last executing test programs:

1m22.33972084s ago: executing program 2 (id=2372):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000240), 0x2149a2, 0x0)
write$dsp(r2, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0xa031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000007c0)={<r5=>0xffffffffffffffff})
setsockopt$TIPC_IMPORTANCE(r5, 0x10f, 0x7f, &(0x7f0000000340)=0x7, 0x4)
getsockname$packet(r4, &(0x7f0000000140)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r7 = socket$nl_route(0x10, 0x3, 0x0)
keyctl$restrict_keyring(0xa, 0x0, &(0x7f0000000300)='asymmetric\x00', 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r6, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r6], 0x40}, 0x1, 0x0, 0x0, 0x2000c084}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c00000010003904fcffffff0000000000000000", @ANYRES32=r6, @ANYBLOB="00000000422200042c00128008000100677265002000028008000500bb7e00000800040006"], 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x844)

1m21.459962291s ago: executing program 2 (id=2379):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x800000)
bind$inet6(r3, &(0x7f0000000440)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r3, 0x4)
fanotify_init(0x0, 0x0)
epoll_create1(0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

1m20.348674596s ago: executing program 2 (id=2386):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000ff0d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r0, 0x2000012, 0x0, 0x0, &(0x7f00000005c0), 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

1m20.270580172s ago: executing program 2 (id=2388):
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mkdir(&(0x7f00000008c0)='./bus\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
mknodat(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000280)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
r2 = open(&(0x7f0000000640)='./file1\x00', 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000440)={0x0, <r3=>0x0})
sched_setscheduler(r3, 0x2, &(0x7f00000004c0)=0x581686b7)
getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000300), &(0x7f0000000380)=0x4)
renameat2(r1, &(0x7f0000000040)='./file0\x00', r2, &(0x7f00000002c0)='./file1\x00', 0x1)
chdir(&(0x7f0000000140)='./bus\x00')
r4 = syz_open_dev$mouse(&(0x7f0000000180), 0xffff2987, 0x2)
readv(r4, &(0x7f0000000200)=[{&(0x7f0000000000)=""/58, 0x3a}], 0x1)
write$tun(r4, &(0x7f0000000300)=ANY=[], 0x16e)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000600)='./file0\x00', &(0x7f0000000100)='devpts\x00', 0x0, 0x0)
mount$9p_xen(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x345065, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

1m19.38085617s ago: executing program 2 (id=2392):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, 0x0, 0x0)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={<r2=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000001380)={r2}, &(0x7f0000000040)=0x8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000080)={<r5=>0x0}, &(0x7f00000000c0)=0xc)
prlimit64(r5, 0x1, &(0x7f0000000240)={0x3, 0x5}, &(0x7f0000000300))
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
memfd_create(&(0x7f0000000500)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F', 0x1)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_BIND_IP(r6, &(0x7f0000000000)={0x16, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @mcast2, 0x4}}}, 0x30)
r7 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r7, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x18, 0x2c, 0x1, 0x70bd26, 0x25dfdbfc, {0x4, 0x0, 0x2800}, [@typed={0x4, 0x1d, 0x0, 0x0, @binary}]}, 0x18}, 0x1, 0x0, 0x0, 0x404000c}, 0x40000)

1m19.219712765s ago: executing program 2 (id=2393):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xfffffff9, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc2c45513, &(0x7f0000000040)={{0xa, 0x0, 0x6, 0xe, 'syz0\x00', 0xffff0001}, 0x1, [0x99, 0xa1, 0x100, 0x69, 0x200, 0x7, 0x8, 0x2, 0xa371, 0x3, 0x6, 0x9, 0x2, 0x7, 0x3ff, 0x4, 0x8001, 0x401, 0x9, 0x6, 0x55f, 0x4, 0x74eb94c5, 0x8, 0x90ca, 0x2, 0x8000, 0x2, 0x800, 0xf4, 0x8, 0xe, 0xfff, 0x94, 0x19, 0x9, 0x2, 0x3, 0x1, 0x8, 0xbf4, 0x6, 0x400, 0x9, 0x2, 0x390, 0x0, 0x77, 0x9, 0x1e, 0x0, 0x7ff, 0x0, 0x0, 0xd, 0x9, 0x9, 0x2, 0x4, 0x1, 0x7, 0x40, 0x1, 0x40, 0x5, 0x8001, 0xff, 0xe, 0xe4, 0x2, 0xffffffff, 0x2, 0x7f, 0xfffffffb, 0x3, 0x10001, 0x9, 0x6, 0x2, 0x7, 0x75976962, 0x5, 0xa, 0xc, 0x13120000, 0x7, 0x8, 0x9, 0x7f, 0x3, 0x9, 0x2, 0x8, 0x101, 0x3, 0x4, 0x2, 0xe891, 0x4, 0x5, 0x40, 0x7, 0x1, 0xb, 0x1a, 0x2e, 0x40, 0xffffffb1, 0xfffff001, 0x5, 0x8, 0x41a0, 0x9, 0xfffffffe, 0xd, 0x4, 0x0, 0x2, 0x80000000, 0x3, 0x0, 0x4, 0xb925, 0x6c2, 0x9, 0x2, 0x8, 0xe705]})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'team0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'team0\x00', <r4=>0x0})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000440)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000480)=0x14)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'team0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'team0\x00', <r7=>0x0})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000540)={<r8=>0x0, @private}, &(0x7f0000000580)=0xc)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00', <r9=>0x0})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'veth1_macvtap\x00', <r10=>0x0})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000640)={'vcan0\x00', <r11=>0x0})
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000680)={@loopback, @remote, <r12=>0x0}, &(0x7f00000006c0)=0xc)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'batadv_slave_0\x00', <r13=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000740)={'team0\x00', <r14=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000e00)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000780)={0x640, r2, 0x20, 0x70bd27, 0x25dfdbfb, {}, [{{0x8, 0x1, r3}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x0, 0x6, 0x4, 0x2}]}}}]}}, {{0x8, 0x1, r4}, {0x194, 0x2, 0x0, 0x1, [{0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x5, 0x4, 0x5, 0x1}, {0x8d3, 0x9, 0x4, 0x9}, {0x40, 0x4, 0xc, 0xffff}, {0x1e34, 0x9, 0x7f, 0x8}, {0x6, 0x4, 0x4, 0xa03}, {0x81, 0x6, 0x5, 0xf}]}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xa}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xe50}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r7}, {0xe4, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x34, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x400}}}]}}, {{0x8, 0x1, r9}, {0xf0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xff}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xfffffff3}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r10}}}]}}, {{0x8}, {0x1e0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r12}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r13}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x641b}}}]}}, {{0x8, 0x1, r14}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xe}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}]}}]}, 0x640}, 0x1, 0x0, 0x0, 0x4c000}, 0x44021)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000e40)=0x7fff, 0x4)
r15 = accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000e80), 0x80000)
setsockopt$packet_int(r15, 0x107, 0xc, &(0x7f0000000ec0)=0x8, 0x4)
r16 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEYRING(r16, 0x110, 0x2, &(0x7f0000000f00)='bpf_hash_func\x00', 0xe)
ioctl$sock_kcm_SIOCKCMCLONE(r15, 0x89e2, &(0x7f0000000f40)={<r17=>r1})
sendmsg$nl_route(r17, &(0x7f0000001040)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001000)={&(0x7f0000000fc0)=@ipv4_getroute={0x1c, 0x1a, 0x2, 0x70bd2b, 0x25dfdbfe, {0x2, 0x0, 0x10, 0x3, 0xfc, 0x4, 0xc8, 0x2, 0x3a00}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4090)
sendmsg$nl_route_sched(r17, &(0x7f0000001140)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0xa002000}, 0xc, &(0x7f0000001100)={&(0x7f00000010c0)=@deltclass={0x30, 0x29, 0x101, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0xffff, 0xa}, {0x1, 0x5}, {0x4, 0x10}}, [@tclass_kind_options=@c_clsact={0xb}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000880}, 0x41)
r18 = socket$nl_generic(0x10, 0x3, 0x10)
r19 = syz_genetlink_get_family_id$tipc(&(0x7f00000011c0), r1)
sendmsg$TIPC_CMD_DISABLE_BEARER(r18, &(0x7f0000001280)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001240)={&(0x7f0000001200)={0x2c, r19, 0x4, 0x70bd2d, 0x25dfdbfc, {{}, {}, {0x10, 0x13, @udp='udp:syz0\x00'}}, ["", "", "", "", "", "", "", ""]}, 0x2c}}, 0x24040844)
r20 = syz_genetlink_get_family_id$fou(&(0x7f0000001300), r1)
sendmsg$FOU_CMD_GET(r1, &(0x7f00000013c0)={&(0x7f00000012c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001380)={&(0x7f0000001340)={0x3c, r20, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@FOU_ATTR_PORT={0x6, 0x1, 0x4e23}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)

1m19.130936092s ago: executing program 32 (id=2393):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xfffffff9, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc2c45513, &(0x7f0000000040)={{0xa, 0x0, 0x6, 0xe, 'syz0\x00', 0xffff0001}, 0x1, [0x99, 0xa1, 0x100, 0x69, 0x200, 0x7, 0x8, 0x2, 0xa371, 0x3, 0x6, 0x9, 0x2, 0x7, 0x3ff, 0x4, 0x8001, 0x401, 0x9, 0x6, 0x55f, 0x4, 0x74eb94c5, 0x8, 0x90ca, 0x2, 0x8000, 0x2, 0x800, 0xf4, 0x8, 0xe, 0xfff, 0x94, 0x19, 0x9, 0x2, 0x3, 0x1, 0x8, 0xbf4, 0x6, 0x400, 0x9, 0x2, 0x390, 0x0, 0x77, 0x9, 0x1e, 0x0, 0x7ff, 0x0, 0x0, 0xd, 0x9, 0x9, 0x2, 0x4, 0x1, 0x7, 0x40, 0x1, 0x40, 0x5, 0x8001, 0xff, 0xe, 0xe4, 0x2, 0xffffffff, 0x2, 0x7f, 0xfffffffb, 0x3, 0x10001, 0x9, 0x6, 0x2, 0x7, 0x75976962, 0x5, 0xa, 0xc, 0x13120000, 0x7, 0x8, 0x9, 0x7f, 0x3, 0x9, 0x2, 0x8, 0x101, 0x3, 0x4, 0x2, 0xe891, 0x4, 0x5, 0x40, 0x7, 0x1, 0xb, 0x1a, 0x2e, 0x40, 0xffffffb1, 0xfffff001, 0x5, 0x8, 0x41a0, 0x9, 0xfffffffe, 0xd, 0x4, 0x0, 0x2, 0x80000000, 0x3, 0x0, 0x4, 0xb925, 0x6c2, 0x9, 0x2, 0x8, 0xe705]})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'team0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'team0\x00', <r4=>0x0})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000440)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000480)=0x14)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'team0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'team0\x00', <r7=>0x0})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000540)={<r8=>0x0, @private}, &(0x7f0000000580)=0xc)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00', <r9=>0x0})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'veth1_macvtap\x00', <r10=>0x0})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000640)={'vcan0\x00', <r11=>0x0})
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000680)={@loopback, @remote, <r12=>0x0}, &(0x7f00000006c0)=0xc)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'batadv_slave_0\x00', <r13=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000740)={'team0\x00', <r14=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000e00)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000780)={0x640, r2, 0x20, 0x70bd27, 0x25dfdbfb, {}, [{{0x8, 0x1, r3}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x0, 0x6, 0x4, 0x2}]}}}]}}, {{0x8, 0x1, r4}, {0x194, 0x2, 0x0, 0x1, [{0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x5, 0x4, 0x5, 0x1}, {0x8d3, 0x9, 0x4, 0x9}, {0x40, 0x4, 0xc, 0xffff}, {0x1e34, 0x9, 0x7f, 0x8}, {0x6, 0x4, 0x4, 0xa03}, {0x81, 0x6, 0x5, 0xf}]}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xa}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xe50}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r7}, {0xe4, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x34, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x400}}}]}}, {{0x8, 0x1, r9}, {0xf0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xff}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xfffffff3}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r10}}}]}}, {{0x8}, {0x1e0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r12}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r13}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x641b}}}]}}, {{0x8, 0x1, r14}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xe}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}]}}]}, 0x640}, 0x1, 0x0, 0x0, 0x4c000}, 0x44021)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000e40)=0x7fff, 0x4)
r15 = accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000e80), 0x80000)
setsockopt$packet_int(r15, 0x107, 0xc, &(0x7f0000000ec0)=0x8, 0x4)
r16 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEYRING(r16, 0x110, 0x2, &(0x7f0000000f00)='bpf_hash_func\x00', 0xe)
ioctl$sock_kcm_SIOCKCMCLONE(r15, 0x89e2, &(0x7f0000000f40)={<r17=>r1})
sendmsg$nl_route(r17, &(0x7f0000001040)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001000)={&(0x7f0000000fc0)=@ipv4_getroute={0x1c, 0x1a, 0x2, 0x70bd2b, 0x25dfdbfe, {0x2, 0x0, 0x10, 0x3, 0xfc, 0x4, 0xc8, 0x2, 0x3a00}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4090)
sendmsg$nl_route_sched(r17, &(0x7f0000001140)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0xa002000}, 0xc, &(0x7f0000001100)={&(0x7f00000010c0)=@deltclass={0x30, 0x29, 0x101, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0xffff, 0xa}, {0x1, 0x5}, {0x4, 0x10}}, [@tclass_kind_options=@c_clsact={0xb}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000880}, 0x41)
r18 = socket$nl_generic(0x10, 0x3, 0x10)
r19 = syz_genetlink_get_family_id$tipc(&(0x7f00000011c0), r1)
sendmsg$TIPC_CMD_DISABLE_BEARER(r18, &(0x7f0000001280)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001240)={&(0x7f0000001200)={0x2c, r19, 0x4, 0x70bd2d, 0x25dfdbfc, {{}, {}, {0x10, 0x13, @udp='udp:syz0\x00'}}, ["", "", "", "", "", "", "", ""]}, 0x2c}}, 0x24040844)
r20 = syz_genetlink_get_family_id$fou(&(0x7f0000001300), r1)
sendmsg$FOU_CMD_GET(r1, &(0x7f00000013c0)={&(0x7f00000012c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001380)={&(0x7f0000001340)={0x3c, r20, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@FOU_ATTR_PORT={0x6, 0x1, 0x4e23}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)

5.149715451s ago: executing program 0 (id=2896):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004a60000000800000001000000800000", @ANYRES64, @ANYBLOB="1000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="030000000500"/28], 0x50)
r0 = socket$packet(0x11, 0x2, 0x300)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@delqdisc={0x398, 0x25, 0x800, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xf}, {0xffe0, 0x9}, {0x5, 0xffe0}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0xff}, @TCA_STAB={0x100, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x79, 0x11, 0x0, 0x0, 0x0, 0x5, 0x1}}, {0x6, 0x2, [0x1000]}}, {{0x1c, 0x1, {0x2, 0x7, 0x3, 0xf4e, 0x2, 0x10, 0x5, 0x1}}, {0x6, 0x2, [0xbe4b]}}, {{0x1c, 0x1, {0x2a, 0x0, 0x7, 0x1, 0x0, 0x1, 0x3, 0x2}}, {0x8, 0x2, [0x4, 0x3a]}}, {{0x1c, 0x1, {0xf3, 0x8, 0x29d, 0x5f9a, 0x2, 0xc7, 0x6, 0x9}}, {0x16, 0x2, [0x6, 0xc, 0xcf5, 0x10, 0x6, 0xff, 0x3, 0x0, 0x1a]}}, {{0x1c, 0x1, {0x6, 0x73, 0x6d82, 0xfff, 0x1, 0x0, 0x9, 0x9}}, {0x16, 0x2, [0x7f, 0x3, 0x140, 0xb6, 0x9, 0xebf, 0x3, 0x8, 0x4]}}, {{0x1c, 0x1, {0x9, 0x9, 0x6, 0xfffffff8, 0x2, 0x7fffffff, 0x7c0c1184, 0x4}}, {0xc, 0x2, [0xd3, 0x10, 0x400, 0x5]}}]}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}, @TCA_RATE={0x6, 0x5, {0x6d, 0x2}}, @TCA_RATE={0x6, 0x5, {0x81, 0xd}}, @qdisc_kind_options=@q_mqprio={{0xb}, {0x248, 0x2, {{0xe, [0x6, 0xa, 0xa, 0x5, 0x8, 0x2, 0x1, 0x3, 0x9, 0x10, 0xe, 0x9, 0x6, 0x3, 0x2, 0xc], 0x0, [0x5, 0xe, 0x7fff, 0x4, 0xa, 0xd, 0x2, 0x2, 0x2, 0x8, 0x1, 0x2, 0x80, 0x400, 0x101, 0x4], [0x1, 0x3, 0x5, 0x21, 0x7, 0x8001, 0x3, 0x3, 0x101, 0x7fff, 0xb, 0x2, 0x400, 0x1, 0x3, 0x8]}, [@TCA_MQPRIO_MIN_RATE64={0x64, 0x3, 0x0, 0x1, [{0xc, 0x3, 0x1000000000a3e}, {0xc, 0x3, 0x7fffffff}, {0xc, 0x3, 0x8}, {0xc, 0x3, 0x400}, {0xc, 0x3, 0x7}, {0xc, 0x3, 0x2400}, {0xc, 0x3, 0xfed}, {0xc, 0x3, 0x1c0000}]}, @TCA_MQPRIO_MODE={0x6}, @TCA_MQPRIO_SHAPER={0x6, 0x2, 0x1}, @TCA_MQPRIO_MAX_RATE64={0xa0, 0x4, 0x0, 0x1, [{0xc, 0x4, 0xc}, {0xc, 0x4, 0x80}, {0xc, 0x4, 0xf}, {0xc, 0x4, 0x5}, {0xc, 0x4, 0x62d89ecc}, {0xc, 0x4, 0x752}, {0xc, 0x4, 0x5}, {0xc, 0x4, 0xf}, {0xc, 0x4, 0x800}, {0xc, 0x4, 0xffff}, {0xc, 0x4, 0x10}, {0xc, 0x4, 0x401}, {0xc, 0x4, 0x2}]}, @TCA_MQPRIO_SHAPER={0x6}, @TCA_MQPRIO_MIN_RATE64={0xc4, 0x3, 0x0, 0x1, [{0xc, 0x3, 0x9}, {0xc, 0x3, 0xd}, {0xc, 0x3, 0x7}, {0xc, 0x3, 0x9}, {0xc, 0x3, 0x9}, {0xc, 0x3, 0x3}, {0xc, 0x3, 0xd72}, {0xc, 0x3, 0x5117}, {0xc, 0x3, 0x9}, {0xc}, {0xc, 0x3, 0x789}, {0xc, 0x3, 0x80000001}, {0xc, 0x3, 0x9}, {0xc, 0x3, 0xfff}, {0xc, 0x3, 0x7fffffff}, {0xc, 0x3, 0x7fffffff}]}, @TCA_MQPRIO_MODE={0x6, 0x1, 0x1}, @TCA_MQPRIO_MODE={0x6}]}}}]}, 0x398}}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@delqdisc={0x398, 0x25, 0x800, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xf}, {0xffe0, 0x9}, {0x5, 0xffe0}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0xff}, @TCA_STAB={0x100, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x79, 0x11, 0x0, 0x0, 0x0, 0x5, 0x1}}, {0x6, 0x2, [0x1000]}}, {{0x1c, 0x1, {0x2, 0x7, 0x3, 0xf4e, 0x2, 0x10, 0x5, 0x1}}, {0x6, 0x2, [0xbe4b]}}, {{0x1c, 0x1, {0x2a, 0x0, 0x7, 0x1, 0x0, 0x1, 0x3, 0x2}}, {0x8, 0x2, [0x4, 0x3a]}}, {{0x1c, 0x1, {0xf3, 0x8, 0x29d, 0x5f9a, 0x2, 0xc7, 0x6, 0x9}}, {0x16, 0x2, [0x6, 0xc, 0xcf5, 0x10, 0x6, 0xff, 0x3, 0x0, 0x1a]}}, {{0x1c, 0x1, {0x6, 0x73, 0x6d82, 0xfff, 0x1, 0x0, 0x9, 0x9}}, {0x16, 0x2, [0x7f, 0x3, 0x140, 0xb6, 0x9, 0xebf, 0x3, 0x8, 0x4]}}, {{0x1c, 0x1, {0x9, 0x9, 0x6, 0xfffffff8, 0x2, 0x7fffffff, 0x7c0c1184, 0x4}}, {0xc, 0x2, [0xd3, 0x10, 0x400, 0x5]}}]}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}, @TCA_RATE={0x6, 0x5, {0x6d, 0x2}}, @TCA_RATE={0x6, 0x5, {0x81, 0xd}}, @qdisc_kind_options=@q_mqprio={{0xb}, {0x248, 0x2, {{0xe, [0x6, 0xa, 0xa, 0x5, 0x8, 0x2, 0x1, 0x3, 0x9, 0x10, 0xe, 0x9, 0x6, 0x3, 0x2, 0xc], 0x0, [0x5, 0xe, 0x7fff, 0x4, 0xa, 0xd, 0x2, 0x2, 0x2, 0x8, 0x1, 0x2, 0x80, 0x400, 0x101, 0x4], [0x1, 0x3, 0x5, 0x21, 0x7, 0x8001, 0x3, 0x3, 0x101, 0x7fff, 0xb, 0x2, 0x400, 0x1, 0x3, 0x8]}, [@TCA_MQPRIO_MIN_RATE64={0x64, 0x3, 0x0, 0x1, [{0xc, 0x3, 0x1000000000a3e}, {0xc, 0x3, 0x7fffffff}, {0xc, 0x3, 0x8}, {0xc, 0x3, 0x400}, {0xc, 0x3, 0x7}, {0xc, 0x3, 0x2400}, {0xc, 0x3, 0xfed}, {0xc, 0x3, 0x1c0000}]}, @TCA_MQPRIO_MODE={0x6}, @TCA_MQPRIO_SHAPER={0x6, 0x2, 0x1}, @TCA_MQPRIO_MAX_RATE64={0xa0, 0x4, 0x0, 0x1, [{0xc, 0x4, 0xc}, {0xc, 0x4, 0x80}, {0xc, 0x4, 0xf}, {0xc, 0x4, 0x5}, {0xc, 0x4, 0x62d89ecc}, {0xc, 0x4, 0x752}, {0xc, 0x4, 0x5}, {0xc, 0x4, 0xf}, {0xc, 0x4, 0x800}, {0xc, 0x4, 0xffff}, {0xc, 0x4, 0x10}, {0xc, 0x4, 0x401}, {0xc, 0x4, 0x2}]}, @TCA_MQPRIO_SHAPER={0x6}, @TCA_MQPRIO_MIN_RATE64={0xc4, 0x3, 0x0, 0x1, [{0xc, 0x3, 0x9}, {0xc, 0x3, 0xd}, {0xc, 0x3, 0x7}, {0xc, 0x3, 0x9}, {0xc, 0x3, 0x9}, {0xc, 0x3, 0x3}, {0xc, 0x3, 0xd72}, {0xc, 0x3, 0x5117}, {0xc, 0x3, 0x9}, {0xc}, {0xc, 0x3, 0x789}, {0xc, 0x3, 0x80000001}, {0xc, 0x3, 0x9}, {0xc, 0x3, 0xfff}, {0xc, 0x3, 0x7fffffff}, {0xc, 0x3, 0x7fffffff}]}, @TCA_MQPRIO_MODE={0x6, 0x1, 0x1}, @TCA_MQPRIO_MODE={0x6}]}}}]}, 0x398}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vlan0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000180)={r2, 0x1, 0x6, @multicast}, 0x10)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0xf}}}, 0x24}}, 0x0) (async)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0xf}}}, 0x24}}, 0x0)
inotify_init()
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x240007f7)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8923, &(0x7f00000000c0)={'bond_slave_0\x00', @broadcast}) (async)
ioctl$SIOCSIFHWADDR(r4, 0x8923, &(0x7f00000000c0)={'bond_slave_0\x00', @broadcast})
r5 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
r6 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x4)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r7, 0x10e, 0x8, &(0x7f0000000080)=0x4a810da0, 0x4)
writev(r0, &(0x7f0000000380)=[{&(0x7f0000000480)="cf7c6210988d2f29819ab26a5a5f77041add043c11e8ff89efdf5b7706badb954d2699cce80ae744f4306abb6453f2a82db48cc55ef6b332396214d1e43f0f004033435d9116b746bfb9232e7d7fcd4e13e4252b81bed1805822f645defd2560cf03ca8cf09b2ed9c6f21f83c002d429fc1eb8ad59720ef45ffa2490ba613561f11bf4786df13af712f628d0f838a6982bece384b4a3c6e322ebc4db2b042ff2c7b0002b4a6e881c8c3fc0cc8ecefe8cac49c408921f4c012ba5418d0ed1271ba1706e2e313bfac78b1dfd0f289acd670cdc824cb1e218d9893affe26679ab5ed84a2306c503e40f7921a7ca2290bed16c1b691e4d8a95623f5a7cffbb176b8e7762f6bff1b7fc4571409b4acde5ac4b957a96163e706cdb0416221a825da96ffa88f6c733e5298d56a4355ee99ca81476f7e4322528e4b6d7ee00"/325, 0x145}, {&(0x7f0000000140)="7a68c3dc1f4e847e9385c84f45cb8950afbf41ed53e46acd7f8365e6f3af2fe3177809c85dce6a4f64935b98dcf465c2f668374646a5760eabaa04", 0x3b}], 0x2) (async)
writev(r0, &(0x7f0000000380)=[{&(0x7f0000000480)="cf7c6210988d2f29819ab26a5a5f77041add043c11e8ff89efdf5b7706badb954d2699cce80ae744f4306abb6453f2a82db48cc55ef6b332396214d1e43f0f004033435d9116b746bfb9232e7d7fcd4e13e4252b81bed1805822f645defd2560cf03ca8cf09b2ed9c6f21f83c002d429fc1eb8ad59720ef45ffa2490ba613561f11bf4786df13af712f628d0f838a6982bece384b4a3c6e322ebc4db2b042ff2c7b0002b4a6e881c8c3fc0cc8ecefe8cac49c408921f4c012ba5418d0ed1271ba1706e2e313bfac78b1dfd0f289acd670cdc824cb1e218d9893affe26679ab5ed84a2306c503e40f7921a7ca2290bed16c1b691e4d8a95623f5a7cffbb176b8e7762f6bff1b7fc4571409b4acde5ac4b957a96163e706cdb0416221a825da96ffa88f6c733e5298d56a4355ee99ca81476f7e4322528e4b6d7ee00"/325, 0x145}, {&(0x7f0000000140)="7a68c3dc1f4e847e9385c84f45cb8950afbf41ed53e46acd7f8365e6f3af2fe3177809c85dce6a4f64935b98dcf465c2f668374646a5760eabaa04", 0x3b}], 0x2)
r8 = open(&(0x7f0000000240)='./file0\x00', 0x214081, 0x0)
unlinkat(r8, &(0x7f0000000080)='./file0\x00', 0x0) (async)
unlinkat(r8, &(0x7f0000000080)='./file0\x00', 0x0)
socket(0x10, 0x803, 0x0) (async)
r9 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000400), r9)
getsockname$packet(r9, &(0x7f0000000600)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRES32=r10, @ANYBLOB="0000000040000200280012800a000100767863616e000000180002801400010000000000", @ANYRES32=r10, @ANYBLOB="add5ad881af9a57606a130ff798dee39c9156e9fd0b37acb6b6ed0fd7a1b850bc5e2acc619e1442799a0cab86b4e19ae2f9a0642b4eb0025c20636608c6ad9abab543c30d6a3f890696edbe749f681b2e862394eff8d2aa4442101b70247fb52d4b0e51adadac112f40ff7cbc192ea10c13df7b9a0b0fa50ed6f5650a2f318a0e13542208c28568c1b0c771b46dccba1"], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRES32=r10, @ANYBLOB="0000000040000200280012800a000100767863616e000000180002801400010000000000", @ANYRES32=r10, @ANYBLOB="add5ad881af9a57606a130ff798dee39c9156e9fd0b37acb6b6ed0fd7a1b850bc5e2acc619e1442799a0cab86b4e19ae2f9a0642b4eb0025c20636608c6ad9abab543c30d6a3f890696edbe749f681b2e862394eff8d2aa4442101b70247fb52d4b0e51adadac112f40ff7cbc192ea10c13df7b9a0b0fa50ed6f5650a2f318a0e13542208c28568c1b0c771b46dccba1"], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r6, 0x541b, &(0x7f0000000040)={<r11=>0xffffffffffffffff})
close_range(r11, 0xffffffffffffffff, 0x0)
r12 = socket$inet6(0xa, 0x3, 0x103)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @empty}, 0x1c) (async)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @empty}, 0x1c)
sendmmsg$inet6(r12, &(0x7f0000001700)=[{{0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0xfc}, 0x1030000}], 0x40000000000035c, 0x0)

