.777525][T13501]  __do_fast_syscall_32+0xe7/0x970
[  565.777579][T13501]  ? lockdep_hardirqs_on+0x78/0x100
[  565.777605][T13501]  do_fast_syscall_32+0x32/0x70
[  565.777632][T13501]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  565.777656][T13501] RIP: 0023:0xf6ffef7c
[  565.777671][T13501] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  565.777687][T13501] RSP: 002b:00000000f53ed50c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  565.777706][T13501] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b
[  565.777718][T13501] RDX: 0000000000000002 RSI: 0000000080000080 RDI: 000000000000001c
[  565.777731][T13501] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  565.777758][T13501] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  565.777770][T13501] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  565.777796][T13501]  </TASK>
[  565.866402][T13501] Mem-Info:
[  565.867434][T13501] active_anon:3862 inactive_anon:5526 isolated_anon:0
[  565.867434][T13501]  active_file:13264 inactive_file:17517 isolated_file:0
[  565.867434][T13501]  unevictable:1768 dirty:542 writeback:0
[  565.867434][T13501]  slab_reclaimable:7452 slab_unreclaimable:69041
[  565.867434][T13501]  mapped:25211 shmem:5066 pagetables:1436
[  565.867434][T13501]  sec_pagetables:308 bounce:0
[  565.867434][T13501]  kernel_misc_reclaimable:0
[  565.867434][T13501]  free:40708 free_pcp:14250 free_cma:0
[  565.888652][T13501] Node 0 active_anon:128kB inactive_anon:72kB active_file:2572kB inactive_file:40kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8480kB pagetables:1780kB sec_pagetables:1128kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  565.898775][T13501] Node 1 active_anon:15420kB inactive_anon:22032kB active_file:50484kB inactive_file:70028kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:100808kB dirty:2168kB writeback:0kB shmem:16724kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:6740kB pagetables:3964kB sec_pagetables:104kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  565.909985][T13501] Node 0 DMA free:2980kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:112kB local_pcp:0kB free_cma:0kB
[  565.919367][T13501] lowmem_reserve[]: 0 285 285 285 285
[  565.921381][T13501] Node 0 DMA32 free:13980kB boost:0kB min:13096kB low:16368kB high:19640kB reserved_highatomic:0KB free_highatomic:0KB active_anon:128kB inactive_anon:72kB active_file:2572kB inactive_file:40kB unevictable:3536kB writepending:0kB zspages:0kB present:1032196kB managed:292748kB mlocked:0kB bounce:0kB free_pcp:12856kB local_pcp:3704kB free_cma:0kB
[  565.931859][T13501] lowmem_reserve[]: 0 0 0 0 0
[  565.933904][T13501] Node 1 DMA32 free:145872kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:15420kB inactive_anon:22032kB active_file:50484kB inactive_file:70028kB unevictable:3536kB writepending:2168kB zspages:3288kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:43936kB local_pcp:7428kB free_cma:0kB
[  565.958287][T13501] lowmem_reserve[]: 0 0 0 0 0
[  565.960037][T13501] Node 0 DMA: 113*4kB (U) 32*8kB (U) 18*16kB (U) 18*32kB (U) 4*64kB (U) 1*128kB (U) 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 2980kB
[  565.965115][T13501] Node 0 DMA32: 361*4kB (UE) 147*8kB (UME) 122*16kB (UME) 128*32kB (UME) 27*64kB (UM) 10*128kB (U) 5*256kB (U) 2*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 13980kB
[  565.971045][T13501] Node 1 DMA32: 762*4kB (UME) 2302*8kB (UM) 1513*16kB (UM) 142*32kB (UME) 93*64kB (UME) 43*128kB (ME) 95*256kB (UME) 57*512kB (UME) 8*1024kB (UM) 1*2048kB (M) 5*4096kB (U) = 145896kB
[  565.978679][T13501] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  565.982593][T13501] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  565.985518][T13501] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  565.988620][T13501] Node 1 hugepages_total=4 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  565.991939][T13501] 36265 total pagecache pages
[  565.993354][T13501] 421 pages in swap cache
[  565.994768][T13501] Free swap  = 115452kB
[  565.996398][T13501] Total swap = 124996kB
[  565.998124][T13501] 524155 pages RAM
[  565.999287][T13501] 0 pages HighMem/MovableOnly
[  566.000849][T13501] 210075 pages reserved
[  566.002485][T13501] 0 pages cma reserved
[  566.634885][T13510] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2460'.
[  567.091103][T13527] netlink: 'syz.4.2465': attribute type 1 has an invalid length.
[  567.095328][T13527] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2465'.
[  567.449123][ T1434] ieee802154 phy0 wpan0: encryption failed: -22
[  567.452162][ T1434] ieee802154 phy1 wpan1: encryption failed: -22
[  567.500083][ T5911] hid-generic 0000:0000:0000.001B: unknown main item tag 0x0
[  567.564482][ T5911] hid-generic 0000:0000:0000.001B: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  567.770457][  T844] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  567.927982][  T844] usb 9-1: Using ep0 maxpacket: 32
[  567.935856][  T844] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  567.950731][  T844] usb 9-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  567.958675][  T844] usb 9-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  567.962458][  T844] usb 9-1: Product: syz
[  567.964266][  T844] usb 9-1: Manufacturer: syz
[  567.966434][  T844] usb 9-1: SerialNumber: syz
[  567.971408][  T844] usb 9-1: config 0 descriptor??
[  567.975584][T13539] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  568.007981][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  568.241983][  T844] usb 9-1: USB disconnect, device number 18
[  569.527924][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  569.659351][T13555] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2474'.
[  569.866621][T13560] netlink: 'syz.4.2476': attribute type 1 has an invalid length.
[  569.878379][T13560] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2476'.
[  570.787810][T13583] FAULT_INJECTION: forcing a failure.
[  570.787810][T13583] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  570.793660][T13583] CPU: 3 UID: 0 PID: 13583 Comm: syz.1.2481 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  570.793679][T13583] Tainted: [L]=SOFTLOCKUP
[  570.793684][T13583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  570.793690][T13583] Call Trace:
[  570.793695][T13583]  <TASK>
[  570.793700][T13583]  dump_stack_lvl+0x100/0x190
[  570.793715][T13583]  should_fail_ex.cold+0x5/0xa
[  570.793731][T13583]  _copy_from_user+0x2e/0xd0
[  570.793747][T13583]  get_compat_msghdr+0xb3/0x4b0
[  570.793761][T13583]  ? __pfx_get_compat_msghdr+0x10/0x10
[  570.793779][T13583]  ___sys_sendmsg+0x1b6/0x1e0
[  570.793796][T13583]  ? __pfx____sys_sendmsg+0x10/0x10
[  570.793817][T13583]  ? find_held_lock+0x2b/0x80
[  570.793839][T13583]  __sys_sendmsg+0x170/0x220
[  570.793851][T13583]  ? __pfx___sys_sendmsg+0x10/0x10
[  570.793862][T13583]  ? __fget_files+0x21f/0x3d0
[  570.793879][T13583]  ? ksys_write+0x1ac/0x250
[  570.793892][T13583]  ? rcu_is_watching+0x12/0xc0
[  570.793907][T13583]  __do_fast_syscall_32+0xe7/0x970
[  570.793924][T13583]  ? lockdep_hardirqs_on+0x78/0x100
[  570.793941][T13583]  do_fast_syscall_32+0x32/0x70
[  570.793958][T13583]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  570.793973][T13583] RIP: 0023:0xf702ef7c
[  570.793982][T13583] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  570.793993][T13583] RSP: 002b:00000000f541d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  570.794004][T13583] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  570.794011][T13583] RDX: 000000002000400c RSI: 0000000000000000 RDI: 0000000000000000
[  570.794017][T13583] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  570.794023][T13583] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  570.794030][T13583] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  570.794043][T13583]  </TASK>
[  570.868605][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[  570.886667][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  571.272638][T13589] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2483'.
[  571.786230][T13595] netlink: 'syz.0.2486': attribute type 1 has an invalid length.
[  571.801404][T13595] bond1: entered promiscuous mode
[  571.803264][T13595] 8021q: adding VLAN 0 to HW filter on device bond1
[  571.811877][T13595] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2486'.
[  572.510135][T13608] FAULT_INJECTION: forcing a failure.
