last executing test programs:

9.615219345s ago: executing program 2 (id=993):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001080)={0x14, 0x18, 0x301, 0x270bd24, 0x25dfdbfa, {0xf}}, 0x14}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x5}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8)
bind$inet6(r1, &(0x7f00000001c0)={0xa, 0xe23, 0x0, @remote}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x70, &(0x7f0000000580)=[{&(0x7f00000003c0)='\v', 0x1}], 0x1}}], 0x7ffffffffffff69, 0x0)
r2 = userfaultfd(0x1)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x8031, 0xffffffffffffffff, 0xfffff000)
read(r2, &(0x7f00000002c0)=""/153, 0x99)
r3 = memfd_create(&(0x7f0000000500)='\x14\xa3\xbb\a\x002RgZ*\xc5\x9e[,\xe5uR\x94\xaa\xdc0\xe6n\xb8\xea\xe8\x99Lh(\xc7\xbb_\x81\x15f\xe7\x100\r\x1fE\x82\xf5\xfd\x83\xff{\xa0\x15\xffK\xe4\x98\x93\xf9\xc4!_\x96\xe8&,\xdf\x12\xc0\xa7Y1\x8bUs\x91)\x89\xd0\xa1OF4\xa4fI\a\x84_r\xc6\xdaq%\xd3\x98\n\x7fmF\xa9\xbb\x16\x8bxb\xc8\xfc\xad?\x01\xf40\xf5\xc3\xf3+\xa7\x94=\x96\xe6*~\x18\x9c\xfe\xfe\xdcNWGn\xfa\xf8,\xa9\x84\xf7\xe1RA9\xfeD@\x18b\x1dgz\xdfc\x05>O\xa0\x8b\xce\xe0\x8cS\xfanA\xecx\xc4\xdd\x82aT\xb5b\xc5\xaa\x8fj\xb2\xc3\x96\x96\"&)!Z\x1e\tBq\x96L\x97\xc9G\xaa\x85\xc3C \xa1\x98o\f\xf2\x02\x05oV\a\x82\x9e\")\xfb\xa09b\xb6\v\xb3\xe1p\x97\xe9\x13\xb5-\xc1x<\xc9]\x85\xbb\xb6h\xee\x91Q\xd0V\x80\xbc\x88?\x9cr\x13<\xa5g=CA\xd8d\x86\fr\xee=<c\xb8', 0x4)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x100000f, 0x13, r3, 0x0)
ioctl$UFFDIO_WRITEPROTECT(r2, 0xc018aa06, &(0x7f00000004c0)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1})
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000740)=ANY=[@ANYBLOB="4f54e41d78d9fbd14fb442e9bce0236bddd60a56450776cac84b179edc68adcb9c49177f3afdda25b2533f55b5acb2357e872974182a9a5733b96cc075beb87d24e9b3aaf6146856a8a6087a1557f1e6bdf1756b32099a80299d22c4f42b9866640d7a57343479194a39eba6675d906ed206b321c175d43dd5c584c5a86dd60f0403f5ee4334a67dcc3ea713824f1ea932dd42cd6c064106bf", @ANYRESHEX=r2], 0x8)
r4 = openat$pmem0(0xffffff9c, &(0x7f0000000000), 0x200040, 0x0)
ioctl$BLKPG(r4, 0x1269, &(0x7f0000000300)={0x3, 0x0, 0x94, &(0x7f0000000240)={0x1, 0x10001, 0x3}})
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xd, 0x4, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffff41, 0x0, 0x0, 0x0, 0x8}, [@generic={0xa6, 0x1, 0x1, 0xc6}]}, &(0x7f0000000c40)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_MCAST_RATE(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000010", @ANYRES16=r7, @ANYBLOB="01002cbd7000fcdbdf255c00000008000300", @ANYRES32=r8, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x8}, 0x2400c010)

8.61800426s ago: executing program 2 (id=1003):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x500000b, 0x204031, 0xffffffffffffffff, 0x47aef000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
recvmmsg(r4, &(0x7f0000007840)=[{{&(0x7f0000000240)=@pppoe, 0x80, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/152, 0x98}], 0x1}, 0x9ebc}, {{&(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f00000006c0)=[{&(0x7f00000004c0)=""/27, 0x1b}, {&(0x7f0000000500)=""/224, 0xe0}, {&(0x7f0000000600)=""/158, 0x9e}], 0x3, &(0x7f0000000700)=""/204, 0xcc}, 0x10001}, {{&(0x7f0000000800)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @private2}}, 0x80, &(0x7f0000002980)=[{&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000001880)=""/248, 0xf8}, {&(0x7f0000001980)=""/4096, 0x1000}], 0x3, &(0x7f00000029c0)=""/7, 0x7}, 0x8}, {{&(0x7f0000002a00)=@sco={0x1f, @none}, 0x80, &(0x7f0000003e80)=[{&(0x7f0000002a80)=""/4096, 0x1000}, {&(0x7f0000003a80)=""/57, 0x39}, {&(0x7f0000003ac0)=""/197, 0xc5}, {&(0x7f0000003bc0)=""/224, 0xe0}, {&(0x7f0000003cc0)=""/77, 0x4d}, {&(0x7f0000003d40)=""/78, 0x4e}, {&(0x7f0000003dc0)=""/164, 0xa4}], 0x7, &(0x7f0000004000)=""/4096, 0x1000}, 0x4}, {{0x0, 0x0, &(0x7f0000005580)=[{&(0x7f0000005000)=""/125, 0x7d}, {&(0x7f0000005080)=""/253, 0xfd}, {&(0x7f0000005180)=""/25, 0x19}, {&(0x7f00000051c0)=""/241, 0xf1}, {&(0x7f00000052c0)=""/165, 0xa5}, {&(0x7f0000005380)=""/47, 0x2f}, {&(0x7f00000053c0)=""/76, 0x4c}, {&(0x7f0000005440)=""/102, 0x66}, {&(0x7f00000054c0)=""/138, 0x8a}], 0x9, &(0x7f0000005600)=""/249, 0xf9}, 0x8000}, {{&(0x7f0000005700)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f0000005800)=[{&(0x7f0000005780)=""/102, 0x66}], 0x1}, 0xd}, {{&(0x7f0000005840)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @initdev}}, 0x80, &(0x7f0000006c00)=[{&(0x7f00000058c0)=""/178, 0xb2}, {&(0x7f0000005980)=""/144, 0x90}, {&(0x7f0000005a40)=""/4096, 0x1000}, {&(0x7f0000006a40)=""/230, 0xe6}, {&(0x7f0000006b40)=""/173, 0xad}], 0x5, &(0x7f0000006c40)=""/190, 0xbe}, 0x1}, {{0x0, 0x0, &(0x7f0000006e00)=[{&(0x7f0000006d00)=""/236, 0xec}], 0x1, &(0x7f0000006e40)=""/67, 0x43}, 0x3}, {{&(0x7f0000006ec0), 0x80, &(0x7f0000007440)=[{&(0x7f0000006f40)=""/27, 0x1b}, {&(0x7f0000006f80)=""/239, 0xef}, {&(0x7f0000007080)=""/186, 0xba}, {&(0x7f0000007140)=""/15, 0xf}, {&(0x7f0000007180)=""/63, 0x3f}, {&(0x7f00000071c0)=""/128, 0x80}, {&(0x7f0000007240)=""/104, 0x68}, {&(0x7f00000072c0)=""/219, 0xdb}, {&(0x7f00000073c0)=""/77, 0x4d}], 0x9, &(0x7f00000074c0)=""/23, 0x17}, 0x7}, {{&(0x7f0000007500)=@generic, 0x80, &(0x7f00000077c0)=[{&(0x7f00000075c0)=""/238, 0xee}, {&(0x7f00000076c0)=""/132, 0x84}, {&(0x7f0000007780)=""/49, 0x31}], 0x3, &(0x7f0000007800)=""/20, 0x14}, 0x8}], 0xa, 0x40002000, &(0x7f0000007980)={0x0, 0x3938700})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x2, 0x0, 0x2080}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_OFLAGS={0x6, 0x2, 0x30}, @IFLA_GRE_IKEY={0x8}]}}}]}, 0x44}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x28}, [@ldst={0x6, 0x3, 0x0, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r5 = openat$null(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$IPSET_CMD_RENAME(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x5, 0x6, 0x5, 0x0, 0x0, {0x6, 0x0, 0x9}, [@IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0xc000}, 0xc050)

7.554431502s ago: executing program 2 (id=1010):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
r2 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_GET_EVENT(r2, 0x80286f4e, &(0x7f0000000100))
timer_settime(r1, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
ioctl$FE_GET_EVENT(r2, 0x80286f4e, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@bridge_newneigh={0x30, 0x1c, 0x401, 0x70bd29, 0x25dfdbff, {0x7, 0x0, 0x0, 0x0, 0x0, 0x6, 0x7}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}}, @NDA_FLAGS_EXT={0x8, 0xf, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c880}, 0x9840)

6.57900954s ago: executing program 2 (id=1014):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="010000000400100018df0000a4e2000001000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00 \x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x1c, 0x0, r1, 0xffff67c4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1}, 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, r1}, 0x38)
ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f00000001c0)=0x4)
io_uring_setup(0x664b, &(0x7f0000000500)={0x0, 0x5e87, 0x0, 0x0, 0x337})
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x2}, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x10, 0x4, 0x4, 0x6}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x6, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, [@call={0x85, 0x0, 0x0, 0x50}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x1}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r3, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
mount$tmpfs(0x0, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000580), 0x0, &(0x7f0000000000))
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="2e00000011008188040f80ec59acbc0413a181003f00000001010000000200000e000a000f00000002800200", 0x2c}], 0x1}, 0x24008080)
ioctl$FS_IOC_FSGETXATTR(r4, 0x400455c8, 0x0)
syz_usb_connect$hid(0x3, 0x41, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
file_setattr(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x800)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000b641281c5b45c16c4640000000000000000000018b877ae56", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000007200000005000000bf09000000b609010000000000650000000000000018010000646c6c2500000000002020207b9af8ff000000004c9100000000000037010000f8ffffffb702000008000000b7030000ffffffff15000000060000005f93000000000000b5030000000000008500000076000000b70000000000000095000000b7397c76c72e94aa9e75a7b1993a08b472fb7b68a380b8004d3fc2b2997eb05673f94e81c26bd51929c2aaed8e5e5c4ac3ff670a4b9647d438491c468fe4230d9ecc9fb46fee8359a214fd7233ff1dedc910f8d0a99f506a3dd284748f9198d960edcb274b7df2f9affb4305fe1feff8c2153a4ca90a04cde6a8b72ccdae0201ccf9544294ac5fc80dc9c870c101bbe946ea121fedcb1a1bd0"], &(0x7f0000000000)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0xfffffe0f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0e000000040000000800000007"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x14, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001e00000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r8, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76ea090000000000009ba56a88ca", 0x0, 0xfffffffe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

6.167816589s ago: executing program 3 (id=1017):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000740)={<r0=>0xffffffffffffffff})
r1 = syz_open_dev$usbfs(0x0, 0x77, 0x101301)
ioctl$USBDEVFS_FREE_STREAMS(r1, 0xc0105500, 0x0)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
writev(r2, 0x0, 0x0)
memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x18\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x2)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x20000000, '\x00', 0x0, 0x0}, 0x50)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x1c, &(0x7f00000009c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007baaf8ff00000000b5090800000000007baaf0ff00000000bf8700000000000007070000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000004600000076000000bf98000000000000b5080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001180)={r5, 0x62, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001200)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x8, 0x0, 0x0}}, 0x10)
r6 = syz_clone(0x82020000, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = syz_open_procfs(r6, &(0x7f0000000040)='net/igmp\x00')
fchdir(r7)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r8 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r8, &(0x7f0000000940)={&(0x7f00000001c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10, 0x0}, 0x30004081)
r9 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64e9f4080003000601000004000200d700b2b7", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080)
syz_open_procfs(r6, &(0x7f00000000c0)='environ\x00')
pipe(&(0x7f0000000100))
syz_usb_disconnect(0xffffffffffffffff)
close_range(r0, 0xffffffffffffffff, 0x0)

5.923360912s ago: executing program 1 (id=1020):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x500000b, 0x204031, 0xffffffffffffffff, 0x47aef000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
recvmmsg(r4, &(0x7f0000007840)=[{{&(0x7f0000000240)=@pppoe, 0x80, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/152, 0x98}], 0x1}, 0x9ebc}, {{&(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f00000006c0)=[{&(0x7f00000004c0)=""/27, 0x1b}, {&(0x7f0000000500)=""/224, 0xe0}, {&(0x7f0000000600)=""/158, 0x9e}], 0x3, &(0x7f0000000700)=""/204, 0xcc}, 0x10001}, {{&(0x7f0000000800)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @private2}}, 0x80, &(0x7f0000002980)=[{&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000001880)=""/248, 0xf8}, {&(0x7f0000001980)=""/4096, 0x1000}], 0x3, &(0x7f00000029c0)=""/7, 0x7}, 0x8}, {{&(0x7f0000002a00)=@sco={0x1f, @none}, 0x80, &(0x7f0000003e80)=[{&(0x7f0000002a80)=""/4096, 0x1000}, {&(0x7f0000003a80)=""/57, 0x39}, {&(0x7f0000003ac0)=""/197, 0xc5}, {&(0x7f0000003bc0)=""/224, 0xe0}, {&(0x7f0000003cc0)=""/77, 0x4d}, {&(0x7f0000003d40)=""/78, 0x4e}, {&(0x7f0000003dc0)=""/164, 0xa4}], 0x7, &(0x7f0000004000)=""/4096, 0x1000}, 0x4}, {{0x0, 0x0, &(0x7f0000005580)=[{&(0x7f0000005000)=""/125, 0x7d}, {&(0x7f0000005080)=""/253, 0xfd}, {&(0x7f0000005180)=""/25, 0x19}, {&(0x7f00000051c0)=""/241, 0xf1}, {&(0x7f00000052c0)=""/165, 0xa5}, {&(0x7f0000005380)=""/47, 0x2f}, {&(0x7f00000053c0)=""/76, 0x4c}, {&(0x7f0000005440)=""/102, 0x66}, {&(0x7f00000054c0)=""/138, 0x8a}], 0x9, &(0x7f0000005600)=""/249, 0xf9}, 0x8000}, {{&(0x7f0000005700)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f0000005800)=[{&(0x7f0000005780)=""/102, 0x66}], 0x1}, 0xd}, {{&(0x7f0000005840)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @initdev}}, 0x80, &(0x7f0000006c00)=[{&(0x7f00000058c0)=""/178, 0xb2}, {&(0x7f0000005980)=""/144, 0x90}, {&(0x7f0000005a40)=""/4096, 0x1000}, {&(0x7f0000006a40)=""/230, 0xe6}, {&(0x7f0000006b40)=""/173, 0xad}], 0x5, &(0x7f0000006c40)=""/190, 0xbe}, 0x1}, {{0x0, 0x0, &(0x7f0000006e00)=[{&(0x7f0000006d00)=""/236, 0xec}], 0x1, &(0x7f0000006e40)=""/67, 0x43}, 0x3}, {{&(0x7f0000006ec0), 0x80, 0x0, 0x0, &(0x7f00000074c0)=""/23, 0x17}, 0x7}, {{&(0x7f0000007500)=@generic, 0x80, &(0x7f00000077c0)=[{&(0x7f0000007580)=""/36, 0x24}, {&(0x7f00000075c0)=""/238, 0xee}, {&(0x7f00000076c0)=""/132, 0x84}, {&(0x7f0000007780)=""/49, 0x31}], 0x4, &(0x7f0000007800)=""/20, 0x14}, 0x8}], 0xa, 0x40002000, &(0x7f0000007980)={0x0, 0x3938700})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x2, 0x0, 0x2080}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_OFLAGS={0x6, 0x2, 0x30}, @IFLA_GRE_IKEY={0x8}]}}}]}, 0x44}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x28}, [@ldst={0x6, 0x3, 0x0, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r5 = openat$null(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$IPSET_CMD_RENAME(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x5, 0x6, 0x5, 0x0, 0x0, {0x6, 0x0, 0x9}, [@IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0xc000}, 0xc050)

5.334743584s ago: executing program 3 (id=1022):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x800, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
ioctl$TUNSETDEBUG(r0, 0x400454c9, 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
r4 = shmat(r3, &(0x7f0000ff1000/0x3000)=nil, 0x400c)
setreuid(0xee01, 0xee01)
r5 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap$binder(&(0x7f0000fed000/0x4000)=nil, 0x4000, 0x1, 0x11, r5, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r6=>0x0)
madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x66)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f000043f000/0x3000)=nil, &(0x7f0000f96000/0x1000)=nil, 0x7fffff7a, 0x0, 0x0, 0x1000, 0x0, 0x2, 0x0, 0x19})
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r6, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
shmdt(r4)

3.227363167s ago: executing program 1 (id=1024):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000300000001000000000000010000000000000000000000000000000105000000100000000000000000000003000000000100000002"], 0x0, 0x53}, 0x28)
setxattr$system_posix_acl(&(0x7f0000001180)='./file0\x00', &(0x7f00000011c0)='system.posix_acl_access\x00', &(0x7f00000002c0)=ANY=[@ANYRESHEX=r0], 0x24, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b8000000190001000000000000000000e000000200"/46], 0xb8}, 0x1, 0x0, 0x0, 0x4000015}, 0x2c000010)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0xa000, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(r2, 0x7005, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, 0x0, 0x0)
openat$binfmt(0xffffff9c, 0x0, 0x41, 0x1ff)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, 0x0, 0x4)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='devtmpfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r5, 0x0, 0x46)