5.147597117s ago: executing program 0 (id=2897):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x884}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r8, 0x0)
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5, 0x4], 0x0, 0x883c2})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r9, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)

3.67490939s ago: executing program 0 (id=2903):
mkdir(&(0x7f0000005740)='./file0\x00', 0x3b)
r0 = syz_open_dev$evdev(&(0x7f0000000400), 0x1, 0x800)
ioctl$EVIOCSCLOCKID(r0, 0x400445a0, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
syz_emit_ethernet(0xa7, &(0x7f0000000b00)={@broadcast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x71, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x2, 0x0, 0x0, 0x20000, 0x1000000, [{0x1, 0xc, "23d13a9528da89ca8687857fa1c05623e430a7e05df65bb50a75504311ee5de0f521d4ef8bdff765650746569fc64eab97bd29f1573ea4d0bf29234512d00dd30ae604dd40e3c151fd4d595866b48657d2cb4ed8721f45e586a02af6449001"}]}}}}}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x9)
mount$overlay(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@xino_auto}]})
socket$unix(0x1, 0x5, 0x0)

3.580149436s ago: executing program 0 (id=2904):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = fsopen(&(0x7f0000000100)='adfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0) (async)
sendmsg$NL80211_CMD_SET_PMK(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="5c0000ff", @ANYRES16=0x0, @ANYBLOB="000226bd7000fddbdf257b00000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990005000000640000001400fe002211db4d0edffb5e9b9f491d4ec7d4951400fe009f363f452283c579fece1e7199ecb8fc0a000600ffffffffffff0000"], 0x5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4a040) (async)
syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0}) (async)
r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
shutdown(r2, 0x1)
connect$bt_rfcomm(r2, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) (async)
r4 = socket$unix(0x1, 0x5, 0x0)
r5 = dup2(r4, r3)
close_range(r5, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
r6 = io_uring_setup(0x400191a, &(0x7f00000001c0)={0x0, 0x29b4, 0x10, 0x1, 0x11cb})
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) (async)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) (async)
madvise(&(0x7f0000003000/0x1000)=nil, 0x7f7884acbfff, 0x14)

3.320991946s ago: executing program 3 (id=2906):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040), 0x6)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'ip6_vti0\x00', <r2=>0x0, 0x29, 0x3b, 0x2, 0x8, 0x1, @private0, @remote, 0x7800, 0x7800, 0xfffffffe, 0xcdbc}})
r3 = syz_open_dev$vcsu(&(0x7f0000000240), 0x46, 0x608742)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f0000000000)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x200, 0x91, &(0x7f00000000c0)=""/145, 0x0, 0x24, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000280)={0x7, 0x2}, 0x8, 0x10, &(0x7f00000002c0)={0x3, 0x7, 0x81, 0xdf04}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x70000000, @void, @value}, 0x94)
r4 = socket(0x11, 0x800000003, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
pselect6(0x40, &(0x7f0000000440)={0x2, 0xf, 0x10000, 0xffff, 0x200, 0x9, 0x3, 0xfffffffffffffffd}, &(0x7f0000000480)={0x9, 0x8, 0x5, 0x9, 0x2, 0x80000001, 0x80000000}, 0x0, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000007c0)=ANY=[@ANYBLOB="302000000203010150d27baa000000000700000908000340208db649080001000100002b090002000000000400000000ecabf08f2a39884a5ff114dd15d4b293adac20730da22b5174d9d1fe986bd2721de209233a5288b677e7326764aa90a736d24730e889622204d8f28c59f8c4593923d4c12dc6e9004f5d0e6c7fd6afe586c0a6cf477a38b876ad60f73abdd2a6cdd06dd2b36a4f9ebe9973442a8fac2fb66a3f46"], 0x30}, 0x1, 0x0, 0x0, 0x24044840}, 0x40)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000001e40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a505000000007751e841cca555077e3a159110193dd2ff1fa7c3205bfedbe9d8f3bd23cd78a07e32fe0231368b2264f9c504b2f1f65515b2e1a38d522be18bd10a48b043ccc42673d06d7535f7866925d86751dfced1fd8accae669e173a659c1cfd6587d47578f4c35235138d5521f9453559c35da860e8efbcbfb42c30d294a55e1c46680bee88956f2b3599f455c7a3a49a01010000009f2f0517e4ca0e1803a20000000013d4e21b3336f1ae0796f23526ec0fd97f7325eac34c4dfafe7cc03b0864009d2e7d7ff6ff72ba8972b122b09789d99b3d0524f39d5ae913b2d22eb2c09244ba5dbe9180950f76f7049db5cb19d7962fed44e00f39ed8c13a11fa798de504e2865cd81f2b77fdd76c677f812d249c8130b018d4300000020000000db3947c85c3a9027ce9e856fa8b7fb05000000000000593d60abc9b3e67d127e56f3d3759dcfeb820634fd4d419efaefc74305b2bea2000600000051fcf5d62205561b6efaad206335a309f7b9e01446a6285f4665a7fe3cda2349f8bf400100000000000000f435f28fbeda75cf971f54a9698cf3270f420ee83f2d9babe7b922401639ce3c4ff0850a8e078374909413f3fbd3ced3285252dc81a46ef7ce29484dc6b6adfd7a4db730fc594609654d97836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ec9d840f3914909187b6b0776952be71b0417d33d3ab25493418ba0fbacf768e07c1a939d31f606085b9e3efc93b0f58d5ec37494d9d10d76e603129e9a726579ac7d672cacd581b7ca77b3610b7403930fd42051d4b7443e5b49c000000000000007d6173050027791c9c1e04ad3711a66da2254a6f911b1469c62a6e1e3f9c1715c009a58e6eadac8f61b45853673df72dc813f7454ae22d79ac48034282f03040889500000000179dcf66d93907cedd49e0c5752f755849953957143a0335d2f62acbf18b251ce63b29fe177745448ccc925770fac12cf9e291200df6bb669d5a57dd74df817ef2f8698f710c359afe73947afebdf5536e4db8b0231d0cbc798766ec60586f14b44775bc9d250e4515cb83275d3b495fa90000e69a68b47ac4595463e1442d88e0606a060000cc914fae896ab129ccdf8792a8435972c8391d132a2fcbd40e865d62cc7c4200000000000000000000000000000800002a77fbbccfdb1ab3d8434905f09726b8145ea99c7640faab578dc98a6134df0a10a54ce7e7ddbb709a27d977d1f91ab9ee940700009594c9a50961b7fcc56d82584dc8254df7c411fa61353a6897c4f3b9f6f2ab47adb29aefecce96c94f360e129c9f2af569c794b68b2ead404bcdd4aa9cb6a128e1ad45fd4030e1e69adf4986b7860f3122d59c079f0f9a1732f691590f45512aec4ed2413f66cac7dd022301741c576dea82005b166d6c3b9ed0c297ac197a92188a618745e78dca0b3c62f1601243089d9c687563382b0b88a7d80fd7bf7fae8a690f52db1464d29b1b926414cd35705c89662c585e32c881d917b74f027674dbc017499ba15a2e2900000000000000000000000000007b593ecbdd162fee9f239a3c615b3e9a3fb0af254bdd247a5a5abdbc0123c950eec0f1800b295be71418dd65de15e11beef9630499c70fce74135a7c7c8e818b79b85ff65d59d89492d7a663d3f25651e252ab49d358eac853ffe182ee37a5db085a072647719cb8604ba2e0b80af3f1867bd8fb6afca671437e0a5a9d5a088436739262d894986882ec0fb419a377ef47f4920a5de6d8de0d3090b4cb6b773e825442d351f980eed0d997a4d98a51220c41b145e2186546c646128a3e69f52fcad83a026def90b9eb55f4a0a2251bbae428c6c017b5a47f1580831a7ce232857e6aa9e777e99da1a3ad03fdc93fa7ed96228deac5e3bce983971041297a6ba18783a2edc7e3901cc891035872c61e7ea375b0902be0c5cc7fdef968ba1ca17ce5e11f2f384cd28c1194f56d3cf074e8ba4e60e84dc2f352c3cd170581aee0c93ca8ceff84cda40325d340759e79e5c4bcec227e37f7ec2193c78877fb319ec1f2d4dcf1d46a15cde1d6cecce6ecdb0c0a3413394d51341a7b3606ad8c29b6dbf6be3265b528c3208de35161bfe19678df43a45b314e5a0f8754cfaf4f9d3fdf9c8f7b7c296bf2e632d25ba8ee6369b362a8e4c9dff176d482d32249c93680a04f6464f184acfd0376662fee9e1031e569248db9bc724cdd97976a4d7c5c5172d1383fa1e442f68a14b747a9f2597bf115dd0111fe8ba3584a43176f33bd39a408f8648b19839bba9cc47624ea19e46dbbdf0faf591bcdc8613828a0c5a40c04ae34bbf4a0e27828b0c7cb9d7a7455db030425a4bd69cf6dcb4b1d066f8ef4ea1c710e05819df82d5cc94ace6b41c2de37a2eaf24f24b3d9a7dd4d197d51407be3e90000000000000000dbc0b0d6e11ccb71437ebea7ad01d5b93a7a0561e4a1b3fa1aa9c75f3aaec4ace1b6201a3e007b657be62df59133b4d8f0f145d9fc954cc7792077268bf0977e2a699722ce3dbb97248b8a8a771dd0f7d9c97e6587524a44fd6d49330ccbc39ca277b84f7f0a39759ef0b42388bd69fe341a925e8cdc5d7b2d6ddb7331a081bd0672bf4d02255de095a179e51bf5492d4e89c3cbad59db725c0dd7e35cbd9887175286a37d7621a361eb830cc5b842b11b5d040ccceb254d6a0c9c43718d0816bb2465928e236101b8cd46b5ef9cb930378a9249cbb41bcde9bb78d71c512153d2f1d765b56d2e5ef3e3d34975787646630051074c9706747fda873ccfdb394fc269c8cfadc0a52c3402f392a38052f859ab5600000000000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000240)='kmem_cache_free\x00', r8}, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000140000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r10, 0x1, 0x32, &(0x7f00000000c0)=r9, 0x4)
sendmsg$unix(r11, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r7}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8)
r12 = socket$inet6(0xa, 0x3, 0x11)
connect$inet6(r12, &(0x7f00000000c0)={0xa, 0x800, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r12, 0x29, 0x23, &(0x7f0000004480)={{{@in6=@ipv4={'\x00', '\xff\xff', @private=0xa010100}, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20, 0x0, 0x5e}, {0x0, 0x0, 0x9}, {0xfffffffffffffffd, 0x3}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x26}, 0x0, 0x33}, 0x2, @in=@rand_addr=0x64011102, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7ff}}, 0xe8)
sendmmsg(r12, &(0x7f0000000480), 0x21, 0x0)
epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x8, &(0x7f00000001c0)={[0x4, 0x10]}, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000600))

3.0898835s ago: executing program 1 (id=2907):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r1 = gettid()
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8)
r3 = gettid()
timer_create(0x9, &(0x7f0000000180)={0x0, 0x1e, 0x4, @tid=r3}, &(0x7f00000000c0)=<r4=>0x0)
timer_settime(0x0, 0x5, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_gettime(r4, 0x0)
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0xfffffffffffffffe]}, 0x8, 0x0)
readv(r5, &(0x7f0000000000)=[{&(0x7f0000000200)=""/215, 0x7ffff000}], 0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)

2.996890566s ago: executing program 4 (id=2910):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r4, 0x0, 0x0)
sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="010000000000000000003a03000008000300", @ANYRES32=r2, @ANYBLOB="04005b000600650040000000"], 0x28}}, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x600, &(0x7f0000000840)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080), 0xffffffffffffffde)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCPKT(r6, 0x5420, &(0x7f0000000100)=0xcf7)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfd, "ffff00"})
ppoll(&(0x7f0000000140)=[{r6, 0xe549}], 0x1, 0x0, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000000c0)={@map=r7, 0x5, 0x0, 0xffffff8f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r8 = syz_open_pts(r6, 0x0)
r9 = dup3(r8, r6, 0x0)
ioctl$TIOCSTI(r9, 0x5412, &(0x7f0000000000)=0x13)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@ccm_128={{0x303}, '\x00', "db86a0e8a93595087b87a357b373e6fc", "6f83ce36", "1ebdb66b22bd75e5"}, 0x28)
sendto$inet6(r0, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137)
r10 = socket$nl_rdma(0x10, 0x3, 0x14)
r11 = syz_open_dev$evdev(&(0x7f0000000040), 0x20000000, 0x230080)
read(r11, &(0x7f0000000180)=""/11, 0xb)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="c3c901000c1401002dbd7000fedbdf25f03f89670000000000001000e30b4bc825456ce1f56294b49756b48085951140f09551b3e036da1c895a8506cf8aa85771a1d96761da531a0e23de08751e8b6c8810e83b059699f8d4d5db20d432cd7d5dc3c05bafac7d7cf57607825e021271b681f32c1668b2d126fbb90e338088958bf7df24a92248a48c0800b75c3e7b42c86784d0ec639555be435bf5a676b313d178878a05587808cbab42b1ed0cd72b75d8398c997f43cefbc266aa5edf000000000000"], 0x10}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

2.900015503s ago: executing program 4 (id=2911):
set_mempolicy(0x1, 0x0, 0x8)
quotactl$Q_GETFMT(0xdc373b188475eae3, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0)
sendmsg$NL80211_CMD_LEAVE_OCB(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x28, 0x0, 0x200, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x5}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x80042, 0x0)
pwritev(r0, &(0x7f00000000c0), 0x300, 0x0, 0x0)
r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000300)='.log\x00', 0x101042, 0x8)
read$FUSE(r1, &(0x7f00000009c0)={0x2020}, 0x2020)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd30, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x7, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x101, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000180)=0x8)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)
r5 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000040)={0x0, <r6=>0x0}, &(0x7f0000000080)=0xc)
sendmsg$netlink(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)={0x2c, 0x2e, 0x1, 0x70bd2a, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=r6}, @nested={0xb, 0x0, 0x0, 0x1, [@generic="976b6408686030"]}, @nested={0x5, 0x1, 0x0, 0x1, [@generic="99"]}]}, 0x2c}], 0x1}, 0x0)
r7 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$llc_int(r7, 0x10c, 0x4, &(0x7f0000000000)=0xfffffffc, 0x4)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)

2.89904729s ago: executing program 1 (id=2912):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000002000000000000000000001e95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7336b5d, @void, @value}, 0x94)
r1 = syz_open_dev$vim2m(&(0x7f0000000340), 0x0, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000000)={0x14, 0x2, 0x0, "1ce889d15b3842d403000715335701780364030000000000001649e33958916c"})
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r2, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x2000000, 0xd50, 0x0, &(0x7f00000002c0)="fef351f6b11f421a5b4e415288ca", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='omfs\x00', 0x204000, 0x0)

2.798880723s ago: executing program 1 (id=2913):
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1000000001244f"], 0x14}, 0x1, 0x0, 0x0, 0x2ef84f70c2432ac2}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r3 = creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
pwrite64(r3, &(0x7f0000000180)="09b8", 0x2, 0x6732)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040), 0x4)
chdir(&(0x7f0000000140)='./bus\x00')
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r4 = syz_usb_connect$cdc_ecm(0x0, 0xee, &(0x7f0000000480)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xdc, 0x1, 0x1, 0x0, 0xe0, 0x3, [{{0x9, 0x4, 0x0, 0x8, 0x2, 0x2, 0x6, 0x0, 0xf6, {{0xb, 0x24, 0x6, 0x0, 0x0, "4ffbb8d8efc0"}, {0x5, 0x24, 0x0, 0x242b}, {0xd, 0x24, 0xf, 0x1, 0xbb93, 0x400, 0x9, 0x80}, [@network_terminal={0x7, 0x24, 0xa, 0xff, 0x7, 0x9, 0x9}, @mdlm_detail={0x84, 0x24, 0x13, 0x4, "e7361ea42d46a5904bd2c88c021c0078a52da79a7a341f1c97e2e50f160f77d3621e5ac75fd90599e37b7a0c2e41a89af0f61dff1d2b3104a577363cafd17074a4970fe12d0c59fb8aefd6497f5b8967ae41e5f678dc3ef744f0509ffc3c54f4ffc0e89d12bc869f2ff03ec62a19c24ce5b538a67cbdd19e3f2817897c87008b"}, @dmm={0x7, 0x24, 0x14, 0x9, 0x19}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x9, 0x2, 0x8}}], {{0x9, 0x5, 0x82, 0x2, 0x10, 0x3, 0x2, 0xb6}}, {{0x9, 0x5, 0x3, 0x2, 0x240, 0x9, 0x8, 0x9}}}}}]}}]}}, &(0x7f0000000380)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x250, 0x4, 0x3, 0x5, 0x20, 0xf}, 0x1d, &(0x7f00000001c0)={0x5, 0xf, 0x1d, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0x8, 0x2, 0x6, 0x6}, @wireless={0xb, 0x10, 0x1, 0x8, 0xc, 0x4, 0xff, 0x5, 0x10}, @ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x5, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x42c}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x418}}, {0x9e, &(0x7f0000000580)=@string={0x9e, 0x3, "d5c9d532a48f055754e250de8f8a8a5d948e453995d3bbebe7f7e404d3d4cb7f325f06723b70dddc68be96f0808f281efb08df46e4c2e776c2c1d396ae359efd689a6675ea9f91ef1ebca34221a23a38deea28f47f72aad821b8682234db0d30d294a9c1f0cdb39c40b9e9d16e414affaf22a6ea7012cace998fe38c0846239e8868bcdd140ea34321aa2ec31c7392e4e2145ec517361998ea6d49e6"}}, {0x11, &(0x7f00000002c0)=@string={0x11, 0x3, "6dc8395a250bde84c0d7236c37555d"}}, {0x96, &(0x7f0000000700)=@string={0x96, 0x3, "a968a0219072ac52ad40b7ee8e35621d0844155018e88f5ee8acde9344f26298f0aa3566a1a1ecbcf24e7104ff755b0bd4e16fe4bf52feaf8210720ba0aab3397e299f95abf5595438de1f713cff9afad68fba52a5cd73e9828a8b20a7318d79b77f790997ca17e4d8c42d68420787bd77cf2e03a9001b70107e32cffe3d8ddd540dec3d8a000000000024df2e5e0e0ea3974b15"}}]})
syz_usb_disconnect(r4)

2.490811004s ago: executing program 4 (id=2914):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000003c000b0800000000000008000400000004000080"], 0x18}}, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xc, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socket$inet_tcp(0x2, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f20702000000000002032207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff85000000710000189500"/81], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$int_in(r6, 0x5452, 0x0)
close(0x3)
signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
r7 = openat$sysfs(0xffffffffffffff9c, 0x0, 0xa44c2, 0x3)
write$tcp_mem(r7, &(0x7f0000000280)={0x7, 0x2d, 0xffffffffffffffff, 0x3a, 0x0, 0x2c}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
lsm_get_self_attr(0x64, 0x0, &(0x7f0000000080)=0x6c, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000000)={0x4000000, 0x8000000, 0x1})
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000040)={0x20000000, 0x0, 0x3})

2.409413883s ago: executing program 3 (id=2915):
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = io_uring_setup(0x1530, &(0x7f0000000480)={0x0, 0xd498, 0x800, 0x8000002, 0x1d4})
fsopen(&(0x7f0000000200)='pvfs2\x00', 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x40, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e00000004000000040000000300000000000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYBLOB], 0x48)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x60}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8, 0x20}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x7, 0x0}, {0x18, 0x2, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f00000002c0)={0x0, 0x0, 0x27f})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="54000000090601080000000000000000050000000900020073797a310000000005000100070000002c000780060004404e21000005000700ff0000000c00018008000140ac1414bb0c00028008000140e0000002"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x40096)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0xd)
socket$xdp(0x2c, 0x3, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={0x0, <r8=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, r8, 0x3, &(0x7f0000000080))
close_range(r0, 0xffffffffffffffff, 0x0)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_FILTER(r9, 0x0, 0x2, &(0x7f0000000000)={0xb988, [0x5, 0x9], 0x4}, 0x10)

2.219705296s ago: executing program 1 (id=2916):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x60}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c00014000000000000000080800044000000001"], 0xdc}}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x1abb01, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r3, &(0x7f0000000200)={@void, @void, @eth={@broadcast, @remote, @val={@val={0x88a8, 0x0, 0x0, 0x1}, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x2, 0x9, 0x5c, 0x167, 0x0, 0x5d, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x4e23, 0x4e22, 0x48, 0x0, @wg=@cookie={0x3, 0x1, "cf24000281831aec3d7215370100000075d0ce9ab78a3c6e", "6346a8d16a4263470cfd0b63ec63312380d149bff2dd6edbfe35572f5292dc21"}}}}}}}, 0x72)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x2}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x240000}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000084}, 0x84)
r7 = landlock_create_ruleset(&(0x7f0000005340)={0x8462, 0x2}, 0x18, 0x0)
landlock_restrict_self(r7, 0x0)
r8 = getpgid(0x0)
tkill(r8, 0x22)
syz_io_uring_setup(0x238, &(0x7f0000000380)={0x0, 0x1ffffa, 0x10100, 0x0, 0x0, 0x0, r5}, &(0x7f0000000180), &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r5, 0x84, 0x70, 0x0, 0x0)
ioctl$VIDIOC_DV_TIMINGS_CAP(r5, 0xc0905664, &(0x7f0000000480)={0x0, 0x0, '\x00', @bt={0xfffffff9, 0x3, 0x2, 0x7, 0x100000000, 0x1, 0xf, 0xa}})
r9 = shmget$private(0x0, 0x2000, 0x400, &(0x7f0000ffb000/0x2000)=nil)
shmctl$SHM_INFO(r9, 0xe, 0x0)

1.419716888s ago: executing program 4 (id=2917):
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x48, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xa, 0x1, 'H.245\x00'}}]}, 0x48}}, 0x0)
ioctl$SNAPSHOT_S2RAM(r0, 0x330b)
r2 = socket(0x11, 0x3, 0x0)
setsockopt$packet_int(r2, 0x107, 0x12, &(0x7f0000000240)=0xe9, 0x4)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_RADAR_DETECT(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)={0x28, r3, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0x10, 0x99, {0x7, 0x60}}}}, [@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x8001}, 0x40410)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r4=>r2}, './file0\x00'})
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBMODE(r8, 0x4bfa, &(0x7f0000000080))
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000200)=ANY=[])
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000380)={{0x4, 0x6, 0x800, 0x7d3, 'syz0\x00', 0x10}, 0x3, 0x3, 0xd53, r5, 0x8, 0x2, 'syz0\x00', &(0x7f0000000200)=['\'\x00', ')\x00', '9]\x00', '/dev/snapshot\x00', 'H.245\x00', 'nl80211\x00', 'nl80211\x00', 'nl80211\x00'], 0x33})