[  572.510135][T13608] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  572.515126][T13608] CPU: 2 UID: 0 PID: 13608 Comm: syz.1.2491 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  572.515145][T13608] Tainted: [L]=SOFTLOCKUP
[  572.515149][T13608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  572.515156][T13608] Call Trace:
[  572.515160][T13608]  <TASK>
[  572.515165][T13608]  dump_stack_lvl+0x100/0x190
[  572.515180][T13608]  should_fail_ex.cold+0x5/0xa
[  572.515195][T13608]  _copy_from_user+0x2e/0xd0
[  572.515211][T13608]  get_compat_msghdr+0xb3/0x4b0
[  572.515225][T13608]  ? __pfx_get_compat_msghdr+0x10/0x10
[  572.515243][T13608]  ___sys_sendmsg+0x1b6/0x1e0
[  572.515260][T13608]  ? __pfx____sys_sendmsg+0x10/0x10
[  572.515282][T13608]  ? find_held_lock+0x2b/0x80
[  572.515304][T13608]  __sys_sendmsg+0x170/0x220
[  572.515315][T13608]  ? __pfx___sys_sendmsg+0x10/0x10
[  572.515326][T13608]  ? __fget_files+0x21f/0x3d0
[  572.515343][T13608]  ? ksys_write+0x1ac/0x250
[  572.515357][T13608]  ? rcu_is_watching+0x12/0xc0
[  572.515372][T13608]  __do_fast_syscall_32+0xe7/0x970
[  572.515389][T13608]  ? lockdep_hardirqs_on+0x78/0x100
[  572.515407][T13608]  do_fast_syscall_32+0x32/0x70
[  572.515425][T13608]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  572.515440][T13608] RIP: 0023:0xf702ef7c
[  572.515449][T13608] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  572.515461][T13608] RSP: 002b:00000000f541d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  572.515472][T13608] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  572.515480][T13608] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  572.515486][T13608] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  572.515493][T13608] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  572.515499][T13608] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  572.515512][T13608]  </TASK>
[  572.632706][T13613] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2492'.
[  572.952890][T13624] FAULT_INJECTION: forcing a failure.
[  572.952890][T13624] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  572.960392][T13624] CPU: 2 UID: 0 PID: 13624 Comm: syz.3.2488 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  572.960423][T13624] Tainted: [L]=SOFTLOCKUP
[  572.960429][T13624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  572.960456][T13624] Call Trace:
[  572.960464][T13624]  <TASK>
[  572.960485][T13624]  dump_stack_lvl+0x100/0x190
[  572.960511][T13624]  should_fail_ex.cold+0x5/0xa
[  572.960536][T13624]  _copy_from_user+0x2e/0xd0
[  572.960567][T13624]  get_compat_msghdr+0xb3/0x4b0
[  572.960593][T13624]  ? __pfx_get_compat_msghdr+0x10/0x10
[  572.960622][T13624]  ___sys_sendmsg+0x1b6/0x1e0
[  572.960650][T13624]  ? __pfx____sys_sendmsg+0x10/0x10
[  572.960686][T13624]  ? find_held_lock+0x2b/0x80
[  572.960725][T13624]  __sys_sendmsg+0x170/0x220
[  572.960745][T13624]  ? __pfx___sys_sendmsg+0x10/0x10
[  572.960762][T13624]  ? __fget_files+0x21f/0x3d0
[  572.960790][T13624]  ? ksys_write+0x1ac/0x250
[  572.960813][T13624]  ? rcu_is_watching+0x12/0xc0
[  572.960836][T13624]  __do_fast_syscall_32+0xe7/0x970
[  572.960862][T13624]  ? lockdep_hardirqs_on+0x78/0x100
[  572.960890][T13624]  do_fast_syscall_32+0x32/0x70
[  572.960916][T13624]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  572.960939][T13624] RIP: 0023:0xf6ffef7c
[  572.960955][T13624] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  572.960971][T13624] RSP: 002b:00000000f53ed50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  572.960989][T13624] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[  572.961000][T13624] RDX: 0000000020000014 RSI: 0000000000000000 RDI: 0000000000000000
[  572.961011][T13624] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  572.961021][T13624] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  572.961032][T13624] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  572.961055][T13624]  </TASK>
[  573.087205][T13629] netlink: 'syz.3.2495': attribute type 1 has an invalid length.
[  573.139213][T13629] bond7: entered promiscuous mode
[  573.144711][T13631] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2495'.
[  573.146217][T13629] 8021q: adding VLAN 0 to HW filter on device bond7
[  573.218260][T13620] xt_CT: No such helper "snmp"
[  574.215256][T13643] FAULT_INJECTION: forcing a failure.
[  574.215256][T13643] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  574.220734][T13643] CPU: 3 UID: 0 PID: 13643 Comm: syz.3.2498 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  574.220753][T13643] Tainted: [L]=SOFTLOCKUP
[  574.220757][T13643] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  574.220764][T13643] Call Trace:
[  574.220769][T13643]  <TASK>
[  574.220774][T13643]  dump_stack_lvl+0x100/0x190
[  574.220789][T13643]  should_fail_ex.cold+0x5/0xa
[  574.220803][T13643]  _copy_from_user+0x2e/0xd0
[  574.220820][T13643]  get_compat_msghdr+0xb3/0x4b0
[  574.220834][T13643]  ? __pfx_get_compat_msghdr+0x10/0x10
[  574.220849][T13643]  ? _kstrtoull+0x13c/0x1f0
[  574.220859][T13643]  ? __pfx__kstrtoull+0x10/0x10
[  574.220871][T13643]  ___sys_sendmsg+0x1b6/0x1e0
[  574.220888][T13643]  ? __pfx____sys_sendmsg+0x10/0x10
[  574.220904][T13643]  ? __lock_acquire+0x4a5/0x2630
[  574.220936][T13643]  __sys_sendmmsg+0x2ff/0x430
[  574.220949][T13643]  ? __pfx___sys_sendmmsg+0x10/0x10
[  574.220970][T13643]  ? __fget_files+0x215/0x3d0
[  574.220989][T13643]  ? fput+0x79/0x100
[  574.221004][T13643]  ? ksys_write+0x1ac/0x250
[  574.221019][T13643]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  574.221033][T13643]  ? lockdep_hardirqs_on+0x78/0x100
[  574.221049][T13643]  __do_fast_syscall_32+0xe7/0x970
[  574.221065][T13643]  ? lockdep_hardirqs_on+0x78/0x100
[  574.221081][T13643]  do_fast_syscall_32+0x32/0x70
[  574.221099][T13643]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  574.221113][T13643] RIP: 0023:0xf6ffef7c
[  574.221123][T13643] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  574.221133][T13643] RSP: 002b:00000000f53ed50c EFLAGS: 00000292 ORIG_RAX: 0000000000000159
[  574.221145][T13643] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080002340
[  574.221152][T13643] RDX: 0000000003fffff7 RSI: 0000000000000000 RDI: 0000000000000000
[  574.221158][T13643] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  574.221165][T13643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  574.221172][T13643] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  574.221185][T13643]  </TASK>
[  575.209697][T13656] 9pnet_virtio: no channels available for device syz
[  575.427709][T13666] netlink: 'syz.1.2506': attribute type 1 has an invalid length.
[  575.480234][T13667] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2506'.
[  575.506877][T13666] bond1: entered promiscuous mode
[  575.518197][T13666] 8021q: adding VLAN 0 to HW filter on device bond1
[  576.137347][T13679] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2508'.
[  576.159156][T13680] tipc: Started in network mode
[  576.162137][T13680] tipc: Node identity b6b703709e14, cluster identity 4711
[  576.165080][T13680] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  576.170095][T13680] syzkaller0: entered promiscuous mode
[  576.173910][T13680] syzkaller0: entered allmulticast mode
[  576.180436][T13680] tipc: Resetting bearer <eth:syzkaller0>
[  576.195555][T13677] tipc: Resetting bearer <eth:syzkaller0>
[  576.236406][T13677] tipc: Disabling bearer <eth:syzkaller0>
[  576.270902][T13681] 
: renamed from bond_slave_0
[  578.757235][T13715] netlink: 'syz.3.2516': attribute type 1 has an invalid length.
[  578.764868][T13715] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2516'.
[  578.931556][T13718] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2517'.
[  579.229767][T13737] FAULT_INJECTION: forcing a failure.
[  579.229767][T13737] name failslab, interval 1, probability 0, space 0, times 0
[  579.236104][T13737] CPU: 1 UID: 0 PID: 13737 Comm: syz.1.2523 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  579.236123][T13737] Tainted: [L]=SOFTLOCKUP
[  579.236127][T13737] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  579.236146][T13737] Call Trace:
[  579.236152][T13737]  <TASK>
[  579.236157][T13737]  dump_stack_lvl+0x100/0x190
[  579.236173][T13737]  should_fail_ex.cold+0x5/0xa
[  579.236188][T13737]  ? tomoyo_realpath_from_path+0xb6/0x690
[  579.236205][T13737]  should_failslab+0xc2/0x120
[  579.236219][T13737]  __kmalloc_noprof+0xe0/0x850
[  579.236229][T13737]  ? kfree+0x1dd/0x6c0
[  579.236246][T13737]  tomoyo_realpath_from_path+0xb6/0x690
[  579.236266][T13737]  tomoyo_path_number_perm+0x23c/0x580
[  579.236279][T13737]  ? tomoyo_path_number_perm+0x22e/0x580
[  579.236294][T13737]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  579.236308][T13737]  ? get_pid_task+0x106/0x250
[  579.236337][T13737]  ? find_held_lock+0x2b/0x80
[  579.236351][T13737]  ? __fget_files+0x215/0x3d0
[  579.236363][T13737]  ? hook_file_ioctl_common+0x149/0x410
[  579.236377][T13737]  ? __fget_files+0x215/0x3d0
[  579.236392][T13737]  ? __fget_files+0x21f/0x3d0
[  579.236407][T13737]  security_file_ioctl_compat+0xd3/0x230
[  579.236422][T13737]  __ia32_compat_sys_ioctl+0xc2/0x360
[  579.236436][T13737]  __do_fast_syscall_32+0xe7/0x970
[  579.236453][T13737]  ? lockdep_hardirqs_on+0x78/0x100
[  579.236470][T13737]  do_fast_syscall_32+0x32/0x70
[  579.236487][T13737]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  579.236502][T13737] RIP: 0023:0xf702ef7c
[  579.236512][T13737] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  579.236523][T13737] RSP: 002b:00000000f53fc50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  579.236534][T13737] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c020aa04
[  579.236541][T13737] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  579.236548][T13737] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  579.236554][T13737] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  579.236561][T13737] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  579.236575][T13737]  </TASK>
[  579.238534][T13737] ERROR: Out of memory at tomoyo_realpath_from_path.