3.115320037s ago: executing program 2 (id=1026):
r0 = syz_open_dev$vbi(&(0x7f00000002c0), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newtaction={0xac, 0x30, 0x1, 0x0, 0x0, {}, [{0x98, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x50, 0x1, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}, @TCA_IFE_TYPE={0x6, 0x5, 0x9}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x804}, 0xc0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x1d, 0x0, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r2, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x0, 0x2, 0x1, {0xa, 0x4e24, 0x4, @empty, 0x1f}}}, 0x3a)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r4, 0x8b2c, &(0x7f0000000040))
sendmmsg$inet(r3, &(0x7f0000006d40)=[{{&(0x7f0000000100)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000180)}}, {{&(0x7f0000000840)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000002a00)=[{&(0x7f0000000300)}], 0x1}}], 0x2, 0x20040040)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000000040)=@assoc_value, &(0x7f0000000000)=0x8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newtaction={0x1f4, 0x30, 0x1, 0x70bd28, 0x0, {}, [{0x1e0, 0x1, [@m_connmark={0x194, 0x7, 0x0, 0x0, {{0xd}, {0x100, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffffffc, 0xffff, 0x2, 0xd, 0x1}, 0x1}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x7ff, 0x0, 0x2, 0x2}, 0x2}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x80000000, 0x5, 0xffffffffffffffff, 0x4, 0x1af4}, 0x3}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xffff3db2, 0x2, 0x0, 0x2, 0xffff}, 0x400}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x8, 0x2, 0xa}, 0x7}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7ff, 0xffffffff, 0x2, 0x8, 0x8000}, 0x7f}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffffffc, 0x6, 0x3, 0x6, 0x5}, 0xfa2}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffffffb, 0x7, 0x8, 0x401, 0x1e270000}, 0xff}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xaa9, 0x0, 0x1, 0x400, 0x3}, 0x1ff}}]}, {0x66, 0x6, "d6b0a223a8e5c8cd971cf63d57c43e97cb60100c57bb6b9c166b1e3635c98b1c33a0628e7ee9eb20b5ff3ce5cbcd599b819b1fb9484ebd0174a48e6291f170a6268427ad8631e9d5bdfdd89ff2bc2d98ec9ea42914d3075a6ded0f1d37b00877bac1"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x48, 0x13, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x7}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x1f4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)

2.142681596s ago: executing program 1 (id=1027):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d2)
mkdir(&(0x7f00000001c0)='./file1\x00', 0xb)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x84088, &(0x7f0000000400)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}]})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000002000000000000000100000400000000000000000300000000000000000000010000000200000000000000000000001002000000fdff"], 0x0, 0x4a}, 0x20)
chdir(&(0x7f00000003c0)='./bus\x00')
symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000080))
sendmsg$nl_xfrm(r0, 0x0, 0xe61c1323c3c20c32)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x48)
ioctl$SOUND_MIXER_READ_STEREODEVS(0xffffffffffffffff, 0x80044dfb, &(0x7f0000000100))
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000005c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="6000000009060300f100100000000000050000400900020073797a3100000000050001000700000038000780060004404e21000005000700ff0000000c0001c008000140e00040000c00028008000140e00000020c00148008000140ffffffff"], 0x60}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff8000}]})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock(&(0x7f0000b1d000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
close_range(r3, 0xffffffffffffffff, 0x0)

1.805925054s ago: executing program 3 (id=1031):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000400), 0x8002)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0x403c5404, &(0x7f0000000040)={{0x1, 0x0, 0x400006, 0x3}, 0x1, 0x0, 'id0\x00', 'timer1\x00', 0x0, 0x7}) (async)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0x403c5404, &(0x7f0000000040)={{0x1, 0x0, 0x400006, 0x3}, 0x1, 0x0, 'id0\x00', 'timer1\x00', 0x0, 0x7})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f0000000600)={'sit0\x00', 0x0})

1.725685466s ago: executing program 1 (id=1032):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000000)=0x2, 0x4)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="00082dbd7000fbdbdf250100000004000300040002"], 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0xa4)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x2000000)

1.725433606s ago: executing program 3 (id=1033):
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x3, {{0xa, 0x0, 0xfffffffe, @mcast1={0xff, 0x7}, 0x10}}, {{0xa, 0x0, 0x4, @remote, 0xffffbfff}}}, 0x108)
r1 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x36}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000a80)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa86dd6000000000383afffe8000000000000000000000000000aaff0200000000000000000000000000010401907800000001637c364d00062fffff020000000000000000000000000001fc00000000000000000000000004000033001a4066000000"], 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="2400000040000701feffffff00000100017c0000040042800c00018006000600800a00008fd8c74a30992c9a5fbada96774ff9198cb3da1b55c42bd30b887c8de78dc50faa929a8efdb33732075acf8cc709eb7ef0f78e0e5e7323f62009bd1f774ba09b5e14350e07d970df3944e2aad29439d865c42660bac8"], 0x24}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x28000080)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='exfat\x00', 0x0, 0x0)
sendmsg$inet6(r5, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xe1000, 0x280000b, 0x28011, r1, 0x0)
mremap(&(0x7f00003d4000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000007000/0x2000)=nil)

1.608394828s ago: executing program 0 (id=1034):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{}, 0x0, 0x0, 0x5})
socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20050840)
r1 = syz_open_procfs(0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
renameat2(r1, &(0x7f00000002c0)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r1, 0x0, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
lseek(r2, 0x7fff, 0x4)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x1, 0xa)
fchdir(r5)
r6 = open(&(0x7f0000000080)='./bus\x00', 0x1031c2, 0xb4)
mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1)
ftruncate(r6, 0x2007ffb)
close(r6)
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0)
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f0000001880)={&(0x7f0000000880)=[0x0, 0x54, 0x3, 0x7, 0x8, 0x5, 0x8, 0x1000, 0xb11d, 0x0, 0x1, 0x2, 0x0, 0xb, 0x430c, 0x7, 0x1, 0x3, 0x5, 0x4, 0x8, 0x80000001, 0x8, 0x3, 0x81, 0x2, 0x5, 0xfffffff8, 0x10001, 0x825, 0x4, 0x80000001, 0xfffffffa, 0x10000, 0x8, 0x9, 0x80, 0x0, 0xfffffc01, 0x3, 0xc, 0x2, 0x7ff, 0x200, 0xd699, 0xd, 0x3, 0x7, 0xfffffff9, 0x4, 0x6, 0x6, 0x3, 0x9, 0x5, 0x7ff, 0x5, 0x8, 0x401, 0x9, 0x7fff, 0x6, 0x8, 0x1e, 0x3ff, 0x40, 0x10000, 0x7, 0xe7, 0x5, 0x7, 0x6, 0x2, 0x9ba, 0x6, 0x0, 0x200, 0xffffff01, 0x5, 0x200, 0x10, 0x31c, 0x9, 0x2, 0x4, 0x9, 0x5, 0x6, 0xe61, 0x97, 0x4, 0x8, 0xe21, 0x2000000, 0x800, 0x2, 0x5, 0x10000, 0x3ff, 0x80000000, 0x83, 0xe, 0xfb, 0x6, 0xfffffffc, 0x8, 0x10001, 0x9, 0x7, 0x5, 0x3, 0x0, 0x8, 0x6c, 0x7, 0x2, 0xfffffffd, 0x5, 0x8, 0x2, 0x60b, 0x10000, 0x2, 0x4, 0x4f, 0x7, 0x1, 0xfffffff0, 0x0, 0x9, 0x1, 0x0, 0x48, 0x3ff, 0x3, 0x3ff, 0x9, 0x8, 0x1, 0x7d8, 0x0, 0x8, 0x1, 0x9, 0x8, 0x200, 0x5, 0x0, 0x1, 0x10000, 0x8, 0x2, 0x99a0, 0x2, 0x2, 0x2e1, 0x7, 0x4, 0x58, 0x3, 0xa, 0x4, 0x2, 0x400, 0xfffffff8, 0xfffffd40, 0x8, 0xe, 0x4a6d, 0x9, 0x7, 0x3, 0x6, 0x9, 0x1, 0x5bbc, 0x7, 0x7, 0x1, 0x5, 0x5a69, 0x10001, 0x3, 0x10000, 0x5, 0x1ff, 0x5, 0x1, 0xfffffff8, 0x7, 0x2, 0xfffffff8, 0x5, 0xe, 0x2775, 0xfcff, 0x0, 0x1ff, 0x6, 0x80, 0x5, 0x1000, 0x4, 0x69, 0x6, 0xffff, 0x4, 0xffffffff, 0xa96, 0x8, 0x5, 0x7, 0x7, 0x80000000, 0x7, 0x9, 0xd, 0xfffffff7, 0x7fff, 0x3ffa, 0x45, 0x76, 0x3, 0x30000000, 0x3, 0x2, 0x4, 0x4, 0x3ff, 0x2, 0x2, 0x14, 0x3, 0x82, 0x2, 0x200, 0x8, 0x3754, 0xfff, 0xfff, 0xf8, 0x1, 0x81, 0x0, 0x7, 0x8000, 0x1ff, 0x29, 0x80000001, 0x40, 0x8, 0x3, 0x58ad, 0x2790, 0x4, 0x3, 0xfffffffd, 0xb, 0x6, 0xd4, 0x8, 0x6, 0x9, 0xe26, 0x7ff, 0x184, 0x7, 0x5, 0x6c, 0x6, 0xfffffffd, 0xf, 0x10, 0x630, 0x8ae2, 0xe, 0x5, 0x80000001, 0x6, 0x7, 0x4, 0x6, 0x12ece00, 0xe, 0xfffffffa, 0xbb6, 0x7, 0xffff, 0x8, 0x20000000, 0x9, 0x475, 0x5, 0x9, 0x0, 0x3, 0x3, 0x7, 0x101, 0x8, 0x9, 0xff, 0xb44d, 0xfffffffc, 0xfffffff9, 0x1, 0xda0, 0xff, 0x200, 0x10000, 0xf93, 0x4, 0xb, 0x6, 0x1ff, 0x8, 0x8, 0xfffffffb, 0xc8, 0x1, 0x9, 0x6, 0x8, 0x3, 0xfffffff8, 0x1, 0x40, 0x1, 0x3, 0x0, 0x2, 0x3, 0x8001, 0xfffffff8, 0x73, 0x5, 0x80000001, 0xe6bf, 0xd862, 0x7fff, 0x6, 0x0, 0x5, 0x4, 0xffffffff, 0x80000001, 0x5, 0x7, 0x4, 0x280, 0x4, 0x6, 0x88d8, 0xfffffff9, 0xffff, 0x463, 0xffff8000, 0x8, 0x3, 0x9, 0x3c6f, 0x8, 0x2, 0x91, 0x539a, 0x6, 0x8e1, 0x280, 0xbecb, 0x7, 0x1ff, 0x7ff, 0x3, 0xc, 0x5, 0x9, 0xffff7365, 0x724, 0x5, 0xfffffffb, 0x0, 0xe, 0x0, 0xfff, 0xa, 0x7f, 0x9, 0x2, 0x3, 0x8f4, 0x763c, 0x4, 0x8, 0x9, 0xfffff800, 0xc, 0x800, 0x6, 0x0, 0x4a, 0x1, 0x8, 0x7, 0x20, 0xef, 0xffffff90, 0x5, 0x3, 0x5, 0x6, 0xe81, 0x7d, 0x8, 0x10001, 0x6a, 0x4674, 0x4, 0x13, 0x6, 0x7, 0x5, 0xffffffff, 0x4, 0x6, 0x7fffffff, 0x2, 0x101, 0x80, 0x10001, 0x51bf, 0x2, 0x5, 0x80, 0x5, 0x1, 0xe, 0x81, 0x4, 0x6, 0x9, 0x1000, 0x4, 0x5f7, 0xf14, 0x6, 0x40, 0x4, 0x10001, 0x4, 0x80, 0x0, 0x9, 0x0, 0x9, 0x8, 0x11, 0xc, 0x3, 0xfffffffb, 0x0, 0x2, 0x5, 0x9, 0x8, 0x8, 0x12, 0xfffffffd, 0x10001, 0x7, 0x9, 0xff, 0x80, 0x8, 0xd, 0x81b3, 0x101, 0x1000, 0x2000, 0x265, 0x2, 0x4, 0x7fff, 0x0, 0x3, 0xa91b, 0xa7, 0x84d1, 0x5, 0x9, 0x9, 0x5, 0x0, 0x9, 0x7fff, 0x0, 0x0, 0x7, 0x0, 0x4ef7, 0x7fff, 0x8, 0x3, 0xedb1, 0x6, 0xffffffff, 0x9, 0xbf, 0xfffffff9, 0x81, 0x200, 0x4, 0x3, 0x101, 0x101, 0x9f, 0x7, 0x7, 0x7a9, 0x83, 0x1, 0x1, 0xffffffff, 0x38, 0x7f, 0x4, 0x1000, 0x7f, 0x100, 0xffff8000, 0x0, 0x9532, 0x1000, 0x9, 0x4, 0xfffffff4, 0xcf8c, 0x5, 0xffffffff, 0xd, 0x3, 0xd, 0x800, 0x5, 0x3b854e9d, 0x7ff, 0x5, 0x3, 0x6, 0x81, 0x9, 0x5, 0x8, 0xb9a8, 0x50e0, 0x6, 0x3, 0x1, 0x7fffffff, 0x3, 0x1000, 0xfffffff9, 0xffff, 0x1, 0x4, 0x939, 0x8000, 0x2, 0x1, 0x7fffffff, 0x9, 0x9b42, 0xe, 0x4, 0x5, 0x10001, 0x1, 0x7, 0x0, 0xffffffff, 0xe4, 0x5, 0x1, 0x5, 0x7, 0x45c, 0x8, 0x1, 0xfffffffd, 0x3, 0x100, 0x10000, 0x7, 0x4, 0x5, 0x9, 0x28, 0x1000000c, 0xffbe, 0x1000, 0x4, 0xe, 0xf, 0x2, 0x1, 0x8001, 0x9, 0x3, 0x3, 0x40, 0x1e06, 0x2, 0x4, 0x100, 0x7, 0x7, 0x7, 0x4, 0x200, 0xfffffffb, 0x8e1, 0xc, 0x2, 0x6, 0x2b, 0x6, 0xb5a, 0x5, 0x4, 0x9, 0x3ff, 0xff, 0x6, 0x5, 0x8, 0xd7, 0xfffff801, 0xe, 0x101, 0x2, 0x0, 0x6, 0xb8, 0x80000001, 0xbf, 0xc0000000, 0x6, 0x5, 0x1ff, 0x8, 0xc, 0x5, 0x6, 0x8, 0x2, 0x19, 0x80000001, 0x7d7, 0x2, 0x9, 0x9, 0x8, 0x3, 0x0, 0x4, 0x1, 0x8, 0xe, 0x80000001, 0x81, 0xfff, 0x3, 0x3, 0x4, 0x1, 0x0, 0x9, 0x9, 0x81, 0x1, 0x8000, 0x7, 0xff, 0x6, 0x2, 0x395, 0x207, 0x2, 0x9, 0x9, 0x5, 0xee, 0x1, 0xd4, 0x6, 0x2, 0xc1, 0x1, 0x0, 0x1, 0x9, 0x5, 0xe752, 0x8, 0x1, 0xe69, 0x3, 0x9, 0x80, 0x7f, 0x8, 0xf57, 0x55d, 0xffd, 0x4, 0x2, 0xf1a, 0x7, 0xfffff99a, 0x7f, 0xfffffffc, 0xd, 0x8c19, 0xc62a, 0x9, 0x3, 0x100, 0x2, 0x10000, 0x9, 0x7fff, 0xaf, 0x2, 0x971f, 0x5, 0xc420, 0x5, 0x7fff, 0x5, 0x0, 0x2, 0xb4b, 0x1, 0x101, 0xa2, 0x40, 0x8, 0xffff, 0x58e84d4b, 0x1c, 0x9, 0x3ff, 0x1, 0x4, 0x7fff, 0x4, 0x1615, 0x4, 0x4, 0x6, 0x4, 0x9e17, 0x893, 0xfff, 0xfffffffa, 0xf4a0, 0xc7d0, 0x3, 0x3, 0x9, 0x3, 0x3, 0xe7c, 0x5, 0x5, 0x8, 0x2, 0x1, 0x40, 0x5, 0x4, 0x3, 0x2, 0x7, 0x6, 0x1, 0x401, 0x63, 0x4, 0x6, 0x2, 0x0, 0x5, 0x5, 0x7fffffff, 0xc, 0x80, 0x56, 0x4, 0x29a2, 0x7, 0x9, 0xcee, 0x7, 0x1, 0x3, 0x7fffffff, 0x8001, 0x3, 0x2, 0x0, 0x7, 0x200, 0x1, 0x6, 0x2, 0x90, 0x2, 0x667, 0x6, 0x6, 0x8, 0x2, 0xffffffff, 0xfff, 0xdb54, 0x5, 0x4, 0x200, 0xff, 0xde95, 0x709c593c, 0x6d, 0xe, 0x5cfdf5b2, 0x7789, 0x9, 0x770a, 0x1, 0xd15, 0xdd0, 0xe, 0xffffffd7, 0x8, 0x9dd, 0x3, 0x3, 0x4, 0x5, 0x1000, 0x1, 0x950, 0x0, 0x5, 0x6, 0xffffffff, 0x5, 0x0, 0x4, 0x0, 0x8, 0x3384, 0x10001, 0x3, 0x4, 0x5, 0x0, 0x2, 0x7fce, 0x9, 0x2f, 0x5dfc, 0xab, 0x7, 0x1, 0x236, 0x0, 0x3, 0x2, 0xb53, 0x7, 0x7, 0x6, 0xf, 0x7fffffff, 0xc, 0x4, 0x3, 0xbdb5, 0x1174, 0x7, 0xb325, 0x7fffffff, 0x5, 0x5, 0x809, 0x4, 0x9, 0xffff2878, 0x4e4c, 0x0, 0x80, 0x2, 0xc186, 0x6, 0x0, 0x4, 0x7ff, 0x9, 0x4, 0x1, 0x3, 0x2, 0x4, 0x9, 0x8, 0x3, 0x6, 0x1, 0x10000, 0xd5, 0x1, 0x3, 0x337a1f48, 0x0, 0x57, 0xfdc, 0x0, 0x9, 0x89, 0x8001, 0xfff, 0x3, 0x4, 0x2941, 0x0, 0x480, 0x9, 0x6, 0x0, 0x1000000, 0x100000, 0x3ff, 0x2, 0x0, 0xe, 0x2, 0x3, 0x13, 0x22, 0x5, 0x8, 0x5, 0x5b0831fc, 0x8001, 0x4, 0x10, 0x76c6, 0x101, 0x81, 0x5, 0x3, 0x7, 0x6b2d, 0x2c1, 0xfffffff9, 0x0, 0x9, 0xb0, 0x2b88000, 0x2, 0x0, 0xa9, 0x1, 0xfffffff7, 0x1, 0x21e2, 0x0, 0x80, 0x6, 0x800, 0x622, 0x3, 0x7, 0x0, 0x8, 0x0, 0xffffff32, 0x21d, 0x21fa, 0xd, 0x0, 0x80000001, 0xfffffff9, 0x5d4, 0x2, 0x200, 0xc50, 0x8, 0x3, 0xc30, 0xb441, 0x31, 0x1, 0x7, 0x7, 0xff, 0x7fff, 0x80000000, 0x9, 0x8, 0x2, 0x7a, 0x800000, 0x2, 0x5, 0x3, 0x4, 0x6, 0x4, 0x1, 0x7, 0x100, 0xe4a8, 0x8], 0x6, 0x400, 0x8})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000180))
timer_create(0x0, 0x0, 0x0)