1.289568957s ago: executing program 4 (id=2918):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async, rerun: 32)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 32)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) (async, rerun: 32)
listen(r2, 0x8) (rerun: 32)
r3 = accept4(r2, 0x0, 0x0, 0x0)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e23, @private=0xa010100}, 0x10) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r4 = getpid()
sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x4bf) (async)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) (async)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x6, 0x803f, r1, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r6, &(0x7f0000006200)=[{{&(0x7f0000002380)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000002400)="9823c9d8b37ac68cb9f6b2e2831b141045874ae55a7fd56728efe2d2efabb50bd0db1dcdca66b70f533c8ab1dd9f738cbcfca4addcdf9abde65c9546073a86cbe5cb265bc4ae189d89681703244c0a90541ae7df21b573832a32125ad88a6e9ef7240b2670d766b78956245dead3f778c6473b8f3a1923bc172bf6094b9dc7e77e67d663eb14aa80e4fb5a982ba9134cf09a2de97780be", 0x97}, {&(0x7f00000024c0)="914dc03033cff9d076a51a53737350ce9c6782e28624917337b7c89ec0bbfd468f2d38090bc8357ae0ffdcea5338a5bf3e766d96aef1ded90567be095bbcb117f722454e93f72473e43aa5a279805f7a47bd2da54060868606e2de27dab676376281c01784ac9e01898ca190c2a79ce35380aa84fd91e2d7a8a75d26619f52032023c5dcb0db1bfb3b7e7b9ffcf2a12840d1975102f2623c1a71d8f60eef3899ca2671e2daa6f2e49fca897a9ab1e5a74740783ca4c5586a7e5d64eec29698b002c169b28b4e93cfc72c4aa2dad6dd69fc47", 0xd2}, {&(0x7f00000025c0)="a8dbf0b6cfc7aeb535a99f60364af6579b1af3676ef987afeb7eb68c80340c0d2f74beb55ad1336d949f2b015bd31abdf9915aa5a078f9b5bfebece8ef13cdd53a1912ec243f84537064b174a311cb2b0983f136ef9d8b6a2ed302a7841ba6d7f761b58776e756b710f44e463ab45b1b75504ec53e3848960aa5852607e10ddae649bdb8bf6a9e69391468cd175a59b52260dd1dfae8bb1a0e83429be2af8bd7b11c9e2617807dad73fa7175eb331754350f5406e59739b36c43d0b8241feb21bbbd9e05760d0802c2ae71caef5f501227087905a73c0ff4e8f2", 0xda}], 0x3, 0x0, 0x0, 0x4001}}, {{0x0, 0x0, &(0x7f0000003900)=[{&(0x7f00000026c0)="c88a820034d33ce8224332d72a7a7c8d4b9286dc7dc3d0d6ddb521ac1f0903c5c03cebf38820ab83f9bd81357ebd087233503dd6be831498bfa0444e9345964713fc94babad8f3fb9a197908e9d1f6fcb62f25a8deab12147939c756eb7de0f2fd47c07a816ccd5f25385dfba53cddc7890e5f760844f250be807009c047825aca0cf222e38e565e3818728a92d69b0b4ee771e3c8a80c107e373dbff7b889dd36d2e63814ddd4b7c062d213de11ba08b1cf4ff9e17d47959795e699a97718541270d3ebbb540c2bfd9d0202d3b6523239e7e282e109320e14bbc5eef3f565833af2fe72b3e2452ea2d8aa188688613cf62ff894a0b198ae0f5be3cf16c66a1f550cf188d62b69350f3982aab9f37b0553483506fdc5b51491caa05939cacc80ad6e57628d58dfcb115c30c1a812aa2c0591d33df57b83e89e6a9678436ef5a23c5ac21fb06475f9378929bfe8452b3d8f5475d05e7f315d7af77e67cb806aa6fe7898d8332c3ee1dca6846931c15b49ee451ad5552947be15f4000bb0dbe57c27bf5956cda35ee5b82d7af8b9abc639e74a41ff2f1302141492eaa6f82676c70caaba8ca1c23a66b51faf3774b7a376c526e5b40d4ff6e6a3e4a157674e766b7d54e11b25ea0138cc87327104d74a1afc978c79c3b2b5c2b3738558b9e3aaa178739b3e9e575a80d453f40e84fd9aeaaa41d40c4d992b02e662434882c09cc90a0d8a5149c31176cb0a449fea254aadbb37bb7d5f8747075b27b9ff572dedec7a3f7b4d5b32d4091a7661da0ca60e9d39d28e428448167dd0876938c46bc11bf7f5f124501d84fced46a6a66c2c617fd3aeac40ebe4eb22da5280759e0a45f3c71154a9a49a6853a0adcfa8e2470db5398454169b04021c97fe52a37234861b86da39a3f600ac417b97297fc8b94d19cd659617dae23c1d85fc7c0e3e4ff3d9357b05fbd7220f9c2e8d9ad478ef232df631529837b3d7b3a07c759bb454a9a1be86a06621dbae1b1f00e047934415ff7adccae95f173ac0b83d91f2b886321527eeb96f071910eddb26fd172f55eff988ea5764e7aa67d8b81112ebc60edbd0bd9179e8e92250eb65b975215a3cc84d9959066bcf9058a90bb1a3ee1603795d1d8e2376d26cb344a55d298db6aa5f27d35dc25d578e40e9c5df6555cf712a489037454125ca77b8557ba0efc125a8b74bf08991d5e8cb9358d116bd6cd64cb68bc536836c5419fa5c5cfc3a681a10983bfd18516e59aff91d41060973afc8bb2491e7e16f7acf1478c8c0fbb61c618cad5a182f1e79e94aab120f6dedbd5c8a748f85477b50db74a7afbb6554698c822dab4b637b09808994acf56654e29621a58f0985c57695b35924e6a65c109e98e6d85cf5906999c40f1f0b912279c13dbfd332988dbefcf3ee33354a9e7fbf195f68eee9830a2d2580c5ccf63da51cfba34376f82721111df7674887a26985a1f6a3458738df08f4d00611dd6fd1a845a27a752b56d0c924303e22a7c6611e75f4a908e629882f67b72bb6e371604bd89a6f9b60b4b10e153dbaeeea536a5cd48a644393db50cd5e1a98c422b05defb2c5d642d354e65e969e9d7000e2b68407ee4743960bb35c7522165c546756078bd7b74b73844363c9707f1b13af814d018db2d46b2a85f7a09be2008466783859819e7e684ca376d69151b97b994e3d303820d0702c6672b5c628255a6f995d54948254effee45c21366355d8ad6298cfa6faa6a58ac8922cb2acc858dbe32b25731f7c53f63caa155c389ed34a70938fa355eb0c7acadb82ef6a4174999159f5946463c50b92a65cb21a9a44e560d3132df5dbadacfed5b19a6c02fddb4c0a432797096763e7fa27f4b04ea52285d023226c64d44391908261c231db2ef8764564ae1910ff3a760a8db543e638605ad4c3f1d4820b1c89c72650a6b4f92e3b1a65044d2cb52c3c321890ba1f5f78ab890ccb411164ad906a47418b87045b14a29612be1503bef802d34ca312fec77ddae89914a201c52d29a9d5d4eb84d9cadd38d3f4f936a13d4d1c3cd2c2aa0e3084490b2f54501736cea8a70e2652e605c8f56ea43cc54661ce12c3628e7480319852acd4c349addd7a623d6cc887751ebc618edb151f59dc0bf472a77f753c6fd97f8b4e9acddf8755286ba68b91a7fa071f289d675c563e8332abcf95dd251487a0e0c8dfcf8c1c3a08a880ee277b8278a3377ba12442b22fd580135f0d7ae4f11c848d9ad0fcab09470041711ee4c38ff75404f29240847fb5970ccf5aee11d6ad52979c1a2d5ff6d05aab808b545cfd1739eafba41c39812f6fd7481e7ecf32bdab8c850bbe200c38296e2af007be4d0381f798e22dd2c1a96ae951e822d1084b9ef9e79d3226b02d892f15734aa0184a83fac95310da6ae397bf2756e1ad54427c66cf4a03ff58e6e15e821f99c1f55a8bdf843bafadd46c19a8f1ddd6edf4103905aff022bb84e46e17cae57b0b094f9d205906ad774dfa7e501b4ad576ac6f35fa069a17fa78edf5f60ef7ad95f177fef39b3e43b618a7e1e740daced73227ef99c9cdcf0b04ab58053f2e3a7aa909f5d0c6c32bad529e5e812e51bf4b297249dc0569b76e64db9dd8ee42399f571198d884d67a110842e5d48ce1b17366e5e2617fbc6ec373e9f60ba561b3e3a63a1118a32fc18912116a9e91e15e688af2f3e796fa79cdd3ee316cb39529c1f7cac712ef6d06e515bd86ce90afc12ae0ba68563b2972af3483da4517495e6735b665aff921143db366706f6776cd1f63091f0605e5ddd701bb8a4cb85691fb125890a81bfb863517e8a000befbcb22cdc09c9c4331cb1af516f7a0ac4cf1788306ce4f086ee8258ed0888116926256f3a3643f221e34d62123cf6ad5f514b2af7f632f30a7d86416b4bfb7a01d2732defda65244b274125ec0b6073926e097cda1cb2c5f0f2f9e1ec80ee779bf60d3cc56deb81974a1a610900a2709a4707bacb74e5efc5f46c263d6821c4e2ab2121ee36033a5635ed03973e9716533dcb8928e8349bed5faf1f61eb88ce9cb763b848603f0e72f4bfb92ba9259c60d64d70bc16e950bd8aca9a35301917a2d791add7b5761e2eb190f2c15fff7ed7472502235be5ae97badf164cc8faaa0055b3515884e02c927810a0d0d12f1fbbcd2ca379df41aab221f5e067092d26a3725c4b9bde416b4d91b936e4156cbf1c5b919264fb8347e70048cc360004889ce1ef9c42200b6ed3a94995218ff9df461327aa1779d2e9232f99fbab9e3f6c0b6a269f52be5327933a7304af81341d73ade1c8c69dc2b8ef360497e7768a7e41014d4a706a67b1c82cbb3838ddfd8ccf5ca6923697737bfc7eceea08fe02671de1b1cebe2b254f91359beb059cd9114fcc0a4891dd6fb71e81a77771b5a294c330b0fe082284c178ee0ff9c4e24f7bb244620447957cab413dc9e99f03cc0aa85588e49549e74fec2471084412cefd3b3cdd12c7554db385dfd215212e98cd99fe8d93604973d17573e21db5bd8350c54e9027026a0f1318bb0931b77aca3d35a245dbd2b848a1425f0f24d38dc466793f81c8e80d0d483babf3150f510e77ab2f09ad38fa5f35ef120380f9ea51892e83654b02ad2f9d8017747ffc3886614c1809684c07ea313700afa5a44059c4c52b2b5c285d4012eff69be19ebf9d13da35dacdd2806205d590e5660751814f4d58997da7555aee905a75a840c0ef66b2f4bbe0c87a89955f39d0d126ff9b51b8691cb9c4e12e2fcd178707370116dae3b2e9ea230701aaee5fb78372d2294502ccbd8b1acae875c472cffc7ab359eb71cf812762232703e55baed2ea41745651b01054698b39ad34585abe7075e7b1a86c6ebb48ca8f93f962d37943b834fbfb5587b67b94e55121149344093e8c101828f6d88731788217c86434eadd072b03831301e2cc09063c1ce93464ec95773e1aed698e6e1b2bf9ccaec464fedfd5ced0312cf92ea8e6f0ce384049f48461dee1d4bdcff2c9c20590b855511b58323e78cb83378db29c633cf116aed176fd372176b73a79b89da4a93d70070b6ea97f6bc84fb965d859161e5d2b660bea1e312cf4ebada2b42e97d9ff97283aa02589daaec36aab53bcc4e9358c6f566ba6cbef086f782818b16a302c36986b2e9a88d58ba087e5cfe0e0f2f79f09fd507a5640072de5728cb0928fbb08ca783029382851b7ced59f1382a445a7c0ecb89238038ece8f8ecacae2d033505b4987277da2a50098b8819e2590da452ef65cf82cbc539fd900666e3f311e683648ba3e647a2d4e7df3dcc9bfe1a20338a6e7bf709c67b85bda0bf53abd252d5733e9d0b40b3da4cecc11910bdbd1dfe30dcc69d44c73a1767cf01e6ad2dbee0ddd4549a07f08d727df05d27d1ec27fc01b489de48444ae3b803ef4fb6261c4a47337f03cc8ea5ec437b1f449a7be4cc1057319d88909013a08abb76b19af5705c785189196780788cd4034361c59ebdfaeabec4d8342eadb44dc9abd649ed9dcc92b30c1f73b20ccc83b08b7f621baf6257ef8d053936e30f9fb9581d658fef08b4c9dd2ffcdbe7340611d1b1827fbc9a9eee31de4092a32486afe5d63856ca75c4e710b44cd43bfadbe87d279e76a5172247ada579cc8179a537ffddd245d27584b5fb4da376e6ac1863ad10f2d891b90243bfde5a19f719507c2155eb48c54bd0d496f90f0c1338587304d857b95a33ef5823d12c6767f5e600b03df45258817f9b7cf5bf2ef465bce21330e26e52c89fd5d729757900890512daad143bd5cd7465c110786376a44867b01d4a6c6b139ea761b1a2278bcdf63bbb0f86c134ba0db31fa09a6022fd2ff9c75a359f94b9a2963fa664447fa428f45d4fe61baf737e0da5519167a788de13fc7ae8b3dab43b6526238ae659a7555efa1e57628b654cefe54a8934cc4094301a3eef1cf0ada997dcac7db7b51376f08f70aaf402669df68cdbcb763d596053fe782efe4c312f30a5003b4357bd86f18c7fea07fd5700cad40660824bdd78b4462f56c2e5a77c2a1afcc081cd0e78228ba8c17e8015bb96c545f9d607500b89a765b0685790d5f354cee5f80500e507a0080e5c6ef2a566324e2236f3f00fc85abee24742bd510267412ebdbffbcba0d5241666d3de6c851d7afd5c593e55a110f4ce48c544496c6f888cfe2016639b1383701fe0a9b1a9e8148bef144de706f8792c84f11080abf8e6dab2c8f2ff16a7f419167c690e3c9d3033d6c270024fc64976e31d64fc5d55e99b7420ab782dca229732fb0e343f32b4c97629d5c79af975022472e397e97776da9dd556fb0be1b433607868fe33b1442cf6438a16ba52550f68efed2562cfc10a782b8b220c294766cbcbdee53c4f18b2470fdb6d1271ee9b9a6955478dd00d3c4491eb96d0d2abbf46cb9971595916d7a7b5d41f4ad30d287d191e04ed7406d89dfb8e00f15fdfbc7bdd1b77e5a8a1a321f3e0e9622e3f7eb4749139530cac1aa3af98270ea62c03b5bcc7734d4f0ab81569d75e79b1c8fda81fd6222c647794f476a9ba77f6fc3d93949618df657f95a036788a68746a3cca52cf02d47b157cf3e4fa4e9744edcb850670abfda1b715ce1784d412468a636bde1b3ee56613a93460c882dcfdda854cb191cabe6dce4c12196812294b148f024699b595f0d5dc55441f1082aa7f3736de8097b68a12d7fd9b044fc3651753c8191afe3ed91588ab9b6c7f74093870bfdb6efacab36029b2010a9f1f8612fb418007440b60daff0cef653a6830c85127ffb5442cd75a410884", 0x1000}, {&(0x7f00000036c0)="0ec1c8aff375314e06d6cd8dba2cc5afbb7e022ae4b71491c9407d15f65ce1ff6a8dde09ad0d4b1de5e4e4fade79d276e219467b0c755c0d596c2e6681284d6d3efdefe95d39f18d49108c8623e2f9ea2273477dbddb6ce8715e4e9b45823361dca764942369896dae4b779aa01b7f2b7083c7abbdf83635229d4b6fe3f3c3a85527340e435872133fcf75d4c9e325aa375df0364a4ba05c6064700272b66993d1cb234b90fafe3a46f9cc6c297c0426ac", 0xb1}, {&(0x7f0000003780)="abf7439daa7bc4f0a22b2609fbd60429465e2b8f9d64c49fef9a1bf7b77e2ed03128579c6f0dec4a1b9dbc45be801c8d23d8cb50b34fd5495d793869421d44f74fb54676c02a5129e1b6ff33dd33edc40b969fbba3b2f7165f8031fd6641224017f2a8e29233cc1117d1e61704cae6f2", 0x70}, {&(0x7f0000003800)="e352d3b9a9a119680b46d159a9e8924a9b35982bf3d54c8c43", 0x19}, {&(0x7f0000003840)="afd053032c1b96b0bf5118f81f19fd43bb83ce934aa421b7425a422ccdf74af0619cc2c9e1ee4afb492946749240992242b09b4f320e526c6b7b8a7eae6aef373b3cf64b42e13d41fb080a0269d459dcf1d5b6a5c21df7e5deac285dd7733505100c6c7705d4f458e7ac2d2d5f900e5eb7e1a8da63b9db9903e5b3e47990e9878740adccbfb2276ea9eaf0c36af6c75b0a9af25ccc47b233dc24c4ad61811bea0deb700ebdb018414d129e7ab92043cccd1fee", 0xb3}], 0x5}}, {{0x0, 0x0, &(0x7f0000003d40)=[{&(0x7f0000003940)="7ed2208a91044b364c9c7f9549f239a9b2156acb44a24d29cd7ab0921baf439715ba0a3b5b163182f81adf677e9646f0507489c26012d4cd447b86bab34038ef1d4212dab02d9eaa7535a41b580fb4bd0cb6a5b3651580db875c9e35e66dc906e1e1ac3630b41c992072ae726e20f2e74bfa75d518b15392216c60f1a60b45df1f1ea2", 0x83}, {&(0x7f0000003a00)="b83416f24d4be54d0061c7b06a44b09904a5af0fa3c22356784166c442392ac644efd2a97d08c1a6127f4abab3c3ec7855e96322909e6adf8e0a07f5a382216b1689af31763a1f65df54fc5794447f76e2ef5cfe96529cad9919912bd69f620d059b9cbc87fdc04a6fe5bf725135588ccc6e21201bb4037b324b85438e5dc71d28dc32eb6d8a6ab6964f40b243cb82d4a2f5b2108c22c16ffb3580b63fb12a7031ea8e921a9f2d36a6fb16448a3b64b2b3a08fe465fb053adb04706c02ad9a2b63871c19c4e434eba97b0c61396190f6a35ed5c65e86d1584391f0f97ab14a04d1238d7e73fdb5176a30480322c429d997aecced83c6445537f6b132", 0xfc}, {&(0x7f0000003b00)="3195a566da15010a0e168cb079c88b629a97eecd42e62297719165e07b603b97b3c61f3b60cff5da1b76923ea97fc508bd11e8108aebd84bed730ac93b1c4f85b55943335e6cbae5de71cfa42938541e709d24db1c9cf1c49e134a433493d13bcab9c42c9df99f5c9f166e726e1cab5608d02392819b34251d21e21ac4825ea2cf91a0637a07c8e131dbc25ae4fb6f05a281e2b8ccee533e4f302738c73983794e93551c21b9761384daf2fddcc1daa4863d799dc16e3e64db982716015176ab727063b8d132789980f3fb473d3a219b306482887e087654d76f284e2deccb", 0xdf}, {&(0x7f0000003c00)="effa545ca7780b01f5a75bc5bf53972d9e9e3d118facf9af80eb523f7ddb5a5b8fc9ab55015c8a45876b3bf4", 0x2c}, {&(0x7f0000003c40)="ffd921ec95c94143fd34cfc25478b800450d23715d3e324b2e9e1b862ec551178e4d7cda95b562a4225773ebe0af7a2557325bbffd59f83dd5be043f113400d9477bb0945012c52abd91ee47f88850d6a5b4162867813fc5ffdbfaae78436b406f68d3d0601df5d5e07d32b5a747729af8a3cc0f8a5cda389c6c9dcd886ed7f7b8f4c3f31971a7703be2b7fe661cda1b2b30132e060eb81ea42c7fcd0cb9fa5c3df053b3735624ac9d6b1dd37b24e7aa22da35", 0xb3}, {&(0x7f0000003d00)="89d4c057996836a90278e09184d48535f4cbcb793fd59a023fc40d976df509732deb27afdb91f86e9f07d0df0087", 0x2e}], 0x6, &(0x7f0000003d80)=ANY=[@ANYBLOB="180900"/12, @ANYRES32=r2, @ANYRES32=r5, @ANYRES32=r0], 0x18, 0x4001}}, {{&(0x7f0000003dc0)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000003fc0)=[{&(0x7f0000003e40)="bf0a960923e46e5c5e1ad482f82e9675dd1f98963778c9223b1cccf0d74bcdccd56a5b96b00a8911d4241fde8541af2f3486f1f1ccf066957eae55c6965b21dcb76e0bb6d25b23e7c572f6fc4bfef2d02adf575aea10f73160abc8a2c53b396c671f27b27bb0058383092eb8e7d54a4e4266a8b91c0d24313bec5330aefe50193fe00cf052848d7840064cb020cbaccc68e861129f4883b3206a8e4d53d0f63b1b10d93a7ed12db8cdb45cd159e44cabb7da1c1cc6d8799319440c8c9c6767d08e265d3a45a0a4c0a6c5635c4947c25d136077151572bd335ded00bafe8aa1f1663d5e6ec1b1766dfe207d", 0xeb}, {&(0x7f0000003f40)="1a5e7b0bc615eb3915a1f3b3bca6a740db2f34d6f42f8f84bfdd85c39afb5c25a123130d3782d489bf9b4b596f302a703a986b847a5d558a10f7c1d959dd7f84447c", 0x42}], 0x2, &(0x7f0000004240)=[@rights={{0xc}}, @rights={{0x30, 0x1, 0x1, [r1, r5, r3, 0xffffffffffffffff, r5, r2, r5, r2, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x14, 0x1, 0x1, [r2, r2]}}, @cred={{0x18, 0x1, 0x2, {r4, 0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [r0, r0, r5]}}], 0x98, 0x4008050}}], 0x4, 0x0) (async, rerun: 32)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) (rerun: 32)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') (rerun: 32)
getdents64(r7, 0x0, 0x0) (async)
r8 = landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r8, 0x2, &(0x7f00000000c0)={0x3}, 0x0) (async)
read$FUSE(r7, &(0x7f0000000340)={0x2020}, 0x2020)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r8, 0x2, &(0x7f0000000080)={0x3, 0x2b4}, 0x0) (async)
landlock_restrict_self(r8, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000080)}) (async)
mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000300), 0x47ffffa, 0x122c42)

963.353194ms ago: executing program 3 (id=2919):
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.io_service_time\x00', 0x0, 0x0)
preadv2(r1, &(0x7f0000000040)=[{&(0x7f0000000100)=""/65, 0x77}], 0x1, 0x0, 0x0, 0x0) (async)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) (async)
sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, 0x0, 0x0) (async)
connect$ax25(0xffffffffffffffff, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, 0x0) (async)
bind$xdp(0xffffffffffffffff, 0x0, 0x0) (async)
write(0xffffffffffffffff, 0x0, 0x0) (async)
r3 = io_uring_setup(0x67bb, &(0x7f00000000c0)={0x0, 0x0, 0x1})
io_uring_enter(r3, 0x0, 0xf2fb, 0xf, 0x0, 0x0)

890.021189ms ago: executing program 1 (id=2920):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x20, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
wait4(r0, 0x0, 0x0, 0x0)
ptrace$cont(0x18, r0, 0x7e, 0xec)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000005c0)='ns/mnt\x00')
setns(r1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="a5fdad8800000000180012800e00010077697265677561726400000004000280", @ANYRES32=0x0], 0x40}}, 0x0)

497.447583ms ago: executing program 0 (id=2921):
r0 = openat$uinput(0xffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x5)
r1 = socket(0x5, 0x6, 0x9)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000040)={0x5, 0x9, {<r2=>0x0}, {<r3=>0xee01}, 0x3, 0x3})
waitid(0x2, r2, &(0x7f0000000080), 0x20000000, &(0x7f0000000100))
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000180)=<r4=>0x0)
sched_setaffinity(r4, 0x8, &(0x7f00000001c0)=0x1)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
rt_sigtimedwait(&(0x7f0000000200)={[0xfcfa, 0x8]}, &(0x7f0000000240), &(0x7f00000002c0)={0x0, 0x3938700}, 0x8)
setuid(r3)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r6, 0x84, 0x74, &(0x7f0000000300)=""/215, &(0x7f0000000400)=0xd7)
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r7, 0x0, 0xc8, &(0x7f0000000440), 0x4)
epoll_wait(r0, &(0x7f0000000480)=[{}, {}, {}], 0x3, 0xf986)
syz_emit_vhci(&(0x7f00000004c0)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xc4}, "de4ec923e5c0e8098840ed9bd9ab28ab435574ffab26b717876f9c427b92e61aa76e559fd13e4b0158e95ed914cc5e282eddcbc0771fe61846966e51db4b0dbc27af21da1a346d64534cf990e7eb7d8bac9b0f93aed626c098443504360d030503e657e562a962996c9dcfa3a430d0231764c26919e0f3b2373b28aa9637e8bfe02dccc63418c6e1f90fab3037d91270b7b274aa1d5a61287716ae7552d169c35eaa5fd60fc46dbea4400cfdacb968b4b2429c390a58ea9da3b448c084e8021afba238bf"}, 0xc8)
getsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f00000005c0)=[{}, {}, {}, {}], &(0x7f0000000600)=0x20)
syz_pidfd_open(r4, 0x0)
r8 = syz_open_dev$hiddev(&(0x7f0000000640), 0x800, 0x2a8000)
read$hiddev(r8, &(0x7f0000000680)=""/151, 0x97)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, &(0x7f0000000740)={0x5, {{0xa, 0x4e21, 0x6, @private2, 0x3}}, {{0xa, 0x4e22, 0x9, @mcast2, 0xa2ab}}}, 0x104)
ioctl$sock_inet_SIOCGIFNETMASK(r7, 0x891b, &(0x7f0000000880)={'veth0_to_bond\x00', {0x2, 0x0, @multicast1}})
r9 = openat$fuse(0xffffff9c, &(0x7f00000008c0), 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000900)={0x2020, 0x0, <r10=>0x0}, 0x2020)
write$FUSE_BMAP(r9, &(0x7f0000002940)={0x18, 0x0, r10, {0x100}}, 0x18)
ioctl$HIDIOCGUSAGES(r8, 0xd01c4813, &(0x7f0000002980)={{0x3, 0x200, 0x2, 0x1, 0x1ff, 0x4}, 0xd4, [0x0, 0xf, 0xfffffff9, 0x1, 0x6, 0x6, 0xd83, 0x19b1, 0x1ff, 0x7c, 0x3, 0x62c3, 0x6, 0x7f, 0x3c8, 0x4, 0x1, 0x0, 0xfffffffe, 0x6, 0x1, 0x6, 0x400, 0x5, 0x7, 0x0, 0x2, 0x5, 0x5, 0x0, 0x7, 0x5, 0xfffffff8, 0x8, 0x6, 0x6, 0x0, 0x6, 0x9, 0x2, 0x2000, 0x0, 0x0, 0x5, 0xe, 0x0, 0x3ff, 0x1, 0x8, 0x0, 0x400, 0x0, 0x10001, 0x7, 0x7, 0x800, 0x7fffffff, 0x7, 0x81, 0x9, 0x9, 0x4, 0xffffffff, 0xffff, 0x9, 0x2, 0x407, 0xd92, 0x2, 0x9, 0xa562, 0x81, 0x987, 0x29c8c00, 0x0, 0x4, 0x80000001, 0x0, 0x3, 0x7, 0x4, 0x401, 0xfffffff8, 0x7, 0xaa3, 0x4, 0x5b, 0x5, 0x1, 0xfffffffd, 0x3398, 0x0, 0x4, 0xfe48, 0x47, 0x5, 0xfff, 0x6, 0x3, 0x2, 0x80000001, 0xfffffffd, 0x6, 0x7, 0x9, 0xd1b, 0xfffffff4, 0x101, 0x7fff, 0x0, 0x2, 0xfffffffe, 0x9, 0x2, 0x200, 0xcfb1, 0x81, 0x2, 0x9, 0x5, 0x1, 0xa, 0x1, 0x5, 0x3, 0x8, 0x0, 0x344, 0xef, 0x5, 0xd24c, 0xe7d, 0x2, 0x5, 0x80000001, 0x8, 0x9, 0x80000001, 0x3, 0x5a, 0x8, 0x1, 0x0, 0x3726, 0x3, 0x80000001, 0x9, 0xfffffedd, 0x0, 0x7, 0x0, 0x401, 0x2ecc, 0x3, 0x1, 0x7fffffff, 0x2, 0x8, 0x6, 0x2012, 0x4, 0x100, 0x6, 0xfffffe01, 0x1894, 0x8, 0x2, 0x1, 0x6, 0x2, 0x1, 0x7, 0x332, 0xc, 0x2, 0x5, 0x6, 0x4, 0xff, 0x4, 0x8, 0x6, 0x3, 0x4, 0xbd34, 0x627c1763, 0x2, 0x101, 0x0, 0x9, 0x1, 0x10, 0xa, 0x401, 0x2, 0xa, 0x1, 0x1000, 0x6, 0x200, 0x4, 0xffffff84, 0xfffffffb, 0x2, 0x1, 0x0, 0x81, 0x7, 0x63f00000, 0x2, 0x607, 0x5, 0xfffffff4, 0x5, 0x3a7f, 0xf6af, 0x1, 0x9, 0x9, 0x1, 0x1, 0x1, 0x1, 0xee1e, 0x3, 0x3, 0x1, 0xfffffff9, 0x9, 0x5, 0x4, 0xa08, 0x200, 0x6, 0x7, 0xffffffff, 0x2, 0x8, 0x19e, 0x3, 0x8, 0x8, 0x3, 0x3, 0xa000000, 0x9, 0x0, 0x6, 0x7, 0x9, 0x6, 0xfffffff9, 0x4, 0xfffff1b8, 0x93e1, 0x0, 0xfff, 0x10, 0x8, 0x0, 0x9, 0x6, 0xd, 0x2, 0x1, 0x0, 0x6, 0x5, 0x3, 0x2, 0x6, 0x5, 0xed9, 0x4, 0xfff, 0x8, 0x2, 0xfffffffa, 0x6, 0x4, 0x0, 0x5, 0x4, 0x6, 0x9, 0x8, 0x7, 0x27ba, 0x2, 0x4, 0x8000, 0x0, 0x7ff, 0x40, 0x9, 0x33ff, 0x7, 0x2, 0x8, 0xd530, 0x9, 0xc, 0x1, 0xd, 0x9, 0x3, 0x2, 0x5, 0x9, 0x0, 0x100, 0xe4fd, 0x5, 0x40, 0x200, 0x800, 0x4, 0x7, 0xfffffffd, 0x0, 0xf2af, 0x1, 0xb18, 0x6, 0x80000001, 0x7, 0x197, 0xe6aa, 0x6, 0x5, 0x5, 0x4, 0x1, 0x380, 0x14dc, 0x0, 0x8, 0x2, 0x5, 0x4, 0x263d, 0xfff, 0x7fff, 0x9, 0x1, 0x6, 0x1, 0x19af, 0xdf5, 0xc813, 0xba8, 0x5, 0xfffffe01, 0x8000, 0x5, 0x2, 0x80000000, 0xd3, 0xb3d0, 0x2, 0x2, 0x2, 0x9, 0xfffffe01, 0x7, 0x400, 0xba, 0x1ff, 0x2, 0x3, 0x6, 0xff, 0x4, 0xc627, 0x1, 0xd, 0x4, 0x0, 0xfffffff9, 0x10, 0x7, 0x0, 0x0, 0x7c1, 0x5, 0x4, 0xf19, 0x3, 0x2, 0xe304, 0xfffffff9, 0x80, 0x0, 0x400, 0x80000001, 0xb4bf, 0x7, 0x8000, 0x6, 0x2, 0x80000001, 0x2, 0x6d, 0x1, 0x9, 0x1, 0x3ff8000, 0x7, 0x1, 0x3, 0xfffffffa, 0x10001, 0x80000001, 0x8, 0x1, 0x7, 0x7, 0xb, 0xd, 0x0, 0x5, 0x2, 0x3, 0x0, 0x9, 0x8, 0x6, 0x2d, 0xd, 0x6, 0x81, 0x0, 0x0, 0x7f, 0x5, 0xffffffff, 0x8, 0x8, 0x1ff, 0xc, 0x100, 0x3, 0x2c, 0x7, 0x80, 0xffff29fa, 0x2, 0xefd, 0x1ff, 0x4, 0x10, 0xffff, 0x800, 0xfffffffb, 0x4, 0x9, 0x6, 0xfffffff9, 0xb, 0x4, 0x6, 0x7, 0x3, 0x7, 0x3ff, 0x5079, 0xffffa160, 0x3, 0x3, 0x3, 0xe8, 0xeb14, 0xfffffffb, 0x6, 0x80000001, 0x3ff, 0x84e3, 0x7, 0x6, 0x7, 0x4, 0x9, 0x0, 0x80000001, 0x80000001, 0x80000000, 0x1, 0x6, 0xfffff801, 0x5, 0x6, 0x1, 0x6, 0xffff, 0xe87a, 0xffff, 0x291, 0x280000, 0x1, 0x1, 0x1ac, 0x9, 0x9, 0x765, 0x1, 0x80000000, 0x382d453c, 0xffffffff, 0x6, 0x486, 0x7, 0x5, 0x3, 0x0, 0x2, 0x0, 0x1, 0x2, 0x9b6a771, 0x1, 0xc60, 0x8, 0x7fffffff, 0x6, 0xfffffffe, 0x5, 0x5, 0x3e, 0x4, 0x5a, 0xa9a, 0x9, 0x5, 0x7fffffff, 0x7, 0xffffffff, 0xfffffff9, 0xe, 0x5, 0x7, 0x4, 0xe, 0x0, 0xaab, 0x0, 0x8, 0xff, 0x8, 0x9, 0xff, 0x8778, 0x6, 0x5, 0x5, 0x7f, 0x6, 0x1, 0x0, 0x9, 0x80, 0x6f8, 0x7ff, 0x0, 0x3, 0x2, 0xffffff7f, 0x4, 0xffff132e, 0x6, 0x6, 0xff, 0x3, 0x9, 0xce1, 0x80000000, 0x5, 0x7, 0x2, 0x9, 0x6, 0x2, 0x4, 0xfffffffd, 0x0, 0xffffffff, 0x0, 0xbcf, 0x9, 0xfffffff4, 0xff, 0x3, 0x8, 0x4, 0x5b4, 0xd, 0x6, 0x8001, 0x1, 0x1, 0x9, 0xc, 0x4, 0xffffffff, 0x0, 0x4, 0xffffffff, 0x200, 0x1000, 0x8, 0xd, 0x8, 0x8001, 0xe, 0xffffffff, 0x5, 0x2, 0xffffffff, 0x7f, 0x8001, 0x0, 0x3, 0x8, 0x8, 0x7ff, 0x7, 0xffffffff, 0x2, 0x8, 0x5, 0x3, 0x9, 0x8001, 0x7, 0x4, 0x8, 0x8, 0x2, 0x9, 0x6, 0x10001, 0x14, 0x837, 0x4, 0x7, 0x0, 0xf015, 0x4, 0x1000, 0x5, 0x2, 0x0, 0x7f, 0x9, 0x4, 0x5b52, 0x8, 0x4d12, 0x4, 0x40, 0x7, 0x5, 0x400, 0x8, 0x2, 0x2541f82f, 0x7f3, 0x1, 0x80, 0xc372, 0x101, 0x9, 0x2, 0xa, 0x0, 0xffffffff, 0x5, 0xffff0000, 0x5, 0x98, 0x3, 0x3, 0xffffffff, 0x6, 0x5, 0x0, 0x0, 0x9, 0xab3f, 0x28, 0x9, 0xffffffc0, 0x1, 0x6, 0x6, 0x6, 0x1, 0x1ff, 0x1, 0x4, 0x9, 0xb, 0xe, 0x4, 0x9, 0x84d, 0x7ff, 0x9712, 0x9, 0x80, 0x5, 0x8001, 0x6a, 0x5e, 0x5, 0xffffffff, 0xeb, 0x80000000, 0x9, 0x1, 0x200, 0x7fffffff, 0x1, 0x7, 0x3, 0x6, 0x9, 0x2, 0xff, 0x8, 0x10001, 0x34ed, 0x6, 0x4, 0x2, 0x7, 0x8, 0x79, 0x5, 0x9, 0x0, 0x100, 0x3ff, 0xfffffc01, 0xa3, 0xfffffffe, 0x4, 0x4, 0x0, 0x1, 0x6, 0x8, 0x7fffffff, 0x3, 0xfffffffb, 0x1, 0x3, 0x2, 0x5, 0x6, 0x2, 0xbdcf61e, 0x3, 0xffffffff, 0x1797, 0x3, 0x4, 0x1ff, 0x0, 0x5, 0x8000, 0x6, 0x7ff, 0xffff, 0x9, 0xd, 0x1, 0x4, 0xe, 0x2f9eae1a, 0x7, 0xe, 0x6196, 0x2, 0x9, 0x2, 0x0, 0xffff, 0x7, 0x8, 0x5, 0x2, 0x80000001, 0x4a9c, 0x9, 0x4, 0x1800000, 0xb, 0x6, 0xffffffff, 0x1, 0x3, 0xfffff1f7, 0xbae, 0x6, 0xce1f, 0x2, 0x3ff, 0x7, 0x8, 0xd, 0x4, 0x4a0f, 0x8, 0x80000000, 0x8, 0x7, 0xfff, 0x3228, 0x5, 0xa9, 0x5, 0xfebc, 0x80000001, 0xff, 0x2, 0x8, 0x6, 0x54d6, 0x0, 0x5, 0x3, 0x9, 0x2d6, 0x78f, 0x9, 0x1000, 0xf, 0x6, 0x8000, 0x6, 0x6f, 0x5, 0xfffffff9, 0x0, 0xaed, 0x7, 0x7, 0x100, 0xd, 0x8d27, 0x3, 0x3, 0xa05, 0x2, 0x200, 0xfffffffe, 0x7, 0x2a3, 0x8, 0x0, 0x8, 0x8, 0x6, 0x5, 0x101, 0x3, 0x8, 0x10001, 0x400, 0x7f, 0x0, 0x0, 0x3, 0x2, 0xa, 0x100, 0x96, 0x9, 0x80000001, 0x3, 0x7fff, 0xe, 0x5, 0x2, 0x2, 0x6, 0xfffff801, 0x8000, 0x3, 0x5, 0x3, 0x101, 0x8, 0x645f, 0x954d, 0xbc9, 0x1ff, 0x5, 0x40, 0x4, 0x3, 0x5, 0x5, 0x5, 0xc9, 0x6, 0x3, 0xbc7, 0xf8, 0x7fff, 0x7bc4, 0x7, 0x9, 0x6, 0x6, 0x5, 0xfffffff9, 0x1, 0x5e, 0x5, 0x53fe, 0xc00000, 0x9, 0x4, 0x0, 0x1f5, 0x2, 0x9, 0x9, 0x5, 0x2, 0x9, 0x7, 0x5, 0x5, 0xe, 0x3, 0x5, 0x7ff, 0x20e, 0x2, 0x5, 0x30a, 0xea34, 0x8, 0x401, 0xfffffff8, 0xfffffff9, 0xfffffff2, 0x0, 0x7, 0x101, 0x3, 0x8001, 0x15, 0x6, 0x0, 0x1, 0x3, 0xa57, 0x7, 0x8, 0x6b0, 0x2, 0x73d, 0x4, 0x7, 0x1, 0x4f, 0x1, 0x0, 0x8001, 0x0, 0xa9b, 0x8000, 0x0, 0x3, 0x3, 0x7f, 0x34, 0x10001, 0x3, 0x7fffffff, 0x24, 0x5, 0x3ff, 0x2, 0x1, 0x0, 0xc, 0x2, 0x8, 0x5, 0x9, 0x800, 0xffffffff, 0x3, 0x80, 0x8, 0x7e, 0xe8, 0xfffffffe, 0x2, 0xaa9, 0x2, 0x2, 0xca55, 0x4b, 0x2, 0x7, 0x2, 0xffff, 0x9, 0x9, 0x6, 0xfb, 0x8dc, 0x6, 0x6, 0x20000000, 0x0, 0x3ff, 0x4, 0x2]})
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f00000039c0))
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000003a40)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000003b00)={&(0x7f0000003a00)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000003ac0)={&(0x7f0000003a80)={0x38, 0x0, 0x100, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r11}, @val={0xc, 0x99, {0x5, 0x61}}}}, [@NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x29}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x7f}]}, 0x38}, 0x1, 0x0, 0x0, 0x40080}, 0x20000000)
clock_getres(0x6, &(0x7f0000003b40))