[  579.366323][ T7473] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  579.549544][ T7473] usb 9-1: Using ep0 maxpacket: 8
[  579.555366][ T7473] usb 9-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  579.558292][ T7473] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  579.560952][ T7473] usb 9-1: Product: syz
[  579.562601][ T7473] usb 9-1: Manufacturer: syz
[  579.564776][ T7473] usb 9-1: SerialNumber: syz
[  579.576725][ T7473] usb 9-1: config 0 descriptor??
[  579.585231][ T7473] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  580.222808][T13722] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  580.227980][T13722] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  580.245509][T13722] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  580.250451][T13722] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  580.271322][ T7473] gspca_sonixj: reg_w1 err -71
[  580.272872][ T7473] sonixj 9-1:0.0: probe with driver sonixj failed with error -71
[  580.283217][ T7473] usb 9-1: USB disconnect, device number 19
[  580.965919][T13749] warn_alloc: 3 callbacks suppressed
[  580.965931][T13749] syz.4.2528: vmalloc error: size 34359742464, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  580.976645][T13749] CPU: 3 UID: 0 PID: 13749 Comm: syz.4.2528 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  580.976675][T13749] Tainted: [L]=SOFTLOCKUP
[  580.976682][T13749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  580.976693][T13749] Call Trace:
[  580.976699][T13749]  <TASK>
[  580.976704][T13749]  dump_stack_lvl+0x100/0x190
[  580.976721][T13749]  warn_alloc.cold+0x95/0x1c1
[  580.976734][T13749]  ? __pfx_warn_alloc+0x10/0x10
[  580.976756][T13749]  ? stack_depot_save_flags+0x27/0x9d0
[  580.976781][T13749]  ? __lock_acquire+0x4a5/0x2630
[  580.976819][T13749]  ? xskq_create+0xfb/0x1d0
[  580.976841][T13749]  __vmalloc_node_range_noprof+0x136c/0x1630
[  580.976868][T13749]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  580.976896][T13749]  ? xskq_create+0xfb/0x1d0
[  580.976912][T13749]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  580.976933][T13749]  ? xskq_create+0xfb/0x1d0
[  580.976945][T13749]  vmalloc_user_noprof+0x9e/0xe0
[  580.976960][T13749]  ? xskq_create+0xfb/0x1d0
[  580.976972][T13749]  xskq_create+0xfb/0x1d0
[  580.976985][T13749]  xsk_setsockopt+0x56f/0xab0
[  580.976998][T13749]  ? __pfx_xsk_setsockopt+0x10/0x10
[  580.977010][T13749]  ? find_held_lock+0x2b/0x80
[  580.977025][T13749]  ? aa_sock_opt_perm+0xfe/0x1b0
[  580.977044][T13749]  ? __pfx_xsk_setsockopt+0x10/0x10
[  580.977057][T13749]  do_sock_setsockopt+0xf3/0x1d0
[  580.977073][T13749]  __sys_setsockopt+0x119/0x190
[  580.977086][T13749]  __ia32_sys_setsockopt+0xbc/0x160
[  580.977097][T13749]  ? __do_fast_syscall_32+0x98/0x970
[  580.977113][T13749]  ? lockdep_hardirqs_on+0x78/0x100
[  580.977128][T13749]  __do_fast_syscall_32+0xe7/0x970
[  580.977144][T13749]  ? lockdep_hardirqs_on+0x78/0x100
[  580.977162][T13749]  do_fast_syscall_32+0x32/0x70
[  580.977180][T13749]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  580.977194][T13749] RIP: 0023:0xf705ef7c
[  580.977203][T13749] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  580.977214][T13749] RSP: 002b:00000000f544d50c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  580.977225][T13749] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b
[  580.977232][T13749] RDX: 0000000000000002 RSI: 0000000080000080 RDI: 000000000000001c
[  580.977239][T13749] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  580.977245][T13749] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  580.977251][T13749] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  580.977265][T13749]  </TASK>
[  580.977269][T13749] Mem-Info:
[  581.065931][T13749] active_anon:3882 inactive_anon:5513 isolated_anon:0
[  581.065931][T13749]  active_file:13264 inactive_file:17523 isolated_file:0
[  581.065931][T13749]  unevictable:1768 dirty:606 writeback:0
[  581.065931][T13749]  slab_reclaimable:7486 slab_unreclaimable:70452
[  581.065931][T13749]  mapped:25415 shmem:5061 pagetables:1410
[  581.065931][T13749]  sec_pagetables:308 bounce:0
[  581.065931][T13749]  kernel_misc_reclaimable:0
[  581.065931][T13749]  free:41787 free_pcp:12907 free_cma:0
[  581.081443][T13749] Node 0 active_anon:128kB inactive_anon:72kB active_file:2572kB inactive_file:40kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8436kB pagetables:1780kB sec_pagetables:1128kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  581.095142][T13749] Node 1 active_anon:15400kB inactive_anon:21980kB active_file:50484kB inactive_file:70052kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:101624kB dirty:2424kB writeback:0kB shmem:16704kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:6688kB pagetables:3860kB sec_pagetables:104kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  581.107596][T13749] Node 0 DMA free:2980kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:112kB local_pcp:0kB free_cma:0kB
[  581.147997][T13749] lowmem_reserve[]: 0 285 285 285 285
[  581.151368][T13749] Node 0 DMA32 free:13980kB boost:0kB min:13096kB low:16368kB high:19640kB reserved_highatomic:0KB free_highatomic:0KB active_anon:128kB inactive_anon:72kB active_file:2572kB inactive_file:40kB unevictable:3536kB writepending:0kB zspages:0kB present:1032196kB managed:292748kB mlocked:0kB bounce:0kB free_pcp:14276kB local_pcp:2696kB free_cma:0kB
[  581.164975][T13749] lowmem_reserve[]: 0 0 0 0 0
[  581.167506][T13749] Node 1 DMA32 free:150188kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:15400kB inactive_anon:21980kB active_file:50484kB inactive_file:70052kB unevictable:3536kB writepending:2424kB zspages:3288kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:37204kB local_pcp:6860kB free_cma:0kB
[  581.178721][T13749] lowmem_reserve[]: 0 0 0 0 0
[  581.180482][T13749] Node 0 DMA: 113*4kB (U) 32*8kB (U) 18*16kB (U) 18*32kB (U) 4*64kB (U) 1*128kB (U) 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 2980kB
[  581.188216][T13749] Node 0 DMA32: 361*4kB (UE) 147*8kB (UME) 122*16kB (UME) 128*32kB (UME) 27*64kB (UM) 10*128kB (U) 5*256kB (U) 2*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 13980kB
[  581.195793][T13749] Node 1 DMA32: 2135*4kB (UM) 2576*8kB (UME) 1615*16kB (UM) 117*32kB (UM) 115*64kB (UME) 79*128kB (UME) 71*256kB (UME) 59*512kB (UME) 11*1024kB (UME) 3*2048kB (ME) 2*4096kB (UM) = 150188kB
[  581.205538][T13749] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  581.209559][T13749] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  581.213714][T13749] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  581.217691][T13749] Node 1 hugepages_total=4 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  581.221275][T13749] 36266 total pagecache pages
[  581.223214][T13749] 421 pages in swap cache
[  581.225390][T13749] Free swap  = 115452kB
[  581.227101][T13749] Total swap = 124996kB
[  581.229467][T13749] 524155 pages RAM
[  581.231122][T13749] 0 pages HighMem/MovableOnly
[  581.233247][T13749] 210075 pages reserved
[  581.235018][T13749] 0 pages cma reserved
[  582.633399][T13760] netlink: 'syz.1.2532': attribute type 1 has an invalid length.
[  582.637671][T13760] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2532'.