1.489318614s ago: executing program 1 (id=1035):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x500000b, 0x204031, 0xffffffffffffffff, 0x47aef000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
recvmmsg(r4, &(0x7f0000007840)=[{{&(0x7f0000000240)=@pppoe, 0x80, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/152, 0x98}], 0x1}, 0x9ebc}, {{&(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f00000006c0)=[{&(0x7f00000004c0)=""/27, 0x1b}, {&(0x7f0000000500)=""/224, 0xe0}, {&(0x7f0000000600)=""/158, 0x9e}], 0x3, &(0x7f0000000700)=""/204, 0xcc}, 0x10001}, {{&(0x7f0000000800)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @private2}}, 0x80, &(0x7f0000002980)=[{&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000001880)=""/248, 0xf8}, {&(0x7f0000001980)=""/4096, 0x1000}], 0x3, &(0x7f00000029c0)=""/7, 0x7}, 0x8}, {{&(0x7f0000002a00)=@sco={0x1f, @none}, 0x80, &(0x7f0000003e80)=[{&(0x7f0000002a80)=""/4096, 0x1000}, {&(0x7f0000003a80)=""/57, 0x39}, {&(0x7f0000003ac0)=""/197, 0xc5}, {&(0x7f0000003bc0)=""/224, 0xe0}, {&(0x7f0000003cc0)=""/77, 0x4d}, {&(0x7f0000003d40)=""/78, 0x4e}, {&(0x7f0000003dc0)=""/164, 0xa4}], 0x7, &(0x7f0000004000)=""/4096, 0x1000}, 0x4}, {{0x0, 0x0, &(0x7f0000005580)=[{&(0x7f0000005000)=""/125, 0x7d}, {&(0x7f0000005080)=""/253, 0xfd}, {&(0x7f0000005180)=""/25, 0x19}, {&(0x7f00000051c0)=""/241, 0xf1}, {&(0x7f00000052c0)=""/165, 0xa5}, {&(0x7f0000005380)=""/47, 0x2f}, {&(0x7f00000053c0)=""/76, 0x4c}, {&(0x7f0000005440)=""/102, 0x66}, {&(0x7f00000054c0)=""/138, 0x8a}], 0x9, &(0x7f0000005600)=""/249, 0xf9}, 0x8000}, {{&(0x7f0000005700)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f0000005800)=[{&(0x7f0000005780)=""/102, 0x66}], 0x1}, 0xd}, {{&(0x7f0000005840)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @initdev}}, 0x80, &(0x7f0000006c00)=[{&(0x7f00000058c0)=""/178, 0xb2}, {&(0x7f0000005980)=""/144, 0x90}, {&(0x7f0000005a40)=""/4096, 0x1000}, {&(0x7f0000006a40)=""/230, 0xe6}, {&(0x7f0000006b40)=""/173, 0xad}], 0x5, &(0x7f0000006c40)=""/190, 0xbe}, 0x1}, {{0x0, 0x0, &(0x7f0000006e00)=[{&(0x7f0000006d00)=""/236, 0xec}], 0x1, &(0x7f0000006e40)=""/67, 0x43}, 0x3}, {{&(0x7f0000006ec0), 0x80, &(0x7f0000007440)=[{&(0x7f0000006f40)=""/27, 0x1b}, {&(0x7f0000006f80)=""/239, 0xef}, {&(0x7f0000007080)=""/186, 0xba}, {&(0x7f0000007140)=""/15, 0xf}, {&(0x7f0000007180)=""/63, 0x3f}, {&(0x7f00000071c0)=""/128, 0x80}, {&(0x7f0000007240)=""/104, 0x68}, {&(0x7f00000072c0)=""/219, 0xdb}, {&(0x7f00000073c0)=""/77, 0x4d}], 0x9, &(0x7f00000074c0)=""/23, 0x17}, 0x7}, {{&(0x7f0000007500)=@generic, 0x80, &(0x7f00000077c0)=[{&(0x7f00000075c0)=""/238, 0xee}, {&(0x7f00000076c0)=""/132, 0x84}, {&(0x7f0000007780)=""/49, 0x31}], 0x3, &(0x7f0000007800)=""/20, 0x14}, 0x8}], 0xa, 0x40002000, &(0x7f0000007980)={0x0, 0x3938700})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x2, 0x0, 0x2080}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_OFLAGS={0x6, 0x2, 0x30}, @IFLA_GRE_IKEY={0x8}]}}}]}, 0x44}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x28}, [@ldst={0x6, 0x3, 0x0, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r5 = openat$null(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$IPSET_CMD_RENAME(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x5, 0x6, 0x5, 0x0, 0x0, {0x6, 0x0, 0x9}, [@IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0xc000}, 0xc050)

1.269660472s ago: executing program 0 (id=1036):
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x1a, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
read$FUSE(r0, &(0x7f0000004800)={0x2020}, 0x2020)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r6=>0x0})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r5)
sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x4c, r7, 0x1, 0x70bd2b, 0x25dfdbff, {{}, {@void, @val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x1, 0x5b}}}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'dvmrp0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x62b4e7cbb8b4f193}, 0x8040)

1.260475456s ago: executing program 0 (id=1037):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/notes', 0x800, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
socket$nl_audit(0x10, 0x3, 0x9)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000300)={0x0, r1}, 0x8)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)={0x1})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0xffffffff)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x9, 0x1, 0xff, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0xeda7, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]})
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1)
setsockopt$TIPC_MCAST_BROADCAST(r4, 0x10f, 0x85)
r5 = openat$uhid(0xffffff9c, &(0x7f0000000140), 0x802, 0x0)
write$UHID_INPUT(r5, &(0x7f0000000d00)={0x8, {"7894e6e62ce0f10fcdce74f21ad5b47c923d4dec90cefd599912070f341d59a8802e33af9869738f25b2f72093dd0ffa688e8e417c6e0e09b99649818d7caca39e142ef69d9101397854c3f51bde013686a626b2120c03d98c0ad981069188fbbddb88bf41a6b29ed43d1244e6025e1e4a2f40577619ccee39385bfc86461023a7906e5c07d16415140f4ab26db004362c885ef2c9ee82d3dd7e2ac42ca05d81ccea87dc0ec4a8f222013d6d4d0b0c828f3d2e3151dce87bfb335c1ad67bb3323564022ab23a6ba54ca117ca592c8d4227922347ea6f7c9d3dbdbc8d235f2d03e688d5ca7718d60e911534f964bf20359a0057847e7d7fd2cc463784aab2b06ba95512cfc427da44aa73634b0797b9baab391aa176d259c047ee9d346e63903860ab3c571d064509a715c5c4c6edffce9e1701e8291c2d937e3ff18691fe9a665b1a3b717a40205f8efa239b37e6b33f5c8ac28e616f788d0294c8d39ff4a63aaca7d4c578a935dd84850432201081bc1b00c5797847eaff8cecf8af8a60f075b5ff1c3dc9e62f9a3cfc4333a7501dd8badfdc691a9d35d3fc2c0e8f1b21a2c619201004a0d82bace1738ba9ca93e6fbf8ebaa78b5423efb19d3337ad050a7a1a634737a0169921911b277ab235f8b186efd60c3eff58e974a856ba460c5fbd91c1b5c999a7f6b4474560e0c5698085e1ff96381999bf7338dddab4499c6ae315245ecc98d3ca2ebc11214a4115e9205e7d1705591be4029a5e92ae06c02ba39ac70cf1ba082ccee070bf2feafa55ac6e863adb6f89a7475c2dc073058b0f8a52151d8c3ced025463656942bfd257ace6c54bd57985a44cef1c20777db47d12bd34371ef6f537e455b7787e3a853713877fa9465937602ceef8b9439507ab802ea4eaf5ee2ecd710b1840d8b8c995b5904434198abd8f0e830857ed1af53f3bcede9d57afb1cd7ad27bf222a6d1c58286c40d22211a3b2b7b7bbf5923a528fa4d781aaec1f67e013392b17197d2f6ff2d0e68bea94ce57cc516daffdf2348333a8dc596894540aa2a79437d95465fc27627b0e26871d5248c39e1a3badb319d449a7d67145418e1a35cb4bf950a5483d6e80763ea676b89d1f1e2cea20c590c76ae9fb228ffd638ccabdb3830cf944e1cccfb7ba8b1d1f0aabc498155ddda8404ebe2e25cfcfa9058af7d66bef79e592a579d556404ea3f28d6ddb3fdead9123247e23827f729eee41540d0f0e94027d65eee4e7c1c913c634f9abf546388cd2e4b351b16bd97faae3b54f5b2750495619ec36d97a1080564fa30a9f8a2700b77340b5bbd9cc377ee35420b5b762935047af7837e973a9da42ef93c11f145704d041054bcc4680363cbbee16a2bc0eaaa49cfa23330a666dff32daa17a6ea425f1ed2354d0c36893c895a0564e100d3e1385467405ca2706cfb62453faf72b1648727faeffb3c934bc4e48e4ce93af11bff3208cb3843da7ed68451b4af747ef72e2fb78a73990c95097c9504aacddffc5caadeb171e95ad113561144907d361fd28695239f6619360b9d0eead653cc83ab13fc7c0c60237e3363b6f319daa38d792426393e2396404a112ed9e70b378f494d4b540bf9b44d76b347a12c8cdaeed350a85698eb71bd126f75b9aa0ff7435926a4a4ce04e4187eae5a80b1ff56aa7f1b005a9a057b6ace4cf08c404f66c0b31974d151e9a2840ebcbfbfd898e6694b89fe78a68b90551c9d33c14914dceff64a699c1cf1570c2d1f53e905abef9f954fbdd100b1b18f10dbd673bd6c7a9693286cf2dc0ab9919466750aa42ccfa27e9ff4190dd784ec6f2e19270521f98561a959152b16a80f0b1e183375d3886936ae03ff4949777d10481c24bbae918d5fdcc8f46ff05e2370095bc85cde086dc1e32423f21c13c42490fb679462f35dd0c4ef06f8c3f24327af47ea2c73a856f112385094fe138022e308c157adb19b94ed0e8d94b805883318b33b22f371d62f0b764b2a44b65018bef417357aa997ea4ef95a2899963e06a3c553943e14d3364b73919f5e6d8395d56d522f1b19ae37d48f1534d92e4248824adb555281aea2fb317bfb30cdc7d4efada900006f45578a061b19e2eeefffdbf1974a1633182501611724079f926122c1c8fd9b1d8e6302d76ed90616abcfcac478e3b8d3be91eee5f9c653f8fed3afc1eb33d9314aaa021e8b53ab7ba3e59b301a6c757efd95c6661d7d3e8a73cdec7833f4608dc238d8e144a5b0196a9aea6fb30efdfdb05f9529c52af93cd78d857e3cc920bf30b2292380c662890f3679c09aea55c77a75dbb4da338c0fb737a5fc31252d9fa798f9dd70947f6cfa0474a7a835c694dfbb5c678216915d1f04c81d5df8f2efde80fdbce8248525d9b639f394847b9a8c2e7f7288b031df91db059eabb750c1bfe732b78001c2cca0f74cd8873cc2a892d26e1dbd48db297853775c21d68ce1daebee4f4d65bf8e448b1c80da35eaff3295ffe0aef68baff15f7585aba741699c3ed9a62f2c18200e40cbb383b844459ca9636d61645470d4f8b04704b84a7986d816c037d368d807ab936faa842a427cc4987ab506f3f08841195c893f39656547ff62730ec43aa78311d57defe4002301f6b9e1f6573f3a46715e2d1f899480e8bc97f5dfe48ad14df280126998d32dc0a63231584b5ee82d5f90d5ccd3eb3923cee0dfe0eb9b1ac54fd97214ad86c6459cf916ba0bfc9d4210a95346d753f4bc7440d78274c4cd1850907a2bf150a1c1b511bf0438494a6aa1a197f787c96b410d866b4cb284f74122ffbb2f5fa7c2c22f935c7e1542ff83f01e3024ee6e3d7fd0fba2754e635c8116a27f15586300d6522979822c1f97038f33c644ef82e9818f4a09388cb9a69514c929e9bc149fd7a26b458d89abb5e3ae1de29ed1f28d613878a24a9296c967339b9c6749f92c720982cb78a120bcf7593c6fbae36f9a06caa384a7e5d3f05442b0a69f72518a76a916968aae56abda54dac318fd726335e95592f80d030ef51aea41d5e348267fcea65e49d8e36e711fedb3fb9ad37d3fdf2185dcc3ff44736d6a0d4b4bd1810f89ec6e0e6b6f58f74d73ddd2a27fcfaf36d1aec6c3769787a1d3b8514487a399e6497bd0bf4c4242868d599aeb2202cae535e8118d478fc43b4c8bfdcf024f36f5d7c9f75c69bc9d4d5414e8bef740bcaf9027dbdb0f47643b984406c9ce1999d7631243c26d6824ae74ab71f536e40e934a5dfea7f5c5d10713c831df6ba168f4080a4b082e94bc23c0807aab7c0bc29f327d185a2a9302cc255aa54764c4eb8ef5b17d640afa30b36572294914d51ac146f87af6f5abd97823724aba25f589e769aa1047e72365e9ee67e7f90e80542cc842aebabc97679dd893075e8a1bd6934ac9e768e20bcf4c2fa29c5f7a103d3ff689c721e08ef1d0ca61ee3e07a815aa943879dd5c406dcff6a946b0a12980620cfb224912e27accbb63b1e2d571c65918c806060dcd08d5cef341e5c5705021ec19605b809a44d2a8f6f27e18f2b8fd268e23706564df5501096fd8f8261e27d5c8b582673f0c76bf78b27f754cddb5b64a33c87841681d8eef2b5abe8a8deabee587189f75b8b518909cd2a6f89910425e8647f25077829f1b400b3abcaeff6f54ccc00f6fb7abeeefe0226e4e2b55fba0925b49be8310fc5a490384e4a5e7216b0fd0c09c00e3327ada8c59eb37443ac9148a9df92b0d4e6851cd93b784d3e0a236d9fe7c483f03d813fc98e632cf6255dc4a70a0458570776509ebfb545f35956c7e32493f6ad886ec858bfc29bffb7f2ae7eed7d83e3075554dd81e72c93f4c2e4dcdb0832e76861b983b17c2a6f887a988e4fd47459fd45134560b5b1bec10c50914f2d7f327a4e68a0c453f067035f243ca01aa22969481d5fb48d1da82f35222c4e8d249625c454159f7b00a85d43414eb5e7c8044922b323f2473af648d1dba5ffff34bd5e023a2fe4860d7568fa4d35ad20c461eb38bced561edcef853dbcdd7b69bb40e9cda525a71a286c956a1268cacad0bc0c79ed7632aedbb8dc78ba1a2adea2b650314072d1ebc08f9753d6d38e53a758ea4700160588e819239711a506f004ec57037cd6efcbb9cee3bba556eaaa008bf8e8390085b85653c7aa006dd836c7ad025bed9dec77a4a00b3097768608004dd01dff16aa6bd70a876662093b85ffbb07b2f8b4361f5dc635f940571239a71865e8f1a289f449ae9a74266205c8b1fe8a732db502c9ea5e5c379b704d43ef795b40450aa498535803767d2c2cbd2749474d2997e00f37612fcc0ae7322b8c8e2a90cf66ada69bd05b82d5707562b37e40674f0a3f58d9c776a931b8768d5c23f17c5f9135e7a4ce0c6eb356d9fb4a53d112194c19e6f045d2bd44132a70b9ccd7e65d2787899785f7ee9185589136c847347142440e0a405c18ff3f31acb791a805dd281aaf97aee708dcce2f1aa53161b7716fa0978c0d02871637ad7e1af5a158b727a1dfc2ae1aafbb9c516469ee89fa0f1de23a17115ded5e9c560a468c5192943be74aeaba51083ca0379563f1fa78e29eca1eaf849cd00f419ceb59e640248c332c845e68e9a398281b962ae59aa5b18006b6ea6e0c5f1b30665e1fb975da11ed6a47bd44b4241bbf0443f178e8249805cc3f980a4bb2f46baab0a12e9e9b2aaa7e0ca22b2314a9e5ef6412f4efe31381e3d716244af3112444eabbb0c353acafc0f1179ad4c63b81e5f5bfd771591d24e5254fa72e30aa53717c24b49cee71cdd9368e207af5e992a04f06de912cfcfca38732f5c8393d466d209680ebfa5764897f04531138beff3f65691593e334c2ae2825ffa9353e8aeef37b90691ea5c78d7c86124abf6491a068bf03c3467e5e42ca4b58192d17856722207568777141ccbef3f3891708897af9c196be92056527a8da820d28dccaf4dfed4d38fb8fe826b238d31bad751631a0d8b1eabdfa7bffe65241238ff982d21b2222cdd3a536385d0ab2180ccdf4672d0b21156377fe640ee8c8744b9ba1efce91c295e83a4271a34a1f70adbc2ff0aa6ba9e1965061cadcd3d824636bbc1f977c78dde1859d752c86b099705616edf6e94523f108af79ab5073d26f3788c4d56f1b17b764c1bc387e531dab5dd71198c56b02c68552dc1098beec85dc1bbe2dde316e6093a9a33f578d789da9b2a9209ed6e73a0597bc62467afc42f0348c9b885b92f37569a953f6316d5c8b188539474da3836abeae7ec259cf8fd28f02593597e9206e05e8da4f4346aab36f179deb68a9dab9b550d6fe4f0c88563935328a699b9cbb2015be57c28beaf60be499114f04a96a2f7fb3bf3b5b31e422954c96790aa1e49c5bc1946df0df2b4be63c0aac1ddcf187714f6e67a076a823feaeba5db4a99e5f494ec939d1b0ecd23752c08c3b788704612127e7f080ef581b4990accd6dca7ce52844bc7bbc8c8752497c171d8e628c53609a920fb5a1bc740cb05e2035de72f636ef0498ed2f3cccb64d5740afbc30015442ca0511160787b2c763072c70035f7f3bbbd3966bcc80d021ce1482e27681b963a28189c2ee9d64d0622a94eac689d3fc1a4137c4d62a4c73fab4b0175a8ff8fa256118affd94aaeee33b155043f53d9e3d4eb82173df0938c6c3e51c118c1acf187c84f12090ad1dd663013e433455290f87ca88959f9f481e4dd05e6a483abe00f7c974e5ff602a7a6eaa71f8ac06c50afac0c2858b554f59bf88002766a619ae9b0864926d07b273238e1ebd456543f77ea800231dbf4479f0b90fc607", 0x1000}}, 0x1006)
r6 = syz_open_dev$video4linux(&(0x7f0000000200), 0x308000, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r6, 0xc0945662, &(0x7f0000000500)={0xd, 0x0, '\x00', {0x0, @reserved}})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x20000000, 0x3, 0x3f8, 0x0, 0x0, 0x2004cb, 0x7, 0x0, 0xfffffffffffffff8, 0x0, 0x1, 0x2000000000003ff, 0x2], 0x2000, 0x200206})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
r7 = add_key$fscrypt_provisioning(&(0x7f0000003040), &(0x7f0000003080)={'syz', 0x1}, &(0x7f00000030c0)=ANY=[@ANYBLOB="02"], 0x18, 0xffffffffffffffff)
keyctl$set_timeout(0xf, r7, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r7, &(0x7f00000001c0)='trusted\x00', &(0x7f00000002c0))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