400.406746ms ago: executing program 3 (id=2922):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x64)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
creat(&(0x7f00000004c0)='./bus\x00', 0x40)
setxattr$security_ima(&(0x7f0000000180)='./bus\x00', &(0x7f0000000000), &(0x7f0000000380)=ANY=[@ANYBLOB="04b0"], 0x2, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)

399.819343ms ago: executing program 4 (id=2923):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040), 0x6)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'ip6_vti0\x00', <r2=>0x0, 0x29, 0x3b, 0x2, 0x8, 0x1, @private0, @remote, 0x7800, 0x7800, 0xfffffffe, 0xcdbc}})
r3 = syz_open_dev$vcsu(&(0x7f0000000240), 0x46, 0x608742)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f0000000000)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x200, 0x91, &(0x7f00000000c0)=""/145, 0x0, 0x24, '\x00', r2, 0x0, r3, 0x8, &(0x7f0000000280)={0x7, 0x2}, 0x8, 0x10, &(0x7f00000002c0)={0x3, 0x7, 0x81, 0xdf04}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x70000000, @void, @value}, 0x94)
r4 = socket(0x11, 0x800000003, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
pselect6(0x40, &(0x7f0000000440)={0x2, 0xf, 0x10000, 0xffff, 0x200, 0x9, 0x3, 0xfffffffffffffffd}, &(0x7f0000000480)={0x9, 0x8, 0x5, 0x9, 0x2, 0x80000001, 0x80000000}, 0x0, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000007c0)=ANY=[@ANYBLOB="302000000203010150d27baa000000000700000908000340208db649080001000100002b090002000000000400000000ecabf08f2a39884a5ff114dd15d4b293adac20730da22b5174d9d1fe986bd2721de209233a5288b677e7326764aa90a736d24730e889622204d8f28c59f8c4593923d4c12dc6e9004f5d0e6c7fd6afe586c0a6cf477a38b876ad60f73abdd2a6cdd06dd2b36a4f9ebe9973442a8fac2fb66a3f46"], 0x30}, 0x1, 0x0, 0x0, 0x24044840}, 0x40)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000400))
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000001e40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a505000000007751e841cca555077e3a159110193dd2ff1fa7c3205bfedbe9d8f3bd23cd78a07e32fe0231368b2264f9c504b2f1f65515b2e1a38d522be18bd10a48b043ccc42673d06d7535f7866925d86751dfced1fd8accae669e173a659c1cfd6587d47578f4c35235138d5521f9453559c35da860e8efbcbfb42c30d294a55e1c46680bee88956f2b3599f455c7a3a49a01010000009f2f0517e4ca0e1803a20000000013d4e21b3336f1ae0796f23526ec0fd97f7325eac34c4dfafe7cc03b0864009d2e7d7ff6ff72ba8972b122b09789d99b3d0524f39d5ae913b2d22eb2c09244ba5dbe9180950f76f7049db5cb19d7962fed44e00f39ed8c13a11fa798de504e2865cd81f2b77fdd76c677f812d249c8130b018d4300000020000000db3947c85c3a9027ce9e856fa8b7fb05000000000000593d60abc9b3e67d127e56f3d3759dcfeb820634fd4d419efaefc74305b2bea2000600000051fcf5d62205561b6efaad206335a309f7b9e01446a6285f4665a7fe3cda2349f8bf400100000000000000f435f28fbeda75cf971f54a9698cf3270f420ee83f2d9babe7b922401639ce3c4ff0850a8e078374909413f3fbd3ced3285252dc81a46ef7ce29484dc6b6adfd7a4db730fc594609654d97836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ec9d840f3914909187b6b0776952be71b0417d33d3ab25493418ba0fbacf768e07c1a939d31f606085b9e3efc93b0f58d5ec37494d9d10d76e603129e9a726579ac7d672cacd581b7ca77b3610b7403930fd42051d4b7443e5b49c000000000000007d6173050027791c9c1e04ad3711a66da2254a6f911b1469c62a6e1e3f9c1715c009a58e6eadac8f61b45853673df72dc813f7454ae22d79ac48034282f03040889500000000179dcf66d93907cedd49e0c5752f755849953957143a0335d2f62acbf18b251ce63b29fe177745448ccc925770fac12cf9e291200df6bb669d5a57dd74df817ef2f8698f710c359afe73947afebdf5536e4db8b0231d0cbc798766ec60586f14b44775bc9d250e4515cb83275d3b495fa90000e69a68b47ac4595463e1442d88e0606a060000cc914fae896ab129ccdf8792a8435972c8391d132a2fcbd40e865d62cc7c4200000000000000000000000000000800002a77fbbccfdb1ab3d8434905f09726b8145ea99c7640faab578dc98a6134df0a10a54ce7e7ddbb709a27d977d1f91ab9ee940700009594c9a50961b7fcc56d82584dc8254df7c411fa61353a6897c4f3b9f6f2ab47adb29aefecce96c94f360e129c9f2af569c794b68b2ead404bcdd4aa9cb6a128e1ad45fd4030e1e69adf4986b7860f3122d59c079f0f9a1732f691590f45512aec4ed2413f66cac7dd022301741c576dea82005b166d6c3b9ed0c297ac197a92188a618745e78dca0b3c62f1601243089d9c687563382b0b88a7d80fd7bf7fae8a690f52db1464d29b1b926414cd35705c89662c585e32c881d917b74f027674dbc017499ba15a2e2900000000000000000000000000007b593ecbdd162fee9f239a3c615b3e9a3fb0af254bdd247a5a5abdbc0123c950eec0f1800b295be71418dd65de15e11beef9630499c70fce74135a7c7c8e818b79b85ff65d59d89492d7a663d3f25651e252ab49d358eac853ffe182ee37a5db085a072647719cb8604ba2e0b80af3f1867bd8fb6afca671437e0a5a9d5a088436739262d894986882ec0fb419a377ef47f4920a5de6d8de0d3090b4cb6b773e825442d351f980eed0d997a4d98a51220c41b145e2186546c646128a3e69f52fcad83a026def90b9eb55f4a0a2251bbae428c6c017b5a47f1580831a7ce232857e6aa9e777e99da1a3ad03fdc93fa7ed96228deac5e3bce983971041297a6ba18783a2edc7e3901cc891035872c61e7ea375b0902be0c5cc7fdef968ba1ca17ce5e11f2f384cd28c1194f56d3cf074e8ba4e60e84dc2f352c3cd170581aee0c93ca8ceff84cda40325d340759e79e5c4bcec227e37f7ec2193c78877fb319ec1f2d4dcf1d46a15cde1d6cecce6ecdb0c0a3413394d51341a7b3606ad8c29b6dbf6be3265b528c3208de35161bfe19678df43a45b314e5a0f8754cfaf4f9d3fdf9c8f7b7c296bf2e632d25ba8ee6369b362a8e4c9dff176d482d32249c93680a04f6464f184acfd0376662fee9e1031e569248db9bc724cdd97976a4d7c5c5172d1383fa1e442f68a14b747a9f2597bf115dd0111fe8ba3584a43176f33bd39a408f8648b19839bba9cc47624ea19e46dbbdf0faf591bcdc8613828a0c5a40c04ae34bbf4a0e27828b0c7cb9d7a7455db030425a4bd69cf6dcb4b1d066f8ef4ea1c710e05819df82d5cc94ace6b41c2de37a2eaf24f24b3d9a7dd4d197d51407be3e90000000000000000dbc0b0d6e11ccb71437ebea7ad01d5b93a7a0561e4a1b3fa1aa9c75f3aaec4ace1b6201a3e007b657be62df59133b4d8f0f145d9fc954cc7792077268bf0977e2a699722ce3dbb97248b8a8a771dd0f7d9c97e6587524a44fd6d49330ccbc39ca277b84f7f0a39759ef0b42388bd69fe341a925e8cdc5d7b2d6ddb7331a081bd0672bf4d02255de095a179e51bf5492d4e89c3cbad59db725c0dd7e35cbd9887175286a37d7621a361eb830cc5b842b11b5d040ccceb254d6a0c9c43718d0816bb2465928e236101b8cd46b5ef9cb930378a9249cbb41bcde9bb78d71c512153d2f1d765b56d2e5ef3e3d34975787646630051074c9706747fda873ccfdb394fc269c8cfadc0a52c3402f392a38052f859ab5600000000000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000240)='kmem_cache_free\x00', r8}, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000140000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r10, 0x1, 0x32, &(0x7f00000000c0)=r9, 0x4)
sendmsg$unix(r11, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r7}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8)
r12 = socket$inet6(0xa, 0x3, 0x11)
connect$inet6(r12, &(0x7f00000000c0)={0xa, 0x800, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r12, 0x29, 0x23, &(0x7f0000004480)={{{@in6=@ipv4={'\x00', '\xff\xff', @private=0xa010100}, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20, 0x0, 0x5e}, {0x0, 0x0, 0x9}, {0xfffffffffffffffd, 0x3}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x26}, 0x0, 0x33}, 0x2, @in=@rand_addr=0x64011102, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7ff}}, 0xe8)
sendmmsg(r12, &(0x7f0000000480), 0x21, 0x0)
epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x8, &(0x7f00000001c0)={[0x4, 0x10]}, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000600))

339.031061ms ago: executing program 3 (id=2924):
r0 = socket$netlink(0x10, 0x3, 0xc) (async)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
write$binfmt_script(r1, &(0x7f0000000200), 0xfffffd9d)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x327, &(0x7f0000000440)=ANY=[@ANYRES16=r1, @ANYRESDEC=r1, @ANYBLOB="ce63172378b8d8b7ea15bddb10628b3470049d8148a86e4b742c0a2a5eb9177eb9e097b10cb67b553dc02761ffac2daa5fdb5517f174adbd1e59cc37279aa5828c5f58464c1a414eaa930f1dfdfbee0b7d264762c044266a4dd43c74a147835c7884fe60e9150c1ded636aab46adb664f8db25b3753e0aa9b1e3f1829fe7d9aebf16b73c5413acc2b8aac04fdc1e9bbe05", @ANYRESOCT=r0, @ANYRESHEX=r0], &(0x7f0000000000)='GPL\x00', 0x7, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) (async)
prlimit64(0x0, 0x5, &(0x7f0000000300)={0x1, 0x1e}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102398, 0x18ffe)
gettid() (async)
timer_settime(0x0, 0x0, &(0x7f0000000280), 0x0) (async)
readv(0xffffffffffffffff, &(0x7f0000000240), 0x0) (async)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) (async)
r3 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) (async)
openat(0xffffffffffffff9c, 0x0, 0x401c2, 0x100) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmmsg(r4, &(0x7f00000034c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x720, 0x0) (async)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x200001, &(0x7f0000000080)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000200)='./file0\x00') (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) (async)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r5 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$KDGKBTYPE(r5, 0x4b33, &(0x7f0000000140))
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x90009427, &(0x7f0000000180))

338.452964ms ago: executing program 0 (id=2925):
r0 = socket$kcm(0x10, 0x2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000540)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000fef000/0x1000)=nil})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x400, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000019180)='io\x00')
pread64(r4, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5dbf241b, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)=ANY=[@ANYBLOB="14000000100001000000ddffffff00000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c000000150a0102"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480b0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)

220.190005ms ago: executing program 3 (id=2926):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
futex(0x0, 0x18d, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_getmulticast={0x14, 0x3a, 0x800, 0x70bd25, 0x25dfdc00, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000041}, 0x4004040)
r4 = openat$vhost_vsock(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
read$FUSE(r5, &(0x7f0000000200)={0x2020}, 0x2020)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000000)='cifs\x00', 0x0, &(0x7f00000001c0)='=\n\x9b\xa1Q\x83\xe9\n@\xf6\"2a\xd7\x1fch\x1a}#\xfa\xe4\n\xdc[\x03\x97\xcd\xf1\xa6b\x9a\x1f\xff\xff\xffIT\xe4\x8c&\xac\xe6:\xc5\xe8\xd9\"\x82\xd5\xeb\x90\xef1:\xba\xc3\xc3\xd3\xad\'\xc44\x17,,\x8dZz\x04\x17-#F\xc7<\xe6\xf5]%gC\x9e\xca\nS\xc3\xc8\x98\xd8\xc8\x9eZ\xa76\x9f\xc2=\xaa\xcet7\xb9\xbd\xd47\xe3\xc8@$8\v\x9f\xfd\xe1!\x11\x19Y\x06J\x8f\x80\xef9Tw8\x1b\xe2\xf3\x85\xd5}\xa5\xb7\xd5|')
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000180)={0x3, 0x0, 0x0, 0x0, &(0x7f0000000140)=""/33, 0xe6e40004})
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x28, 0x1, 0x4, 0x201, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_MODE={0xa, 0x2, {0x5, 0x3}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000081}, 0xa000)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000009cc0)={&(0x7f0000000040)='reclaim_retry_zone\x00', r5, 0x0, 0x8000000000000000}, 0x18)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x28, 0x0, 0x1, 0x0, 0x0, {{0x11}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x811}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f00000000c0)=0xffffffffffffffff)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0xc, &(0x7f0000000200), &(0x7f0000000400)=0x4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000003680)={'gretap0\x00', &(0x7f0000003580)={'gretap0\x00', r3, 0x8000, 0x8000, 0x7, 0x2, {{0x38, 0x4, 0x0, 0x3, 0xe0, 0x68, 0x0, 0xa, 0x2f, 0x0, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp_prespec={0x44, 0x3c, 0x8c, 0x3, 0xd, [{@remote, 0x93a}, {@empty, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x5}, {@multicast2, 0x1}, {@rand_addr=0x64010102}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x9b92}, {@loopback, 0xff}]}, @end, @timestamp_prespec={0x44, 0xc, 0xd1, 0x3, 0xa, [{@remote, 0x3}]}, @cipso={0x86, 0x5b, 0x2, [{0x2, 0x10, "51348d8f1c15b7d02a9dc4677610"}, {0x7, 0x9, "1a48b3ecbafa1e"}, {0x0, 0xa, "4e6c9fdd285eeff1"}, {0x7, 0xf, "055450ab7e3efaca9ac3a7991b"}, {0x7, 0x5, "054e0c"}, {0x7, 0xf, "946308972668c219611f5bdc4c"}, {0x0, 0xf, "f764e12a2189fba4c0f225a401"}]}, @ssrr={0x89, 0x17, 0xad, [@multicast1, @multicast1, @empty, @empty, @rand_addr=0x64010101]}, @generic={0x89, 0x10, "1da59f037a78fa5bb49ff4a12f0e"}]}}}}})
socket$rxrpc(0x21, 0x2, 0xa)
sendto$inet6(r5, &(0x7f0000008d80)="644400aae110051e1e1b4e6165df398dc9a4a031587a3101ede3dcd3ec4ddbbfc0592aa9f4f3368d523f63059a7b9f3b077c036a1b97106a59a4f4657c0b80ee6043864192f7dd38212466ed0228f3207c22bfa940c7bc861f57e3d7edfbb028ccd332c02af2d018204fd3dba6", 0x6d, 0x40090, &(0x7f0000008e40)={0xa, 0x4e20, 0x1, @private2, 0x5}, 0x1c)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000009040)={0xffffffffffffffff, 0xe0, &(0x7f0000008f40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000008d80), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000008dc0), &(0x7f0000008e00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x85, &(0x7f0000008e40), 0x0, 0x10, &(0x7f0000008e80), &(0x7f0000008ec0), 0x8, 0x1a, 0x8, 0x8, &(0x7f0000008f00)}}, 0x10)

0s ago: executing program 1 (id=2927):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x60}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c00014000000000000000080800044000000001"], 0xdc}}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x1abb01, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r3, &(0x7f0000000200)={@void, @void, @eth={@broadcast, @remote, @val={@val={0x88a8, 0x0, 0x0, 0x1}, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x2, 0x9, 0x5c, 0x167, 0x0, 0x5d, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x4e23, 0x4e22, 0x48, 0x0, @wg=@cookie={0x3, 0x1, "cf24000281831aec3d7215370100000075d0ce9ab78a3c6e", "6346a8d16a4263470cfd0b63ec63312380d149bff2dd6edbfe35572f5292dc21"}}}}}}}, 0x72)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x2}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x240000}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000084}, 0x84)
r7 = landlock_create_ruleset(&(0x7f0000005340)={0x8462, 0x2}, 0x18, 0x0)
landlock_restrict_self(r7, 0x0)
r8 = getpgid(0x0)
tkill(r8, 0x22)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r5, 0x84, 0x70, 0x0, 0x0)
ioctl$VIDIOC_DV_TIMINGS_CAP(r5, 0xc0905664, &(0x7f0000000480)={0x0, 0x0, '\x00', @bt={0xfffffff9, 0x3, 0x2, 0x7, 0x100000000, 0x1, 0xf, 0xa}})
r9 = shmget$private(0x0, 0x2000, 0x400, &(0x7f0000ffb000/0x2000)=nil)
shmctl$SHM_INFO(r9, 0xe, 0x0)

kernel console output (not intermixed with test programs):