[  582.676429][T13761] binder: BINDER_SET_CONTEXT_MGR already set
[  582.689230][T13761] binder: 13754:13761 ioctl 4018620d 80004a80 returned -16
[  584.881790][T13793] netlink: 'syz.0.2543': attribute type 1 has an invalid length.
[  584.895153][T13793] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2543'.
[  585.784888][T13820] overlayfs: conflicting lowerdir path
[  585.820995][T13820] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  585.987042][T13820] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  585.989079][T13820] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  586.000257][T13820] vhci_hcd vhci_hcd.0: Device attached
[  586.310795][  T844] usb 38-1: SetAddress Request (10) to port 0
[  586.317520][  T844] usb 38-1: new SuperSpeed USB device number 10 using vhci_hcd
[  586.341769][T13822] vhci_hcd: connection reset by peer
[  586.346060][T12683] vhci_hcd vhci_hcd.0: stop threads
[  586.360127][T12683] vhci_hcd vhci_hcd.0: release socket
[  586.364914][T12683] vhci_hcd vhci_hcd.0: disconnect device
[  586.798376][  T858] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  586.814406][T13839] geneve2: entered promiscuous mode
[  586.816137][T13839] geneve2: entered allmulticast mode
[  586.820171][T12683] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  586.830338][T12683] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  586.834511][T12683] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  586.847988][T12683] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  587.968330][T13859] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2558'.
[  588.834954][T13883] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2562'.
[  588.844262][T13883] netlink: 212 bytes leftover after parsing attributes in process `syz.0.2562'.
[  588.848357][T13883] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2562'.
[  591.368045][  T844] usb 38-1: device descriptor read/8, error -110
[  591.788904][  T844] usb usb38-port1: attempt power cycle
[  592.360748][  T844] usb usb38-port1: unable to enumerate USB device
[  597.531687][T13902] warn_alloc: 2 callbacks suppressed
[  597.531706][T13902] syz.0.2563: vmalloc error: size 34359742464, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  597.540784][T13902] CPU: 1 UID: 0 PID: 13902 Comm: syz.0.2563 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  597.540815][T13902] Tainted: [L]=SOFTLOCKUP
[  597.540822][T13902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  597.540835][T13902] Call Trace:
[  597.540844][T13902]  <TASK>
[  597.540852][T13902]  dump_stack_lvl+0x100/0x190
[  597.540897][T13902]  warn_alloc.cold+0x95/0x1c1
[  597.540923][T13902]  ? __pfx_warn_alloc+0x10/0x10
[  597.540961][T13902]  ? stack_depot_save_flags+0x27/0x9d0
[  597.540996][T13902]  ? __lock_acquire+0x4a5/0x2630
[  597.541035][T13902]  ? xskq_create+0xfb/0x1d0
[  597.541059][T13902]  __vmalloc_node_range_noprof+0x136c/0x1630
[  597.541108][T13902]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  597.541140][T13902]  ? xskq_create+0xfb/0x1d0
[  597.541170][T13902]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  597.541224][T13902]  ? xskq_create+0xfb/0x1d0
[  597.541246][T13902]  vmalloc_user_noprof+0x9e/0xe0
[  597.541274][T13902]  ? xskq_create+0xfb/0x1d0
[  597.541298][T13902]  xskq_create+0xfb/0x1d0
[  597.541323][T13902]  xsk_setsockopt+0x56f/0xab0
[  597.541348][T13902]  ? __pfx_xsk_setsockopt+0x10/0x10
[  597.541370][T13902]  ? find_held_lock+0x2b/0x80
[  597.541397][T13902]  ? aa_sock_opt_perm+0xfe/0x1b0
[  597.541432][T13902]  ? __pfx_xsk_setsockopt+0x10/0x10
[  597.541455][T13902]  do_sock_setsockopt+0xf3/0x1d0
[  597.541485][T13902]  __sys_setsockopt+0x119/0x190
[  597.541511][T13902]  __ia32_sys_setsockopt+0xbc/0x160
[  597.541530][T13902]  ? __do_fast_syscall_32+0x98/0x970
[  597.541560][T13902]  ? lockdep_hardirqs_on+0x78/0x100
[  597.541587][T13902]  __do_fast_syscall_32+0xe7/0x970
[  597.541615][T13902]  ? lockdep_hardirqs_on+0x78/0x100
[  597.541644][T13902]  do_fast_syscall_32+0x32/0x70
[  597.541680][T13902]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  597.541706][T13902] RIP: 0023:0xf7f56f7c
[  597.541723][T13902] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  597.541744][T13902] RSP: 002b:00000000f541650c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  597.541764][T13902] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b
[  597.541779][T13902] RDX: 0000000000000002 RSI: 0000000080000080 RDI: 000000000000001c
[  597.541792][T13902] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  597.541805][T13902] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  597.541818][T13902] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  597.541844][T13902]  </TASK>
[  597.545018][T13902] Mem-Info:
[  597.669698][T13902] active_anon:6148 inactive_anon:4897 isolated_anon:0
[  597.669698][T13902]  active_file:6063 inactive_file:24750 isolated_file:0
[  597.669698][T13902]  unevictable:1768 dirty:80 writeback:0
[  597.669698][T13902]  slab_reclaimable:7457 slab_unreclaimable:71074
[  597.669698][T13902]  mapped:27485 shmem:7911 pagetables:1187
[  597.669698][T13902]  sec_pagetables:309 bounce:0
[  597.669698][T13902]  kernel_misc_reclaimable:0
[  597.669698][T13902]  free:39876 free_pcp:12651 free_cma:0
[  597.759906][T13902] Node 0 active_anon:228kB inactive_anon:64kB active_file:2572kB inactive_file:40kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8440kB pagetables:1680kB sec_pagetables:1128kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  597.808491][T13902] Node 1 active_anon:24364kB inactive_anon:19524kB active_file:24380kB inactive_file:98960kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:109904kB dirty:520kB writeback:0kB shmem:28104kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:6572kB pagetables:3068kB sec_pagetables:108kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  597.841050][T13902] Node 0 DMA free:3092kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  597.867523][T13902] lowmem_reserve[]: 0 285 285 285 285
[  597.871243][T13902] Node 0 DMA32 free:15836kB boost:0kB min:13096kB low:16368kB high:19640kB reserved_highatomic:0KB free_highatomic:0KB active_anon:228kB inactive_anon:64kB active_file:2572kB inactive_file:40kB unevictable:3536kB writepending:0kB zspages:0kB present:1032196kB managed:292748kB mlocked:0kB bounce:0kB free_pcp:12476kB local_pcp:888kB free_cma:0kB
[  597.885594][T13902] lowmem_reserve[]: 0 0 0 0 0
[  597.893020][T13902] Node 1 DMA32 free:139808kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24564kB inactive_anon:19524kB active_file:24380kB inactive_file:98960kB unevictable:3536kB writepending:520kB zspages:3220kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:36084kB local_pcp:7480kB free_cma:0kB
[  597.909600][T13902] lowmem_reserve[]: 0 0 0 0 0
[  597.911862][T13902] Node 0 DMA: 107*4kB (U) 33*8kB (U) 20*16kB (U) 17*32kB (U) 6*64kB (U) 1*128kB (U) 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 3092kB
[  597.925061][T13902] Node 0 DMA32: 275*4kB (UE) 272*8kB (UME) 151*16kB (UME) 123*32kB (UME) 27*64kB (UE) 21*128kB (UM) 5*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 15836kB
[  597.933059][T13902] Node 1 DMA32: 1145*4kB (UE) 2487*8kB (UME) 1677*16kB (UE) 2*32kB (ME) 44*64kB (UM) 71*128kB (UME) 66*256kB (UM) 62*512kB (UM) 9*1024kB (M) 9*2048kB (M) 0*4096kB = 139564kB
[  597.944166][T13902] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  597.947881][T13902] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  597.951046][T13902] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  597.958781][T13902] Node 1 hugepages_total=4 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  597.961871][T13902] 36841 total pagecache pages
[  597.963597][T13902] 295 pages in swap cache
[  597.965042][T13902] Free swap  = 116472kB
[  597.966530][T13902] Total swap = 124996kB
[  597.969021][T13902] 524155 pages RAM
[  597.970299][T13902] 0 pages HighMem/MovableOnly
[  597.971918][T13902] 210075 pages reserved
[  597.973667][T13902] 0 pages cma reserved
[  598.278281][ T5824] usb 5-1: new high-speed USB device number 115 using dummy_hcd
[  598.428686][ T5824] usb 5-1: Using ep0 maxpacket: 8
[  598.435209][ T5824] usb 5-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  598.440134][ T5824] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  598.443801][ T5824] usb 5-1: Product: syz
[  598.445632][ T5824] usb 5-1: Manufacturer: syz
[  598.451924][ T5824] usb 5-1: SerialNumber: syz
[  598.456736][ T5824] usb 5-1: config 0 descriptor??