926.47483ms ago: executing program 0 (id=1038):
r0 = socket$inet6(0x10, 0x3, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000c80)={'batadv_slave_1\x00', <r2=>0x0})
sigaltstack(&(0x7f00000000c0)={&(0x7f0000000080)=""/27, 0x80000000, 0x1b}, 0x0) (async)
sendmsg$nl_route(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000014000905bdbd7000fddbdf25021f00cb", @ANYRES32=r2, @ANYBLOB="08000400e0000002080008000103000008000200e000000208000900060000000800090003000000080009"], 0x48}, 0x1, 0x0, 0x0, 0x4040014}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="180000"], 0x18}}, 0x0)
sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

814.832721ms ago: executing program 0 (id=1039):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000280), &(0x7f0000000180)=0x80)
r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x1, 0x0)
fchdir(r2)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x94, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)
r4 = inotify_init()
inotify_add_watch(r4, &(0x7f00000000c0)='./file0\x00', 0x46000005)
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
fchdir(r6)
connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00 \x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xf, &(0x7f0000000a00)=ANY=[@ANYBLOB="18080004ddf7ffff0000006458db5c68ca7b0e000000000000004000bba045450f0443f82f4b06607a75f1377820f5a10ea4bbccf5a56efb6264779f5161608cd776075b7e028bc4c369e6be49cecab07dff884d9c2ffa0251eed05b9523d072d67fc666c06474c021cc97db45253a7d355ffd7b0daa7602b3bf2c9d063d2fc86dd530357e109a3965ee55864100ac9a20344e609aef1418bc4c2eb7953fa9cb00dfa6ad23745e66c682c74917918c5e0912f1f8eb2552744c03cfedfc7e7333d412e809e265022b1c23ec49000000003de1630af65d0f795a331da19cb5d7e9f4a315926d107969a46ec77753d0eee6a63eec7d7b759e5cf7531734741b764f19bc221aa59501b802621ed3bbf490c417f857d8dd40e84c2fbec7cb09d3de3e15dc1e85af46f14e69f75a33651dc567b4ff5ec54db63bd0fb9d954007543e00a480c649a93078952838b001b7a30e4fa364e5140fb56e3f03b915b65efd04599193626bc36aae1899dbf4c100"/378, @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca90000003f000035090100000000009500000000000000bf9800000000000056080000010000008500000007000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, @fallback=0xeb0b9a0f2504bdf1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x94)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(0xffffffffffffffff, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, 0x0, 0x0, 0xf1, 0x8000000})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r8)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB='\x00', @ANYRES16=r9, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r10, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
r11 = syz_open_dev$dri(0x0, 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r11, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000000)=[<r12=>0x0], 0x0, 0x0, 0xfffffd9a, 0x1})
openat$mixer(0xffffff9c, &(0x7f0000000140), 0x400, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR(r11, 0xc01c64a3, &(0x7f0000001880)={0x1, r12, 0x8fff, 0x2, 0x4, 0x944})
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)

695.409067ms ago: executing program 0 (id=1040):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d2)
mkdir(&(0x7f00000001c0)='./file1\x00', 0xb)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x84088, &(0x7f0000000400)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}]})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000002000000000000000100000400000000000000000300000000000000000000010000000200000000000000000000001002000000fdff"], 0x0, 0x4a}, 0x20)
chdir(&(0x7f00000003c0)='./bus\x00')
symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000080))
sendmsg$nl_xfrm(r0, 0x0, 0xe61c1323c3c20c32)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x48)
ioctl$SOUND_MIXER_READ_STEREODEVS(0xffffffffffffffff, 0x80044dfb, &(0x7f0000000100))
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000005c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="6000000009060300f100100000000000050000400900020073797a3100000000050001000700000038000780060004404e21000005000700ff0000000c0001c008000140e00040000c00028008000140e00000020c00148008000140ffffffff"], 0x60}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff8000}]})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock(&(0x7f0000b1d000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
close_range(r3, 0xffffffffffffffff, 0x0)

694.904062ms ago: executing program 3 (id=1041):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
r2 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000b40)={0x114, 0x10, 0x509, 0x0, 0x0, "", [@nested={0x101, 0x31, 0x0, 0x1, [@generic="e7fd1cc987412abd12a61250be1a1ad1f9a11f196ac7446aa3a450935abca7f7f7200509e180ddc434b3a717de9332954acf415edd6e5cc1b36848dfc020a0d3196b64af1050252d4c77e46e53c0b45278490ca70e88acb72aa0fd88699e6d071b8c6cd70173cb8500279d021f54695a25f3d06d936e7b7577", @typed={0x8, 0xb3, 0x0, 0x0, @pid=0xffffffffffffffff}, @typed={0x8, 0x8e, 0x0, 0x0, @u32=0xd1}, @nested={0x74, 0x7e, 0x0, 0x1, [@nested={0x70, 0x5e, 0x0, 0x1, [@typed={0x59, 0x93, 0x0, 0x0, @binary="ea423366c0f43f13e7cd3199f6900d0d8d42d45cb86a90453c268ab4974703b8b010e74a0a1e65739f0fbb49f3425cc76eeb0b44731b62148e7624508396077fcdd87bc2c98e500b74bb786441a50bc90c3e6e59ae"}, @typed={0x8, 0xe6, 0x0, 0x0, @ipv4=@local}, @nested={0x8, 0x100, 0x0, 0x1, [@nested={0x4, 0x8c}]}]}]}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x40004}, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x6d}, 0x2c)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x60}}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0xc)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

618.542373ms ago: executing program 3 (id=1042):
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000980)={0x8, {"b92775609d12e5f18231d9bafd887278ada38ccf7c38cbca42ee1bfde44b073f2cb38bf09bfb262c9065b78177ee5ea40500a468320b7ff205f6e9af3835c61441afce08720c0159abb21ef6ec96a6fedf7c96328604a895b81d805e5954f33c11d0d1fcd653fb281c4a66326bd5eb203f59110a7a7e3eefeed36731f15207558cbae08d38a84dfd00cd3fa55c2403498a998fc96d98e5fcc7c13e0eeb212ea93f22e66a81d45a0104565ec4bf9aafcec7dd234567698bde2fac1374290c50229f168bef14f2182f7703aff64b64e9548ee57846a65a95e2434096d519bafd8fadac161c5a79b8d626c8ccc875f0b72ef92639ddf07d83428be9898f5d01ff2ad8fb84e835bc5e421706e17845a257992dd1ff580b077ee425fb6a33ea2dbec0892898949fe156534de50e1875f70ffc6d58d62c86f6dab43effda9e9db7c6368318040177afd53480536b612bcbfb8964e9e5592709cd236f8d90e68efbd40b94e3dfb3a52d949560bf82efcc1a08bca0eb5bccf5d914fe28dfe3bbd72f838ac9f78ce3383f6b008ff2c539a3405523796cc328dc9cb0dc173b7998663c129f3bf80f80ab6a58e0d6ae3bcf55a094c3d42dc0b26305eca2c5742fef8c058beaf63bb0ffc2edd7a70971f90645d5ece1f072642a94cc8f2b4665696b4fad2b8e1f583993ec105805f5662f310eec9fe96c43941f66327b7fb780185d806a478114c66223f0db749a9cade99d8418f096562e5d93d7fd40fda72956ec2904aecda0a2a35a2a92efc0c454079ae5018d7ef62f2015bc8420ac10f3f75264401c090da0172c894a1045fe7719c7dc68ae00001aff00cf5579fe0d609fa9f5a823b5b1d94a836b0cfb505449478d6e007381af21b25ceb70f8d7847cbc673bd359356f2bdcf6c71b06a464df615aaa36d3888b6e5fbeefb83171f679a1fd6f695497d348753535def65c8f3532652e0d3af11bd22b968553ff11fe560d942348dda693a52997055f2e08ed2ca69bc47825ca4407452b7e00ddc67a70a3ea584c2b799cd0ff9cd3e1ca90f9860bc69053f7b527af22a62bd20c20c633741a533c96df0c53ae15f4c03380d61545d8f830390e5f370bc98d7cbaa347b02112aad43b8fade11d7285ef2cb7005720a15112593db318e84ab4c07433005b292055e3913b2b0c4b7b8f745b4674ddbc6d421b6e1630467e08aa0c8d9b2e880676c8db6a7770fb0334bc2d979004eed9e54b4c425087b031558be9f0204bbe7c32ba2dc1fdaa47b5523d42c445bd9394325f4bd0c78d455863eda2d044a43f7dfe12706c56a08f6fd76dc4edb2c462dacdc96af3b881b9a19c3f020165ea1f1cc0610218ced5fb85d1c41ae960d08146d9ae2c057e91ee711f71195d56e8d0e77eca4803efc1d0eb7e6ae9016cb840aa472bae70a4e65ff9dc3883bde1cb721e7102a3f332ae3730cd1084b2e3ce0103cabbe7006a0ccd05111be062f9f40604d2dd831a30490f37ceb76423c31540b666e897b62b01110cb23f151b731c6ac3704f7ca07995ecabd55a0dc56999308d370cf4ccfd7ebf2bb2ad0af412c78d3a3cd8899d82dc926a6ee41ea62a4818258b8fb872c0a5cd8eda32fc2b3fba5bdb02e9fa1ae2f22a0a5ce77aaab5755259623348acb72cca5d71d65deed539b4e5f8727c54dd67a572e1adfde7cebcbd065a3db0e4e3719f8f3f2ce6c3fa12640bd075ed20a492cb3c0ca93a5255ae32ac8bc0d584c7ef88587141bcf16edc8ce982ad086174aa6ee5393a77bec2364a2b91b49ed08e5d218fda379c5bf7e55a3d19b07f4543ec5c952eba2fe04c16fdd84d7f3d950f04d9cdb6211095b13adb962713998d930f36640a7149e94f259aa1c94a024e5f388f3bb5ce942b9e34b92b0eb3131052fc01addf9309a614fa273154c34632c829b793d7a7672d8c9d0e4be074a3d4d9502cd52072e08bcb280c65336c1298fcb9e85cf7ea9ec2eeda6a2bcf5fca481fa2c33f14c95eb42b97dafd2c154337cdfbdb74bf1c5cadab109e72ae45c583d7c37845ede632a463b3f5222714e0928524e5ad1dee3a991656c334cf35a82854df74d44c6dc476c8e8ec49571cb73da755c320c7f6995b9d142b6567b882d22e0fa5da95b30602af0170bf48cd7ed0eeba02d1d2db0abc6202b3483d0221f5711ecdf8fc9f244e1f5ac0270784a338c6fc8ef8d431bc94ca6c33be394f970b6b0a89ab91d00a70653280b5455318171f828055d523cf9fd2200d186c124df20f30230ea69fd001e4dede0056bd23b8f7b2f6dee66351ea7187189933f8b678e0ff5985a35b5a4afc8da0d807c8740de0a6553ef101d5d97fd12dde43b68742e10cf1b6145c0d62d82e90d0136716f64a31af757f2ae4d1d0965b4a4ca8b6bccdbaa6b0cfcce1c547db9ed67fa312c20297ef2af2f7db456bf1ed32fab1b1636f188e54913b9564e22e7c4ec388a868cd226e4e064998043023c4ee3352379a30d15f1f0842a04fd0f06d8e99af6539fff86c17b1f3a2dc3b64e66931c5215b37932de47ed0c2d9781f080e86ede6046711ad0d25e3631f618465909df4a448ca91399aa10f831243fd18be7e0ed35efbf362fbec4dc1794cf21b02634eb48dc18e68b9904de291d51c4b9ecd0ae2dc4f31bffe4542fac8e73e1bf7b0d60267a55347249916439e016f5f6518718dc57dbacd0fa6b4f10b84d824c8eca056081d160b60af3aea24ff1972f7284504e77a7147a685a988ac96915a9f84277869f24bdf8e0988d0f9cbf8c7b00e92db7fe5854d7e5836f96d6355267e4b2277eb132f6d0f9dd383a66d7756219f0c49ae1c5875863f30fe833e4c0a2be38cd0c70b9062821865fdc49c0b21f004768a04950c461e3c64f04b5f6f631cd45e333cfd783d59fee397058f30860e7e1257a77f1d404ad3b969d9303c54d8432e163be4dbe5f97aea5a2b074dcebdad55324b9d8eb201903b6a21266e627f7700e1026da1cdf8aef350717bbdb264cfe21ea347c45f3b959b094493896588a1ee0054fa1d2abb9e6a911a22a766227b540fc964334c1c5655ab0e0a352d99b5b07cf8d007655edfb124573d058d691b04b8758b9d6ce0837edabd450c32de09763814179e7fee4556aa6c8a7491b15ca8df6f1be82ac5f25b734280e492fba8c40bbb7e3f0af1dab281f6fb042e2d46c0305892686e5e1172ad02789a559ad7274e2bba0e0e89e24d93d6b2cf1d6db3c4841af9ba06e1adfd36cd5af8556d99ba3357bf3cbc16eb1d2a3727fe45e2bfe62036d3eda33051d92803f67d6380c02f75c7bf0e72d28668ef8b4fcc3c010fe4ef621dfdaeba44318a3b1294fdfb2fdc3ae0fadab87eec50cf8bd56127e429f13d563674a9de0b587482649c97eb7687f36765a82a4f9f0189f29e883803171f9dd95b9eceee2cda67ee0c23f3aca8890f78ec330252aca12a714a5908f1b7d0917a04f357fc2e6610b0d990abffe9eb528746d69cc430401e91aba56c42885f0f85c3630dc3db36f975b2e04aab6c368988764b4fb0a5cbbe06ce20cc1ace9cc94d6f9dc81e99fb97ac1beb917ee0dc0ec99c02b494326bf929680c6fa1942b2e7666d849106a7df602c622a86400743a18dc0dba154de58b8e8d4e7c910537d2336541fc4004d480957a4d9e028c09de921f3494b10285eb5c9861f838a531b3a374c0d5435140d78b9670bc407899e9846f631cea1f357deaaa75b1d15a621937583834b76284565ebc5b70a5f68199bd7377bf7c977531a4beb874db1a8cc3d7434ba2a53af92d90406c46e558496a3a680d9f5f2996fb8e5d6ea36bad8a8b7d19b92cb046fc12a52ffcbdd8d3d574d93f632fec9737aaa4393e194cedea3f4da570923b2ec25a403911c8e797972874b80f806318874504aae07a005ce92f5a8fdcaa2f62ca22fb0b5b89e81f861254ebdb7e4c9d73b8dcb84eca9bf418f125671cf0faeaddd7839ef9becb4a749b495f909d3b6bddc077e7591e50280b30b858e7ff95c7cedb8792bc7bc351368f649cd49f0db3b1d6f930d0e77529db3598a02ebe77fe955c9d2cb5cfacfd294bac5d7ba28240880e3183ecde55fbabf1a8c12b7907084a6da4e8f05871b87a98ed24fb6985908a874cdb1fdc30d56c4858cbe64946e4b5c1395148d0d5c7b270212a6e37e5b829847c5c7c6e55c948ac873816c8e490b4d20e225a6ad248e86a8557d23818011587e80756e0e6ca112baa4ee8423b450cba0f41d12a90d4e052a5f5d0c0313cb7b5f9c97115df073470831286feac3d807551279e8d23896b611b8d922f56d18c3b6c55134d40b8b101164843d7acb2ad23926d634db487479f37fc04e1213b096f83290b3c462b59f95ead6d5379726453725731058a86b294a704a797a46085d4a9a75fd74a601a84fe0165f238094b5df2e4c24fc85237a4d29a55c2f0e2f7bfc4aa9b5763d72ba0b285a78b0c00378bd4542b50deca35c4cdb57c41c6ec94d8faf265815ea88aaefe2e213c6d5a1120029a7922683ab3fe678d60974ccbd012599a498175067b55e4e2ffb188258fb51bed19bde6efb2cc1beb5401e8190d9e7c83d42cc4356120c3be8b899a9d5773444377fcd66763ce9f220d65d9b176b078c7b5ad451c97b895f09875fa2b6948f5660f566e29726fd991b2e52743390ed3bfca093bad14e87bd4b9427553e4326b6912eb20162c8a407a77306fe45d525dd187af3a9ec69545a88f3f0fe3954aa894f1f2d3de53ceb16e2dd16b01b768fd53d2316174b50c2483afd7f96f8381e0043147f7d1726e6fd97fb28facc2281540ae5d43e0445d0cee8b4fadcdb97a5ebe6867a1d87275004223e3f6eac1ae722e727c78eafbee1cb4b4110995c71b6ab76e28d29438ef4bd2cd2ff01e310a50d382ef4b44704c9e954bd796e1276d3e0f6af67e9f5228b3608482f11133c13907cb6fb892e05a8e47655b093286b2876ddb45e43fce4e44bf27111a2424a44f6420a8d142b0bc9a856c544a8f72af02c1978a74f78db9e204277d2e24b0e6a571d46520b6d5faa7ef599676dc1547312e2a9c5123179a404d0cd2438adbcc3ac149f9b63242d7d928bcb2757b9e6c932ffb17831bf06c8b1568c07cc7998f131aaad1f9084ed7e0386cd90eeb7608909ce0f5bbccd5d09ab6b205a886aaf0d7f4527100a8d289b6b3b12c653dcf5595798e62e48b807b5911cfac8ab63d3ca469faaf92fbd1d1226d959d555a3e3406a433fd032b7ea2f3c44c59718e6a70c3ca8fb888ed1836f1b1c406393b7b23ee13224a4183e942e7f4583cb98da1eb17da66cdcda94004ad5aeb9183289c08156557a93aee57ae100a882b489d0a81a4ecee39ed6feecc7c66fc946c2b45273ec98689e28541174afa1db81f1aa1cc4a4c420d91f04d729be2b5b0a2bddacbd3bf2fbb54d283f0e5fcf041b0847a92cb055aefd2b343db59ccd6a66f9afe1f10b1bd20611900e1fae78e9663ec2c163449dc40341bd4865c238b63ece6108ef5237118fa6c772868921e941c48fa49c85aa61ba2d0b551a554f928598cb91659e9e072882d3312042ee32010c38f2d261c29c900ab21c523e851df902000e5d1955ccd8de6c9823f4f3e019e0cc33b87d8d69471b837a326a29c46c8f5104a75f411868afb5c8810706454b2fc6391649d70652a86e0f5307244060a7308ffa97f4207a5401e4146d03ee17b44d70f3688e1d09335dd7463c51b91c110b975381215c1ce255e3a9f4a96ecb29d3696fac1b8d1cd52d1e0ac9500", 0x1000}}, 0x1006)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3000000035000701feffffff00000000017c00000c00018008000600", @ANYRES32=0x0, @ANYBLOB="100002800a005a00626f6e8e"], 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0x20008000)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write$bt_hci(r1, &(0x7f0000000440)=ANY=[], 0xa)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[], 0xffffffffffffff9a)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x1e, &(0x7f00000004c0)=0x1, 0x4)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r2, 0x4014f50b, &(0x7f00000000c0)={0x0, 0x3, 0x9})
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r6, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17)