syz.1.2307'.
[  357.343607][T14962] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2307'.
[  358.019809][T15000] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2310'.
[  358.343723][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  358.441577][T14997] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  358.497973][T15022] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  358.500458][T15022] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  358.504617][T15022] vhci_hcd vhci_hcd.0: Device attached
[  358.511951][T15022] x_tables: ip6_tables: cgroup match: used from hooks FORWARD, but only valid from INPUT/OUTPUT/POSTROUTING
[  358.622360][T15024] vhci_hcd: connection closed
[  358.622630][T14050] vhci_hcd: stop threads
[  358.625473][T14050] vhci_hcd: release socket
[  358.627313][T14050] vhci_hcd: disconnect device
[  358.677901][T15029] netlink: 'syz.2.2314': attribute type 4 has an invalid length.
[  358.683551][ T5999] vhci_hcd: vhci_device speed not set
[  359.238609][T15037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  359.241577][T15037] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  359.383562][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  359.493476][   T25] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  359.633685][   T25] usb 6-1: device descriptor read/64, error -71
[  359.646379][T15031] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  359.881826][T15053] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2321'.
[  359.890051][T15053] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2321'.
[  359.893460][   T25] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  360.023971][   T25] usb 6-1: device descriptor read/64, error -71
[  360.133858][   T25] usb usb6-port1: attempt power cycle
[  360.433549][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  360.473633][   T25] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  360.494130][   T25] usb 6-1: device descriptor read/8, error -71
[  360.733501][   T25] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  360.753950][   T25] usb 6-1: device descriptor read/8, error -71
[  360.873656][   T25] usb usb6-port1: unable to enumerate USB device
[  360.898621][T15072] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2327'.
[  361.000666][T15074] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  361.463499][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  361.631199][T15088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2330'.
[  362.503620][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  362.699578][T15102] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2334'.
[  362.742204][T15102] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2334'.
[  362.864819][T15112] block nbd0: Cannot use ioctl interface on a netlink controlled device.
[  362.868835][T15112] block nbd0: shutting down sockets
[  362.877839][T15112] 9pnet_fd: Insufficient options for proto=fd
[  363.173524][    T9] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  363.326130][    T9] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  363.329009][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  363.332649][    T9] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  363.337006][    T9] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  363.339410][    T9] usb 5-1: Product: syz
[  363.340642][    T9] usb 5-1: Manufacturer: syz
[  363.342121][    T9] usb 5-1: SerialNumber: syz
[  363.346290][    T9] usb 5-1: config 0 descriptor??
[  363.350897][    T9] usb 5-1: selecting invalid altsetting 0
[  363.543522][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  363.628519][   T25] usb 5-1: USB disconnect, device number 24
[  364.121182][   T39] audit: type=1326 audit(1740447739.599:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15162 comm="syz.0.2347" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x0
[  364.510097][T15170] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  364.583683][    C0] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  364.957114][T15174] FAULT_INJECTION: forcing a failure.
[  364.957114][T15174] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  364.962038][T15174] CPU: 0 UID: 0 PID: 15174 Comm: syz.3.2341 Not tainted 6.14.0-rc4-syzkaller #0
[  364.962059][T15174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  364.962068][T15174] Call Trace:
[  364.962072][T15174]  <TASK>
[  364.962077][T15174]  dump_stack_lvl+0x16c/0x1f0
[  364.962096][T15174]  should_fail_ex+0x50a/0x650
[  364.962138][T15174]  _copy_from_user+0x2e/0xd0
[  364.962171][T15174]  __sys_bpf+0x21c/0x49c0
[  364.962187][T15174]  ? __pfx_lock_release+0x10/0x10
[  364.962202][T15174]  ? __pfx___sys_bpf+0x10/0x10
[  364.962216][T15174]  ? vfs_write+0x306/0x1150
[  364.962232][T15174]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  364.962253][T15174]  ? fput+0x67/0x440
[  364.962262][T15174]  ? ksys_write+0x1ba/0x250
[  364.962277][T15174]  ? __pfx_ksys_write+0x10/0x10
[  364.962292][T15174]  __ia32_sys_bpf+0x76/0xe0
[  364.962302][T15174]  __do_fast_syscall_32+0x73/0x120
[  364.962316][T15174]  do_fast_syscall_32+0x32/0x80
[  364.962328][T15174]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  364.962344][T15174] RIP: 0023:0xf7fd8579
[  364.962353][T15174] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  364.962363][T15174] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  364.962373][T15174] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000180
[  364.962379][T15174] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  364.962385][T15174] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  364.962391][T15174] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  364.962397][T15174] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  364.962408][T15174]  </TASK>
[  365.623514][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  366.662742][T15212] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  366.669964][T15212] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  366.673481][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  366.944083][T15218] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  367.442801][ T5961] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  367.447404][ T5961] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  367.450344][ T5961] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  367.453151][ T5961] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  367.464572][ T5961] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  367.469482][ T5961] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  367.562857][T15233] chnl_net:caif_netlink_parms(): no params data found
[  367.609713][T15242] FAULT_INJECTION: forcing a failure.
[  367.609713][T15242] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  367.615494][T15242] CPU: 3 UID: 0 PID: 15242 Comm: syz.1.2357 Not tainted 6.14.0-rc4-syzkaller #0
[  367.615516][T15242] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  367.615526][T15242] Call Trace:
[  367.615531][T15242]  <TASK>
[  367.615537][T15242]  dump_stack_lvl+0x16c/0x1f0
[  367.615562][T15242]  should_fail_ex+0x50a/0x650
[  367.615591][T15242]  _copy_from_user+0x2e/0xd0
[  367.615609][T15242]  bpf_test_init.isra.0+0xe4/0x130
[  367.615629][T15242]  bpf_prog_test_run_xdp+0x4f0/0x1560
[  367.615653][T15242]  ? lock_acquire+0x2f/0xb0
[  367.615671][T15242]  ? __fget_files+0x40/0x3a0
[  367.615694][T15242]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  367.615715][T15242]  ? __fget_files+0x206/0x3a0
[  367.615740][T15242]  ? fput+0x67/0x440
[  367.615754][T15242]  ? __bpf_prog_get+0xa0/0x290
[  367.615774][T15242]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  367.615794][T15242]  __sys_bpf+0xfc6/0x49c0
[  367.615817][T15242]  ? __pfx_lock_release+0x10/0x10
[  367.615841][T15242]  ? __pfx___sys_bpf+0x10/0x10
[  367.615862][T15242]  ? vfs_write+0x306/0x1150
[  367.615888][T15242]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  367.615922][T15242]  ? fput+0x67/0x440
[  367.615937][T15242]  ? ksys_write+0x1ba/0x250
[  367.615958][T15242]  ? __pfx_ksys_write+0x10/0x10
[  367.615982][T15242]  __ia32_sys_bpf+0x76/0xe0
[  367.615998][T15242]  __do_fast_syscall_32+0x73/0x120
[  367.616019][T15242]  do_fast_syscall_32+0x32/0x80
[  367.616035][T15242]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  367.616057][T15242] RIP: 0023:0xf743e579
[  367.616070][T15242] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  367.616085][T15242] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  367.616102][T15242] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000180
[  367.616112][T15242] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  367.616121][T15242] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  367.616130][T15242] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  367.616139][T15242] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  367.616158][T15242]  </TASK>
[  367.703479][    C2] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  367.769107][T15248] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2358'.
[  367.789213][T15233] bridge0: port 1(bridge_slave_0) entered blocking state
[  367.791895][T15233] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.796005][T15233] bridge_slave_0: entered allmulticast mode
[  367.798467][T15233] bridge_slave_0: entered promiscuous mode
[  367.801528][T15233] bridge0: port 2(bridge_slave_1) entered blocking state
[  367.804407][T15233] bridge0: port 2(bridge_slave_1) entered disabled state
[  367.806634][T15233] bridge_slave_1: entered allmulticast mode
[  367.808963][T15233] bridge_slave_1: entered promiscuous mode
[  367.858001][T15233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  367.862926][T15233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  367.876619][T15236] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  367.908190][T15236] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  367.910109][T15236] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  367.925656][T15236] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  367.935536][T15233] team0: Port device team_slave_0 added
[  367.957043][T15233] team0: Port device team_slave_1 added
[  368.014962][T15233] batman_adv: batadv0: Adding interface: batadv_slave_0
[  368.017162][T15233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  368.024959][T15233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  368.029238][T15233] batman_adv: batadv0: Adding interface: batadv_slave_1
[  368.031299][T15233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  368.039202][T15233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  368.074063][T15233] hsr_slave_0: entered promiscuous mode
[  368.076098][T15233] hsr_slave_1: entered promiscuous mode
[  368.078000][T15233] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  368.080176][T15233] Cannot create hsr debugfs directory
[  368.451022][T15258] ip6gretap0: entered promiscuous mode
[  368.457754][T15258] macsec0: entered promiscuous mode
[  368.459429][T15258] macsec0: entered allmulticast mode
[  368.461141][T15258] ip6gretap0: entered allmulticast mode
[  368.466731][T15258] ip6gretap0: left allmulticast mode
[  368.468668][T15258] ip6gretap0: left promiscuous mode
[  368.478540][T15261] netlink: 'syz.2.2361': attribute type 1 has an invalid length.
[  368.720393][T15233] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  368.726664][T15233] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  368.732859][T15233] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  368.738367][T15233] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  368.798442][T15233] 8021q: adding VLAN 0 to HW filter on device bond0
[  368.811312][T15233] 8021q: adding VLAN 0 to HW filter on device team0
[  368.817648][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state
[  368.820591][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  368.828940][ T1135] bridge0: port 2(bridge_slave_1) entered blocking state
[  368.831430][ T1135] bridge0: port 2(bridge_slave_1) entered forwarding state
[  368.956397][T15233] 8021q: adding VLAN 0 to HW filter on device batadv0
[  368.973095][T15233] veth0_vlan: entered promiscuous mode
[  368.978876][T15233] veth1_vlan: entered promiscuous mode
[  369.000932][T15233] veth0_macvtap: entered promiscuous mode
[  369.011116][T15284] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2366'.
[  369.012512][T15233] veth1_macvtap: entered promiscuous mode
[  369.028890][T15233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  369.032110][T15233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.037024][T15233] batman_adv: batadv0: Interface activated: batadv_slave_0
[  369.043076][T15233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  369.046244][T15233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.049740][T15233] batman_adv: batadv0: Interface activated: batadv_slave_1
[  369.053444][T15233] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  369.056005][T15233] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  369.058557][T15233] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  369.061093][T15233] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  369.112539][ T1135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  369.120441][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  369.134414][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  369.137393][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  369.706993][T15299] usb usb1: usbfs: process 15299 (syz.0.2374) did not claim interface 0 before use
[  369.863670][ T5961] Bluetooth: hci3: command 0x041b tx timeout
[  369.953619][ T5961] Bluetooth: hci4: command 0x041b tx timeout
[  369.983884][T15290] IPv6: NLM_F_CREATE should be specified when creating new route
[  370.161752][T15288] x86/PAT: syz.0.2374:15288 freeing invalid memtype [mem 0xfed00000-0xfed00fff]
[  370.255197][T15302] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  370.257066][T15302] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  370.665850][T15323] syz.3.2370: attempt to access beyond end of device
[  370.665850][T15323] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0
[  370.670326][T15323] XFS (nbd3): SB validate failed with error -5.
[  370.795442][T15329] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2372'.
[  370.802338][T15329] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2372'.
[  371.962592][T15355] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  371.968416][T15355] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  372.049492][T15361] xt_cluster: you have exceeded the maximum number of cluster nodes (4294967293 > 32)
[  372.131592][T15350] IPv6: NLM_F_CREATE should be specified when creating new route
[  372.526144][T15379] 9pnet_fd: Insufficient options for proto=fd
[  372.967117][T15404] overlayfs: conflicting lowerdir path
[  373.818896][ T5960] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  373.825100][ T5960] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  373.828082][ T5960] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  373.831756][ T5960] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  373.835026][ T5960] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  373.837407][ T5960] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  373.921173][T15436] chnl_net:caif_netlink_parms(): no params data found
[  373.943485][ T5960] Bluetooth: hci3: command 0x041b tx timeout
[  373.962578][T15436] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.965406][T15436] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.967557][T15436] bridge_slave_0: entered allmulticast mode
[  373.969820][T15436] bridge_slave_0: entered promiscuous mode
[  373.972867][T15436] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.975173][T15436] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.978376][T15436] bridge_slave_1: entered allmulticast mode
[  373.980671][T15436] bridge_slave_1: entered promiscuous mode
[  374.005598][T15436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  374.011644][T15436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  374.023557][ T5960] Bluetooth: hci4: command 0x041b tx timeout
[  374.059757][T15436] team0: Port device team_slave_0 added
[  374.062888][T15446] IPv6: NLM_F_CREATE should be specified when creating new route
[  374.066154][T15436] team0: Port device team_slave_1 added
[  374.118629][T15436] batman_adv: batadv0: Adding interface: batadv_slave_0
[  374.120688][T15436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  374.128473][T15436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  374.132432][T15436] batman_adv: batadv0: Adding interface: batadv_slave_1
[  374.134722][T15436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  374.142056][T15436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  374.180042][T15447] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  374.182448][T15436] hsr_slave_0: entered promiscuous mode
[  374.184966][T15436] hsr_slave_1: entered promiscuous mode
[  374.186902][T15436] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  374.189078][T15436] Cannot create hsr debugfs directory
[  374.193527][T15447] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  374.201474][T15447] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  374.203907][T15447] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  374.209463][T15447] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  374.332821][T15436] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  374.338280][T15436] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  374.342893][T15436] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  374.354679][T15436] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  374.367675][T15436] bridge0: port 2(bridge_slave_1) entered blocking state
[  374.369827][T15436] bridge0: port 2(bridge_slave_1) entered forwarding state
[  374.372098][T15436] bridge0: port 1(bridge_slave_0) entered blocking state
[  374.374282][T15436] bridge0: port 1(bridge_slave_0) entered forwarding state
[  374.402677][T15436] 8021q: adding VLAN 0 to HW filter on device bond0
[  374.412132][   T91] bridge0: port 1(bridge_slave_0) entered disabled state
[  374.417695][   T91] bridge0: port 2(bridge_slave_1) entered disabled state
[  374.432803][T15436] 8021q: adding VLAN 0 to HW filter on device team0
[  374.443286][   T91] bridge0: port 1(bridge_slave_0) entered blocking state
[  374.445527][   T91] bridge0: port 1(bridge_slave_0) entered forwarding state
[  374.450624][   T91] bridge0: port 2(bridge_slave_1) entered blocking state
[  374.452588][   T91] bridge0: port 2(bridge_slave_1) entered forwarding state
[  374.467419][T15455] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  374.469703][T15455] batman_adv: batadv0: Removing interface: batadv_slave_0
[  374.473101][T15455] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  374.475964][T15455] batman_adv: batadv0: Removing interface: batadv_slave_1
[  374.518059][T15457] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  374.577743][T15436] 8021q: adding VLAN 0 to HW filter on device batadv0
[  374.685246][T15436] veth0_vlan: entered promiscuous mode
[  374.690982][T15436] veth1_vlan: entered promiscuous mode
[  374.706057][T15436] veth0_macvtap: entered promiscuous mode
[  374.709884][T15436] veth1_macvtap: entered promiscuous mode
[  374.716745][T15436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  374.720691][T15436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  374.726852][T15436] batman_adv: batadv0: Interface activated: batadv_slave_0
[  374.733545][T15436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  374.737411][T15436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  374.741843][T15436] batman_adv: batadv0: Interface activated: batadv_slave_1
[  374.748326][T15436] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  374.750886][T15436] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  374.753505][T15436] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  374.756102][T15436] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  374.789930][T14050] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  374.792899][T14050] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  374.809362][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  374.815907][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  374.867483][T15478] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2403'.
[  374.870627][T15478] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2403'.
[  374.966951][T15486] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2404'.
[  375.027121][T15492] 8021q: adding VLAN 0 to HW filter on device bond1
[  375.029989][T15492] bond0: (slave bond1): Enslaving as an active interface with an up link
[  375.035612][T15496] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  375.356479][T15502] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  375.363052][T15502] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  375.368844][T15502] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  376.036397][T15523] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  376.039610][T15523] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  376.041874][T15523] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  376.148678][T15539] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2415'.
[  376.912880][T15561] netlink: 'syz.0.2422': attribute type 10 has an invalid length.
[  376.917091][T15561] netlink: 'syz.0.2422': attribute type 10 has an invalid length.
[  377.390779][T15572] No such timeout policy "syz0"
[  377.598204][T15578] overlayfs: missing 'lowerdir'
[  377.643484][T15573] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  377.645394][T15573] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  377.647225][T15573] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  378.184838][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  378.426524][T15588] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  378.429187][T15588] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  378.431915][T15588] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  378.567280][T15603] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2434'.
[  379.009015][T15628] netlink: 'syz.4.2438': attribute type 10 has an invalid length.
[  379.065592][T15629] netlink: 'syz.4.2438': attribute type 10 has an invalid length.
[  379.089459][T15628] team0: Port device netdevsim0 added
[  379.225803][T15629] team0: Port device netdevsim0 removed
[  379.234485][T15629] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  379.570865][   T39] audit: type=1400 audit(1740447755.049:959): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=15635 comm="syz.3.2441"
[  379.595994][T15636] can0: slcan on ttyprintk.
[  379.628597][T15638] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 19971 - 0
[  379.631468][T15638] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 19971 - 0
[  379.634700][T15638] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 19971 - 0
[  379.637151][T15638] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 19971 - 0
[  379.711786][T15635] can0 (unregistered): slcan off ttyprintk.
[  379.993915][T15640] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  379.995910][T15640] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  379.997769][T15640] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  380.008590][T15657] fuse: Bad value for 'fd'
[  380.137537][T15667] netlink: 'syz.1.2447': attribute type 1 has an invalid length.
[  380.190466][T15669] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2447'.
[  380.346880][T15667] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2447'.
[  380.821699][T15686] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2450'.
[  381.415013][T15698] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  381.419380][T15698] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  381.424517][T15698] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  381.775553][T15714] fuse: Bad value for 'fd'
[  382.362225][T15720] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  382.364250][T15720] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  382.366096][T15720] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  382.435080][   T66] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  382.466102][   T66] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  382.471356][   T66] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  382.474893][   T66] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  382.593579][   T66] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  382.596025][   T66] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  382.645287][T15730] netlink: 'syz.3.2463': attribute type 1 has an invalid length.
[  382.671304][ T5954] syz-executor (5954) used greatest stack depth: 19392 bytes left
[  382.713461][   T39] audit: type=1804 audit(1740447758.189:960): pid=15729 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2462" name="/newroot/72/file0" dev="tmpfs" ino=394 res=1 errno=0
[  382.719801][   T39] audit: type=1804 audit(1740447758.189:961): pid=15729 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2462" name="/newroot/72/file0" dev="tmpfs" ino=394 res=1 errno=0
[  382.737677][T15730] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2463'.
[  382.759118][T14050] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.790196][T15734] netlink: 'syz.4.2464': attribute type 2 has an invalid length.
[  382.948433][T15736] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2464'.
[  382.989926][T14050] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.004171][T15736] tipc: Started in network mode
[  383.013573][T15736] tipc: Node identity 7, cluster identity 4711
[  383.018539][T15736] tipc: Node number set to 7
[  383.118226][T15730] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2463'.
[  383.168424][T15723] chnl_net:caif_netlink_parms(): no params data found
[  383.189365][T14050] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.252311][T14050] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.296505][T15723] bridge0: port 1(bridge_slave_0) entered blocking state
[  383.298816][T15723] bridge0: port 1(bridge_slave_0) entered disabled state
[  383.301402][T15723] bridge_slave_0: entered allmulticast mode
[  383.305390][T15723] bridge_slave_0: entered promiscuous mode
[  383.308860][T15723] bridge0: port 2(bridge_slave_1) entered blocking state
[  383.314300][T15723] bridge0: port 2(bridge_slave_1) entered disabled state
[  383.317110][T15723] bridge_slave_1: entered allmulticast mode
[  383.319641][T15723] bridge_slave_1: entered promiscuous mode
[  383.360925][T15723] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  383.367548][T15723] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  383.455873][T15723] team0: Port device team_slave_0 added
[  383.471277][T15723] team0: Port device team_slave_1 added
[  384.198183][T14050] bond0 (unregistering): Released all slaves
[  384.214341][T14050] bond1 (unregistering): Released all slaves
[  384.219775][T15723] batman_adv: batadv0: Adding interface: batadv_slave_0
[  384.224666][T15723] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  384.246818][T15723] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  384.255695][T15723] batman_adv: batadv0: Adding interface: batadv_slave_1
[  384.261182][T15723] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  384.281136][T15723] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  384.330440][T15769] nfs: Deprecated parameter 'nointr'
[  384.333414][T14050] tipc: Disabling bearer <udp:syz2>
[  384.335530][T14050] tipc: Left network mode
[  384.343515][ T5960] Bluetooth: hci3: command 0x041b tx timeout
[  384.444019][   T66] Bluetooth: hci4: command 0x041b tx timeout
[  384.444214][ T5960] Bluetooth: hci0: command 0x041b tx timeout
[  384.453753][T15772] trusted_key: encrypted_key: insufficient parameters specified
[  384.463228][T15723] hsr_slave_0: entered promiscuous mode
[  384.466085][T15723] hsr_slave_1: entered promiscuous mode
[  384.473539][T15723] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  384.476142][T15723] Cannot create hsr debugfs directory
[  384.481002][T14050] IPVS: stopping master sync thread 9636 ...
[  384.663692][ T5960] Bluetooth: hci2: command tx timeout
[  384.851713][T14050] hsr_slave_0: left promiscuous mode
[  384.869914][T14050] hsr_slave_1: left promiscuous mode
[  384.904320][T14050] veth1_vlan: left promiscuous mode
[  384.907626][T14050] veth0_vlan: left promiscuous mode
[  384.969972][T14050] pim6reg527 (unregistering): left allmulticast mode
[  384.985127][T15783] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  384.987039][T15783] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  384.988776][T15783] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  384.990678][T15783] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  384.994589][T15783] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  385.007303][T15783] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  385.479019][   T39] audit: type=1804 audit(1740447760.959:962): pid=15799 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2475" name="/newroot/20/file0" dev="tmpfs" ino=123 res=1 errno=0
[  385.485468][   T39] audit: type=1804 audit(1740447760.959:963): pid=15799 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2475" name="/newroot/20/file0" dev="tmpfs" ino=123 res=1 errno=0
[  386.244638][T15802] netlink: 'syz.4.2476': attribute type 1 has an invalid length.
[  386.297201][T15803] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2476'.
[  386.508178][T15805] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2476'.
[  386.903910][T15793] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[  386.983672][   T66] Bluetooth: hci3: command 0x041b tx timeout
[  387.063597][   T66] Bluetooth: hci0: command 0x041b tx timeout
[  387.063633][ T5960] Bluetooth: hci2: command 0x040f tx timeout
[  387.065405][   T66] Bluetooth: hci4: command 0x041b tx timeout
[  387.266029][T15827] FAULT_INJECTION: forcing a failure.
[  387.266029][T15827] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  387.269717][T15827] CPU: 2 UID: 0 PID: 15827 Comm: syz.1.2481 Not tainted 6.14.0-rc4-syzkaller #0
[  387.269732][T15827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  387.269739][T15827] Call Trace:
[  387.269767][T15827]  <TASK>
[  387.269771][T15827]  dump_stack_lvl+0x16c/0x1f0
[  387.269789][T15827]  should_fail_ex+0x50a/0x650
[  387.269831][T15827]  _copy_from_user+0x2e/0xd0
[  387.269862][T15827]  bpf_test_init.isra.0+0xe4/0x130
[  387.269876][T15827]  bpf_prog_test_run_xdp+0x4f0/0x1560
[  387.269892][T15827]  ? lock_acquire+0x2f/0xb0
[  387.269905][T15827]  ? __fget_files+0x40/0x3a0
[  387.269919][T15827]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  387.269932][T15827]  ? __fget_files+0x206/0x3a0
[  387.269948][T15827]  ? fput+0x67/0x440
[  387.269958][T15827]  ? __bpf_prog_get+0xa0/0x290
[  387.269971][T15827]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  387.269983][T15827]  __sys_bpf+0xfc6/0x49c0
[  387.269998][T15827]  ? __pfx_lock_release+0x10/0x10
[  387.270012][T15827]  ? __pfx___sys_bpf+0x10/0x10