[  598.464943][ T5824] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  598.972861][T11710] Bluetooth: hci0: unexpected event for opcode 0x2023
[  599.255769][T13912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  599.662236][T13912] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  599.734194][T13912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  599.741381][T13912] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  599.750063][ T5824] gspca_sonixj: reg_w1 err -71
[  599.751918][ T5824] sonixj 5-1:0.0: probe with driver sonixj failed with error -71
[  599.759758][ T5824] usb 5-1: USB disconnect, device number 115
[  600.308253][T13958] overlayfs: conflicting lowerdir path
[  600.327463][T13958] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  600.368793][T13958] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  600.370868][T13958] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  600.374318][T13958] vhci_hcd vhci_hcd.0: Device attached
[  600.648120][T12029] usb 40-1: SetAddress Request (14) to port 0
[  600.653070][T12029] usb 40-1: new SuperSpeed USB device number 14 using vhci_hcd
[  600.815963][T13961] vhci_hcd: connection reset by peer
[  600.818338][  T102] vhci_hcd vhci_hcd.1: stop threads
[  600.824613][  T102] vhci_hcd vhci_hcd.1: release socket
[  600.832001][  T102] vhci_hcd vhci_hcd.1: disconnect device
[  603.499792][T13993] binder: 13987:13993 ioctl c0285840 80000000 returned -22
[  604.407312][T14006] overlayfs: conflicting lowerdir path
[  604.414745][T14006] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  604.421119][T14006] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  604.423772][T14006] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  604.428716][T14006] vhci_hcd vhci_hcd.0: Device attached
[  604.707912][   T34] usb 38-1: SetAddress Request (14) to port 0
[  604.711229][   T34] usb 38-1: new SuperSpeed USB device number 14 using vhci_hcd
[  605.001952][T14007] vhci_hcd: connection reset by peer
[  605.007996][  T102] vhci_hcd vhci_hcd.0: stop threads
[  605.009638][  T102] vhci_hcd vhci_hcd.0: release socket
[  605.011934][  T102] vhci_hcd vhci_hcd.0: disconnect device
[  605.778064][T12029] usb 40-1: device descriptor read/8, error -110
[  606.509597][T12029] usb usb40-port1: attempt power cycle
[  607.446521][T14036] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2594'.
[  607.514318][T14037] netlink: 'syz.1.2594': attribute type 1 has an invalid length.
[  607.744427][T14039] netlink: 'syz.1.2595': attribute type 1 has an invalid length.
[  607.773998][T14039] bond2: entered promiscuous mode
[  607.776656][T14039] 8021q: adding VLAN 0 to HW filter on device bond2
[  607.805260][T14039] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2595'.
[  608.434616][T14043] 9pnet_virtio: no channels available for device syz
[  608.628337][T12029] usb usb40-port1: unable to enumerate USB device
[  609.517859][T12029] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[  609.658510][T14061] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2603'.
[  609.664640][T14061] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2603'.
[  609.677970][T12029] usb 9-1: Using ep0 maxpacket: 32
[  609.682201][T12029] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  609.687501][T12029] usb 9-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  609.692166][T12029] usb 9-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  609.698292][T12029] usb 9-1: Product: syz
[  609.701830][T12029] usb 9-1: Manufacturer: syz
[  609.704182][T12029] usb 9-1: SerialNumber: syz
[  609.716315][T12029] usb 9-1: config 0 descriptor??
[  609.718676][T14049] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  609.778829][   T34] usb 38-1: device descriptor read/8, error -110
[  610.198364][   T34] usb usb38-port1: attempt power cycle
[  610.355218][ T7440] usb 9-1: USB disconnect, device number 20
[  610.420619][T14067] warn_alloc: 1 callbacks suppressed
[  610.420631][T14067] syz.3.2605: vmalloc error: size 34359742464, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  610.426770][T14067] CPU: 2 UID: 0 PID: 14067 Comm: syz.3.2605 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  610.426788][T14067] Tainted: [L]=SOFTLOCKUP
[  610.426792][T14067] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  610.426799][T14067] Call Trace:
[  610.426804][T14067]  <TASK>
[  610.426809][T14067]  dump_stack_lvl+0x100/0x190
[  610.426825][T14067]  warn_alloc.cold+0x95/0x1c1
[  610.426837][T14067]  ? __pfx_warn_alloc+0x10/0x10
[  610.426859][T14067]  ? stack_depot_save_flags+0x27/0x9d0
[  610.426878][T14067]  ? __lock_acquire+0x4a5/0x2630
[  610.426898][T14067]  ? xskq_create+0xfb/0x1d0
[  610.426912][T14067]  __vmalloc_node_range_noprof+0x136c/0x1630
[  610.426928][T14067]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  610.426947][T14067]  ? xskq_create+0xfb/0x1d0
[  610.426962][T14067]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  610.426984][T14067]  ? xskq_create+0xfb/0x1d0
[  610.427000][T14067]  vmalloc_user_noprof+0x9e/0xe0
[  610.427016][T14067]  ? xskq_create+0xfb/0x1d0
[  610.427028][T14067]  xskq_create+0xfb/0x1d0
[  610.427042][T14067]  xsk_setsockopt+0x56f/0xab0
[  610.427055][T14067]  ? __pfx_xsk_setsockopt+0x10/0x10
[  610.427068][T14067]  ? find_held_lock+0x2b/0x80
[  610.427082][T14067]  ? aa_sock_opt_perm+0xfe/0x1b0
[  610.427107][T14067]  ? __pfx_xsk_setsockopt+0x10/0x10
[  610.427124][T14067]  do_sock_setsockopt+0xf3/0x1d0
[  610.427145][T14067]  __sys_setsockopt+0x119/0x190
[  610.427167][T14067]  __ia32_sys_setsockopt+0xbc/0x160
[  610.427180][T14067]  ? __do_fast_syscall_32+0x98/0x970
[  610.427196][T14067]  ? lockdep_hardirqs_on+0x78/0x100
[  610.427212][T14067]  __do_fast_syscall_32+0xe7/0x970
[  610.427229][T14067]  ? lockdep_hardirqs_on+0x78/0x100
[  610.427245][T14067]  do_fast_syscall_32+0x32/0x70
[  610.427264][T14067]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  610.427278][T14067] RIP: 0023:0xf6ffef7c
[  610.427289][T14067] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  610.427300][T14067] RSP: 002b:00000000f53ed50c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  610.427310][T14067] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b
[  610.427317][T14067] RDX: 0000000000000002 RSI: 0000000080000080 RDI: 000000000000001c
[  610.427324][T14067] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  610.427330][T14067] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  610.427336][T14067] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  610.427350][T14067]  </TASK>
[  610.427354][T14067] Mem-Info:
[  610.511672][T14067] active_anon:6266 inactive_anon:4896 isolated_anon:0
[  610.511672][T14067]  active_file:3889 inactive_file:24756 isolated_file:0
[  610.511672][T14067]  unevictable:1768 dirty:478 writeback:0
[  610.511672][T14067]  slab_reclaimable:7510 slab_unreclaimable:70567
[  610.511672][T14067]  mapped:24955 shmem:7733 pagetables:1298
[  610.511672][T14067]  sec_pagetables:309 bounce:0
[  610.511672][T14067]  kernel_misc_reclaimable:0
[  610.511672][T14067]  free:43542 free_pcp:11152 free_cma:0
[  610.530272][T14067] Node 0 active_anon:228kB inactive_anon:64kB active_file:2572kB inactive_file:40kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8384kB pagetables:1680kB sec_pagetables:1128kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  610.543944][T14067] Node 1 active_anon:23536kB inactive_anon:19520kB active_file:12984kB inactive_file:98984kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:99784kB dirty:1912kB writeback:0kB shmem:26092kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:6608kB pagetables:3512kB sec_pagetables:108kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  610.564038][T14067] Node 0 DMA free:3092kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  610.576251][T14067] lowmem_reserve[]: 0 285 285 285 285
[  610.578872][T14067] Node 0 DMA32 free:15684kB boost:0kB min:13096kB low:16368kB high:19640kB reserved_highatomic:0KB free_highatomic:0KB active_anon:228kB inactive_anon:64kB active_file:2572kB inactive_file:40kB unevictable:3536kB writepending:0kB zspages:0kB present:1032196kB managed:292748kB mlocked:0kB bounce:0kB free_pcp:12720kB local_pcp:3876kB free_cma:0kB
[  610.592847][T14067] lowmem_reserve[]: 0 0 0 0 0
[  610.594644][T14067] Node 1 DMA32 free:155392kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:21636kB inactive_anon:19520kB active_file:12984kB inactive_file:98984kB unevictable:3536kB writepending:1912kB zspages:3220kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:35360kB local_pcp:14048kB free_cma:0kB
[  610.609215][T14067] lowmem_reserve[]: 0 0 0 0 0
[  610.611367][T14067] Node 0 DMA: 107*4kB (U) 33*8kB (U) 20*16kB (U) 17*32kB (U) 6*64kB (U) 1*128kB (U) 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 3092kB
[  610.617319][T14067] Node 0 DMA32: 275*4kB (UE) 265*8kB (UME) 145*16kB (UME) 123*32kB (UME) 27*64kB (UE) 21*128kB (UM) 5*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 15684kB
[  610.624452][T14067] Node 1 DMA32: 986*4kB (UME) 2455*8kB (UE) 1592*16kB (UME) 118*32kB (UME) 142*64kB (UME) 95*128kB (UME) 66*256kB (UME) 72*512kB (UM) 13*1024kB (UME) 7*2048kB (UM) 0*4096kB = 155488kB
[  610.637557][T14067] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  610.640990][T14067] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  610.643831][T14067] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  610.647104][T14067] Node 1 hugepages_total=4 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  610.653261][T14067] 35445 total pagecache pages
[  610.660358][T14067] 295 pages in swap cache
[  610.663364][T14067] Free swap  = 116472kB
[  610.664881][T14067] Total swap = 124996kB
[  610.666723][T14067] 524155 pages RAM
[  610.668481][T14067] 0 pages HighMem/MovableOnly
[  610.669963][T14067] 210075 pages reserved
[  610.671318][T14067] 0 pages cma reserved
[  610.771054][   T34] usb usb38-port1: unable to enumerate USB device
[  610.857811][T14072] FAULT_INJECTION: forcing a failure.