348.963567ms ago: executing program 1 (id=1043):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x400, 0x0)
r0 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x7, 0x4, 0x100, 0x10004, 0x2c}, 0x50)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)}, &(0x7f0000000440)=0xc)

0s ago: executing program 2 (id=1044):
syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2acb41)
r0 = openat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
setpriority(0x2, 0xffffffffffffffff, 0x0)
r1 = syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0xf20f, 0x40, 0x2, 0x1b}, &(0x7f0000000100), &(0x7f00000000c0), &(0x7f0000000000))
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}, {0x0}], 0x20000000000000ee)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r0, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r4 = socket$kcm(0xa, 0xf, 0x106)
sendmsg$kcm(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
sendmsg$kcm(r4, &(0x7f0000000480)={&(0x7f0000000500)=@xdp={0x2c, 0x7, r3, 0x7}, 0x80, 0x0}, 0x4000011)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc01100, 0x0, 0x0, 0x0, 0x2)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r7, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x17b, 0x0, 0x4}]})
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x8040044}, 0x810)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000015c0)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08786eb807e0000000000000000000009fe70ba83a7a66e67a0bae5cfaccbbb81e28d7b568", @ANYRESHEX, @ANYRESOCT], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
io_uring_register$IORING_REGISTER_RING_FDS(r1, 0x14, &(0x7f0000008580)=[{0x3, 0x0, 0x0, &(0x7f0000002c00)=[{&(0x7f0000002a00)=""/146, 0x92}, {&(0x7f0000002ac0)=""/35, 0x23}, {&(0x7f0000002b00)=""/199, 0xc7}], &(0x7f0000002c40)=[0x8, 0x9, 0x8000000000000001, 0x5, 0x8]}, {0x0, 0x0, 0x0, &(0x7f0000003fc0), &(0x7f0000004000)=[0x80000004, 0x3baf, 0x1, 0x3]}, {0x4, 0x1, 0x0, &(0x7f0000005300)=[{0x0}, {0x0}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000004300)=""/4096, 0x1000}], &(0x7f0000005380)=[0x1ff, 0x6, 0x2, 0x400, 0x6]}, {0x2, 0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f00000063c0)=""/246, 0xf6}], &(0x7f0000006500)=[0x1, 0x8000]}, {0x4, 0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000006540)=""/23, 0x17}, {&(0x7f0000006580)=""/13, 0xd}, {&(0x7f00000065c0)=""/80, 0x50}, {0x0}], &(0x7f0000006780)=[0x3, 0x200007ff]}, {0x7, 0x0, 0x0, &(0x7f0000006e40)=[{&(0x7f00000068c0)=""/197, 0xc5}, {&(0x7f0000006a00)=""/251, 0xfb}, {&(0x7f0000006b00)=""/174, 0xae}, {&(0x7f0000006bc0)=""/173, 0xad}, {&(0x7f0000006c80)=""/47, 0x2f}, {&(0x7f0000006cc0)=""/241, 0xf1}, {&(0x7f0000006dc0)=""/93, 0x5d}], &(0x7f0000006f00)=[0x0, 0x3, 0x5, 0xbbdc, 0x7]}, {0x9, 0x1, 0x0, &(0x7f0000008480)=[{&(0x7f0000000580)=""/263, 0x107}, {&(0x7f0000007040)=""/195, 0xc3}, {&(0x7f0000007140)=""/169, 0xa9}, {&(0x7f0000007200)=""/4096, 0x1000}, {&(0x7f0000008200)=""/237, 0xed}, {&(0x7f0000000180)=""/21, 0x15}, {&(0x7f0000008380)=""/92, 0x5c}, {&(0x7f0000008400)=""/54, 0x36}, {&(0x7f0000008440)=""/47, 0x2f}], &(0x7f0000008540)=[0x2193, 0x401, 0x80000041f9]}], 0x7)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
r9 = syz_io_uring_setup(0xf00, &(0x7f0000000400)={0x0, 0x5961, 0x10000, 0x0, 0x4e}, &(0x7f0000000100)=<r10=>0x0, &(0x7f0000000000)=<r11=>0x0, &(0x7f0000000080)=<r12=>0x0)
syz_io_uring_submit(r10, r11, r12, &(0x7f0000000280)=@IORING_OP_READV=@use_registered_buffer={0x1, 0xc, 0x4004, @fd_index=0x3, 0x5, 0x0, 0x0, 0x10})
io_uring_enter(r9, 0x223, 0xfffffffd, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