[  387.270026][T15827]  ? vfs_write+0x306/0x1150
[  387.270041][T15827]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  387.270061][T15827]  ? fput+0x67/0x440
[  387.270070][T15827]  ? ksys_write+0x1ba/0x250
[  387.270083][T15827]  ? __pfx_ksys_write+0x10/0x10
[  387.270098][T15827]  __ia32_sys_bpf+0x76/0xe0
[  387.270108][T15827]  __do_fast_syscall_32+0x73/0x120
[  387.270122][T15827]  do_fast_syscall_32+0x32/0x80
[  387.270134][T15827]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  387.270151][T15827] RIP: 0023:0xf743e579
[  387.270159][T15827] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  387.270170][T15827] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  387.270198][T15827] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000c80
[  387.270204][T15827] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  387.270210][T15827] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  387.270216][T15827] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  387.270221][T15827] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  387.270233][T15827]  </TASK>
[  387.801292][T14050] IPVS: stop unused estimator thread 0...
[  388.068417][T15723] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  388.095419][T15723] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  388.105470][T15723] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  388.123448][T15723] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  388.124142][T15867] pty pty27: ldisc open failed (-12), clearing slot 27
[  388.161333][T15875] FAULT_INJECTION: forcing a failure.
[  388.161333][T15875] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  388.165326][T15875] CPU: 0 UID: 0 PID: 15875 Comm: syz.4.2490 Not tainted 6.14.0-rc4-syzkaller #0
[  388.165339][T15875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  388.165346][T15875] Call Trace:
[  388.165357][T15875]  <TASK>
[  388.165364][T15875]  dump_stack_lvl+0x16c/0x1f0
[  388.165381][T15875]  should_fail_ex+0x50a/0x650
[  388.165400][T15875]  _copy_to_user+0x32/0xd0
[  388.165412][T15875]  bpf_test_finish.isra.0+0x498/0x670
[  388.165426][T15875]  ? __pfx___static_call_update+0x10/0x10
[  388.165442][T15875]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  388.165457][T15875]  ? bpf_dispatcher_xdp+0x800/0x1000
[  388.165466][T15875]  ? bpf_dispatcher_change_prog+0x54d/0xa80
[  388.165484][T15875]  bpf_prog_test_run_xdp+0xa02/0x1560
[  388.165500][T15875]  ? lock_acquire+0x2f/0xb0
[  388.165512][T15875]  ? __fget_files+0x40/0x3a0
[  388.165527][T15875]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  388.165540][T15875]  ? __fget_files+0x206/0x3a0
[  388.165555][T15875]  ? fput+0x67/0x440
[  388.165565][T15875]  ? __bpf_prog_get+0xa0/0x290
[  388.165578][T15875]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  388.165590][T15875]  __sys_bpf+0xfc6/0x49c0
[  388.165605][T15875]  ? __pfx_lock_release+0x10/0x10
[  388.165619][T15875]  ? __pfx___sys_bpf+0x10/0x10
[  388.165633][T15875]  ? vfs_write+0x306/0x1150
[  388.165648][T15875]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  388.165669][T15875]  ? fput+0x67/0x440
[  388.165678][T15875]  ? ksys_write+0x1ba/0x250
[  388.165691][T15875]  ? __pfx_ksys_write+0x10/0x10
[  388.165706][T15875]  __ia32_sys_bpf+0x76/0xe0
[  388.165716][T15875]  __do_fast_syscall_32+0x73/0x120
[  388.165730][T15875]  do_fast_syscall_32+0x32/0x80
[  388.165742][T15875]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  388.165759][T15875] RIP: 0023:0xf73de579
[  388.165767][T15875] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  388.165777][T15875] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  388.165787][T15875] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000c80
[  388.165793][T15875] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  388.165798][T15875] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  388.165804][T15875] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  388.165809][T15875] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  388.165820][T15875]  </TASK>
[  388.222896][T15723] 8021q: adding VLAN 0 to HW filter on device bond0
[  388.260336][T15723] 8021q: adding VLAN 0 to HW filter on device team0
[  388.266105][ T1135] bridge0: port 1(bridge_slave_0) entered blocking state
[  388.268256][ T1135] bridge0: port 1(bridge_slave_0) entered forwarding state
[  388.276128][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state
[  388.278203][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  388.387626][T15723] 8021q: adding VLAN 0 to HW filter on device batadv0
[  388.411742][T15723] veth0_vlan: entered promiscuous mode
[  388.417578][T15723] veth1_vlan: entered promiscuous mode
[  388.426608][T15723] veth0_macvtap: entered promiscuous mode
[  388.431628][T15723] veth1_macvtap: entered promiscuous mode
[  388.439299][T15723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  388.442257][T15723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  388.460594][T15723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  388.463989][T15723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  388.467646][T15723] batman_adv: batadv0: Interface activated: batadv_slave_0
[  388.471344][T15723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  388.474693][T15723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  388.477394][T15723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  388.480396][T15723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  388.485245][T15723] batman_adv: batadv0: Interface activated: batadv_slave_1
[  388.584649][T15723] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  388.587147][T15723] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  388.589568][T15723] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  388.591976][T15723] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  388.635125][T14050] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  388.637895][T14050] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  388.650444][T14050] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  388.653342][T14050] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  388.792643][T15906] deleting an unspecified loop device is not supported.
[  388.827884][T15906] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9)
[  388.830354][T15906] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  388.834496][T15906] vhci_hcd vhci_hcd.0: Device attached
[  389.063919][ T5961] Bluetooth: hci3: command 0x041b tx timeout
[  389.143662][ T5961] Bluetooth: hci4: command 0x041b tx timeout
[  389.143777][ T5960] Bluetooth: hci0: command 0x041b tx timeout
[  389.145469][ T5961] Bluetooth: hci2: command 0x040f tx timeout
[  389.193496][ T6091] usb 45-1: new low-speed USB device number 2 using vhci_hcd
[  389.278230][T15911] wireguard0: entered promiscuous mode
[  389.280169][T15911] wireguard0: entered allmulticast mode
[  389.573649][T15907] vhci_hcd: connection reset by peer
[  389.576293][ T1144] vhci_hcd: stop threads
[  389.579202][ T1144] vhci_hcd: release socket
[  389.583521][ T1144] vhci_hcd: disconnect device
[  389.602328][T15916] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2500'.
[  389.637319][T15921] FAULT_INJECTION: forcing a failure.
[  389.637319][T15921] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  389.641017][T15921] CPU: 0 UID: 0 PID: 15921 Comm: syz.3.2501 Not tainted 6.14.0-rc4-syzkaller #0
[  389.641032][T15921] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  389.641048][T15921] Call Trace:
[  389.641053][T15921]  <TASK>
[  389.641058][T15921]  dump_stack_lvl+0x16c/0x1f0
[  389.641076][T15921]  should_fail_ex+0x50a/0x650
[  389.641095][T15921]  _copy_to_user+0x32/0xd0
[  389.641108][T15921]  bpf_test_finish.isra.0+0x522/0x670
[  389.641122][T15921]  ? __pfx___static_call_update+0x10/0x10
[  389.641138][T15921]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  389.641152][T15921]  ? bpf_dispatcher_xdp+0x800/0x1000
[  389.641161][T15921]  ? bpf_dispatcher_change_prog+0x54d/0xa80
[  389.641179][T15921]  bpf_prog_test_run_xdp+0xa02/0x1560
[  389.641194][T15921]  ? lock_acquire+0x2f/0xb0
[  389.641208][T15921]  ? __fget_files+0x40/0x3a0
[  389.641222][T15921]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  389.641235][T15921]  ? __fget_files+0x206/0x3a0
[  389.641254][T15921]  ? fput+0x67/0x440
[  389.641264][T15921]  ? __bpf_prog_get+0xa0/0x290
[  389.641277][T15921]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  389.641289][T15921]  __sys_bpf+0xfc6/0x49c0
[  389.641304][T15921]  ? __pfx_lock_release+0x10/0x10
[  389.641318][T15921]  ? __pfx___sys_bpf+0x10/0x10
[  389.641332][T15921]  ? vfs_write+0x306/0x1150
[  389.641347][T15921]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  389.641368][T15921]  ? fput+0x67/0x440
[  389.641377][T15921]  ? ksys_write+0x1ba/0x250
[  389.641390][T15921]  ? __pfx_ksys_write+0x10/0x10
[  389.641405][T15921]  __ia32_sys_bpf+0x76/0xe0
[  389.641415][T15921]  __do_fast_syscall_32+0x73/0x120
[  389.641428][T15921]  do_fast_syscall_32+0x32/0x80
[  389.641441][T15921]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  389.641458][T15921] RIP: 0023:0xf7f70579
[  389.641466][T15921] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  389.641476][T15921] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  389.641487][T15921] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000c80
[  389.641493][T15921] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  389.641499][T15921] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  389.641504][T15921] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  389.641510][T15921] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  389.641521][T15921]  </TASK>
[  390.701231][T15949] FAULT_INJECTION: forcing a failure.
[  390.701231][T15949] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  390.705044][T15949] CPU: 3 UID: 0 PID: 15949 Comm: syz.3.2511 Not tainted 6.14.0-rc4-syzkaller #0
[  390.705058][T15949] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  390.705064][T15949] Call Trace:
[  390.705068][T15949]  <TASK>
[  390.705073][T15949]  dump_stack_lvl+0x16c/0x1f0
[  390.705091][T15949]  should_fail_ex+0x50a/0x650
[  390.705110][T15949]  _copy_to_user+0x32/0xd0
[  390.705122][T15949]  bpf_test_finish.isra.0+0x556/0x670
[  390.705136][T15949]  ? __pfx___static_call_update+0x10/0x10
[  390.705152][T15949]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  390.705167][T15949]  ? bpf_dispatcher_xdp+0x800/0x1000
[  390.705175][T15949]  ? bpf_dispatcher_change_prog+0x54d/0xa80
[  390.705193][T15949]  bpf_prog_test_run_xdp+0xa02/0x1560
[  390.705209][T15949]  ? lock_acquire+0x2f/0xb0
[  390.705223][T15949]  ? __fget_files+0x40/0x3a0
[  390.705237][T15949]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  390.705255][T15949]  ? __fget_files+0x206/0x3a0
[  390.705271][T15949]  ? fput+0x67/0x440
[  390.705280][T15949]  ? __bpf_prog_get+0xa0/0x290
[  390.705294][T15949]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  390.705306][T15949]  __sys_bpf+0xfc6/0x49c0
[  390.705323][T15949]  ? __pfx___sys_bpf+0x10/0x10
[  390.705337][T15949]  ? find_held_lock+0x2d/0x110
[  390.705349][T15949]  ? bpf_trace_run2+0x266/0x590
[  390.705362][T15949]  ? __pfx_lock_release+0x10/0x10
[  390.705375][T15949]  ? trace_lock_acquire+0x14e/0x1f0
[  390.705392][T15949]  ? __pfx_lock_release+0x10/0x10
[  390.705404][T15949]  ? lock_acquire+0x2f/0xb0
[  390.705421][T15949]  __ia32_sys_bpf+0x76/0xe0
[  390.705431][T15949]  __do_fast_syscall_32+0x73/0x120
[  390.705446][T15949]  do_fast_syscall_32+0x32/0x80
[  390.705458][T15949]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  390.705475][T15949] RIP: 0023:0xf7f70579
[  390.705482][T15949] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  390.705492][T15949] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  390.705502][T15949] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000c80
[  390.705508][T15949] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  390.705514][T15949] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  390.705520][T15949] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  390.705525][T15949] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  390.705537][T15949]  </TASK>
[  391.154950][ T5961] Bluetooth: hci3: command 0x041b tx timeout
[  391.223506][ T5961] Bluetooth: hci2: command 0x040f tx timeout
[  391.225697][ T5960] Bluetooth: hci4: command 0x041b tx timeout
[  391.227455][ T5961] Bluetooth: hci0: command 0x041b tx timeout
[  391.699270][T15971] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2516'.
[  391.702774][T15971] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2516'.
[  392.332266][T15984] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  392.335160][T15984] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  392.337034][T15984] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  392.338817][T15984] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  392.401139][T15989] FAULT_INJECTION: forcing a failure.
[  392.401139][T15989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  392.406345][T15989] CPU: 1 UID: 0 PID: 15989 Comm: syz.1.2520 Not tainted 6.14.0-rc4-syzkaller #0
[  392.406360][T15989] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  392.406367][T15989] Call Trace:
[  392.406371][T15989]  <TASK>
[  392.406375][T15989]  dump_stack_lvl+0x16c/0x1f0
[  392.406393][T15989]  should_fail_ex+0x50a/0x650
[  392.406411][T15989]  _copy_to_user+0x32/0xd0
[  392.406423][T15989]  bpf_test_finish.isra.0+0x556/0x670
[  392.406436][T15989]  ? __pfx___static_call_update+0x10/0x10
[  392.406451][T15989]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  392.406466][T15989]  ? bpf_dispatcher_xdp+0x800/0x1000
[  392.406474][T15989]  ? bpf_dispatcher_change_prog+0x54d/0xa80
[  392.406492][T15989]  bpf_prog_test_run_xdp+0xa02/0x1560
[  392.406508][T15989]  ? lock_acquire+0x2f/0xb0
[  392.406521][T15989]  ? __fget_files+0x40/0x3a0
[  392.406535][T15989]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  392.406549][T15989]  ? __fget_files+0x206/0x3a0
[  392.406564][T15989]  ? fput+0x67/0x440
[  392.406573][T15989]  ? __bpf_prog_get+0xa0/0x290
[  392.406587][T15989]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  392.406599][T15989]  __sys_bpf+0xfc6/0x49c0
[  392.406614][T15989]  ? __pfx_lock_release+0x10/0x10
[  392.406628][T15989]  ? __pfx___sys_bpf+0x10/0x10
[  392.406642][T15989]  ? vfs_write+0x306/0x1150
[  392.406657][T15989]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  392.406677][T15989]  ? fput+0x67/0x440
[  392.406686][T15989]  ? ksys_write+0x1ba/0x250
[  392.406699][T15989]  ? __pfx_ksys_write+0x10/0x10
[  392.406714][T15989]  __ia32_sys_bpf+0x76/0xe0
[  392.406724][T15989]  __do_fast_syscall_32+0x73/0x120
[  392.406737][T15989]  do_fast_syscall_32+0x32/0x80
[  392.406750][T15989]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  392.406767][T15989] RIP: 0023:0xf743e579
[  392.406775][T15989] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  392.406785][T15989] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  392.406796][T15989] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000c80
[  392.406803][T15989] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  392.406808][T15989] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  392.406814][T15989] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  392.406820][T15989] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  392.406831][T15989]  </TASK>
[  392.485521][    C1] vkms_vblank_simulate: vblank timer overrun
[  392.565259][T16003] FAULT_INJECTION: forcing a failure.
[  392.565259][T16003] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  392.570328][T16003] CPU: 3 UID: 0 PID: 16003 Comm: syz.1.2532 Not tainted 6.14.0-rc4-syzkaller #0
[  392.570343][T16003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  392.570350][T16003] Call Trace:
[  392.570355][T16003]  <TASK>
[  392.570361][T16003]  dump_stack_lvl+0x16c/0x1f0
[  392.570380][T16003]  should_fail_ex+0x50a/0x650
[  392.570400][T16003]  _copy_from_user+0x2e/0xd0
[  392.570412][T16003]  kstrtouint_from_user+0xd7/0x1c0
[  392.570426][T16003]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  392.570444][T16003]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  392.570460][T16003]  proc_fail_nth_write+0x84/0x250
[  392.570473][T16003]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  392.570484][T16003]  ? ksys_write+0x12b/0x250
[  392.570501][T16003]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  392.570512][T16003]  vfs_write+0x24c/0x1150
[  392.570527][T16003]  ? __fget_files+0x1fc/0x3a0
[  392.570541][T16003]  ? __pfx___mutex_lock+0x10/0x10
[  392.570554][T16003]  ? __pfx_vfs_write+0x10/0x10
[  392.570571][T16003]  ? __fget_files+0x206/0x3a0
[  392.570588][T16003]  ksys_write+0x12b/0x250
[  392.570602][T16003]  ? __pfx_ksys_write+0x10/0x10
[  392.570619][T16003]  __do_fast_syscall_32+0x73/0x120
[  392.570633][T16003]  do_fast_syscall_32+0x32/0x80
[  392.570645][T16003]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  392.570662][T16003] RIP: 0023:0xf743e579
[  392.570670][T16003] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  392.570680][T16003] RSP: 002b:00000000f50c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  392.570691][T16003] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50c6620
[  392.570697][T16003] RDX: 0000000000000001 RSI: 00000000f742cff4 RDI: 0000000000000000
[  392.570702][T16003] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  392.570707][T16003] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  392.570713][T16003] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  392.570725][T16003]  </TASK>
[  392.741786][T16009] tmpfs: Bad value for 'mpol'
[  393.243463][ T7222] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  393.414201][ T7222] usb 6-1: Using ep0 maxpacket: 8
[  393.418258][ T7222] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  393.421069][ T7222] usb 6-1: config 0 has no interface number 0
[  393.422902][ T7222] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  393.427457][ T7222] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  393.430957][ T7222] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  393.435378][ T7222] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  393.439343][ T7222] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  393.442270][ T7222] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.453168][ T7222] usb 6-1: config 0 descriptor??
[  393.456713][T16034] bridge_slave_0: left allmulticast mode
[  393.457470][ T7222] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  393.458452][T16034] bridge_slave_0: left promiscuous mode
[  393.462864][T16034] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.466873][T16034] bridge_slave_1: left allmulticast mode
[  393.468584][T16034] bridge_slave_1: left promiscuous mode
[  393.470362][T16034] bridge0: port 2(bridge_slave_1) entered disabled state
[  393.477139][T16034] bond0: (slave bond_slave_0): Releasing backup interface
[  393.484678][T16034] bond0: (slave bond_slave_1): Releasing backup interface
[  393.504727][T16034] team0: Port device team_slave_0 removed
[  393.512900][T16034] team0: Port device team_slave_1 removed
[  393.515314][T16034] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  393.517549][T16034] batman_adv: batadv0: Removing interface: batadv_slave_0
[  393.520685][T16034] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  393.522882][T16034] batman_adv: batadv0: Removing interface: batadv_slave_1
[  393.571461][T16034] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2537'.
[  393.574858][T16034] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2537'.
[  394.060805][ T7222] usb 6-1: USB disconnect, device number 16
[  394.063904][ T7222] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  394.333888][ T6091] vhci_hcd: vhci_device speed not set
[  394.347870][   T66] Bluetooth: hci2: command 0x040f tx timeout
[  394.347955][ T5960] Bluetooth: hci0: command 0x041b tx timeout
[  394.352369][ T5960] Bluetooth: hci4: command 0x041b tx timeout
[  394.353958][   T66] Bluetooth: hci3: command 0x041b tx timeout
[  394.567703][T16055] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2540'.
[  395.683729][T16071] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  395.685667][T16071] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  395.687535][T16071] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  395.689390][T16071] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  396.199028][T16082] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2550'.
[  397.083676][T16108] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2554'.
[  397.212071][T16119] netlink: 'syz.3.2557': attribute type 1 has an invalid length.
[  397.217951][T16119] netlink: 244 bytes leftover after parsing attributes in process `syz.3.2557'.
[  397.218862][T16113] @: renamed from vlan0 (while UP)
[  397.394294][T16126] pim6reg: entered allmulticast mode
[  397.575392][T16134] Invalid ELF header magic: != ELF
[  397.624838][T16138] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  397.700080][T16108] syz.4.2554: vmalloc error: size 33558528, failed to allocated page array size 65544, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  397.703845][   T66] Bluetooth: hci4: command 0x041b tx timeout
[  397.707428][ T5961] Bluetooth: hci2: command 0x040f tx timeout
[  397.709443][   T66] Bluetooth: hci0: command 0x041b tx timeout
[  397.711250][ T5961] Bluetooth: hci3: command 0x041b tx timeout
[  397.717834][T16108] CPU: 2 UID: 0 PID: 16108 Comm: syz.4.2554 Not tainted 6.14.0-rc4-syzkaller #0
[  397.717852][T16108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  397.717859][T16108] Call Trace:
[  397.717865][T16108]  <TASK>
[  397.717870][T16108]  dump_stack_lvl+0x16c/0x1f0
[  397.717888][T16108]  warn_alloc+0x24d/0x3a0
[  397.717904][T16108]  ? __pfx_warn_alloc+0x10/0x10
[  397.717923][T16108]  ? __get_vm_area_node+0x1b0/0x2f0
[  397.717937][T16108]  ? __get_vm_area_node+0x1dc/0x2f0
[  397.717952][T16108]  __vmalloc_node_range_noprof+0x1102/0x1530
[  397.717970][T16108]  ? hash_netnet_create+0x845/0x1a00
[  397.717986][T16108]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  397.718000][T16108]  ? rcu_is_watching+0x12/0xc0
[  397.718012][T16108]  ? trace_kmalloc+0x2d/0xd0
[  397.718023][T16108]  ? __kmalloc_node_noprof.cold+0x5a/0x5f
[  397.718034][T16108]  ? hash_netnet_create+0x845/0x1a00
[  397.718046][T16108]  __kvmalloc_node_noprof+0x14f/0x1a0
[  397.718060][T16108]  ? hash_netnet_create+0x845/0x1a00
[  397.718072][T16108]  hash_netnet_create+0x845/0x1a00
[  397.718087][T16108]  ? __pfx_hash_netnet_create+0x10/0x10
[  397.718101][T16108]  ? __pfx_hash_netnet_create+0x10/0x10
[  397.718113][T16108]  ? ip_set_create+0x7cb/0x14d0
[  397.718122][T16108]  ? ip_set_create+0x6c8/0x14d0
[  397.718129][T16108]  ip_set_create+0x7cb/0x14d0
[  397.718141][T16108]  ? __pfx_ip_set_create+0x10/0x10
[  397.718163][T16108]  nfnetlink_rcv_msg+0x9c3/0x11e0
[  397.718183][T16108]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  397.718199][T16108]  ? find_held_lock+0x2d/0x110
[  397.718225][T16108]  netlink_rcv_skb+0x16b/0x440
[  397.718243][T16108]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  397.718258][T16108]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  397.718271][T16108]  ? __pfx_aa_get_newest_label+0x10/0x10
[  397.718313][T16108]  ? bpf_lsm_capable+0x9/0x10
[  397.718323][T16108]  ? security_capable+0x7e/0x260
[  397.718359][T16108]  ? ns_capable+0xd7/0x110
[  397.718375][T16108]  nfnetlink_rcv+0x1b4/0x430
[  397.718389][T16108]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  397.718403][T16108]  ? netlink_deliver_tap+0x1ae/0xd30
[  397.718418][T16108]  netlink_unicast+0x53c/0x7f0
[  397.718432][T16108]  ? __pfx_netlink_unicast+0x10/0x10
[  397.718446][T16108]  ? __phys_addr_symbol+0x30/0x80
[  397.718456][T16108]  ? __check_object_size+0x488/0x710
[  397.718468][T16108]  netlink_sendmsg+0x8b8/0xd70
[  397.718483][T16108]  ? __pfx_netlink_sendmsg+0x10/0x10
[  397.718502][T16108]  ____sys_sendmsg+0xaaf/0xc90
[  397.718514][T16108]  ? __pfx_____sys_sendmsg+0x10/0x10
[  397.718524][T16108]  ? get_compat_msghdr+0x11b/0x170
[  397.718542][T16108]  ___sys_sendmsg+0x135/0x1e0
[  397.718557][T16108]  ? __pfx____sys_sendmsg+0x10/0x10
[  397.718586][T16108]  ? __pfx_lock_release+0x10/0x10
[  397.718601][T16108]  ? trace_lock_acquire+0x14e/0x1f0
[  397.718617][T16108]  ? __fget_files+0x206/0x3a0
[  397.718634][T16108]  __sys_sendmsg+0x16e/0x220
[  397.718649][T16108]  ? __pfx___sys_sendmsg+0x10/0x10
[  397.718663][T16108]  ? __ia32_sys_futex_time32+0x1da/0x460
[  397.718685][T16108]  __do_fast_syscall_32+0x73/0x120
[  397.718699][T16108]  do_fast_syscall_32+0x32/0x80
[  397.718712][T16108]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  397.718728][T16108] RIP: 0023:0xf73de579
[  397.718737][T16108] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  397.718747][T16108] RSP: 002b:00000000f504555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  397.718758][T16108] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000040
[  397.718764][T16108] RDX: 0000000000000084 RSI: 0000000000000000 RDI: 0000000000000000
[  397.718769][T16108] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  397.718775][T16108] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  397.718780][T16108] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  397.718792][T16108]  </TASK>
[  397.738204][T16108] Mem-Info:
[  397.840491][T16108] active_anon:4685 inactive_anon:3877 isolated_anon:0
[  397.840491][T16108]  active_file:4126 inactive_file:8696 isolated_file:0
[  397.840491][T16108]  unevictable:1767 dirty:455 writeback:0
[  397.840491][T16108]  slab_reclaimable:6277 slab_unreclaimable:72404
[  397.840491][T16108]  mapped:32885 shmem:7543 pagetables:780
[  397.840491][T16108]  sec_pagetables:315 bounce:0
[  397.840491][T16108]  kernel_misc_reclaimable:0
[  397.840491][T16108]  free:43902 free_pcp:4339 free_cma:0
[  397.855085][T16108] Node 0 active_anon:268kB inactive_anon:280kB active_file:152kB inactive_file:116kB unevictable:3532kB isolated(anon):0kB isolated(file):0kB mapped:296kB dirty:12kB writeback:0kB shmem:5288kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9636kB pagetables:984kB sec_pagetables:1164kB all_unreclaimable? yes
[  397.864440][T16108] Node 1 active_anon:19444kB inactive_anon:15228kB active_file:16352kB inactive_file:34668kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:132160kB dirty:1816kB writeback:0kB shmem:25872kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3604kB pagetables:2208kB sec_pagetables:96kB all_unreclaimable? no
[  397.874685][T16108] Node 0 DMA free:2508kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  397.893878][T16108] lowmem_reserve[]: 0 294 0 0 0
[  397.895846][T16108] Node 0 DMA32 free:18960kB boost:2048kB min:15608kB low:18996kB high:22384kB reserved_highatomic:2048KB active_anon:264kB inactive_anon:280kB active_file:152kB inactive_file:112kB unevictable:3532kB writepending:12kB present:1032196kB managed:301744kB mlocked:0kB bounce:0kB free_pcp:904kB local_pcp:0kB free_cma:0kB
[  397.908845][T16108] lowmem_reserve[]: 0 0 0 0 0
[  397.910452][T16108] Node 1 DMA32 free:158500kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:8192KB active_anon:20044kB inactive_anon:15228kB active_file:16352kB inactive_file:34668kB unevictable:3536kB writepending:1816kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:12024kB local_pcp:10568kB free_cma:0kB
[  397.923601][T16108] lowmem_reserve[]: 0 0 0 0 0
[  397.925254][T16108] Node 0 DMA: 57*4kB (U) 41*8kB (U) 22*16kB (U) 22*32kB (U) 10*64kB (U) 2*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2508kB
[  397.937975][T16108] Node 0 DMA32: 723*4kB (UMEH) 327*8kB (UMEH) 122*16kB (UME) 81*32kB (UME) 46*64kB (UME) 24*128kB (UME) 7*256kB (UM) 2*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 18884kB
[  397.943806][T16108] Node 1 DMA32: 17*4kB (UMEH) 324*8kB (MEH) 1107*16kB (MEH) 761*32kB (UMEH) 447*64kB (UMEH) 149*128kB (UMEH) 80*256kB (UMEH) 24*512kB (UM) 19*1024kB (UM) 3*2048kB (U) 1*4096kB (U) = 154868kB
[  397.949722][T16108] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  397.952534][T16108] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  397.955371][T16108] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  397.958209][T16108] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  397.961164][T16108] 21331 total pagecache pages
[  397.962620][T16108] 321 pages in swap cache
[  397.964110][T16108] Free swap  = 56740kB
[  397.965650][T16108] Total swap = 124996kB
[  397.967031][T16108] 524155 pages RAM
[  397.968214][T16108] 0 pages HighMem/MovableOnly
[  397.970110][T16108] 207816 pages reserved
[  397.971474][T16108] 0 pages cma reserved
[  398.050121][T16142] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  398.052059][T16142] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  398.053975][T16142] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  398.055772][T16142] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  398.603182][T16160] fuse: Unknown parameter '0x0000000000000004'
[  398.749522][T16163] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  398.751956][T16163] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  398.755021][T16163] vhci_hcd vhci_hcd.0: Device attached
[  398.905610][T16173] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2577'.
[  399.107376][T16176] netlink: 'syz.1.2568': attribute type 10 has an invalid length.
[  399.122344][T16176] team0: Device ipvlan1 failed to register rx_handler
[  399.228121][T16184] @: renamed from vlan0 (while UP)
[  399.233557][ T5999] usb 39-1: new low-speed USB device number 4 using vhci_hcd
[  399.615517][T16164] vhci_hcd: connection reset by peer
[  399.618717][ T1135] vhci_hcd: stop threads
[  399.620827][ T1135] vhci_hcd: release socket
[  399.623909][ T1135] vhci_hcd: disconnect device
[  399.629382][T16187] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  399.631721][T16187] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  399.633883][T16187] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  399.636048][T16187] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  399.682380][T16194] netlink: 'syz.3.2575': attribute type 4 has an invalid length.
[  399.757860][T16194] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  399.955026][T16194] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  400.357433][T16194] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  400.456824][T16194] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  400.556671][T16205] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2579'.
[  400.615968][T16194] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  400.632598][T16194] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  400.930060][T16194] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  400.937998][T16208] syz_tun: entered allmulticast mode
[  400.942871][T16208] x_tables: duplicate underflow at hook 1
[  400.958623][T16208] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  400.968498][T16194] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  401.174122][T16207] syz_tun: left allmulticast mode
[  401.391691][T16218] kvm: Disabled LAPIC found during irq injection