[  610.857811][T14072] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  610.874240][T14072] CPU: 3 UID: 0 PID: 14072 Comm: syz.1.2607 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  610.874260][T14072] Tainted: [L]=SOFTLOCKUP
[  610.874265][T14072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  610.874271][T14072] Call Trace:
[  610.874276][T14072]  <TASK>
[  610.874280][T14072]  dump_stack_lvl+0x100/0x190
[  610.874295][T14072]  should_fail_ex.cold+0x5/0xa
[  610.874310][T14072]  _copy_from_user+0x2e/0xd0
[  610.874327][T14072]  get_compat_msghdr+0xb3/0x4b0
[  610.874341][T14072]  ? __pfx_get_compat_msghdr+0x10/0x10
[  610.874358][T14072]  ___sys_sendmsg+0x1b6/0x1e0
[  610.874376][T14072]  ? __pfx____sys_sendmsg+0x10/0x10
[  610.874397][T14072]  ? find_held_lock+0x2b/0x80
[  610.874419][T14072]  __sys_sendmsg+0x170/0x220
[  610.874431][T14072]  ? __pfx___sys_sendmsg+0x10/0x10
[  610.874441][T14072]  ? __fget_files+0x21f/0x3d0
[  610.874459][T14072]  ? ksys_write+0x1ac/0x250
[  610.874473][T14072]  ? rcu_is_watching+0x12/0xc0
[  610.874491][T14072]  __do_fast_syscall_32+0xe7/0x970
[  610.874509][T14072]  ? lockdep_hardirqs_on+0x78/0x100
[  610.874526][T14072]  do_fast_syscall_32+0x32/0x70
[  610.874543][T14072]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  610.874558][T14072] RIP: 0023:0xf702ef7c
[  610.874567][T14072] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  610.874578][T14072] RSP: 002b:00000000f541d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  610.874590][T14072] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300
[  610.874597][T14072] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  610.874603][T14072] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  610.874609][T14072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  610.874616][T14072] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  610.874629][T14072]  </TASK>
[  610.904553][ T5103] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  610.947044][ T5103] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  610.955806][ T5103] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  610.959350][ T5103] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  610.962219][ T5103] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  612.176234][T14103] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2615'.
[  612.180032][T14103] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2615'.
[  612.436843][T14071] bridge0: port 1(bridge_slave_0) entered blocking state
[  612.439230][T14071] bridge0: port 1(bridge_slave_0) entered disabled state
[  612.442119][T14071] bridge_slave_0: entered allmulticast mode
[  612.446073][T14071] bridge_slave_0: entered promiscuous mode
[  612.450418][T14071] bridge0: port 2(bridge_slave_1) entered blocking state
[  612.453471][T14071] bridge0: port 2(bridge_slave_1) entered disabled state
[  612.456527][T14071] bridge_slave_1: entered allmulticast mode
[  612.459977][T14071] bridge_slave_1: entered promiscuous mode
[  612.479928][T14071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  612.486245][T14071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  612.887824][T14121] 9pnet_virtio: no channels available for device syz
[  613.353367][T11710] Bluetooth: hci2: command tx timeout
[  613.369569][T14071] team0: Port device team_slave_0 added
[  613.400622][T14071] team0: Port device team_slave_1 added
[  613.592164][T14071] batman_adv: batadv0: Adding interface: batadv_slave_0
[  613.617979][T14071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  613.628913][T14071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  613.635030][T14071] batman_adv: batadv0: Adding interface: batadv_slave_1
[  613.641214][T14071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  613.899215][T14071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  613.968604][T14071] hsr_slave_0: entered promiscuous mode
[  614.040123][T14071] hsr_slave_1: entered promiscuous mode
[  614.043174][T14071] debugfs: 'hsr0' already exists in 'hsr'
[  614.045643][T14071] Cannot create hsr debugfs directory
[  614.231511][  T668] macvlan2: left allmulticast mode
[  614.233410][  T668] macvlan2: left promiscuous mode
[  614.237556][  T668] bridge0: port 1(macvlan2) entered disabled state
[  614.251549][T14128] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2620'.
[  614.254500][T14128] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2620'.
[  614.328639][T14131] netlink: 'syz.4.2622': attribute type 1 has an invalid length.
[  614.331813][T14123] overlayfs: conflicting lowerdir path
[  614.341765][T14123] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  614.348231][T14123] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  614.350721][T14123] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  614.353901][T14123] vhci_hcd vhci_hcd.0: Device attached
[  614.362863][T14134] vhci_hcd: connection closed
[  614.363103][T12683] vhci_hcd vhci_hcd.1: stop threads
[  614.367466][T12683] vhci_hcd vhci_hcd.1: release socket
[  614.370417][T12683] vhci_hcd vhci_hcd.1: disconnect device
[  614.389536][T14137] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2622'.
[  614.488718][  T668] bond4 (unregistering): (slave bridge1): Releasing backup interface
[  614.491643][  T668] bridge1 (unregistering): left promiscuous mode
[  614.493795][  T668] bridge1 (unregistering): left allmulticast mode
[  614.583101][  T668] bond5 (unregistering): (slave bridge2): Releasing backup interface
[  614.586775][  T668] bridge2 (unregistering): left promiscuous mode
[  614.731526][  T668] bond0 (unregistering): Released all slaves
[  614.736471][  T668] bond1 (unregistering): Released all slaves
[  614.743915][  T668] bond2 (unregistering): Released all slaves
[  614.751021][  T668] bond3 (unregistering): Released all slaves
[  614.758609][  T668] bond4 (unregistering): Released all slaves
[  614.774118][  T668] bond5 (unregistering): Released all slaves
[  614.783002][  T668] bond6 (unregistering): Released all slaves
[  614.792909][  T668] bond7 (unregistering): Released all slaves
[  614.829538][T14131] bond6: entered promiscuous mode
[  614.831546][T14131] 8021q: adding VLAN 0 to HW filter on device bond6
[  614.981718][  T668] tipc: Left network mode
[  615.005744][ T5457] 8021q: adding VLAN 0 to HW filter on device eth2
[  615.083643][T14154] netlink: 'syz.1.2625': attribute type 1 has an invalid length.
[  615.086435][T14154] netlink: 'syz.1.2625': attribute type 4 has an invalid length.
[  615.089320][T14154] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.2625'.
[  615.120377][ T7440] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[  615.304224][ T7440] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  615.307114][ T7440] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  615.320581][ T7440] usb 5-1: Product: syz
[  615.321935][ T7440] usb 5-1: Manufacturer: syz
[  615.325710][ T7440] usb 5-1: SerialNumber: syz
[  615.353367][ T7440] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  615.367966][T11710] Bluetooth: hci2: command tx timeout
[  615.479789][ T7440] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  615.740190][T14071] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  615.744688][T14071] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  615.752786][T14071] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  615.759618][T14071] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  615.762904][T14071] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  615.767105][T14071] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  615.771613][T14071] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  615.776145][T14071] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  615.856394][T14071] 8021q: adding VLAN 0 to HW filter on device bond0
[  615.875415][T14071] 8021q: adding VLAN 0 to HW filter on device team0
[  615.885303][ T7846] bridge0: port 1(bridge_slave_0) entered blocking state
[  615.887547][ T7846] bridge0: port 1(bridge_slave_0) entered forwarding state
[  615.903189][T12683] bridge0: port 2(bridge_slave_1) entered blocking state
[  615.905501][T12683] bridge0: port 2(bridge_slave_1) entered forwarding state
[  615.916734][   T34] usb 5-1: USB disconnect, device number 116
[  615.969206][  T668] hsr_slave_0: left promiscuous mode
[  615.971979][  T668] hsr_slave_1: left promiscuous mode
[  615.975077][  T668] pim6reg (unregistering): left allmulticast mode
[  616.026074][   T46] smc: removing ib device syz2
[  616.370554][T14071] 8021q: adding VLAN 0 to HW filter on device batadv0
[  616.392058][T14071] veth0_vlan: entered promiscuous mode
[  616.399910][T14071] veth1_vlan: entered promiscuous mode
[  616.416963][T14071] veth0_macvtap: entered promiscuous mode
[  616.421798][T14071] veth1_macvtap: entered promiscuous mode
[  616.431741][T14071] batman_adv: batadv0: Interface activated: batadv_slave_0
[  616.444775][T14071] batman_adv: batadv0: Interface activated: batadv_slave_1
[  616.488314][ T7440] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  616.490900][ T7440] ath9k_htc: Failed to initialize the device
[  616.494553][   T34] usb 5-1: ath9k_htc: USB layer deinitialized
[  616.604767][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  616.606139][T14200] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2631'.