n+0x78/0x100
[  174.006839][ T7947]  do_fast_syscall_32+0x32/0x70
[  174.006855][ T7947]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  174.006868][ T7947] RIP: 0023:0xf7f14f7c
[  174.006877][ T7947] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  174.006887][ T7947] RSP: 002b:00000000f53d650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  174.006898][ T7947] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  174.006905][ T7947] RDX: 0000000004000084 RSI: 0000000000000000 RDI: 0000000000000000
[  174.006910][ T7947] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  174.006916][ T7947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  174.006922][ T7947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  174.006935][ T7947]  </TASK>
[  175.589932][ T7981] comedi comedi3: pcl711: I/O base address not correctly aligned
[  175.825604][   T40] audit: type=1326 audit(1781331765.674:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7991 comm="syz.1.559" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f25f7c code=0x0
[  175.837395][ T7995] netlink: 12 bytes leftover after parsing attributes in process `syz.0.558'.
[  176.027007][ T5750] Bluetooth: hci2: Malformed LE Event: 0x02
[  176.510606][ T8010] syz_tun: entered allmulticast mode
[  176.649813][ T8007] syz_tun: left allmulticast mode
[  176.704193][ T8012] netlink: 4 bytes leftover after parsing attributes in process `syz.2.565'.
[  176.892142][ T8016] netlink: 36 bytes leftover after parsing attributes in process `syz.2.567'.
[  176.932358][ T8018] virtio-fs: tag </dev/md0> not found
[  177.465210][ T6013] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  177.649508][ T6013] usb 7-1: Using ep0 maxpacket: 8
[  177.656055][ T6013] usb 7-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  177.661036][ T6013] usb 7-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  177.665060][ T6013] usb 7-1: config 0 interface 0 has no altsetting 0
[  177.667917][ T6013] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  177.671955][ T6013] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.676184][ T6013] usb 7-1: config 0 descriptor??
[  178.117113][ T6013] hid_parser_main: 96 callbacks suppressed
[  178.117127][ T6013] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  178.122897][ T6013] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  178.125173][ T6013] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  178.128094][ T6013] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  178.130325][ T6013] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  178.134901][ T6013] mcp2221 0003:04D8:00DD.0004: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[  178.334850][ T8029] tmpfs: Bad value for 'mpol'
[  178.502789][ T8043] comedi comedi0: Minor 9 could not be opened
[  178.876295][ T5101] Bluetooth: hci1: command 0x0406 tx timeout
[  178.885042][ T5101] Bluetooth: hci2: command 0x0406 tx timeout
[  178.887496][ T5747] Bluetooth: hci0: command 0x0406 tx timeout
[  179.778807][ T6013] usb 7-1: reset high-speed USB device number 7 using dummy_hcd
[  179.950980][ T8058] fuse: Unknown parameter 'gZ_id'
[  180.130446][ T8067] netlink: 20 bytes leftover after parsing attributes in process `syz.0.581'.
[  180.423539][ T8071] virtio-fs: tag </dev/md0> not found
[  180.549242][ T8073] netlink: 28 bytes leftover after parsing attributes in process `syz.2.583'.
[  180.958755][ T8086] program syz.1.586 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  180.969097][ T8086] netlink: 4 bytes leftover after parsing attributes in process `syz.1.586'.
[  180.972789][ T8086] openvswitch: netlink: Flow actions attr not present in new flow.
[  181.749081][ T8104] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.870140][ T8104] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.927361][ T1042] usb 7-1: USB disconnect, device number 7
[  181.975578][ T8104] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.048058][   T40] audit: type=1326 audit(1781331771.413:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.0.591" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  182.058326][   T40] audit: type=1326 audit(1781331771.422:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.0.591" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  182.072873][   T40] audit: type=1326 audit(1781331771.422:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.0.591" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  182.080131][   T40] audit: type=1326 audit(1781331771.422:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.0.591" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  182.089830][ T8104] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.099584][ T8108] syz.0.591 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  182.100593][   T40] audit: type=1326 audit(1781331771.459:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.0.591" exe="/syz-executor" sig=0 arch=40000003 syscall=104 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  182.116745][   T40] audit: type=1326 audit(1781331771.469:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.0.591" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  182.126666][   T40] audit: type=1326 audit(1781331771.469:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.0.591" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  182.134502][   T40] audit: type=1326 audit(1781331771.469:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.0.591" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  182.143014][   T40] audit: type=1326 audit(1781331771.469:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.0.591" exe="/syz-executor" sig=0 arch=40000003 syscall=125 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  182.155818][   T40] audit: type=1326 audit(1781331771.469:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.0.591" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  182.259736][  T343] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  182.267818][ T8108] overlayfs: workdir and upperdir must be separate subtrees
[  182.290707][  T343] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  182.309878][  T343] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  182.333576][  T343] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  182.963173][ T8122] netlink: 12 bytes leftover after parsing attributes in process `syz.0.594'.
[  183.268491][ T8132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.598'.
[  183.366681][ T8133] virtio-fs: tag </dev/md0> not found
[  183.369952][ T8128] program syz.0.596 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  183.370747][ T8128] netlink: 4 bytes leftover after parsing attributes in process `syz.0.596'.
[  183.370764][ T8128] openvswitch: netlink: Flow actions attr not present in new flow.
[  183.907673][ T8163] netlink: 4 bytes leftover after parsing attributes in process `syz.0.608'.
[  184.262236][ T8174] program syz.2.611 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  184.266436][ T8174] netlink: 4 bytes leftover after parsing attributes in process `syz.2.611'.
[  184.269988][ T8174] openvswitch: netlink: Flow actions attr not present in new flow.
[  184.423028][   T24] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  184.470001][ T8176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.613'.
[  184.600670][   T24] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  184.604492][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.607685][   T24] usb 5-1: Product: syz
[  184.609342][   T24] usb 5-1: Manufacturer: syz
[  184.611156][   T24] usb 5-1: SerialNumber: syz
[  184.802771][    T9] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  184.883288][ T8193] virtio-fs: tag </dev/md0> not found
[  184.964882][    T9] usb 6-1: Using ep0 maxpacket: 8
[  184.968787][    T9] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  184.972160][    T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  184.977098][    T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  184.981654][    T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  184.985554][    T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  184.990659][    T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  184.994012][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.220701][    T9] usb 6-1: usb_control_msg returned -32
[  185.222508][    T9] usbtmc 6-1:16.0: can't read capabilities
[  185.225429][ T8183] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  185.233674][ T8183] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  185.792993][   T24] rtl8150 5-1:1.0: couldn't reset the device
[  185.795193][   T24] rtl8150 5-1:1.0: probe with driver rtl8150 failed with error -5
[  185.885953][ T8207] smbdirect: ib_dev[syz0]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[  185.892015][ T8207] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[  185.899227][ T8207] smbdirect: ib_dev[syz0]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[  185.910116][ T8207] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  185.932089][ T8207] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  186.003554][ T8208] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  186.009166][ T8208] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  186.173063][ T8215] FAULT_INJECTION: forcing a failure.
[  186.173063][ T8215] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  186.179881][ T8215] CPU: 0 UID: 0 PID: 8215 Comm: syz.3.625 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  186.179910][ T8215] Tainted: [L]=SOFTLOCKUP
[  186.179916][ T8215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  186.179927][ T8215] Call Trace:
[  186.179934][ T8215]  <TASK>
[  186.179941][ T8215]  dump_stack_lvl+0x100/0x190
[  186.179977][ T8215]  should_fail_ex.cold+0x5/0xa
[  186.179996][ T8215]  ? prepare_alloc_pages+0x16d/0x5f0
[  186.180019][ T8215]  should_fail_alloc_page+0xeb/0x140
[  186.180042][ T8215]  prepare_alloc_pages+0x1f0/0x5f0
[  186.180068][ T8215]  __alloc_frozen_pages_noprof+0x19a/0x2bc0
[  186.180108][ T8215]  ? __lock_acquire+0x4a5/0x2630
[  186.180135][ T8215]  ? __css_rstat_updated+0x1ce/0x5a0
[  186.180162][ T8215]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  186.180189][ T8215]  ? __pfx___css_rstat_updated+0x10/0x10
[  186.180220][ T8215]  ? lock_acquire+0x1b1/0x370
[  186.180246][ T8215]  ? page_table_check_set+0x477/0x920
[  186.180263][ T8215]  ? page_table_check_set+0x477/0x920
[  186.180285][ T8215]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  186.180312][ T8215]  ? policy_nodemask+0xed/0x4f0
[  186.180333][ T8215]  alloc_pages_mpol+0x1fb/0x540
[  186.180354][ T8215]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  186.180373][ T8215]  ? swap_put_entries_cluster+0x480/0x5b0
[  186.180401][ T8215]  folio_alloc_mpol_noprof+0x36/0x260
[  186.180426][ T8215]  vma_alloc_folio_noprof+0xed/0x1d0
[  186.180449][ T8215]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  186.180471][ T8215]  ? rcu_read_unlock+0x2d/0xb0
[  186.180497][ T8215]  ? rcu_read_unlock+0x2d/0xb0
[  186.180533][ T8215]  do_wp_page+0x1ee1/0x4350
[  186.180563][ T8215]  ? __pfx_do_wp_page+0x10/0x10
[  186.180587][ T8215]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  186.180613][ T8215]  __handle_mm_fault+0x1ab6/0x2a00
[  186.180645][ T8215]  ? reacquire_held_locks+0xce/0x1e0
[  186.180672][ T8215]  ? __pfx___handle_mm_fault+0x10/0x10
[  186.180702][ T8215]  ? lock_vma_under_rcu+0x17c/0x590
[  186.180740][ T8215]  handle_mm_fault+0x37b/0xa30
[  186.180771][ T8215]  do_user_addr_fault+0x5a3/0x12f0
[  186.180800][ T8215]  exc_page_fault+0x6f/0xd0
[  186.180827][ T8215]  asm_exc_page_fault+0x26/0x30
[  186.180845][ T8215] RIP: 0023:0xf7145752
[  186.180860][ T8215] Code: c7 cd f8 28 00 56 53 83 ec 1c 8b 6c 24 30 8b 55 1c 65 a1 68 00 00 00 39 c2 0f 84 11 01 00 00 80 7d 18 02 74 2b b8 08 00 00 00 <f0> 0f c1 45 00 83 c0 08 85 c0 0f 88 0e 01 00 00 a8 01 75 7a 31 d2
[  186.180877][ T8215] RSP: 002b:00000000f5405310 EFLAGS: 00010293
[  186.180892][ T8215] RAX: 0000000000000008 RBX: 00000000f73d4ff4 RCX: 00000000f722e3a7
[  186.180903][ T8215] RDX: 0000000000000000 RSI: 00000000fffffff0 RDI: 00000000f73d4ff4
[  186.180913][ T8215] RBP: 00000000f7f36ec0 R08: 0000000000000000 R09: 0000000000000000
[  186.180923][ T8215] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  186.180933][ T8215] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  186.180956][ T8215]  </TASK>
[  186.181183][ T8215] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  186.400340][ T8218] netlink: 12 bytes leftover after parsing attributes in process `syz.3.626'.
[  187.138844][    T9] usb 5-1: USB disconnect, device number 9
[  187.242921][ T8231] loop9: detected capacity change from 0 to 7
[  187.356132][ T8238] FAULT_INJECTION: forcing a failure.
[  187.356132][ T8238] name failslab, interval 1, probability 0, space 0, times 0
[  187.360796][ T8238] CPU: 3 UID: 0 PID: 8238 Comm: syz.0.633 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  187.360813][ T8238] Tainted: [L]=SOFTLOCKUP
[  187.360817][ T8238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  187.360823][ T8238] Call Trace:
[  187.360827][ T8238]  <TASK>
[  187.360832][ T8238]  dump_stack_lvl+0x100/0x190
[  187.360854][ T8238]  should_fail_ex.cold+0x5/0xa
[  187.360874][ T8238]  ? ovl_lookup_layers+0x13ff/0x2ac0
[  187.360886][ T8238]  should_failslab+0xc2/0x120
[  187.360899][ T8238]  __kmalloc_noprof+0xe0/0x850
[  187.360919][ T8238]  ovl_lookup_layers+0x13ff/0x2ac0
[  187.360933][ T8238]  ? __lock_acquire+0x4a5/0x2630
[  187.360951][ T8238]  ? __mod_memcg_lruvec_state+0x18c/0x5b0
[  187.360970][ T8238]  ? __pfx_ovl_lookup_layers+0x10/0x10
[  187.360985][ T8238]  ? find_held_lock+0x2b/0x80
[  187.360998][ T8238]  ? rcu_read_unlock+0x17/0x60
[  187.361010][ T8238]  ? rcu_read_unlock+0x17/0x60
[  187.361027][ T8238]  ovl_lookup+0x4a8/0x6b0
[  187.361040][ T8238]  ? __pfx_ovl_lookup+0x10/0x10
[  187.361051][ T8238]  ? rcu_is_watching+0x12/0xc0
[  187.361069][ T8238]  ? do_raw_spin_lock+0x128/0x260
[  187.361083][ T8238]  ? do_raw_spin_unlock+0x145/0x1e0
[  187.361095][ T8238]  ? _raw_spin_unlock+0x28/0x50
[  187.361110][ T8238]  lookup_one_qstr_excl+0x1cd/0x250
[  187.361125][ T8238]  ? mnt_want_write+0x161/0x450
[  187.361137][ T8238]  filename_rmdir+0x26b/0x5c0
[  187.361152][ T8238]  ? __pfx_filename_rmdir+0x10/0x10
[  187.361171][ T8238]  ? do_getname+0x191/0x390
[  187.361187][ T8238]  __ia32_sys_rmdir+0x45/0x60
[  187.361201][ T8238]  __do_fast_syscall_32+0xe7/0x970
[  187.361217][ T8238]  ? lockdep_hardirqs_on+0x78/0x100
[  187.361233][ T8238]  do_fast_syscall_32+0x32/0x70
[  187.361248][ T8238]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  187.361262][ T8238] RIP: 0023:0xf7fc3f7c
[  187.361271][ T8238] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  187.361281][ T8238] RSP: 002b:00000000f548650c EFLAGS: 00000292 ORIG_RAX: 0000000000000028
[  187.361291][ T8238] RAX: ffffffffffffffda RBX: 0000000080000200 RCX: 0000000000000000
[  187.361298][ T8238] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  187.361304][ T8238] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  187.361309][ T8238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  187.361315][ T8238] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  187.361328][ T8238]  </TASK>
[  187.528232][ T8234] Invalid logical block size (1050184017)
[  187.528898][ T8231] Dev loop9: unable to read RDB block 7
[  187.535366][ T8231]  loop9: unable to read partition table
[  187.537461][ T8231] loop9: partition table beyond EOD, truncated
[  187.541816][ T8231] loop_reread_partitions: partition scan of loop9 (��) failed (rc=-5)
[  187.818746][   T29] usb 6-1: USB disconnect, device number 12
[  188.019606][ T8259] FAULT_INJECTION: forcing a failure.
[  188.019606][ T8259] name failslab, interval 1, probability 0, space 0, times 0
[  188.023966][ T8259] CPU: 3 UID: 0 PID: 8259 Comm: syz.2.640 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  188.023984][ T8259] Tainted: [L]=SOFTLOCKUP
[  188.023988][ T8259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  188.023994][ T8259] Call Trace:
[  188.023998][ T8259]  <TASK>
[  188.024003][ T8259]  dump_stack_lvl+0x100/0x190
[  188.024024][ T8259]  should_fail_ex.cold+0x5/0xa
[  188.024038][ T8259]  should_failslab+0xc2/0x120
[  188.024051][ T8259]  __kmalloc_cache_noprof+0x7a/0x6f0
[  188.024066][ T8259]  ? resv_map_alloc+0x46/0x400
[  188.024080][ T8259]  resv_map_alloc+0x46/0x400
[  188.024092][ T8259]  hugetlb_reserve_pages+0x63c/0x1490
[  188.024107][ T8259]  ? __pfx___might_resched+0x10/0x10
[  188.024119][ T8259]  ? __pfx_hugetlb_reserve_pages+0x10/0x10
[  188.024133][ T8259]  ? atime_needs_update+0x8b/0x6b0
[  188.024145][ T8259]  ? touch_atime+0xa5/0x7a0
[  188.024157][ T8259]  ? mas_preallocate+0x521/0x14a0
[  188.024174][ T8259]  hugetlbfs_file_mmap+0x51a/0x780
[  188.024196][ T8259]  ? __pfx_hugetlbfs_file_mmap+0x10/0x10
[  188.024217][ T8259]  ? vm_area_alloc+0x1f/0x160
[  188.024239][ T8259]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  188.024262][ T8259]  ? lockdep_init_map_type+0x5c/0x250
[  188.024283][ T8259]  __mmap_region+0x13e1/0x2dd0
[  188.024301][ T8259]  ? __pfx___mmap_region+0x10/0x10
[  188.024325][ T8259]  ? process_measurement+0x1f4/0x2350
[  188.024339][ T8259]  ? tomoyo_check_open_permission+0x1db/0x3c0
[  188.024359][ T8259]  ? __lock_acquire+0x4a5/0x2630
[  188.024382][ T8259]  ? find_held_lock+0x2b/0x80
[  188.024395][ T8259]  ? is_bpf_text_address+0x8a/0x1a0
[  188.024410][ T8259]  ? is_bpf_text_address+0x8a/0x1a0
[  188.024449][ T8259]  mmap_region+0x35d/0x620
[  188.024461][ T8259]  ? __pfx_mmap_region+0x10/0x10
[  188.024474][ T8259]  ? bpf_lsm_capable+0x9/0x10
[  188.024486][ T8259]  ? security_capable+0x80/0x260
[  188.024499][ T8259]  do_mmap+0xc63/0x12f0
[  188.024515][ T8259]  ? __pfx_do_mmap+0x10/0x10
[  188.024528][ T8259]  ? __pfx_down_write_killable+0x10/0x10
[  188.024549][ T8259]  vm_mmap_pgoff+0x29e/0x470
[  188.024566][ T8259]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  188.024578][ T8259]  ? __fget_files+0x215/0x3d0
[  188.024593][ T8259]  ? __fget_files+0x21f/0x3d0
[  188.024608][ T8259]  ksys_mmap_pgoff+0x3cb/0x610
[  188.024623][ T8259]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[  188.024635][ T8259]  ? ksys_write+0x1ac/0x250
[  188.024651][ T8259]  __do_fast_syscall_32+0xe7/0x970
[  188.024667][ T8259]  ? lockdep_hardirqs_on+0x78/0x100
[  188.024683][ T8259]  do_fast_syscall_32+0x32/0x70
[  188.024700][ T8259]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  188.024714][ T8259] RIP: 0023:0xf7f14f7c
[  188.024724][ T8259] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  188.024735][ T8259] RSP: 002b:00000000f53d650c EFLAGS: 00000292 ORIG_RAX: 00000000000000c0
[  188.024746][ T8259] RAX: ffffffffffffffda RBX: 0000000080200000 RCX: 0000000000400000
[  188.024753][ T8259] RDX: 000000000000000b RSI: 0000000000002012 RDI: 0000000000000005
[  188.024759][ T8259] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  188.024765][ T8259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  188.024772][ T8259] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  188.024785][ T8259]  </TASK>
[  188.385113][ T8268] netlink: 12 bytes leftover after parsing attributes in process `syz.3.642'.
[  188.768132][ T8285] loop5: detected capacity change from 0 to 3
[  188.781840][ T8285] Dev loop5: unable to read RDB block 3
[  188.785278][ T8285]  loop5: unable to read partition table
[  188.787213][ T8285] loop5: partition table beyond EOD, truncated
[  188.789266][ T8285] loop_reread_partitions: partition scan of loop5 (�被x������ ) failed (rc=-5)
[  188.960201][ T8291] syzkaller0: entered promiscuous mode
[  188.961931][ T8291] syzkaller0: entered allmulticast mode
[  189.278353][ T6013] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  189.331868][ T8310] input: syz1 as /devices/virtual/input/input11
[  189.419191][ T6013] usb 5-1: device descriptor read/64, error -71
[  189.481015][ T8312] syzkaller1: entered promiscuous mode
[  189.482811][ T8312] syzkaller1: entered allmulticast mode
[  189.492449][ T8312] MINIX-fs: blocksize too small for device
[  189.623755][ T8315] FAULT_INJECTION: forcing a failure.
[  189.623755][ T8315] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  189.629577][ T8315] CPU: 3 UID: 0 PID: 8315 Comm: syz.3.658 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  189.629603][ T8315] Tainted: [L]=SOFTLOCKUP
[  189.629609][ T8315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  189.629618][ T8315] Call Trace:
[  189.629624][ T8315]  <TASK>
[  189.629630][ T8315]  dump_stack_lvl+0x100/0x190
[  189.629662][ T8315]  should_fail_ex.cold+0x5/0xa
[  189.629682][ T8315]  _copy_from_user+0x2e/0xd0
[  189.629706][ T8315]  do_devconfig_ioctl+0x11e/0x6d0
[  189.629727][ T8315]  ? comedi_unlocked_ioctl+0x180/0x3310
[  189.629753][ T8315]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  189.629786][ T8315]  ? tomoyo_path_number_perm+0x46d/0x580
[  189.629808][ T8315]  ? kasan_save_stack+0x3f/0x50
[  189.629824][ T8315]  ? kasan_save_stack+0x30/0x50
[  189.629838][ T8315]  ? kasan_save_track+0x14/0x30
[  189.629853][ T8315]  ? kasan_save_free_info+0x3b/0x70
[  189.629881][ T8315]  comedi_unlocked_ioctl+0x860/0x3310
[  189.629912][ T8315]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  189.629949][ T8315]  ? kasan_quarantine_put+0x104/0x240
[  189.629962][ T8315]  ? lockdep_hardirqs_on+0x78/0x100
[  189.629982][ T8315]  ? find_held_lock+0x2b/0x80
[  189.629998][ T8315]  ? tomoyo_path_number_perm+0x28f/0x580
[  189.630014][ T8315]  ? tomoyo_path_number_perm+0x28f/0x580
[  189.630033][ T8315]  ? tomoyo_path_number_perm+0x188/0x580
[  189.630053][ T8315]  comedi_compat_ioctl+0x438/0xe20
[  189.630074][ T8315]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  189.630094][ T8315]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  189.630122][ T8315]  ? do_vfs_ioctl+0x226/0x13e0
[  189.630139][ T8315]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  189.630158][ T8315]  ? find_held_lock+0x2b/0x80
[  189.630173][ T8315]  ? __fget_files+0x215/0x3d0
[  189.630187][ T8315]  ? hook_file_ioctl_common+0x149/0x410
[  189.630208][ T8315]  ? __fget_files+0x21f/0x3d0
[  189.630226][ T8315]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  189.630246][ T8315]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  189.630266][ T8315]  __do_fast_syscall_32+0xe7/0x970
[  189.630285][ T8315]  ? lockdep_hardirqs_on+0x78/0x100
[  189.630305][ T8315]  do_fast_syscall_32+0x32/0x70
[  189.630329][ T8315]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  189.630346][ T8315] RIP: 0023:0xf7f46f7c
[  189.630357][ T8315] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  189.630371][ T8315] RSP: 002b:00000000f540650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  189.630384][ T8315] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400