[  401.399811][T16218] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2584'.
[  401.583577][ T5961] Bluetooth: hci3: command 0x041b tx timeout
[  401.584018][T16224] netlink: 6 bytes leftover after parsing attributes in process `syz.1.2585'.
[  401.700254][   T39] audit: type=1326 audit(1740447777.179:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16222 comm="syz.1.2585" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf743e579 code=0x0
[  401.706752][ T5961] Bluetooth: hci2: command 0x040f tx timeout
[  401.706810][ T5961] Bluetooth: hci0: command 0x041b tx timeout
[  401.706839][ T5961] Bluetooth: hci4: command 0x041b tx timeout
[  402.456573][T16259] could not allocate digest TFM handle sha512-arm
[  402.459520][T16259] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2588'.
[  402.978748][T16284] netlink: 'syz.3.2594': attribute type 2 has an invalid length.
[  403.191379][T16290] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2596'.
[  403.633721][ T5961] Bluetooth: hci3: command 0x041b tx timeout
[  403.783933][ T5961] Bluetooth: hci2: command 0x040f tx timeout
[  404.257692][T16300] virtio-fs: tag <(null)> not found
[  404.343617][ T5999] vhci_hcd: vhci_device speed not set
[  404.895985][T16314] trusted_key: encrypted_key: key user:syz not found
[  404.896076][T16314] ucma_write: process 166 (syz.4.2602) changed security contexts after opening file descriptor, this is not allowed.
[  405.111671][T16330] netlink: 'syz.1.2606': attribute type 2 has an invalid length.
[  405.114441][T16330] netlink: 'syz.1.2606': attribute type 1 has an invalid length.
[  405.116761][T16330] netlink: 'syz.1.2606': attribute type 1 has an invalid length.
[  405.227684][T16330] loop7: detected capacity change from 16384 to 16383
[  405.681131][T16342] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  405.683014][T16342] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  405.684949][T16342] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  405.686807][T16342] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  405.852749][T16368] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2612'.
[  406.021782][T16379] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  406.201813][T16384] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.531217][T16384] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.688358][T16384] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.856699][T16384] bond0: (slave netdevsim0): Releasing backup interface
[  406.872327][T16384] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.002840][T16384] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  407.012053][T16384] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  407.045346][T16384] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  407.051482][T16384] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  407.187802][   T66] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  407.187917][   T66] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  407.191129][   T66] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  407.195995][   T66] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  407.198386][   T66] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  407.200599][   T66] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  407.202820][   T66] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  407.205659][   T66] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  407.207980][   T66] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  407.210200][   T66] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  407.662459][T16423] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2625'.
[  407.705182][   T66] Bluetooth: hci4: command 0x041b tx timeout
[  407.756429][T16417] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  407.758384][T16417] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  407.760218][T16417] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  407.762070][T16417] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  407.939096][T16434] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌÌULÙvy¸ÚØ¢
…D'
[  407.943179][T16434] CPU: 3 UID: 0 PID: 16434 Comm: syz.4.2630 Not tainted 6.14.0-rc4-syzkaller #0
[  407.943192][T16434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  407.943200][T16434] Call Trace:
[  407.943204][T16434]  <TASK>
[  407.943210][T16434]  dump_stack_lvl+0x16c/0x1f0
[  407.943227][T16434]  sysfs_warn_dup+0x7f/0xa0
[  407.943242][T16434]  sysfs_do_create_link_sd+0x124/0x140
[  407.943256][T16434]  sysfs_create_link+0x61/0xc0
[  407.943269][T16434]  device_add+0x62e/0x1a70
[  407.943310][T16434]  ? __pfx_device_add+0x10/0x10
[  407.943323][T16434]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  407.943340][T16434]  ? ieee80211_set_bitrate_flags+0x249/0x6a0
[  407.943373][T16434]  wiphy_register+0x1cab/0x2860
[  407.943390][T16434]  ? __pfx__dev_printk+0x10/0x10
[  407.943404][T16434]  ? __pfx_wiphy_register+0x10/0x10
[  407.943423][T16434]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  407.943438][T16434]  ieee80211_register_hw+0x2455/0x4060
[  407.943458][T16434]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  407.943470][T16434]  ? net_generic+0xea/0x2a0
[  407.943507][T16434]  ? lockdep_init_map_type+0x16d/0x7d0
[  407.943523][T16434]  ? __asan_memset+0x23/0x50
[  407.943538][T16434]  ? __hrtimer_init+0x106/0x2c0
[  407.943555][T16434]  mac80211_hwsim_new_radio+0x304e/0x54e0
[  407.943577][T16434]  ? __kmalloc_node_track_caller_noprof+0x240/0x510
[  407.943595][T16434]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  407.943608][T16434]  ? hwsim_new_radio_nl+0x9ff/0x12b0
[  407.943622][T16434]  ? __asan_memcpy+0x3c/0x60
[  407.943636][T16434]  hwsim_new_radio_nl+0xb42/0x12b0
[  407.943652][T16434]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  407.943669][T16434]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  407.943685][T16434]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  407.943703][T16434]  genl_family_rcv_msg_doit+0x202/0x2f0
[  407.943719][T16434]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  407.943733][T16434]  ? trace_cap_capable+0x1a2/0x210
[  407.943748][T16434]  ? bpf_lsm_capable+0x9/0x10
[  407.943758][T16434]  ? security_capable+0x7e/0x260
[  407.943775][T16434]  ? ns_capable+0xd7/0x110
[  407.943789][T16434]  genl_rcv_msg+0x565/0x800
[  407.943805][T16434]  ? __pfx_genl_rcv_msg+0x10/0x10
[  407.943820][T16434]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  407.943834][T16434]  ? __pfx___lock_acquire+0x10/0x10
[  407.943850][T16434]  netlink_rcv_skb+0x16b/0x440
[  407.943862][T16434]  ? __pfx_genl_rcv_msg+0x10/0x10
[  407.943882][T16434]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  407.943902][T16434]  ? down_read+0xc9/0x330
[  407.943916][T16434]  ? __pfx_down_read+0x10/0x10
[  407.943931][T16434]  ? netlink_deliver_tap+0x1ae/0xd30
[  407.943946][T16434]  genl_rcv+0x28/0x40
[  407.943960][T16434]  netlink_unicast+0x53c/0x7f0
[  407.943975][T16434]  ? __pfx_netlink_unicast+0x10/0x10
[  407.943990][T16434]  ? __phys_addr_symbol+0x30/0x80
[  407.944003][T16434]  ? __check_object_size+0x488/0x710
[  407.944015][T16434]  netlink_sendmsg+0x8b8/0xd70
[  407.944030][T16434]  ? __pfx_netlink_sendmsg+0x10/0x10
[  407.944048][T16434]  ____sys_sendmsg+0xaaf/0xc90
[  407.944061][T16434]  ? __pfx_____sys_sendmsg+0x10/0x10
[  407.944072][T16434]  ? get_compat_msghdr+0x11b/0x170
[  407.944089][T16434]  ___sys_sendmsg+0x135/0x1e0
[  407.944104][T16434]  ? __pfx____sys_sendmsg+0x10/0x10
[  407.944124][T16434]  ? __pfx_lock_release+0x10/0x10
[  407.944137][T16434]  ? trace_lock_acquire+0x14e/0x1f0
[  407.944154][T16434]  ? __fget_files+0x206/0x3a0
[  407.944172][T16434]  __sys_sendmsg+0x16e/0x220
[  407.944186][T16434]  ? __pfx___sys_sendmsg+0x10/0x10
[  407.944200][T16434]  ? __ia32_sys_futex_time32+0x1da/0x460
[  407.944223][T16434]  __do_fast_syscall_32+0x73/0x120
[  407.944237][T16434]  do_fast_syscall_32+0x32/0x80
[  407.944250][T16434]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  407.944266][T16434] RIP: 0023:0xf73de579
[  407.944275][T16434] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  407.944285][T16434] RSP: 002b:00000000f4c0155c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  407.944297][T16434] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000040
[  407.944303][T16434] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  407.944308][T16434] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  407.944313][T16434] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  407.944319][T16434] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  407.944332][T16434]  </TASK>
[  408.556191][T16456] Bluetooth: MGMT ver 1.23
[  409.000421][T16479] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2643'.
[  409.006483][T16480] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2643'.
[  409.033098][T16483] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2638'.
[  409.097430][T16490] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  409.153013][T16463] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  409.154935][T16463] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  409.156660][T16463] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  409.158497][T16463] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  409.219482][T16500] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2647'.
[  410.302671][T16513] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  410.349008][ T3227] libceph: connect (1)[c::]:6789 error -101
[  410.350889][ T3227] libceph: mon0 (1)[c::]:6789 connect error
[  410.603908][ T3227] libceph: connect (1)[c::]:6789 error -101
[  410.605990][ T3227] libceph: mon0 (1)[c::]:6789 connect error
[  410.983550][ T5961] Bluetooth: hci3: command 0x041b tx timeout
[  411.127986][ T3227] libceph: connect (1)[c::]:6789 error -101
[  411.129895][ T3227] libceph: mon0 (1)[c::]:6789 connect error
[  411.163619][T16539] ceph: No mds server is up or the cluster is laggy
[  411.224129][ T5960] Bluetooth: hci0: command 0x041b tx timeout
[  411.224154][ T5965] Bluetooth: hci4: command 0x041b tx timeout
[  411.227001][ T5961] Bluetooth: hci2: command 0x040f tx timeout
[  411.509192][T16578] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2670'.
[  411.677829][T16593] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2673'.
[  412.230104][T16605] netlink: 'syz.1.2677': attribute type 3 has an invalid length.
[  413.063501][ T5961] Bluetooth: hci3: command 0x041b tx timeout
[  413.303736][ T5961] Bluetooth: hci0: command 0x041b tx timeout
[  413.312167][T16638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2685'.
[  413.321327][T16638] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2685'.
[  413.865531][   T39] audit: type=1804 audit(1740447789.339:965): pid=16646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2687" name="/newroot/52/file0" dev="tmpfs" ino=309 res=1 errno=0
[  414.540623][T16660] syz.4.2689 (16660): drop_caches: 2
[  414.542545][T16660] syz.4.2689 (16660): drop_caches: 2
[  414.769142][T16666] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  414.772918][T16666] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  414.775254][T16666] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  414.777529][T16666] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  414.780000][T16666] vxlan0: entered promiscuous mode
[  414.781611][T16666] vxlan0: entered allmulticast mode
[  414.787243][T16666] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  414.789720][T16666] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  414.792115][T16666] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  414.794653][T16666] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  415.373999][T16696] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2700'.
[  415.882307][T16713] netlink: 'syz.4.2704': attribute type 21 has an invalid length.
[  415.886240][T16713] IPv6: NLM_F_CREATE should be specified when creating new route
[  415.922935][T16711] ata1.00: non-matching transfer count (1530558389/0)
[  415.930503][T16711] bond0: entered promiscuous mode
[  415.932426][T16711] bond_slave_0: entered promiscuous mode
[  415.936822][T16711] bond_slave_1: entered promiscuous mode
[  415.938803][T16711] bond1: entered promiscuous mode
[  415.942102][T16711] batadv0: entered promiscuous mode
[  415.948623][T16711] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  415.952005][T16711] Cannot create hsr debugfs directory
[  415.959646][T16711] 8021q: adding VLAN 0 to HW filter on device hsr1
[  416.498135][T16739] netlink: 'syz.4.2707': attribute type 3 has an invalid length.
[  416.670519][T16749] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2712'.
[  417.760408][T16772] sch_tbf: burst 7 is lower than device lo mtu (65550) !
[  417.886646][T16779] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2718'.
[  417.892769][T16779] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2718'.
[  418.319560][T16785] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  418.322202][T16785] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  418.324398][T16785] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  418.326160][T16785] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  419.011952][T16819] netlink: 'syz.0.2729': attribute type 2 has an invalid length.
[  419.014396][T16819] netlink: 'syz.0.2729': attribute type 1 has an invalid length.
[  419.016670][T16819] netlink: 'syz.0.2729': attribute type 1 has an invalid length.
[  419.020834][T16820] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2732'.
[  419.022202][T16819] loop7: detected capacity change from 0 to 16384
[  419.057121][T16821] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2733'.
[  419.383586][T16826] loop7: detected capacity change from 16384 to 16383
[  420.031232][T16833] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2735'.
[  420.263622][ T5961] Bluetooth: hci3: command 0x041b tx timeout
[  420.343601][ T5961] Bluetooth: hci2: command 0x040f tx timeout
[  420.343736][ T5960] Bluetooth: hci0: command 0x041b tx timeout
[  420.344145][ T5965] Bluetooth: hci4: command 0x041b tx timeout
[  420.405057][T16821] syz.3.2733: vmalloc error: size 35651584, failed to allocated page array size 69632, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  420.410828][T16821] CPU: 0 UID: 0 PID: 16821 Comm: syz.3.2733 Not tainted 6.14.0-rc4-syzkaller #0
[  420.410845][T16821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  420.410853][T16821] Call Trace:
[  420.410859][T16821]  <TASK>
[  420.410865][T16821]  dump_stack_lvl+0x16c/0x1f0
[  420.410883][T16821]  warn_alloc+0x24d/0x3a0
[  420.410902][T16821]  ? __pfx_warn_alloc+0x10/0x10
[  420.410924][T16821]  ? __get_vm_area_node+0x1b0/0x2f0
[  420.410939][T16821]  ? __get_vm_area_node+0x1dc/0x2f0
[  420.410959][T16821]  __vmalloc_node_range_noprof+0x1102/0x1530
[  420.410977][T16821]  ? hash_netnet_create+0x845/0x1a00
[  420.410993][T16821]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  420.411008][T16821]  ? rcu_is_watching+0x12/0xc0
[  420.411020][T16821]  ? trace_kmalloc+0x2d/0xd0
[  420.411031][T16821]  ? __kmalloc_node_noprof.cold+0x5a/0x5f
[  420.411042][T16821]  ? hash_netnet_create+0x845/0x1a00
[  420.411054][T16821]  __kvmalloc_node_noprof+0x14f/0x1a0
[  420.411069][T16821]  ? hash_netnet_create+0x845/0x1a00
[  420.411083][T16821]  hash_netnet_create+0x845/0x1a00
[  420.411098][T16821]  ? __pfx_hash_netnet_create+0x10/0x10
[  420.411111][T16821]  ? __pfx_hash_netnet_create+0x10/0x10
[  420.411124][T16821]  ? ip_set_create+0x7cb/0x14d0
[  420.411132][T16821]  ? ip_set_create+0x6c8/0x14d0
[  420.411140][T16821]  ip_set_create+0x7cb/0x14d0
[  420.411151][T16821]  ? __pfx_ip_set_create+0x10/0x10
[  420.411173][T16821]  nfnetlink_rcv_msg+0x9c3/0x11e0
[  420.411193][T16821]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  420.411208][T16821]  ? find_held_lock+0x2d/0x110
[  420.411234][T16821]  netlink_rcv_skb+0x16b/0x440
[  420.411248][T16821]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  420.411263][T16821]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  420.411276][T16821]  ? __pfx_aa_get_newest_label+0x10/0x10
[  420.411292][T16821]  ? bpf_lsm_capable+0x9/0x10
[  420.411302][T16821]  ? security_capable+0x7e/0x260
[  420.411319][T16821]  ? ns_capable+0xd7/0x110
[  420.411335][T16821]  nfnetlink_rcv+0x1b4/0x430
[  420.411350][T16821]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  420.411363][T16821]  ? netlink_deliver_tap+0x1ae/0xd30
[  420.411378][T16821]  netlink_unicast+0x53c/0x7f0
[  420.411392][T16821]  ? __pfx_netlink_unicast+0x10/0x10
[  420.411405][T16821]  ? __phys_addr_symbol+0x30/0x80
[  420.411415][T16821]  ? __check_object_size+0x488/0x710
[  420.411427][T16821]  netlink_sendmsg+0x8b8/0xd70
[  420.411441][T16821]  ? __pfx_netlink_sendmsg+0x10/0x10
[  420.411459][T16821]  ____sys_sendmsg+0xaaf/0xc90
[  420.411471][T16821]  ? __pfx_____sys_sendmsg+0x10/0x10
[  420.411481][T16821]  ? get_compat_msghdr+0x11b/0x170
[  420.411498][T16821]  ___sys_sendmsg+0x135/0x1e0
[  420.411512][T16821]  ? __pfx____sys_sendmsg+0x10/0x10
[  420.411531][T16821]  ? __pfx_lock_release+0x10/0x10
[  420.411544][T16821]  ? trace_lock_acquire+0x14e/0x1f0
[  420.411559][T16821]  ? __fget_files+0x206/0x3a0
[  420.411577][T16821]  __sys_sendmsg+0x16e/0x220
[  420.411590][T16821]  ? __pfx___sys_sendmsg+0x10/0x10
[  420.411604][T16821]  ? __ia32_sys_futex_time32+0x1da/0x460
[  420.411625][T16821]  __do_fast_syscall_32+0x73/0x120
[  420.411640][T16821]  do_fast_syscall_32+0x32/0x80
[  420.411672][T16821]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  420.411692][T16821] RIP: 0023:0xf7f70579
[  420.411702][T16821] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  420.411714][T16821] RSP: 002b:00000000f507555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  420.411726][T16821] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000040
[  420.411733][T16821] RDX: 0000000000000084 RSI: 0000000000000000 RDI: 0000000000000000
[  420.411738][T16821] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  420.411744][T16821] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  420.411750][T16821] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  420.411761][T16821]  </TASK>
[  420.411921][T16821] Mem-Info:
[  420.525815][T16821] active_anon:229 inactive_anon:859 isolated_anon:0
[  420.525815][T16821]  active_file:491 inactive_file:1783 isolated_file:0
[  420.525815][T16821]  unevictable:1767 dirty:301 writeback:0
[  420.525815][T16821]  slab_reclaimable:6312 slab_unreclaimable:72769
[  420.525815][T16821]  mapped:27272 shmem:1781 pagetables:849
[  420.525815][T16821]  sec_pagetables:317 bounce:0
[  420.525815][T16821]  kernel_misc_reclaimable:0
[  420.525815][T16821]  free:30574 free_pcp:6118 free_cma:0
[  420.540338][T16821] Node 0 active_anon:208kB inactive_anon:272kB active_file:152kB inactive_file:124kB unevictable:3532kB isolated(anon):0kB isolated(file):0kB mapped:244kB dirty:8kB writeback:0kB shmem:5236kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9556kB pagetables:660kB sec_pagetables:1168kB all_unreclaimable? yes
[  420.549682][T16821] Node 1 active_anon:808kB inactive_anon:3164kB active_file:1812kB inactive_file:7008kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:108844kB dirty:1196kB writeback:0kB shmem:1888kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3756kB pagetables:2736kB sec_pagetables:100kB all_unreclaimable? no
[  420.558890][T16821] Node 0 DMA free:2512kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  420.566845][T16821] lowmem_reserve[]: 0 294 0 0 0
[  420.568254][T16821] Node 0 DMA32 free:18228kB boost:2048kB min:15608kB low:18996kB high:22384kB reserved_highatomic:2048KB active_anon:204kB inactive_anon:272kB active_file:152kB inactive_file:120kB unevictable:3532kB writepending:8kB present:1032196kB managed:301744kB mlocked:0kB bounce:0kB free_pcp:2980kB local_pcp:860kB free_cma:0kB
[  420.579127][T16821] lowmem_reserve[]: 0 0 0 0 0
[  420.580605][T16821] Node 1 DMA32 free:101556kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:2048KB active_anon:828kB inactive_anon:3164kB active_file:1812kB inactive_file:7008kB unevictable:3536kB writepending:1196kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:21656kB local_pcp:13212kB free_cma:0kB
[  420.590423][T16821] lowmem_reserve[]: 0 0 0 0 0
[  420.592084][T16821] Node 0 DMA: 58*4kB (U) 41*8kB (U) 22*16kB (U) 22*32kB (U) 10*64kB (U) 2*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2512kB
[  420.598085][T16821] Node 0 DMA32: 209*4kB (UMH) 204*8kB (UMEH) 121*16kB (UME) 136*32kB (UME) 48*64kB (UME) 26*128kB (UME) 8*256kB (UM) 2*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 18228kB
[  420.603637][T16821] Node 1 DMA32: 839*4kB (UMEH) 1001*8kB (UMEH) 577*16kB (UMEH) 354*32kB (UMEH) 174*64kB (UMEH) 61*128kB (UMEH) 24*256kB (UME) 29*512kB (UME) 25*1024kB (UMEH) 2*2048kB (UE) 0*4096kB = 101556kB
[  420.610191][T16821] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  420.612926][T16821] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  420.616066][T16821] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  420.618742][T16821] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  420.621455][T16821] 4385 total pagecache pages
[  420.622836][T16821] 311 pages in swap cache
[  420.624692][T16821] Free swap  = 52644kB
[  420.626029][T16821] Total swap = 124996kB
[  420.627285][T16821] 524155 pages RAM
[  420.628418][T16821] 0 pages HighMem/MovableOnly
[  420.629835][T16821] 207816 pages reserved
[  420.631097][T16821] 0 pages cma reserved
[  421.339867][T16841] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2737'.
[  421.890855][T16875] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2746'.
[  421.974222][T16877] wireguard0: entered promiscuous mode
[  421.976023][T16877] wireguard0: entered allmulticast mode
[  422.424744][ T5961] Bluetooth: hci2: command 0x040f tx timeout
[  422.633583][   T25] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  422.854970][   T25] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  422.858714][   T25] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  422.862604][   T25] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  422.873424][   T25] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.894933][T16883] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  422.899124][   T25] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  423.671868][ T7222] usb 8-1: USB disconnect, device number 24
[  423.930943][T16900] netlink: 'syz.1.2753': attribute type 1 has an invalid length.
[  424.068514][ T7222] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  424.223457][ T7222] usb 8-1: Using ep0 maxpacket: 16
[  424.256429][ T7222] usb 8-1: unable to get BOS descriptor or descriptor too short
[  424.259985][ T7222] usb 8-1: config 5 has an invalid interface number: 92 but max is 2
[  424.262442][ T7222] usb 8-1: config 5 has an invalid interface number: 4 but max is 2
[  424.267045][ T7222] usb 8-1: config 5 has an invalid interface number: 189 but max is 2
[  424.269419][ T7222] usb 8-1: config 5 has no interface number 0
[  424.271194][ T7222] usb 8-1: config 5 has no interface number 1
[  424.272984][ T7222] usb 8-1: config 5 has no interface number 2
[  424.274874][ T7222] usb 8-1: config 5 interface 189 altsetting 4 endpoint 0xC has invalid maxpacket 120, setting to 64
[  424.278125][ T7222] usb 8-1: config 5 interface 189 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  424.281815][ T7222] usb 8-1: config 5 interface 189 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[  424.286093][ T7222] usb 8-1: config 5 interface 189 altsetting 4 has a duplicate endpoint with address 0xD, skipping
[  424.290423][ T7222] usb 8-1: config 5 interface 189 altsetting 4 has a duplicate endpoint with address 0xD, skipping
[  424.293531][ T7222] usb 8-1: config 5 interface 189 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  424.296789][ T7222] usb 8-1: config 5 interface 92 has no altsetting 0
[  424.298777][ T7222] usb 8-1: config 5 interface 4 has no altsetting 0
[  424.300949][ T7222] usb 8-1: config 5 interface 189 has no altsetting 0
[  424.309073][ T7222] usb 8-1: string descriptor 0 read error: -22
[  424.311308][ T7222] usb 8-1: Dual-Role OTG device on HNP port
[  424.313556][ T7222] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=f4.a4
[  424.316152][ T7222] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.329959][ T7222] ldusb 8-1:5.92: Interrupt in endpoint not found
[  424.336206][ T7222] ldusb 8-1:5.4: Interrupt in endpoint not found
[  424.343464][ T7222] ldusb 8-1:5.189: Interrupt in endpoint not found
[  424.503610][ T5961] Bluetooth: hci2: command 0x040f tx timeout
[  425.467371][T16921] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  425.467436][T16922] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  425.571598][T16921] /dev/sr0: Can't open blockdev
[  425.636583][   T65] usb 8-1: USB disconnect, device number 25
[  425.694792][T16922] /dev/sr0: Can't open blockdev
[  425.810882][T16925] netlink: 'syz.3.2761': attribute type 8 has an invalid length.
[  425.813238][T16925] netlink: 163260 bytes leftover after parsing attributes in process `syz.3.2761'.
[  425.965554][T16942] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2765'.
[  426.343663][T16945] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  426.346235][T16945] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  426.348686][T16945] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  426.351127][T16945] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  427.078696][T16960] input: syz0 as /devices/virtual/input/input31
[  427.304272][T16963] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2770'.
[  427.853648][ T5999] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  428.003955][ T5999] usb 9-1: Using ep0 maxpacket: 32
[  428.007417][ T5999] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  428.010456][ T5999] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  428.013043][ T5999] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  428.016477][ T5999] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  428.019558][ T5999] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  428.022561][ T5999] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  428.030608][ T5999] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  428.033239][ T5999] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.037275][ T5999] usb 9-1: config 0 descriptor??
[  428.268923][ T5999] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  428.275853][ T5999] usb 9-1: USB disconnect, device number 2
[  428.281665][ T5999] usblp0: removed
[  428.423622][ T5960] Bluetooth: hci3: command 0x041b tx timeout
[  428.425562][   T25] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  428.428495][   T25] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  428.433673][ T5960] Bluetooth: hci2: command 0x040f tx timeout
[  428.433702][   T66] Bluetooth: hci0: command 0x041b tx timeout
[  428.435493][ T5960] Bluetooth: hci4: command 0x041b tx timeout
[  428.514650][T16986] netfs: Couldn't get user pages (rc=-14)
[  428.842819][T16997] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2780'.
[  428.893561][ T7222] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  428.923503][T16992] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  428.929091][T16992] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  429.053072][T17008] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2783'.
[  429.053568][ T7222] usb 9-1: Using ep0 maxpacket: 32
[  429.063082][ T7222] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  429.068452][ T7222] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  429.073645][ T7222] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  429.076736][ T7222] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  429.081058][ T7222] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  429.085380][ T7222] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  429.091311][ T7222] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  429.095138][ T7222] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.101834][ T7222] usb 9-1: config 0 descriptor??
[  429.192910][T17010] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2784'.
[  429.324221][ T7222] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  429.583456][    C3] usblp0: nonzero read bulk status received: -71
[  429.583706][T11425] usb 9-1: USB disconnect, device number 3
[  429.588517][T16970] usblp0: error -71 reading from printer
[  429.849541][T17016] netlink: 'syz.4.2773': attribute type 3 has an invalid length.
[  429.851725][T17016] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2773'.
[  429.943333][T16969] usblp0: removed
[  430.503529][   T25] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  430.505645][   T25] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  430.855256][T17045] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2794'.
[  430.868080][T17045] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2794'.
[  430.905611][ T5961] Bluetooth: hci0: command 0x041b tx timeout
[  430.983548][ T5961] Bluetooth: hci2: command 0x040f tx timeout
[  430.999308][   T25] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  431.001195][   T25] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  431.729845][T17062] random: crng reseeded on system resumption
[  432.125149][T17070] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2799'.
[  432.590759][T17077] warn_alloc: 3 callbacks suppressed
[  432.590782][T17077] syz.3.2802: page allocation failure: order:9, mode:0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  432.608031][T17077] CPU: 2 UID: 0 PID: 17077 Comm: syz.3.2802 Not tainted 6.14.0-rc4-syzkaller #0
[  432.608047][T17077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  432.608053][T17077] Call Trace:
[  432.608058][T17077]  <TASK>
[  432.608064][T17077]  dump_stack_lvl+0x16c/0x1f0
[  432.608085][T17077]  warn_alloc+0x24d/0x3a0
[  432.608102][T17077]  ? __pfx_warn_alloc+0x10/0x10
[  432.608119][T17077]  ? __alloc_pages_direct_compact+0x45a/0x590
[  432.608137][T17077]  ? __pfx___alloc_pages_direct_compact+0x10/0x10
[  432.608154][T17077]  ? psi_memstall_leave+0x17d/0x250
[  432.608172][T17077]  __alloc_frozen_pages_noprof+0xf2f/0x2470
[  432.608193][T17077]  ? arch_stack_walk+0xa7/0x100
[  432.608204][T17077]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  432.608224][T17077]  ? __pfx_stack_trace_save+0x10/0x10
[  432.608237][T17077]  ? stack_depot_save_flags+0x28/0x9c0
[  432.608253][T17077]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  432.608270][T17077]  ? __nla_validate_parse+0x601/0x2880
[  432.608284][T17077]  ? tcf_em_tree_validate+0x1c7/0xd80
[  432.608295][T17077]  __alloc_pages_noprof+0xb/0x1b0
[  432.608309][T17077]  ___kmalloc_large_node+0x84/0x1b0
[  432.608321][T17077]  ? do_fast_syscall_32+0x32/0x80
[  432.608335][T17077]  __kmalloc_large_node_noprof+0x1c/0x70
[  432.608348][T17077]  __kmalloc_noprof.cold+0xc/0x61
[  432.608359][T17077]  ? __nla_parse+0x40/0x60
[  432.608372][T17077]  tcf_em_tree_validate+0x1c7/0xd80
[  432.608388][T17077]  ? __pfx_tcf_em_tree_validate+0x10/0x10
[  432.608404][T17077]  flow_change+0x3d6/0x1b40