[  616.612190][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  616.630615][ T1166] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  616.638534][ T1166] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  616.677578][T14210] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2630'.
[  616.847161][ T5912] ==================================================================
[  616.849749][ T5912] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x190/0x1c0
[  616.852396][ T5912] Read of size 8 at addr ffff88806b4922f0 by task kworker/0:5/5912
[  616.856694][ T5912] 
[  616.857862][ T5912] CPU: 0 UID: 0 PID: 5912 Comm: kworker/0:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  616.857890][ T5912] Tainted: [L]=SOFTLOCKUP
[  616.857898][ T5912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  616.857909][ T5912] Workqueue: events smc_ib_port_event_work
[  616.857931][ T5912] Call Trace:
[  616.857935][ T5912]  <TASK>
[  616.857941][ T5912]  dump_stack_lvl+0x100/0x190
[  616.857954][ T5912]  print_report+0x13d/0x4b0
[  616.857972][ T5912]  ? __virt_addr_valid+0x239/0x430
[  616.857991][ T5912]  ? __ethtool_get_link_ksettings+0x190/0x1c0
[  616.858010][ T5912]  kasan_report+0xdf/0x1d0
[  616.858024][ T5912]  ? __ethtool_get_link_ksettings+0x190/0x1c0
[  616.858045][ T5912]  __ethtool_get_link_ksettings+0x190/0x1c0
[  616.858065][ T5912]  __ethtool_get_link_ksettings+0x144/0x1c0
[  616.858084][ T5912]  ib_get_eth_speed+0x13a/0xb40
[  616.858097][ T5912]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  616.858112][ T5912]  ? do_raw_spin_unlock+0x145/0x1e0
[  616.858127][ T5912]  rxe_query_port+0x12a/0x330
[  616.858144][ T5912]  ib_query_port+0x445/0x8b0
[  616.858157][ T5912]  smc_ib_port_event_work+0x14c/0xbd0
[  616.858175][ T5912]  ? smc_ib_port_event_work+0x54/0xbd0
[  616.858194][ T5912]  process_one_work+0xa0e/0x1980
[  616.858208][ T5912]  ? __pfx_process_one_work+0x10/0x10
[  616.858220][ T5912]  ? __pfx_smc_ib_port_event_work+0x10/0x10
[  616.858238][ T5912]  worker_thread+0x5ef/0xe50
[  616.858251][ T5912]  ? __pfx_worker_thread+0x10/0x10
[  616.858262][ T5912]  ? kthread+0x13a/0x450
[  616.858278][ T5912]  ? __pfx_worker_thread+0x10/0x10
[  616.858288][ T5912]  kthread+0x370/0x450
[  616.858311][ T5912]  ? __pfx_kthread+0x10/0x10
[  616.858329][ T5912]  ret_from_fork+0x72b/0xd50
[  616.858341][ T5912]  ? __pfx_ret_from_fork+0x10/0x10
[  616.858353][ T5912]  ? __switch_to+0x800/0x1100
[  616.858369][ T5912]  ? __pfx_kthread+0x10/0x10
[  616.858387][ T5912]  ret_from_fork_asm+0x1a/0x30
[  616.858405][ T5912]  </TASK>
[  616.858409][ T5912] 
[  616.916324][ T5912] Allocated by task 5760:
[  616.917667][ T5912]  kasan_save_stack+0x30/0x50
[  616.919128][ T5912]  kasan_save_track+0x14/0x30
[  616.920573][ T5912]  __kasan_kmalloc+0xaa/0xb0
[  616.921989][ T5912]  __kvmalloc_node_noprof+0x360/0xa00
[  616.923619][ T5912]  alloc_netdev_mqs+0xd7/0x1560
[  616.925104][ T5912]  rtnl_create_link+0xc13/0xf80
[  616.926566][ T5912]  rtnl_newlink+0x13bd/0x2380
[  616.927934][ T5912]  rtnetlink_rcv_msg+0x95e/0xe90
[  616.929462][ T5912]  netlink_rcv_skb+0x159/0x420
[  616.930929][ T5912]  netlink_unicast+0x585/0x850
[  616.932397][ T5912]  netlink_sendmsg+0x8b0/0xda0
[  616.933870][ T5912]  __sys_sendto+0x468/0x4b0
[  616.935228][ T5912]  __ia32_compat_sys_socketcall+0x59a/0x770
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  616.937060][ T5912]  do_int80_emulation+0x14b/0x720
[  616.938962][ T5912]  asm_int80_emulation+0x1a/0x20
[  616.940482][ T5912] 
[  616.941230][ T5912] Freed by task 668:
[  616.942431][ T5912]  kasan_save_stack+0x30/0x50
[  616.944015][ T5912]  kasan_save_track+0x14/0x30
[  616.945505][ T5912]  kasan_save_free_info+0x3b/0x70
[  616.947019][ T5912]  __kasan_slab_free+0x5f/0x80
[  616.948536][ T5912]  kfree+0x223/0x6c0
[  616.949753][ T5912]  device_release+0xd2/0x270
[  616.951174][ T5912]  kobject_put+0x1f7/0x640
[  616.952560][ T5912]  netdev_run_todo+0x80f/0x12b0
[  616.954069][ T5912]  default_device_exit_batch+0x92b/0xc10
[  616.955829][ T5912]  ops_undo_list+0x363/0xab0
[  616.957264][ T5912]  cleanup_net+0x499/0x920
[  616.958664][ T5912]  process_one_work+0xa0e/0x1980
[  616.960180][ T5912]  worker_thread+0x5ef/0xe50
[  616.961599][ T5912]  kthread+0x370/0x450
[  616.962851][ T5912]  ret_from_fork+0x72b/0xd50
[  616.964258][ T5912]  ret_from_fork_asm+0x1a/0x30
[  616.965761][ T5912] 
[  616.966522][ T5912] The buggy address belongs to the object at ffff88806b492000
[  616.966522][ T5912]  which belongs to the cache kmalloc-cg-4k of size 4096
[  616.970847][ T5912] The buggy address is located 752 bytes inside of
[  616.970847][ T5912]  freed 4096-byte region [ffff88806b492000, ffff88806b493000)
[  616.974990][ T5912] 
[  616.975768][ T5912] The buggy address belongs to the physical page:
[  616.977685][ T5912] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6b490
[  616.980326][ T5912] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  616.982863][ T5912] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[  616.985175][ T5912] page_type: f5(slab)
[  616.986457][ T5912] raw: 04fff00000000040 ffff88801b880280 dead000000000122 0000000000000000
[  616.989064][ T5912] raw: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000
[  616.991634][ T5912] head: 04fff00000000040 ffff88801b880280 dead000000000122 0000000000000000
[  616.994228][ T5912] head: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000
[  616.996862][ T5912] head: 04fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[  616.999471][ T5912] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  617.002076][ T5912] page dumped because: kasan: bad access detected
[  617.004003][ T5912] page_owner tracks the page as allocated
[  617.005756][ T5912] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5760, tgid 5760 (syz-executor), ts 86456923649, free_ts 0
[  617.011796][ T5912]  post_alloc_hook+0xfd/0x120
[  617.013242][ T5912]  get_page_from_freelist+0x11a6/0x3410
[  617.014932][ T5912]  __alloc_frozen_pages_noprof+0x27c/0x2bc0
[  617.016764][ T5912]  new_slab+0xa6/0x6c0
[  617.018043][ T5912]  refill_objects+0x277/0x420
[  617.019484][ T5912]  __pcs_replace_empty_main+0x375/0x650
[  617.021169][ T5912]  __kmalloc_node_track_caller_noprof+0x694/0x850
[  617.023097][ T5912]  kmemdup_noprof+0x29/0x60
[  617.024482][ T5912]  __addrconf_sysctl_register+0xbb/0x360
[  617.026218][ T5912]  addrconf_sysctl_register+0x163/0x200
[  617.027913][ T5912]  ipv6_add_dev+0xaf2/0x1520
[  617.029343][ T5912]  addrconf_notify+0x5db/0x1ba0
[  617.030833][ T5912]  notifier_call_chain+0x99/0x400
[  617.032377][ T5912]  call_netdevice_notifiers_info+0xbe/0x110
[  617.034176][ T5912]  register_netdevice+0x18fe/0x24b0
[  617.035767][ T5912]  virt_wifi_newlink+0x3ec/0x840
[  617.037284][ T5912] page_owner free stack trace missing
[  617.038918][ T5912] 
[  617.039666][ T5912] Memory state around the buggy address:
[  617.041377][ T5912]  ffff88806b492180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  617.043784][ T5912]  ffff88806b492200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  617.046214][ T5912] >ffff88806b492280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  617.048626][ T5912]                                                              ^