[  189.630393][ T8315] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  189.630400][ T8315] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  189.630408][ T8315] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  189.630416][ T8315] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  189.630433][ T8315]  </TASK>
[  189.750107][ T6013] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  189.906971][ T6013] usb 5-1: device descriptor read/64, error -71
[  189.955708][ T8317] FAULT_INJECTION: forcing a failure.
[  189.955708][ T8317] name failslab, interval 1, probability 0, space 0, times 0
[  189.960941][ T8317] CPU: 2 UID: 0 PID: 8317 Comm: syz.3.659 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  189.960960][ T8317] Tainted: [L]=SOFTLOCKUP
[  189.960963][ T8317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  189.960970][ T8317] Call Trace:
[  189.960988][ T8317]  <TASK>
[  189.960994][ T8317]  dump_stack_lvl+0x100/0x190
[  189.961016][ T8317]  should_fail_ex.cold+0x5/0xa
[  189.961030][ T8317]  ? ovl_lookup_layers+0x13ff/0x2ac0
[  189.961043][ T8317]  should_failslab+0xc2/0x120
[  189.961056][ T8317]  __kmalloc_noprof+0xe0/0x850
[  189.961077][ T8317]  ovl_lookup_layers+0x13ff/0x2ac0
[  189.961092][ T8317]  ? __lock_acquire+0x4a5/0x2630
[  189.961111][ T8317]  ? __mod_memcg_lruvec_state+0x18c/0x5b0
[  189.961130][ T8317]  ? __pfx_ovl_lookup_layers+0x10/0x10
[  189.961145][ T8317]  ? find_held_lock+0x2b/0x80
[  189.961158][ T8317]  ? rcu_read_unlock+0x17/0x60
[  189.961171][ T8317]  ? rcu_read_unlock+0x17/0x60
[  189.961188][ T8317]  ovl_lookup+0x4a8/0x6b0
[  189.961202][ T8317]  ? __pfx_ovl_lookup+0x10/0x10
[  189.961213][ T8317]  ? rcu_is_watching+0x12/0xc0
[  189.961228][ T8317]  ? do_raw_spin_lock+0x128/0x260
[  189.961243][ T8317]  ? do_raw_spin_unlock+0x145/0x1e0
[  189.961255][ T8317]  ? _raw_spin_unlock+0x28/0x50
[  189.961271][ T8317]  lookup_one_qstr_excl+0x1cd/0x250
[  189.961287][ T8317]  ? mnt_want_write+0x161/0x450
[  189.961299][ T8317]  filename_rmdir+0x26b/0x5c0
[  189.961314][ T8317]  ? __pfx_filename_rmdir+0x10/0x10
[  189.961334][ T8317]  ? do_getname+0x191/0x390
[  189.961351][ T8317]  __ia32_sys_rmdir+0x45/0x60
[  189.961365][ T8317]  __do_fast_syscall_32+0xe7/0x970
[  189.961381][ T8317]  ? lockdep_hardirqs_on+0x78/0x100
[  189.961397][ T8317]  do_fast_syscall_32+0x32/0x70
[  189.961414][ T8317]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  189.961431][ T8317] RIP: 0023:0xf7f46f7c
[  189.961441][ T8317] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  189.961451][ T8317] RSP: 002b:00000000f540650c EFLAGS: 00000292 ORIG_RAX: 0000000000000028
[  189.961462][ T8317] RAX: ffffffffffffffda RBX: 0000000080000200 RCX: 0000000000000000
[  189.961469][ T8317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  189.961475][ T8317] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  189.961481][ T8317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  189.961487][ T8317] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  189.961500][ T8317]  </TASK>
[  190.026969][ T6013] usb usb5-port1: attempt power cycle
[  190.287195][ T8323] netlink: 28 bytes leftover after parsing attributes in process `syz.3.661'.
[  190.327486][ T8328] FAULT_INJECTION: forcing a failure.
[  190.327486][ T8328] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  190.331501][ T8328] CPU: 2 UID: 0 PID: 8328 Comm: syz.3.662 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  190.331522][ T8328] Tainted: [L]=SOFTLOCKUP
[  190.331525][ T8328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  190.331532][ T8328] Call Trace:
[  190.331536][ T8328]  <TASK>
[  190.331540][ T8328]  dump_stack_lvl+0x100/0x190
[  190.331561][ T8328]  should_fail_ex.cold+0x5/0xa
[  190.331575][ T8328]  _copy_from_user+0x2e/0xd0
[  190.331591][ T8328]  move_addr_to_kernel+0x65/0x170
[  190.331606][ T8328]  __sys_bind+0x11d/0x260
[  190.331622][ T8328]  ? __pfx___sys_bind+0x10/0x10
[  190.331641][ T8328]  ? ksys_write+0x1ac/0x250
[  190.331655][ T8328]  __ia32_sys_bind+0x71/0xb0
[  190.331669][ T8328]  ? lockdep_hardirqs_on+0x78/0x100
[  190.331685][ T8328]  __do_fast_syscall_32+0xe7/0x970
[  190.331700][ T8328]  ? lockdep_hardirqs_on+0x78/0x100
[  190.331715][ T8328]  do_fast_syscall_32+0x32/0x70
[  190.331731][ T8328]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  190.331744][ T8328] RIP: 0023:0xf7f46f7c
[  190.331752][ T8328] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  190.331763][ T8328] RSP: 002b:00000000f540650c EFLAGS: 00000292 ORIG_RAX: 0000000000000169
[  190.331773][ T8328] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000380
[  190.331779][ T8328] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000000
[  190.331785][ T8328] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  190.331791][ T8328] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  190.331797][ T8328] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  190.331809][ T8328]  </TASK>
[  190.420530][ T8330] team0: Cannot enslave team device to itself
[  190.461321][ T6013] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  190.487935][ T8334] netlink: 252 bytes leftover after parsing attributes in process `syz.3.665'.
[  190.492602][ T6013] usb 5-1: device descriptor read/8, error -71
[  190.526000][ T8339] input: syz0 as /devices/virtual/input/input12
[  190.552768][ T8339] ip6tnl0: Caught tx_queue_len zero misconfig
[  190.752254][ T6013] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  190.773459][ T8353] netlink: 4 bytes leftover after parsing attributes in process `syz.2.671'.
[  190.781769][ T8353] netlink: 4 bytes leftover after parsing attributes in process `syz.2.671'.
[  190.788336][ T6013] usb 5-1: device descriptor read/8, error -71
[  190.917065][ T6013] usb usb5-port1: unable to enumerate USB device
[  191.067742][ T8357] /dev/sr0: Can't open blockdev
[  191.885544][ T8370] FAULT_INJECTION: forcing a failure.
[  191.885544][ T8370] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  191.892142][ T8370] CPU: 0 UID: 0 PID: 8370 Comm: syz.3.676 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  191.892161][ T8370] Tainted: [L]=SOFTLOCKUP
[  191.892165][ T8370] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  191.892171][ T8370] Call Trace:
[  191.892174][ T8370]  <TASK>
[  191.892179][ T8370]  dump_stack_lvl+0x100/0x190
[  191.892245][ T8370]  should_fail_ex.cold+0x5/0xa
[  191.892259][ T8370]  ? prepare_alloc_pages+0x16d/0x5f0
[  191.892280][ T8370]  should_fail_alloc_page+0xeb/0x140
[  191.892299][ T8370]  prepare_alloc_pages+0x1f0/0x5f0
[  191.892315][ T8370]  __alloc_frozen_pages_noprof+0x19a/0x2bc0
[  191.892335][ T8370]  ? mas_next_slot+0x10a3/0x1960
[  191.892394][ T8370]  ? __pfx___up_read+0x10/0x10
[  191.892405][ T8370]  ? validate_mm+0x261/0x4e0
[  191.892419][ T8370]  ? validate_mm+0x261/0x4e0
[  191.892433][ T8370]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  191.892453][ T8370]  ? mas_prev_slot+0x760/0x1d20
[  191.892472][ T8370]  ? mas_prev_setup.constprop.0+0xb6/0x9c0
[  191.892488][ T8370]  ? mas_prev+0x9b/0xf0
[  191.892504][ T8370]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  191.892520][ T8370]  ? policy_nodemask+0xed/0x4f0
[  191.892534][ T8370]  alloc_pages_mpol+0x1fb/0x540
[  191.892547][ T8370]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  191.892558][ T8370]  ? __css_rstat_updated+0x1ce/0x5a0
[  191.892578][ T8370]  alloc_pages_noprof+0x1a/0x160
[  191.892592][ T8370]  pte_alloc_one+0x1c/0x3d0
[  191.892607][ T8370]  __pte_alloc+0x6d/0x380
[  191.892618][ T8370]  ? __pfx___pte_alloc+0x10/0x10
[  191.892630][ T8370]  ? __lock_acquire+0x4a5/0x2630
[  191.892648][ T8370]  do_anonymous_page+0x13c6/0x2050
[  191.892664][ T8370]  ? __pfx_pgd_none+0x10/0x10
[  191.892682][ T8370]  __handle_mm_fault+0x1d2c/0x2a00
[  191.892700][ T8370]  ? mt_find+0x45e/0x8e0
[  191.892715][ T8370]  ? __pfx___handle_mm_fault+0x10/0x10
[  191.892730][ T8370]  ? __pfx_mt_find+0x10/0x10
[  191.892755][ T8370]  handle_mm_fault+0x37b/0xa30
[  191.892773][ T8370]  __get_user_pages+0x1178/0x32a0
[  191.892794][ T8370]  ? __pfx___get_user_pages+0x10/0x10
[  191.892811][ T8370]  populate_vma_page_range+0x267/0x3f0
[  191.892826][ T8370]  ? __pfx_populate_vma_page_range+0x10/0x10
[  191.892839][ T8370]  ? __pfx_find_vma_intersection+0x10/0x10
[  191.892852][ T8370]  ? __pfx_apply_vma_lock_flags+0x10/0x10
[  191.892870][ T8370]  __mm_populate+0x107/0x3a0
[  191.892884][ T8370]  ? __pfx___mm_populate+0x10/0x10
[  191.892903][ T8370]  ? up_write+0x28c/0x4f0
[  191.892915][ T8370]  do_mlock+0x3f0/0x7f0
[  191.892946][ T8370]  ? __pfx_do_mlock+0x10/0x10
[  191.892967][ T8370]  ? fput+0x79/0x100
[  191.892984][ T8370]  ? ksys_write+0x1ac/0x250
[  191.892998][ T8370]  __ia32_sys_mlock+0x57/0x80
[  191.893008][ T8370]  __do_fast_syscall_32+0xe7/0x970
[  191.893024][ T8370]  ? lockdep_hardirqs_on+0x78/0x100
[  191.893040][ T8370]  do_fast_syscall_32+0x32/0x70
[  191.893055][ T8370]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  191.893069][ T8370] RIP: 0023:0xf7f46f7c
[  191.893079][ T8370] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  191.893089][ T8370] RSP: 002b:00000000f540650c EFLAGS: 00000292 ORIG_RAX: 0000000000000096
[  191.893099][ T8370] RAX: ffffffffffffffda RBX: 00000000807c8000 RCX: 0000000000003000
[  191.893106][ T8370] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  191.893112][ T8370] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  191.893118][ T8370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  191.893123][ T8370] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  191.893136][ T8370]  </TASK>
[  191.947651][ T8370] netlink: 24 bytes leftover after parsing attributes in process `syz.3.676'.
[  192.040646][ T8371] input: syz1 as /devices/virtual/input/input13
[  192.307453][ T8378] syzkaller0: entered promiscuous mode
[  192.309842][ T8378] syzkaller0: entered allmulticast mode
[  192.329812][ T8378] FAULT_INJECTION: forcing a failure.
[  192.329812][ T8378] name failslab, interval 1, probability 0, space 0, times 0
[  192.335024][ T8378] CPU: 1 UID: 0 PID: 8378 Comm: syz.0.678 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  192.335043][ T8378] Tainted: [L]=SOFTLOCKUP
[  192.335047][ T8378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  192.335054][ T8378] Call Trace:
[  192.335058][ T8378]  <TASK>
[  192.335063][ T8378]  dump_stack_lvl+0x100/0x190
[  192.335084][ T8378]  should_fail_ex.cold+0x5/0xa
[  192.335099][ T8378]  should_failslab+0xc2/0x120
[  192.335112][ T8378]  __kmalloc_node_noprof+0xe6/0x850
[  192.335130][ T8378]  ? qdisc_alloc+0xbb/0xb30
[  192.335141][ T8378]  ? qdisc_lookup_ops+0xf3/0x130
[  192.335157][ T8378]  qdisc_alloc+0xbb/0xb30
[  192.335169][ T8378]  ? _raw_read_unlock+0x28/0x50
[  192.335185][ T8378]  qdisc_create+0x70/0x1070
[  192.335203][ T8378]  tc_modify_qdisc+0xdcf/0x2120
[  192.335222][ T8378]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  192.335238][ T8378]  ? __lock_acquire+0x4a5/0x2630
[  192.335264][ T8378]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  192.335280][ T8378]  rtnetlink_rcv_msg+0x3c9/0xe90
[  192.335293][ T8378]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  192.335309][ T8378]  ? ref_tracker_free+0x37e/0x6c0
[  192.335390][ T8378]  netlink_rcv_skb+0x159/0x420
[  192.335406][ T8378]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  192.335418][ T8378]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  192.335442][ T8378]  ? netlink_deliver_tap+0x1ae/0xcc0
[  192.335458][ T8378]  netlink_unicast+0x585/0x850
[  192.335474][ T8378]  ? __pfx_netlink_unicast+0x10/0x10
[  192.335492][ T8378]  netlink_sendmsg+0x8b0/0xda0
[  192.335508][ T8378]  ? __pfx_netlink_sendmsg+0x10/0x10
[  192.335524][ T8378]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  192.335538][ T8378]  ____sys_sendmsg+0x9e1/0xb70
[  192.335551][ T8378]  ? __pfx_netlink_sendmsg+0x10/0x10
[  192.335566][ T8378]  ? __pfx_____sys_sendmsg+0x10/0x10
[  192.335586][ T8378]  ___sys_sendmsg+0x190/0x1e0
[  192.335602][ T8378]  ? __pfx____sys_sendmsg+0x10/0x10
[  192.335623][ T8378]  ? find_held_lock+0x2b/0x80
[  192.335644][ T8378]  __sys_sendmsg+0x170/0x220
[  192.335656][ T8378]  ? __pfx___sys_sendmsg+0x10/0x10
[  192.335666][ T8378]  ? __fget_files+0x21f/0x3d0
[  192.335682][ T8378]  ? ksys_write+0x1ac/0x250
[  192.335696][ T8378]  ? rcu_is_watching+0x12/0xc0
[  192.335710][ T8378]  __do_fast_syscall_32+0xe7/0x970
[  192.335725][ T8378]  ? lockdep_hardirqs_on+0x78/0x100
[  192.335741][ T8378]  do_fast_syscall_32+0x32/0x70
[  192.335758][ T8378]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  192.335772][ T8378] RIP: 0023:0xf7fc3f7c
[  192.335781][ T8378] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  192.335791][ T8378] RSP: 002b:00000000f548650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  192.335802][ T8378] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000800003c0
[  192.335808][ T8378] RDX: 0000000000004890 RSI: 0000000000000000 RDI: 0000000000000000
[  192.335815][ T8378] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  192.335820][ T8378] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  192.335826][ T8378] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  192.335840][ T8378]  </TASK>
[  192.576300][ T8381] Cannot find set identified by id 2 to match
[  193.125719][ T6013] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  193.299167][ T6013] usb 5-1: Using ep0 maxpacket: 16
[  193.302753][ T6013] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  193.308459][ T6013] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  193.312644][ T6013] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  193.315815][ T6013] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  193.319323][ T6013] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  193.327527][ T6013] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  193.330618][ T6013] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  193.333828][ T6013] usb 5-1: Manufacturer: syz
[  193.337292][ T6013] usb 5-1: config 0 descriptor??
[  193.627720][ T6013] rc_core: IR keymap rc-hauppauge not found
[  193.629938][ T6013] Registered IR keymap rc-empty
[  193.634893][ T6013] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  193.667640][ T6013] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  193.802405][ T8405] netlink: 4 bytes leftover after parsing attributes in process `syz.1.687'.
[  194.665053][ T6013] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0
[  194.680646][ T6013] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input14
[  194.709954][ T6013] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  194.729721][ T6013] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  194.751422][ T6013] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  194.773113][ T6013] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  194.794741][ T6013] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  194.827276][ T6013] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  194.848932][ T6013] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  194.881441][ T6013] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  194.913936][ T6013] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  194.946464][ T6013] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  194.980977][ T6013] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  194.984364][ T6013] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  194.990523][ T6013] usb 5-1: USB disconnect, device number 14
[  195.114097][ T8417] input: syz1 as /devices/virtual/input/input15
[  195.346287][ T8428] program syz.0.693 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  195.355876][ T8428] netlink: 4 bytes leftover after parsing attributes in process `syz.0.693'.
[  195.362045][ T8428] openvswitch: netlink: Flow actions attr not present in new flow.
[  196.688816][ T5756] Bluetooth: hci1: Malformed LE Event: 0x02
[  196.853306][ T8458] program syz.1.702 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  196.858754][ T8458] netlink: 4 bytes leftover after parsing attributes in process `syz.1.702'.
[  196.862476][ T8458] openvswitch: netlink: Flow actions attr not present in new flow.
[  197.898426][ T8468] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.029226][ T8468] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.217730][ T8468] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.337942][ T5755] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  198.340344][ T5756] Bluetooth: hci4: command 0x1003 tx timeout
[  198.374139][ T8468] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.773696][  T343] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  198.787548][  T343] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  198.822968][  T343] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  198.827160][  T343] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  198.998277][   T40] kauditd_printk_skb: 474 callbacks suppressed
[  198.998294][   T40] audit: type=1326 audit(1781331787.053:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8475 comm="syz.0.707" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc3f7c code=0x0
[  199.041361][ T8481] mac80211_hwsim hwsim6 syzkaller0: entered promiscuous mode
[  199.053969][ T8481] mac80211_hwsim hwsim6 syzkaller0: entered allmulticast mode
[  199.495046][ T8486] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.499354][ T8486] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  199.669532][ T8486] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.673968][ T8486] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  199.971174][ T8498] loop9: detected capacity change from 0 to 7
[  200.008915][ T8486] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.013008][ T8486] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  200.101650][ T8486] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.133992][ T8486] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  200.312362][ T8498] Dev loop9: unable to read RDB block 7
[  200.314200][ T8498]  loop9: unable to read partition table
[  200.316250][ T8498] loop9: partition table beyond EOD, truncated
[  200.318361][ T8498] loop_reread_partitions: partition scan of loop9 (��) failed (rc=-5)
[  200.571305][ T8499] Invalid logical block size (1050184017)
[  200.600347][   T59] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  200.611378][   T59] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  200.698337][ T1172] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  200.701388][ T1172] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  200.731216][ T1172] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  200.734095][ T1172] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  200.913519][ T8502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.714'.
[  200.946539][ T1172] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  200.950858][ T1172] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  201.081465][ T8511] mac80211_hwsim hwsim6 .
: renamed from wlan1 (while UP)
[  201.270965][ T8519] openvswitch: netlink: IP tunnel TTL not specified.
[  201.708627][ T8526] hsr0: left promiscuous mode
[  201.847714][ T8526] virt_wifi0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  201.867610][ T8526] erspan1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  201.988066][ T8526] ip6erspan0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  201.992541][ T8526] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode
[  202.000252][ T8526] 8021q: adding VLAN 0 to HW filter on device eth0
[  202.005647][ T8526] 8021q: adding VLAN 0 to HW filter on device eth1
[  202.009169][ T8526] 8021q: adding VLAN 0 to HW filter on device eth2
[  202.014047][ T8526] 8021q: adding VLAN 0 to HW filter on device eth3
[  202.193086][ T8533] FAULT_INJECTION: forcing a failure.
[  202.193086][ T8533] name failslab, interval 1, probability 0, space 0, times 0
[  202.198053][ T8533] CPU: 0 UID: 0 PID: 8533 Comm: syz.1.723 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  202.198079][ T8533] Tainted: [L]=SOFTLOCKUP
[  202.198084][ T8533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  202.198094][ T8533] Call Trace:
[  202.198100][ T8533]  <TASK>
[  202.198106][ T8533]  dump_stack_lvl+0x100/0x190
[  202.198137][ T8533]  should_fail_ex.cold+0x5/0xa
[  202.198158][ T8533]  should_failslab+0xc2/0x120
[  202.198177][ T8533]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  202.198203][ T8533]  ? __alloc_skb+0x140/0x710
[  202.198217][ T8533]  ? __alloc_skb+0x5b7/0x710
[  202.198234][ T8533]  __alloc_skb+0x140/0x710
[  202.198254][ T8533]  ? __alloc_skb+0x5b7/0x710
[  202.198268][ T8533]  ? __pfx___alloc_skb+0x10/0x10
[  202.198288][ T8533]  netlink_alloc_large_skb+0x69/0x150
[  202.198312][ T8533]  netlink_sendmsg+0x680/0xda0
[  202.198335][ T8533]  ? __pfx_netlink_sendmsg+0x10/0x10
[  202.198358][ T8533]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  202.198378][ T8533]  ____sys_sendmsg+0x9e1/0xb70
[  202.198398][ T8533]  ? __pfx_netlink_sendmsg+0x10/0x10
[  202.198420][ T8533]  ? __pfx_____sys_sendmsg+0x10/0x10
[  202.198444][ T8533]  ? _kstrtoull+0x13c/0x1f0
[  202.198459][ T8533]  ? __pfx__kstrtoull+0x10/0x10
[  202.198476][ T8533]  ___sys_sendmsg+0x190/0x1e0
[  202.198499][ T8533]  ? __pfx____sys_sendmsg+0x10/0x10
[  202.198520][ T8533]  ? __lock_acquire+0x4a5/0x2630
[  202.198568][ T8533]  __sys_sendmmsg+0x2ff/0x430
[  202.198588][ T8533]  ? __pfx___sys_sendmmsg+0x10/0x10
[  202.198612][ T8533]  ? __fget_files+0x215/0x3d0
[  202.198641][ T8533]  ? fput+0x79/0x100
[  202.198662][ T8533]  ? ksys_write+0x1ac/0x250
[  202.198683][ T8533]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  202.198703][ T8533]  ? lockdep_hardirqs_on+0x78/0x100
[  202.198725][ T8533]  __do_fast_syscall_32+0xe7/0x970
[  202.198747][ T8533]  ? lockdep_hardirqs_on+0x78/0x100
[  202.198770][ T8533]  do_fast_syscall_32+0x32/0x70
[  202.198794][ T8533]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  202.198813][ T8533] RIP: 0023:0xf7f25f7c
[  202.198826][ T8533] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  202.198841][ T8533] RSP: 002b:00000000f53c550c EFLAGS: 00000292 ORIG_RAX: 0000000000000159
[  202.198858][ T8533] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  202.198867][ T8533] RDX: 0000000000000235 RSI: 0000000000000000 RDI: 0000000000000000
[  202.198876][ T8533] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  202.198885][ T8533] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  202.198894][ T8533] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  202.198915][ T8533]  </TASK>
[  202.208918][ T8534] input: syz1 as /devices/virtual/input/input17
[  202.501358][ T8538] netlink: 92 bytes leftover after parsing attributes in process `syz.0.724'.