[  432.608420][T17077]  ? __pfx_flow_change+0x10/0x10
[  432.608432][T17077]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  432.608449][T17077]  ? __pfx_flow_get+0x10/0x10
[  432.608462][T17077]  ? __pfx_flow_change+0x10/0x10
[  432.608474][T17077]  tc_new_tfilter+0xa24/0x2360
[  432.608495][T17077]  ? __pfx_tc_new_tfilter+0x10/0x10
[  432.608510][T17077]  ? __pfx___lock_acquire+0x10/0x10
[  432.608524][T17077]  ? kfree_skbmem+0x1a4/0x1f0
[  432.608543][T17077]  ? rtnetlink_rcv_msg+0x93a/0xea0
[  432.608556][T17077]  ? __pfx_lock_release+0x10/0x10
[  432.608569][T17077]  ? trace_lock_acquire+0x14e/0x1f0
[  432.608583][T17077]  ? __pfx_tc_new_tfilter+0x10/0x10
[  432.608620][T17077]  rtnetlink_rcv_msg+0x95b/0xea0
[  432.608639][T17077]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  432.608659][T17077]  netlink_rcv_skb+0x16b/0x440
[  432.608674][T17077]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  432.608693][T17077]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  432.608717][T17077]  ? netlink_deliver_tap+0x1ae/0xd30
[  432.608732][T17077]  netlink_unicast+0x53c/0x7f0
[  432.608747][T17077]  ? __pfx_netlink_unicast+0x10/0x10
[  432.608766][T17077]  ? __phys_addr_symbol+0x30/0x80
[  432.608777][T17077]  ? __check_object_size+0x488/0x710
[  432.608790][T17077]  netlink_sendmsg+0x8b8/0xd70
[  432.608804][T17077]  ? __pfx_netlink_sendmsg+0x10/0x10
[  432.608822][T17077]  ____sys_sendmsg+0xaaf/0xc90
[  432.608835][T17077]  ? __pfx_____sys_sendmsg+0x10/0x10
[  432.608845][T17077]  ? get_compat_msghdr+0x11b/0x170
[  432.608861][T17077]  ___sys_sendmsg+0x135/0x1e0
[  432.608876][T17077]  ? __pfx____sys_sendmsg+0x10/0x10
[  432.608895][T17077]  ? __pfx_lock_release+0x10/0x10
[  432.608908][T17077]  ? trace_lock_acquire+0x14e/0x1f0
[  432.608923][T17077]  ? __fget_files+0x206/0x3a0
[  432.608940][T17077]  __sys_sendmsg+0x16e/0x220
[  432.608954][T17077]  ? __pfx___sys_sendmsg+0x10/0x10
[  432.608968][T17077]  ? __ia32_sys_futex_time32+0x1da/0x460
[  432.608988][T17077]  __do_fast_syscall_32+0x73/0x120
[  432.609002][T17077]  do_fast_syscall_32+0x32/0x80
[  432.609014][T17077]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  432.609030][T17077] RIP: 0023:0xf7f70579
[  432.609040][T17077] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  432.609050][T17077] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  432.609060][T17077] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080006040
[  432.609066][T17077] RDX: 0000000020040054 RSI: 0000000000000000 RDI: 0000000000000000
[  432.609072][T17077] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  432.609078][T17077] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  432.609084][T17077] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  432.609096][T17077]  </TASK>
[  432.609101][T17077] Mem-Info:
[  432.748752][T17077] active_anon:965 inactive_anon:3754 isolated_anon:0
[  432.748752][T17077]  active_file:1017 inactive_file:393 isolated_file:0
[  432.748752][T17077]  unevictable:1767 dirty:58 writeback:0
[  432.748752][T17077]  slab_reclaimable:6225 slab_unreclaimable:73733
[  432.748752][T17077]  mapped:33943 shmem:5832 pagetables:865
[  432.748752][T17077]  sec_pagetables:320 bounce:0
[  432.748752][T17077]  kernel_misc_reclaimable:0
[  432.748752][T17077]  free:26237 free_pcp:2367 free_cma:0
[  432.763004][T17077] Node 0 active_anon:1400kB inactive_anon:140kB active_file:1860kB inactive_file:212kB unevictable:3532kB isolated(anon):0kB isolated(file):0kB mapped:2120kB dirty:44kB writeback:0kB shmem:6088kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9648kB pagetables:780kB sec_pagetables:1168kB all_unreclaimable? yes
[  432.774637][T17077] Node 1 active_anon:2460kB inactive_anon:14876kB active_file:2208kB inactive_file:1360kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:133652kB dirty:188kB writeback:0kB shmem:17240kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3916kB pagetables:2680kB sec_pagetables:112kB all_unreclaimable? no
[  432.784934][T17077] Node 0 DMA free:1808kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  432.803499][T17077] lowmem_reserve[]: 0 294 0 0 0
[  432.805449][T17077] Node 0 DMA32 free:16540kB boost:0kB min:13560kB low:16948kB high:20336kB reserved_highatomic:2048KB active_anon:1404kB inactive_anon:140kB active_file:1860kB inactive_file:212kB unevictable:3532kB writepending:44kB present:1032196kB managed:301744kB mlocked:0kB bounce:0kB free_pcp:672kB local_pcp:144kB free_cma:0kB
[  432.816740][T17077] lowmem_reserve[]: 0 0 0 0 0
[  432.818675][T17077] Node 1 DMA32 free:70700kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:2048KB active_anon:2460kB inactive_anon:14876kB active_file:2244kB inactive_file:1304kB unevictable:3536kB writepending:188kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:6276kB local_pcp:1212kB free_cma:0kB
[  432.833513][T17077] lowmem_reserve[]: 0 0 0 0 0
[  432.835006][T17077] Node 0 DMA: 54*4kB (U) 33*8kB (U) 19*16kB (U) 24*32kB (U) 2*64kB (U) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 1808kB
[  432.839141][T17077] Node 0 DMA32: 62*4kB (UEH) 219*8kB (UMEH) 43*16kB (UME) 130*32kB (UM) 55*64kB (UME) 28*128kB (UM) 6*256kB (UM) 2*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 16512kB
[  432.844028][T17077] Node 1 DMA32: 175*4kB (UMH) 140*8kB (MEH) 129*16kB (MEH) 86*32kB (UMEH) 99*64kB (UMEH) 65*128kB (MEH) 40*256kB (ME) 23*512kB (UM) 24*1024kB (UMH) 1*2048kB (U) 0*4096kB = 69932kB
[  432.849262][T17077] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  432.851973][T17077] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  432.854728][T17077] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  432.857499][T17077] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  432.860195][T17077] 7312 total pagecache pages
[  432.861631][T17077] 97 pages in swap cache
[  432.862896][T17077] Free swap  = 51164kB
[  432.864218][T17077] Total swap = 124996kB
[  432.865482][T17077] 524155 pages RAM
[  432.866609][T17077] 0 pages HighMem/MovableOnly
[  432.868378][T17077] 207816 pages reserved
[  432.870011][T17077] 0 pages cma reserved
[  433.063634][ T5961] Bluetooth: hci2: command 0x040f tx timeout
[  433.071440][   T25] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  433.073302][   T25] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  434.064806][T17097] input: syz1 as /devices/virtual/input/input32
[  434.303477][   T39] audit: type=1326 audit(1740447809.779:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.3.2809" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f70579 code=0x7ffc0000
[  434.324811][   T39] audit: type=1326 audit(1740447809.779:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.3.2809" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f70579 code=0x7ffc0000
[  434.330995][   T39] audit: type=1326 audit(1740447809.779:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.3.2809" exe="/syz-executor" sig=0 arch=40000003 syscall=282 compat=1 ip=0xf7f70579 code=0x7ffc0000
[  434.338589][   T39] audit: type=1326 audit(1740447809.779:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.3.2809" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f70579 code=0x7ffc0000
[  434.345062][   T39] audit: type=1326 audit(1740447809.779:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.3.2809" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f70579 code=0x7ffc0000
[  434.354998][   T39] audit: type=1326 audit(1740447809.779:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.3.2809" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f70579 code=0x7ffc0000
[  434.361194][   T39] audit: type=1326 audit(1740447809.779:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.3.2809" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f70579 code=0x7ffc0000
[  434.367898][   T39] audit: type=1326 audit(1740447809.779:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.3.2809" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f70579 code=0x7ffc0000
[  434.374160][   T39] audit: type=1326 audit(1740447809.779:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.3.2809" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7f70579 code=0x7ffc0000
[  434.380404][   T39] audit: type=1326 audit(1740447809.779:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.3.2809" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f70579 code=0x7ffc0000
[  434.395102][T17110] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2810'.
[  434.596017][T17121] openvswitch: netlink: IPv4 tun info is not correct
[  435.811878][T17140] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2820'.
[  435.928636][T17147] netlink: 'syz.1.2821': attribute type 1 has an invalid length.
[  435.931559][T17147] netlink: 'syz.1.2821': attribute type 1 has an invalid length.
[  436.036744][T17150] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2819'.
[  436.085783][T17150] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2819'.
[  436.579020][T17166] loop2: detected capacity change from 0 to 7
[  436.581402][T17166] Dev loop2: unable to read RDB block 7
[  436.583073][T17166]  loop2: AHDI p1 p3
[  436.584498][T17166] loop2: partition table partially beyond EOD, truncated
[  436.586688][T17166] loop2: p1 start 4191936293 is beyond EOD, truncated
[  436.794879][T17170] overlayfs: failed to resolve './file1': -2
[  436.957501][T17178] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2829'.
[  437.395693][T17187] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2833'.
[  439.431259][T17234] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2839'.
[  439.434796][T17234] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2839'.
[  439.626219][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  439.897336][T17265] bridge0: entered promiscuous mode
[  439.901213][T17265] macvlan2: entered promiscuous mode
[  439.914786][T17265] macvlan3: entered promiscuous mode
[  439.950913][T17268] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2851'.
[  439.950941][T17267] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2851'.
[  440.343336][T17275] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2853'.
[  440.347742][T17275] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2853'.
[  440.741233][T17283] bridge0: port 3(hsr_slave_1) entered blocking state
[  440.745996][T17283] bridge0: port 3(hsr_slave_1) entered disabled state
[  440.749222][T17283] hsr_slave_1: entered allmulticast mode
[  440.755553][T17283] hsr_slave_1: left allmulticast mode
[  440.921820][   T25] libceph: connect (1)[c::]:6789 error -101
[  440.923708][   T25] libceph: mon0 (1)[c::]:6789 connect error
[  441.047261][T17300] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  441.049664][T17300] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  441.052862][T17300] vhci_hcd vhci_hcd.0: Device attached
[  441.059207][T17293] ceph: No mds server is up or the cluster is laggy
[  441.080347][T17301] vhci_hcd: connection closed
[  441.080479][   T91] vhci_hcd: stop threads
[  441.086301][   T91] vhci_hcd: release socket
[  441.087684][   T91] vhci_hcd: disconnect device
[  441.501320][T17312] __nla_validate_parse: 2 callbacks suppressed
[  441.501436][T17312] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2861'.
[  441.614264][T17316] netlink: del zone limit has 4 unknown bytes
[  441.856429][T17318] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2864'.
[  441.884160][T17318] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2864'.
[  442.863289][T17333] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2867'.
[  442.866259][T17333] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2867'.
[  443.034230][T17343] kvm: apic: phys broadcast and lowest prio
[  443.073693][T17346] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2870'.
[  443.104697][   T91] Bluetooth: hci1: Frame reassembly failed (-84)
[  443.783704][T17362] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2876'.
[  443.867257][T17364] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2876'.
[  444.880662][   T30] libceph: connect (1)[c::]:6789 error -101
[  444.882555][   T30] libceph: mon0 (1)[c::]:6789 connect error
[  444.927240][T17385] ceph: No mds server is up or the cluster is laggy
[  445.063592][ T5961] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  445.273683][ T1015] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  445.478458][ T1015] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  445.482160][ T1015] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  445.485225][ T1015] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  445.490195][ T1015] usb 6-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[  445.494489][ T1015] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.510656][ T1015] usb 6-1: config 0 descriptor??
[  446.552415][T17410] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2888'.
[  446.556401][T17410] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2888'.
[  446.715856][T17417] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2889'.
[  447.528452][T17439] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2894'.
[  447.648270][T17444] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2896'.
[  447.648288][T17443] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2896'.
[  447.654593][T17443] ÿÿÿÿÿÿ: renamed from bond_slave_0
[  447.974918][T17447] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  448.000351][   T30] libceph: connect (1)[c::]:6789 error -101
[  448.013861][   T30] libceph: mon0 (1)[c::]:6789 connect error
[  448.122660][T17454] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2898'.
[  448.130573][T17454] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2898'.
[  448.139102][ T1015] usbhid 6-1:0.0: can't add hid device: -71
[  448.140943][ T1015] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  448.144039][ T1015] usb 6-1: USB disconnect, device number 17
[  448.226067][T17459] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2899'.
[  448.283729][   T30] libceph: connect (1)[c::]:6789 error -101
[  448.286176][   T30] libceph: mon0 (1)[c::]:6789 connect error
[  448.291993][T17461] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2900'.
[  448.515931][   T25] IPVS: starting estimator thread 0...
[  448.541223][T17447] ceph: No mds server is up or the cluster is laggy
[  448.613544][T17466] IPVS: using max 36 ests per chain, 86400 per kthread
[  449.172704][T17474] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  449.177185][T17474] overlayfs: fs on './file0' does not support file handles, falling back to xino=off.
[  449.844277][T17501] netlink: 'syz.4.2910': attribute type 10 has an invalid length.
[  449.847340][T17501] bond0: (slave wlan1): Opening slave failed
[  449.959589][T17506] omfs: Invalid superblock (0)
[  451.387912][T17528] random: crng reseeded on system resumption
[  451.540092][T17523] syz.1.2916: vmalloc error: size 33558528, failed to allocated page array size 65544, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  451.546252][T17523] CPU: 1 UID: 0 PID: 17523 Comm: syz.1.2916 Not tainted 6.14.0-rc4-syzkaller #0
[  451.546269][T17523] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  451.546276][T17523] Call Trace:
[  451.546281][T17523]  <TASK>
[  451.546286][T17523]  dump_stack_lvl+0x16c/0x1f0
[  451.546307][T17523]  warn_alloc+0x24d/0x3a0
[  451.546325][T17523]  ? __pfx_warn_alloc+0x10/0x10
[  451.546347][T17523]  ? __get_vm_area_node+0x1b0/0x2f0
[  451.546364][T17523]  ? __get_vm_area_node+0x1dc/0x2f0
[  451.546381][T17523]  __vmalloc_node_range_noprof+0x1102/0x1530
[  451.546400][T17523]  ? hash_netnet_create+0x845/0x1a00
[  451.546417][T17523]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  451.546433][T17523]  ? rcu_is_watching+0x12/0xc0
[  451.546443][T17523]  ? trace_kmalloc+0x2d/0xd0
[  451.546454][T17523]  ? __kmalloc_node_noprof.cold+0x5a/0x5f
[  451.546465][T17523]  ? hash_netnet_create+0x845/0x1a00
[  451.546476][T17523]  __kvmalloc_node_noprof+0x14f/0x1a0
[  451.546490][T17523]  ? hash_netnet_create+0x845/0x1a00
[  451.546502][T17523]  hash_netnet_create+0x845/0x1a00
[  451.546516][T17523]  ? __pfx_hash_netnet_create+0x10/0x10
[  451.546530][T17523]  ? __pfx_hash_netnet_create+0x10/0x10
[  451.546542][T17523]  ? ip_set_create+0x7cb/0x14d0
[  451.546551][T17523]  ? ip_set_create+0x6c8/0x14d0
[  451.546558][T17523]  ip_set_create+0x7cb/0x14d0
[  451.546570][T17523]  ? __pfx_ip_set_create+0x10/0x10
[  451.546591][T17523]  nfnetlink_rcv_msg+0x9c3/0x11e0
[  451.546611][T17523]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  451.546626][T17523]  ? __pfx_mark_lock+0x10/0x10
[  451.546654][T17523]  netlink_rcv_skb+0x16b/0x440
[  451.546667][T17523]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  451.546683][T17523]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  451.546695][T17523]  ? __pfx_aa_get_newest_label+0x10/0x10
[  451.546712][T17523]  ? bpf_lsm_capable+0x9/0x10
[  451.546722][T17523]  ? security_capable+0x7e/0x260
[  451.546738][T17523]  ? ns_capable+0xd7/0x110
[  451.546761][T17523]  nfnetlink_rcv+0x1b4/0x430
[  451.546777][T17523]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  451.546794][T17523]  ? rcu_is_watching+0x12/0xc0
[  451.546809][T17523]  netlink_unicast+0x53c/0x7f0
[  451.546826][T17523]  ? __pfx_netlink_unicast+0x10/0x10
[  451.546842][T17523]  ? __phys_addr_symbol+0x30/0x80
[  451.546854][T17523]  ? __check_object_size+0x488/0x710
[  451.546869][T17523]  netlink_sendmsg+0x8b8/0xd70
[  451.546885][T17523]  ? __pfx_netlink_sendmsg+0x10/0x10
[  451.546903][T17523]  ____sys_sendmsg+0xaaf/0xc90
[  451.546915][T17523]  ? __pfx_____sys_sendmsg+0x10/0x10
[  451.546925][T17523]  ? get_compat_msghdr+0x11b/0x170
[  451.546942][T17523]  ___sys_sendmsg+0x135/0x1e0
[  451.546971][T17523]  ? __pfx____sys_sendmsg+0x10/0x10
[  451.546992][T17523]  ? __pfx_lock_release+0x10/0x10
[  451.547008][T17523]  ? trace_lock_acquire+0x14e/0x1f0
[  451.547026][T17523]  ? __fget_files+0x206/0x3a0
[  451.547046][T17523]  __sys_sendmsg+0x16e/0x220
[  451.547062][T17523]  ? __pfx___sys_sendmsg+0x10/0x10
[  451.547078][T17523]  ? __ia32_sys_futex_time32+0x1da/0x460
[  451.547100][T17523]  __do_fast_syscall_32+0x73/0x120
[  451.547115][T17523]  do_fast_syscall_32+0x32/0x80
[  451.547127][T17523]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  451.547143][T17523] RIP: 0023:0xf743e579
[  451.547152][T17523] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  451.547162][T17523] RSP: 002b:00000000f508455c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  451.547173][T17523] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000040
[  451.547179][T17523] RDX: 0000000000000084 RSI: 0000000000000000 RDI: 0000000000000000
[  451.547184][T17523] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  451.547190][T17523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  451.547196][T17523] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  451.547208][T17523]  </TASK>
[  451.547301][T17523] Mem-Info:
[  451.660070][T17523] active_anon:321 inactive_anon:3325 isolated_anon:1535
[  451.660070][T17523]  active_file:1878 inactive_file:318 isolated_file:0
[  451.660070][T17523]  unevictable:1767 dirty:104 writeback:0
[  451.660070][T17523]  slab_reclaimable:6253 slab_unreclaimable:73418
[  451.660070][T17523]  mapped:31882 shmem:4643 pagetables:880
[  451.660070][T17523]  sec_pagetables:323 bounce:0
[  451.660070][T17523]  kernel_misc_reclaimable:0
[  451.660070][T17523]  free:26723 free_pcp:3524 free_cma:0
[  451.681352][T17523] Node 0 active_anon:568kB inactive_anon:112kB active_file:4632kB inactive_file:212kB unevictable:3532kB isolated(anon):0kB isolated(file):0kB mapped:1732kB dirty:104kB writeback:0kB shmem:5232kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9556kB pagetables:660kB sec_pagetables:1168kB all_unreclaimable? yes
[  451.692301][T17523] Node 1 active_anon:720kB inactive_anon:13188kB active_file:2912kB inactive_file:1060kB unevictable:3536kB isolated(anon):6140kB isolated(file):0kB mapped:125796kB dirty:312kB writeback:0kB shmem:13340kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:4096kB writeback_tmp:0kB kernel_stack:3856kB pagetables:2888kB sec_pagetables:124kB all_unreclaimable? no
[  451.706524][T17523] Node 0 DMA free:2076kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:0kB free_cma:0kB
[  451.716137][T17523] lowmem_reserve[]: 0 294 0 0 0
[  451.717647][T17523] Node 0 DMA32 free:18464kB boost:30504kB min:44064kB low:47452kB high:50840kB reserved_highatomic:2048KB active_anon:568kB inactive_anon:112kB active_file:4632kB inactive_file:212kB unevictable:3532kB writepending:104kB present:1032196kB managed:301744kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:0kB free_cma:0kB
[  451.729267][T17523] lowmem_reserve[]: 0 0 0 0 0
[  451.731709][T17523] Node 1 DMA32 free:86272kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:2048KB active_anon:720kB inactive_anon:13188kB active_file:2912kB inactive_file:1060kB unevictable:3536kB writepending:312kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:14084kB local_pcp:396kB free_cma:0kB
[  451.741867][T17523] lowmem_reserve[]: 0 0 0 0 0
[  451.744899][T17523] Node 0 DMA: 55*4kB (UM) 34*8kB (UM) 21*16kB (UM) 27*32kB (UM) 4*64kB (M) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2076kB
[  451.749895][T17523] Node 0 DMA32: 888*4kB (UMEH) 286*8kB (UMEH) 81*16kB (UM) 124*32kB (UM) 35*64kB (UME) 24*128kB (UM) 6*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 18464kB
[  451.755046][T17523] Node 1 DMA32: 233*4kB (ME) 334*8kB (UMEH) 140*16kB (UMEH) 92*32kB (UMEH) 174*64kB (MEH) 104*128kB (ME) 47*256kB (UME) 42*512kB (ME) 19*1024kB (UM) 0*2048kB 0*4096kB = 86228kB
[  451.761678][T17523] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  451.765269][T17523] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  451.768151][T17523] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  451.771728][T17523] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  451.775697][T17523] 7029 total pagecache pages
[  451.777766][T17523] 182 pages in swap cache
[  451.779386][T17523] Free swap  = 51604kB
[  451.780661][T17523] Total swap = 124996kB
[  451.781938][T17523] 524155 pages RAM
[  451.783073][T17523] 0 pages HighMem/MovableOnly
[  451.784878][T17523] 207816 pages reserved
[  451.786086][T17523] 0 pages cma reserved
[  452.123131][T17541] __nla_validate_parse: 1 callbacks suppressed
[  452.123171][T17541] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2920'.
[  452.361007][T17541] wireguard0: entered promiscuous mode
[  452.721987][T17565] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2925'.
[  452.771186][T17562] cifs: Unknown parameter 'mode'
[  452.772317][T17565] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2925'.
[  452.789210][T17565] netlink: 'syz.0.2925': attribute type 10 has an invalid length.
[  452.793291][T17565] netlink: 'syz.0.2925': attribute type 10 has an invalid length.
[  452.822799][T17565] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  452.857375][T17568] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2927'.
[  452.911617][   T44] page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x12b pfn:0x5ebe9
[  452.914464][   T44] flags: 0x4fff00000010001(locked|reclaim|node=1|zone=1|lastcpupid=0x7ff)
[  452.919403][   T84]  slab kmalloc-96 start ffff888000352c00 pointer offset 0 size 96
[  452.923562][   T84] list_add corruption. next->prev should be prev (ffffe8ffac439150), but was ffffffff848ae6c0. (next=ffff888000352c00).
[  452.927630][   T84] ------------[ cut here ]------------
[  452.929282][   T84] kernel BUG at lib/list_debug.c:29!
[  452.930899][   T84] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[  452.933083][   T84] CPU: 2 UID: 0 PID: 84 Comm: kworker/u32:4 Not tainted 6.14.0-rc4-syzkaller #0
[  452.936695][   T84] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  452.940512][   T84] Workqueue: zswap1 compact_page_work
[  452.942113][   T84] RIP: 0010:__list_add_valid_or_report+0xec/0x190
[  452.944005][   T84] Code: 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 a5 00 00 00 48 8b 55 08 48 89 e9 48 c7 c7 80 47 d3 8b e8 e5 9f d1 fc 90 <0f> 0b 48 89 f7 48 89 34 24 e8 b6 28 33 fd 48 8b 34 24 48 b8 00 00
[  452.949639][   T84] RSP: 0018:ffffc9000102fb88 EFLAGS: 00010282
[  452.951469][   T84] RAX: 0000000000000075 RBX: ffff88805ebe9000 RCX: ffffffff819944e9
[  452.953820][   T84] RDX: 0000000000000000 RSI: ffffffff8199a85e RDI: 0000000000000005
[  452.956128][   T84] RBP: ffff888000352c00 R08: 0000000000000005 R09: 0000000000000000
[  452.958466][   T84] R10: 0000000000000002 R11: 0000000000000004 R12: ffff88805ebe9000
[  452.960828][   T84] R13: ffff888000352c08 R14: ffffea00017afa40 R15: ffff88805ebe9008
[  452.963148][   T84] FS:  0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000
[  452.963641][   T44] raw: 04fff00000010001 ffffc900006b75a8 ffffc900006b75a8 ffffffff8b7df6c2
[  452.965779][   T84] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  452.965800][   T84] CR2: 000000000c2d722b CR3: 0000000075d4c000 CR4: 0000000000352ef0
[  452.965807][   T84] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  452.965813][   T84] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  452.965819][   T84] Call Trace:
[  452.965824][   T84]  <TASK>
[  452.965831][   T84]  ? die+0x31/0x80
[  452.965849][   T84]  ? do_trap+0x232/0x430
[  452.969379][   T44] raw: 000000000000012b 0000000000000000 00000002ffffffff 0000000000000000
[  452.971275][   T84]  ? __list_add_valid_or_report+0xec/0x190
[  452.971303][   T84]  ? __list_add_valid_or_report+0xec/0x190
[  452.971315][   T84]  ? do_error_trap+0xf4/0x230
[  452.971325][   T84]  ? __list_add_valid_or_report+0xec/0x190
[  452.971347][   T84]  ? handle_invalid_op+0x34/0x40
[  452.971358][   T84]  ? __list_add_valid_or_report+0xec/0x190
[  452.978410][   T44] page dumped because: VM_BUG_ON_PAGE(!((__builtin_constant_p(PAGE_CLAIMED) && __builtin_constant_p((uintptr_t)(&page->private) != (uintptr_t)((void *)0)) && (uintptr_t)(&page->private) != (uintptr_t)((void *)0) && __builtin_constant_p(*(const unsigned long *)(&page->private))) ? const_test_bit(PAGE_CLAIMED, &page->private) : _test_bit(PAGE_CLAIMED, &page->private)))
[  452.979330][   T84]  ? exc_invalid_op+0x2e/0x50
[  452.979350][   T84]  ? asm_exc_invalid_op+0x1a/0x20
[  452.979366][   T84]  ? __wake_up_klogd.part.0+0x99/0xf0
[  452.980891][   T44] page_owner tracks the page as allocated
[  452.981688][   T84]  ? vprintk_emit+0x39e/0x6f0
[  452.983312][   T44] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12800(GFP_NOWAIT|__GFP_NORETRY), pid 114, tgid 114 (kswapd1), ts 451920957627, free_ts 450364148618
[  452.984473][   T84]  ? __list_add_valid_or_report+0xec/0x190
[  452.984488][   T84]  ? __list_add_valid_or_report+0xeb/0x190
[  452.984499][   T84]  do_compact_page+0x10f2/0x27b0
[  452.984514][   T84]  ? lock_acquire+0x2f/0xb0
[  452.984528][   T84]  ? process_one_work+0x921/0x1ba0
[  452.984545][   T84]  process_one_work+0x9c5/0x1ba0
[  452.984560][   T84]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  452.984574][   T84]  ? __pfx_process_one_work+0x10/0x10
[  452.984588][   T84]  ? assign_work+0x1a0/0x250
[  452.984600][   T84]  worker_thread+0x6c8/0xf00
[  452.984615][   T84]  ? __kthread_parkme+0x148/0x220
[  452.984624][   T84]  ? __pfx_worker_thread+0x10/0x10
[  452.989415][   T44]  post_alloc_hook+0x181/0x1b0
[  452.991045][   T84]  kthread+0x3af/0x750
[  452.991062][   T84]  ? __pfx_kthread+0x10/0x10
[  452.991073][   T84]  ? lock_acquire+0x2f/0xb0
[  452.991087][   T84]  ? __pfx_kthread+0x10/0x10
[  452.993058][   T44]  get_page_from_freelist+0xfce/0x2f80
[  452.994730][   T84]  ret_from_fork+0x45/0x80
[  452.994747][   T84]  ? __pfx_kthread+0x10/0x10
[  452.994761][   T84]  ret_from_fork_asm+0x1a/0x30
[  452.994775][   T84]  </TASK>
[  452.994779][   T84] Modules linked in:
[  452.995072][   T84] ---[ end trace 0000000000000000 ]---
[  452.999552][   T44]  __alloc_frozen_pages_noprof+0x221/0x2470
[  452.999608][   T84] RIP: 0010:__list_add_valid_or_report+0xec/0x190
[  453.014076][   T44]  alloc_pages_mpol+0x1fc/0x540
[  453.014685][   T84] Code: 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 a5 00 00 00 48 8b 55 08 48 89 e9 48 c7 c7 80 47 d3 8b e8 e5 9f d1 fc 90 <0f> 0b 48 89 f7 48 89 34 24 e8 b6 28 33 fd 48 8b 34 24 48 b8 00 00
[  453.016817][   T44]  alloc_pages_noprof+0x131/0x390
[  453.018257][   T84] RSP: 0018:ffffc9000102fb88 EFLAGS: 00010282
[  453.018270][   T84] RAX: 0000000000000075 RBX: ffff88805ebe9000 RCX: ffffffff819944e9
[  453.018276][   T84] RDX: 0000000000000000 RSI: ffffffff8199a85e RDI: 0000000000000005
[  453.018282][   T84] RBP: ffff888000352c00 R08: 0000000000000005 R09: 0000000000000000
[  453.019848][   T44]  z3fold_zpool_malloc+0x853/0x14f0
[  453.021237][   T84] R10: 0000000000000002 R11: 0000000000000004 R12: ffff88805ebe9000
[  453.021247][   T84] R13: ffff888000352c08 R14: ffffea00017afa40 R15: ffff88805ebe9008
[  453.021254][   T84] FS:  0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000
[  453.021274][   T84] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  453.091532][   T84] CR2: 000000000c2d722b CR3: 0000000075d4c000 CR4: 0000000000352ef0
[  453.093914][   T84] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  453.096271][   T84] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  453.098601][   T84] Kernel panic - not syncing: Fatal exception
[  453.101075][   T84] Kernel Offset: disabled
[  453.102359][   T84] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:39:52  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000a4dbfc RBX=0000000000000000 RCX=ffffffff8b552469 RDX=ffffed1005686f86
RSI=ffffffff8bd34580 RDI=ffffffff81907399 RBP=fffffbfff1bd2ee8 RSP=ffffffff8de07e20
R8 =0000000000000000 R9 =ffffed1005686f85 R10=ffff88802b437c2b R11=0000000000000001
R12=0000000000000000 R13=ffffffff8de97740 R14=ffffffff90627810 R15=0000000000000000
RIP=ffffffff8b55384f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c3d1e16 CR3=0000000074ab6000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffff88802b646760 RCX=ffffffff81add08a RDX=ffff888026218000
RSI=ffffffff81add064 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc90002e1f928
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=ffffed10056c8ced R13=0000000000000001 R14=ffff88802b53ffc0 R15=ffff88802b646768
RIP=ffffffff81add066 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000008001c000 CR3=000000000df80000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff853e5a35 RDI=ffffffff9ab6ee60 RBP=ffffffff9ab6ee20 RSP=ffffc9000102f4f0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=5128204350206148
R12=0000000000000000 R13=0000000000000020 R14=ffffffff9ab6ee20 R15=0000000000000000
RIP=ffffffff853e5a5f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c2d722b CR3=0000000075d4c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000c400000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=1ffff92001ad7ebc RCX=ffffffff8196a0d9 RDX=ffff888022e98000
RSI=0000000000000008 RDI=ffffffff90627810 RBP=0000000000000003 RSP=ffffc9000d6bf5c8
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=000000000000001e
R12=ffffffff8e1bcbc0 R13=0000000000000000 R14=0000000000000008 R15=0000000000000001
RIP=ffffffff821c2138 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7f655c0 CR3=000000006db50000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000