[  617.050931][ T5912]  ffff88806b492300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  617.053349][ T5912]  ffff88806b492380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  617.055788][ T5912] ==================================================================
[  617.139741][ T5912] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  617.141989][ T5912] CPU: 0 UID: 0 PID: 5912 Comm: kworker/0:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  617.145241][ T5912] Tainted: [L]=SOFTLOCKUP
[  617.146528][ T5912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  617.149597][ T5912] Workqueue: events smc_ib_port_event_work
[  617.151382][ T5912] Call Trace:
[  617.152409][ T5912]  <TASK>
[  617.153443][ T5912]  dump_stack_lvl+0x100/0x190
[  617.154936][ T5912]  vpanic+0x552/0x970
[  617.156206][ T5912]  ? __pfx_vpanic+0x10/0x10
[  617.157636][ T5912]  ? __ethtool_get_link_ksettings+0x190/0x1c0
[  617.159548][ T5912]  panic+0xd1/0xe0
[  617.160717][ T5912]  ? __pfx_panic+0x10/0x10
[  617.162134][ T5912]  ? __ethtool_get_link_ksettings+0x190/0x1c0
[  617.164093][ T5912]  ? preempt_schedule_common+0x42/0xc0
[  617.165819][ T5912]  ? check_panic_on_warn+0x1f/0x90
[  617.167402][ T5912]  check_panic_on_warn.cold+0x19/0x34
[  617.169077][ T5912]  end_report.part.0+0x3a/0x90
[  617.170553][ T5912]  kasan_report.cold+0xe/0x18
[  617.172007][ T5912]  ? __ethtool_get_link_ksettings+0x190/0x1c0
[  617.173868][ T5912]  __ethtool_get_link_ksettings+0x190/0x1c0
[  617.175703][ T5912]  __ethtool_get_link_ksettings+0x144/0x1c0
[  617.177515][ T5912]  ib_get_eth_speed+0x13a/0xb40
[  617.179021][ T5912]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  617.180654][ T5912]  ? do_raw_spin_unlock+0x145/0x1e0
[  617.182250][ T5912]  rxe_query_port+0x12a/0x330
[  617.183693][ T5912]  ib_query_port+0x445/0x8b0
[  617.185121][ T5912]  smc_ib_port_event_work+0x14c/0xbd0
[  617.186809][ T5912]  ? smc_ib_port_event_work+0x54/0xbd0
[  617.188491][ T5912]  process_one_work+0xa0e/0x1980
[  617.190014][ T5912]  ? __pfx_process_one_work+0x10/0x10
[  617.191650][ T5912]  ? __pfx_smc_ib_port_event_work+0x10/0x10
[  617.193484][ T5912]  worker_thread+0x5ef/0xe50
[  617.194914][ T5912]  ? __pfx_worker_thread+0x10/0x10
[  617.196473][ T5912]  ? kthread+0x13a/0x450
[  617.197793][ T5912]  ? __pfx_worker_thread+0x10/0x10
[  617.199455][ T5912]  kthread+0x370/0x450
[  617.200715][ T5912]  ? __pfx_kthread+0x10/0x10
[  617.202147][ T5912]  ret_from_fork+0x72b/0xd50
[  617.203566][ T5912]  ? __pfx_ret_from_fork+0x10/0x10
[  617.205128][ T5912]  ? __switch_to+0x800/0x1100
[  617.206589][ T5912]  ? __pfx_kthread+0x10/0x10
[  617.208023][ T5912]  ret_from_fork_asm+0x1a/0x30
[  617.209481][ T5912]  </TASK>
[  617.211160][ T5912] Kernel Offset: disabled
[  617.212499][ T5912] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:34:27  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000079 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff857c35a5 RDI=ffffffff9b44d300 RBP=ffffffff9b44d2c0 RSP=ffffc900061cf3b8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3630383838666666
R12=0000000000000000 R13=0000000000000079 R14=0000000000000010 R15=ffffffff857c3540
RIP=ffffffff857c35cf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809718a000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000031b13ff8 CR3=0000000070662000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000015c1d8b RBX=ffff88801c32a540 RCX=ffffffff8b86e225 RDX=0000000000000000
RSI=ffffffff8df1a757 RDI=ffffffff8c1c4380 RBP=0000000000000000 RSP=ffffc9000046fdf0
R8 =0000000000000001 R9 =ffffed10056667b5 R10=ffff88802b333dab R11=0000000000000000
R12=0000000000000001 R13=ffffed10038654a8 R14=0000000000000001 R15=ffffffff90d73c50
RIP=ffffffff8b86c87f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809728a000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7f8a190 CR3=0000000070662000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=00000176a2f10157 RBX=ffff88802b423f80 RCX=00000000000006e0 RDX=0000000000000176
RSI=ffffffff81f7e195 RDI=ffff88802a7c0000 RBP=0000008f99ba670d RSP=ffffc90002abef48
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=1ffff92000557df3 R13=0000000000000001 R14=0000000000000001 R15=ffff88802b423fc0
RIP=ffffffff81f7e1a8 RFL=00000003 [------C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f66b4236300 ffffffff 00c00000
GS =0000 ffff88809738a000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000558ff109ff40 CR3=0000000025836000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=bca9605dbf10ec6d 47ff94e88aa8e166 bca9605dbf10ec6d 47ff94e88aa8e166 bca9605dbf10ec6d 47ff94e88aa8e166 bca9605dbf10ec6d 47ff94e88aa8e166
ZMM18=8f901a8e8e56791a ad579d9d8934783b 8f901a8e8e56791a ad579d9d8934783b 8f901a8e8e56791a ad579d9d8934783b 8f901a8e8e56791a ad579d9d8934783b
ZMM19=de15000000000000 0000000000000004 de15000000000000 0000000000000003 de15000000000000 0000000000000002 de15000000000000 0000000000000001
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 80030008000ff803 0008000ff0030008 000fe8030008000f e0030008000fd803
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 01ffffffffffffff ffdf080fb8030008
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000fb0030108000f a803028008000fa0 030208000f980310 08000f9003080800
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 22b0030fffffffff 0422a00300080022 9803000800229003 5408002288030008
ZMM25=ad579d9dad579d9d ad579d9dad579d9d ad579d9dad579d9d ad579d9dad579d9d ad579d9dad579d9d ad579d9dad579d9d ad579d9dad579d9d ad579d9dad579d9d
ZMM26=8e56791a8e56791a 8e56791a8e56791a 8e56791a8e56791a 8e56791a8e56791a 8e56791a8e56791a 8e56791a8e56791a 8e56791a8e56791a 8e56791a8e56791a
ZMM27=8f901a8e8f901a8e 8f901a8e8f901a8e 8f901a8e8f901a8e 8f901a8e8f901a8e 8f901a8e8f901a8e 8f901a8e8f901a8e 8f901a8e8f901a8e 8f901a8e8f901a8e
ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=dd150000dd150000 dd150000dd150000 dd150000dd150000 dd150000dd150000 dd150000dd150000 dd150000dd150000 dd150000dd150000 dd150000dd150000
info registers vcpu 3

CPU#3
RAX=0000000000a22f17 RBX=ffff88801c3da540 RCX=ffffffff8b86e225 RDX=0000000000000000
RSI=ffffffff8df1a757 RDI=ffffffff8c1c4380 RBP=0000000000000000 RSP=ffffc9000048fdf0
R8 =0000000000000001 R9 =ffffed10056a67b5 R10=ffff88802b533dab R11=0000000000000000
R12=0000000000000003 R13=ffffed100387b4a8 R14=0000000000000003 R15=ffffffff90d73c50
RIP=ffffffff8b86c87f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809748a000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000035219b18 CR3=000000006ab1f000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ea151e92950a5887 af3d274f4f033fe9
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2311f3751193bf7f ce06f6e3334ac56f
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e1b86fba2aa29ce8 a1cb9db2dde692f7
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 940e2f6546febd8d d1b89f9ed36df040
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000004900
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9824abc0a2a20556 00000176a2a38442
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a07b804200800100 00800100a2dde5ac
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a0a9ae6400000176 0000017600000176
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0080010000000176 0000017600000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 afb387c43ea8a681 d83b93a79678a2cf
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 17f9e05df52f511f fb0111850aae1be3
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000