[  203.215840][ T8543] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  203.278827][ T8540] xt_CONNSECMARK: invalid mode: 5
[  203.402161][ T8545] netlink: 8 bytes leftover after parsing attributes in process `syz.1.727'.
[  203.550615][ T8555] loop9: detected capacity change from 0 to 7
[  203.913138][ T8559] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.366868][ T1434] ieee802154 phy0 wpan0: encryption failed: -22
[  204.560778][ T8567] input: syz1 as /devices/virtual/input/input18
[  204.682276][ T8566] batman_adv: batadv0: Adding interface: dummy0
[  204.684729][ T8566] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  204.693873][ T8566] batman_adv: batadv0: Interface activated: dummy0
[  204.719205][ T8566] batadv0: mtu less than device minimum
[  204.723663][ T8566] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304)
[  204.729488][ T8566] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304)
[  204.735853][ T8566] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304)
[  204.740989][ T8566] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304)
[  204.746402][ T8566] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304)
[  204.751063][ T8566] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304)
[  204.756684][ T8566] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-304)
[  205.287229][ T8559] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.347360][ T8559] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.382040][ T8555] Dev loop9: unable to read RDB block 7
[  205.383591][ T8556] Invalid logical block size (1050184017)
[  205.384571][ T8555]  loop9: unable to read partition table
[  205.388860][ T8555] loop9: partition table beyond EOD, truncated
[  205.395877][ T8555] loop_reread_partitions: partition scan of loop9 (��) failed (rc=-5)
[  205.425735][ T8559] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.462488][ T8571] befs: (loop1): No write support. Marking filesystem read-only
[  205.467583][ T8571] befs: (loop1): unable to read superblock
[  205.568403][  T343] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  205.573745][ T8580] program syz.2.737 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  205.577233][  T343] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  205.577588][ T8580] netlink: 4 bytes leftover after parsing attributes in process `syz.2.737'.
[  205.596414][ T8581] bond2: entered allmulticast mode
[  205.599584][ T8581] 8021q: adding VLAN 0 to HW filter on device bond2
[  205.607508][  T343] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  205.620237][  T161] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  205.632644][ T8581] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  205.638943][ T8581] bond2: (slave macvlan2): making interface the new active one
[  205.642132][ T8581] macvlan2: entered allmulticast mode
[  205.644954][ T8581] bond0: entered allmulticast mode
[  205.647214][ T8581] bond_slave_0: entered allmulticast mode
[  205.651592][ T8581] bond_slave_1: entered allmulticast mode
[  205.655364][ T8581] bond_slave_0: entered promiscuous mode
[  205.658035][ T8581] bond_slave_1: entered promiscuous mode
[  205.662675][ T8581] bond2: (slave macvlan2): Enslaving as an active interface with an up link
[  205.693440][ T8581] netlink: 4 bytes leftover after parsing attributes in process `syz.3.736'.
[  205.862168][ T8592] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  205.864804][ T8592] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  205.869594][ T8592] vhci_hcd vhci_hcd.0: Device attached
[  205.877150][ T8592] netlink: 228 bytes leftover after parsing attributes in process `syz.0.741'.
[  205.914999][ T8593] vhci_hcd: connection closed
[  205.915179][   T59] vhci_hcd vhci_hcd.0: stop threads
[  205.918683][   T59] vhci_hcd vhci_hcd.0: release socket
[  205.920657][   T59] vhci_hcd vhci_hcd.0: disconnect device
[  206.497125][ T8601] loop9: detected capacity change from 0 to 7
[  206.655632][ T8607] input: syz1 as /devices/virtual/input/input19
[  208.232171][ T5755] Bluetooth: hci3: unexpected event for opcode 0x0419
[  208.322099][ T5755] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  208.886273][ T8612] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input20
[  208.930647][ T8601] Dev loop9: unable to read RDB block 7
[  208.932442][ T8601]  loop9: unable to read partition table
[  208.934298][ T8601] loop9: partition table beyond EOD, truncated
[  208.936482][ T8601] loop_reread_partitions: partition scan of loop9 (��) failed (rc=-5)
[  208.984728][ T8613] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.165750][ T8621] program syz.0.747 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  209.170958][ T8621] netlink: 4 bytes leftover after parsing attributes in process `syz.0.747'.
[  209.174600][ T8621] net_ratelimit: 13 callbacks suppressed
[  209.174610][ T8621] openvswitch: netlink: Flow actions attr not present in new flow.
[  209.229889][ T8613] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.390511][ T8613] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.788562][ T8628] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  209.790752][ T8628] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  209.804215][ T8628] vhci_hcd vhci_hcd.0: Device attached
[  209.811496][ T8628] netlink: 'syz.3.749': attribute type 9 has an invalid length.
[  209.820568][ T8628] netlink: 'syz.3.749': attribute type 7 has an invalid length.
[  209.830354][ T8628] netlink: 'syz.3.749': attribute type 8 has an invalid length.
[  209.864988][ T8629] vhci_hcd: connection closed
[  209.868488][   T46] vhci_hcd vhci_hcd.3: stop threads
[  209.875450][   T46] vhci_hcd vhci_hcd.3: release socket
[  209.879771][   T46] vhci_hcd vhci_hcd.3: disconnect device
[  209.895285][ T8637] netlink: 8 bytes leftover after parsing attributes in process `syz.3.750'.
[  210.048475][ T8613] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.101952][ T8643] netlink: 12 bytes leftover after parsing attributes in process `syz.3.751'.
[  210.242816][  T137] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.245962][  T137] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.259622][  T137] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.262212][  T137] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  211.023841][ T8663] FAULT_INJECTION: forcing a failure.
[  211.023841][ T8663] name failslab, interval 1, probability 0, space 0, times 0
[  211.030018][ T8663] CPU: 2 UID: 0 PID: 8663 Comm: syz.1.759 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  211.030047][ T8663] Tainted: [L]=SOFTLOCKUP
[  211.030053][ T8663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  211.030063][ T8663] Call Trace:
[  211.030069][ T8663]  <TASK>
[  211.030076][ T8663]  dump_stack_lvl+0x100/0x190
[  211.030110][ T8663]  should_fail_ex.cold+0x5/0xa
[  211.030133][ T8663]  should_failslab+0xc2/0x120
[  211.030154][ T8663]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  211.030180][ T8663]  ? skb_clone+0x190/0x400
[  211.030211][ T8663]  skb_clone+0x190/0x400
[  211.030230][ T8663]  netlink_deliver_tap+0xaed/0xcc0
[  211.030258][ T8663]  netlink_unicast+0x6a5/0x850
[  211.030286][ T8663]  ? __pfx_netlink_unicast+0x10/0x10
[  211.030307][ T8663]  ? genl_rcv_msg+0x4be/0x800
[  211.030338][ T8663]  netlink_ack+0x655/0xb80
[  211.030369][ T8663]  netlink_rcv_skb+0x333/0x420
[  211.030391][ T8663]  ? __pfx_genl_rcv_msg+0x10/0x10
[  211.030418][ T8663]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  211.030451][ T8663]  ? netlink_deliver_tap+0x1ae/0xcc0
[  211.030476][ T8663]  genl_rcv+0x28/0x40
[  211.030496][ T8663]  netlink_unicast+0x585/0x850
[  211.030521][ T8663]  ? __pfx_netlink_unicast+0x10/0x10
[  211.030549][ T8663]  netlink_sendmsg+0x8b0/0xda0
[  211.030574][ T8663]  ? __pfx_netlink_sendmsg+0x10/0x10
[  211.030598][ T8663]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  211.030620][ T8663]  ____sys_sendmsg+0x9e1/0xb70
[  211.030640][ T8663]  ? __pfx_netlink_sendmsg+0x10/0x10
[  211.030665][ T8663]  ? __pfx_____sys_sendmsg+0x10/0x10
[  211.030698][ T8663]  ___sys_sendmsg+0x190/0x1e0
[  211.030723][ T8663]  ? __pfx____sys_sendmsg+0x10/0x10
[  211.030760][ T8663]  ? find_held_lock+0x2b/0x80
[  211.030798][ T8663]  __sys_sendmsg+0x170/0x220
[  211.030817][ T8663]  ? __pfx___sys_sendmsg+0x10/0x10
[  211.030832][ T8663]  ? __fget_files+0x21f/0x3d0
[  211.030861][ T8663]  ? ksys_write+0x1ac/0x250
[  211.030882][ T8663]  ? rcu_is_watching+0x12/0xc0
[  211.030905][ T8663]  __do_fast_syscall_32+0xe7/0x970
[  211.030932][ T8663]  ? lockdep_hardirqs_on+0x78/0x100
[  211.030958][ T8663]  do_fast_syscall_32+0x32/0x70
[  211.030984][ T8663]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  211.031006][ T8663] RIP: 0023:0xf7f25f7c
[  211.031022][ T8663] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  211.031040][ T8663] RSP: 002b:00000000f53e650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  211.031057][ T8663] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080003740
[  211.031067][ T8663] RDX: 0000000000008800 RSI: 0000000000000000 RDI: 0000000000000000
[  211.031077][ T8663] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  211.031110][ T8663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  211.031120][ T8663] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  211.031144][ T8663]  </TASK>
[  211.075099][  T843] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  211.293684][ T8667] nvme_fabrics: unknown parameter or missing value '0x0000000000000000' in ctrl creation request
[  211.333102][  T843] usb 5-1: Using ep0 maxpacket: 8
[  211.336645][  T843] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  211.347330][ T8667] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  211.624673][ T8674] netlink: 12 bytes leftover after parsing attributes in process `syz.3.762'.
[  211.924093][  T843] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  212.219019][  T843] usb 5-1: config 0 interface 0 has no altsetting 0
[  212.221243][  T843] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  212.224064][  T843] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.237487][  T843] usb 5-1: config 0 descriptor??
[  212.530818][ T8683] input: syz1 as /devices/virtual/input/input21
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x122000)
[  212.733415][  T843] mcp2221 0003:04D8:00DD.0005: unknown main item tag 0x0
[  212.736014][  T843] mcp2221 0003:04D8:00DD.0005: unknown main item tag 0x0
[  212.738981][  T843] mcp2221 0003:04D8:00DD.0005: unknown main item tag 0x0
[  212.741410][  T843] mcp2221 0003:04D8:00DD.0005: unknown main item tag 0x0
[  212.746333][  T843] mcp2221 0003:04D8:00DD.0005: unknown main item tag 0x0
[  212.759222][  T843] mcp2221 0003:04D8:00DD.0005: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  212.800051][ T1131] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  212.808531][ T1131] ata1: failed to read log page 10h (errno=-5)
[  212.823134][ T1131] ata1.00: exception Emask 0x1 SAct 0x4000 SErr 0x0 action 0x0
[  212.831091][ T1131] ata1.00: irq_stat 0x41000008
[  212.836718][ T1131] ata1.00: failed command: READ FPDMA QUEUED
[  212.842288][ T1131] ata1.00: cmd 60/10:70:de:58:01/09:00:00:00:00/40 tag 14 ncq dma 1187840 in
[  212.842288][ T1131]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  212.857554][ T1131] ata1.00: status: { DRDY }
[  212.859153][ T1131] ata1.00: error: { ABRT }
[  212.863152][ T1131] ata1.00: configured for UDMA/100
[  212.873041][ T1131] sd 0:0:0:0: [sda] tag#14 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[  212.882136][ T1131] sd 0:0:0:0: [sda] tag#14 Sense Key : Aborted Command [current] 
[  212.889669][ T1131] sd 0:0:0:0: [sda] tag#14 Add. Sense: No additional sense information
[  212.900957][ T1131] sd 0:0:0:0: [sda] tag#14 CDB: Read(10) 28 00 00 01 58 de 00 09 10 00
[  212.908476][ T1131] I/O error, dev sda, sector 88286 op 0x0:(READ) flags 0x80700 phys_seg 19 prio class 2
[  212.917838][ T1131] ata1: EH complete
[  212.918057][ T5755] Bluetooth: hci0: unexpected event for opcode 0x5f57
[  213.184083][  T843] usb 5-1: USB disconnect, device number 15
[  213.779992][ T8698] netlink: 12 bytes leftover after parsing attributes in process `syz.0.770'.
[  214.053449][ T5115] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  214.394428][ T5115] usb 6-1: Using ep0 maxpacket: 8
[  214.646022][ T8709] netlink: 8 bytes leftover after parsing attributes in process `syz.2.773'.
[  214.923435][ T5115] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  215.127889][ T8712] bond2: entered allmulticast mode
[  215.132341][ T8712] 8021q: adding VLAN 0 to HW filter on device bond2
[  215.147542][ T8712] netlink: 4 bytes leftover after parsing attributes in process `syz.2.774'.
[  215.176465][ T8714] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  215.216165][ T5115] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  215.220260][ T5115] usb 6-1: config 0 interface 0 has no altsetting 0
[  215.222979][ T5115] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  215.228334][ T5115] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.235282][ T8714] bond2: (slave macvlan3): making interface the new active one
[  215.238074][ T8714] macvlan3: entered allmulticast mode
[  215.239716][ T8714] bond0: entered allmulticast mode
[  215.239764][ T5115] usb 6-1: config 0 descriptor??
[  215.241352][ T8714] bond_slave_0: entered allmulticast mode
[  215.245947][ T8714] bond_slave_1: entered allmulticast mode
[  215.248087][ T8714] bond_slave_0: entered promiscuous mode
[  215.249952][ T8714] bond_slave_1: entered promiscuous mode
[  215.252724][ T8714] bond2: (slave macvlan3): Enslaving as an active interface with an up link
[  215.729157][ T8721] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.765190][ T5115] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[  215.770286][ T5115] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[  215.772443][ T5115] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[  215.774762][ T5115] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[  215.777464][ T5115] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[  215.780273][ T5115] mcp2221 0003:04D8:00DD.0006: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  215.910127][ T8721] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.982566][ T5755] Bluetooth: hci1: unexpected event for opcode 0x5f57
[  216.097588][ T8721] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.204157][ T8724] netlink: 4 bytes leftover after parsing attributes in process `syz.2.777'.
[  216.241443][ T8724] netlink: 16 bytes leftover after parsing attributes in process `syz.2.777'.
[  216.519033][ T8721] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.553774][ T5115] usb 6-1: USB disconnect, device number 13
[  216.649468][  T161] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  216.656715][  T161] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  216.668053][  T161] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  216.682117][  T161] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  217.012970][ T8739] netlink: 12 bytes leftover after parsing attributes in process `syz.3.780'.
[  218.175813][ T8760] loop9: detected capacity change from 0 to 7
[  218.312673][ T8767] syz_tun: entered allmulticast mode
[  218.521155][ T8760] Dev loop9: unable to read RDB block 7
[  218.526330][ T8760]  loop9: unable to read partition table
[  218.531589][ T8760] loop9: partition table beyond EOD, truncated
[  218.538122][ T8760] loop_reread_partitions: partition scan of loop9 (��) failed (rc=-5)
[  218.616857][ T8777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  218.624028][ T8777] loop5: detected capacity change from 0 to 4095
[  218.661167][ T8772] ceph: No mds server is up or the cluster is laggy
[  218.799336][ T8781] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  218.834657][ T5826] libceph: connect (1)[c::]:6789 error -101
[  218.837563][ T5826] libceph: mon0 (1)[c::]:6789 connect error
[  219.079604][ T8761] syz_tun: left allmulticast mode
[  219.292862][ T8785] fuse: Unknown parameter 'Y�0x0000000000000007'
[  219.752535][ T8793] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.825754][ T8793] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.891664][ T8793] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.992109][ T8793] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.004148][ T5115] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  220.174765][   T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  220.188940][   T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  220.196263][   T12] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  220.217360][   T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  220.609653][   T40] audit: type=1326 audit(1781331806.993:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8791 comm="syz.1.794" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25f7c code=0x7fc00000
[  220.616960][   T40] audit: type=1326 audit(1781331806.993:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8791 comm="syz.1.794" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f25f7c code=0x7fc00000
[  221.354683][ T8809] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.576854][ T8809] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.737087][ T8809] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.935731][ T8821] xt_socket: unknown flags 0x50
[  222.001498][ T8809] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.697588][ T8844] input: syz1 as /devices/virtual/input/input22
[  224.168985][ T8862] Invalid source name
[  224.170415][ T8862] UBIFS error (pid: 8862): cannot open "./file0", error -22
[  224.347881][ T8866] virtio-fs: tag </dev/md0> not found
[  224.892758][ T8872] syzkaller0: entered promiscuous mode
[  224.894558][ T8872] syzkaller0: entered allmulticast mode
[  225.332965][ T8892] input: syz1 as /devices/virtual/input/input23
[  225.390061][ T1253] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  225.400137][ T1253] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  225.413769][ T1253] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  225.424349][ T1253] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  225.883982][ T8899] xt_nfacct: accounting object `\�$�9Z�M#���mU�|�^c�\F9YⳈ���' does not exist
[  226.334031][ T8909] FAULT_INJECTION: forcing a failure.
[  226.334031][ T8909] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  226.343410][ T8909] CPU: 2 UID: 0 PID: 8909 Comm: syz.1.825 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  226.343429][ T8909] Tainted: [L]=SOFTLOCKUP
[  226.343433][ T8909] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  226.343439][ T8909] Call Trace:
[  226.343443][ T8909]  <TASK>
[  226.343447][ T8909]  dump_stack_lvl+0x100/0x190
[  226.343479][ T8909]  should_fail_ex.cold+0x5/0xa
[  226.343494][ T8909]  _copy_from_user+0x2e/0xd0
[  226.343514][ T8909]  inet6_compat_ioctl+0xe3/0x360
[  226.343532][ T8909]  ? __pfx_inet6_compat_ioctl+0x10/0x10
[  226.343548][ T8909]  ? do_vfs_ioctl+0x226/0x13e0
[  226.343560][ T8909]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  226.343570][ T8909]  ? __pfx_inet6_compat_ioctl+0x10/0x10
[  226.343583][ T8909]  compat_sock_ioctl+0x179/0x760
[  226.343600][ T8909]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  226.343614][ T8909]  ? hook_file_ioctl_common+0x149/0x410
[  226.343629][ T8909]  ? __fget_files+0x21f/0x3d0
[  226.343643][ T8909]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  226.343658][ T8909]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  226.343671][ T8909]  __do_fast_syscall_32+0xe7/0x970
[  226.343691][ T8909]  ? lockdep_hardirqs_on+0x78/0x100
[  226.343707][ T8909]  do_fast_syscall_32+0x32/0x70
[  226.343722][ T8909]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  226.343736][ T8909] RIP: 0023:0xf7f25f7c
[  226.343744][ T8909] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  226.343755][ T8909] RSP: 002b:00000000f53e650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  226.343766][ T8909] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000890c
[  226.343773][ T8909] RDX: 0000000080005fc0 RSI: 0000000000000000 RDI: 0000000000000000
[  226.343779][ T8909] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  226.343784][ T8909] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  226.343790][ T8909] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  226.343803][ T8909]  </TASK>
[  226.593573][ T8927] netlink: 8 bytes leftover after parsing attributes in process `syz.3.830'.
[  227.054297][ T8940] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.154594][ T8940] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.248820][ T8940] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.285361][ T5755] Bluetooth: hci1: Malformed LE Event: 0x0b
[  227.332633][ T8949] netlink: 20 bytes leftover after parsing attributes in process `syz.1.837'.
[  227.343129][ T8949] FAULT_INJECTION: forcing a failure.
[  227.343129][ T8949] name failslab, interval 1, probability 0, space 0, times 0
[  227.344566][ T8940] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.362191][ T8949] CPU: 3 UID: 0 PID: 8949 Comm: syz.1.837 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  227.362219][ T8949] Tainted: [L]=SOFTLOCKUP
[  227.362225][ T8949] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  227.362234][ T8949] Call Trace:
[  227.362239][ T8949]  <TASK>
[  227.362246][ T8949]  dump_stack_lvl+0x100/0x190
[  227.362277][ T8949]  should_fail_ex.cold+0x5/0xa
[  227.362299][ T8949]  should_failslab+0xc2/0x120
[  227.362319][ T8949]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  227.362344][ T8949]  ? __alloc_skb+0x140/0x710
[  227.362358][ T8949]  ? __alloc_skb+0x5b7/0x710
[  227.362375][ T8949]  __alloc_skb+0x140/0x710
[  227.362393][ T8949]  ? __alloc_skb+0x5b7/0x710
[  227.362407][ T8949]  ? __pfx___alloc_skb+0x10/0x10
[  227.362429][ T8949]  netlink_ack+0x117/0xb80
[  227.362458][ T8949]  netlink_rcv_skb+0x333/0x420
[  227.362478][ T8949]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  227.362497][ T8949]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  227.362546][ T8949]  ? ns_capable+0xd2/0xf0
[  227.362566][ T8949]  nfnetlink_rcv+0x1b3/0x440
[  227.362583][ T8949]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  227.362598][ T8949]  ? netlink_deliver_tap+0x1ae/0xcc0
[  227.362622][ T8949]  netlink_unicast+0x585/0x850
[  227.362646][ T8949]  ? __pfx_netlink_unicast+0x10/0x10
[  227.362673][ T8949]  netlink_sendmsg+0x8b0/0xda0
[  227.362696][ T8949]  ? __pfx_netlink_sendmsg+0x10/0x10
[  227.362720][ T8949]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  227.362740][ T8949]  ____sys_sendmsg+0x9e1/0xb70
[  227.362761][ T8949]  ? __pfx_netlink_sendmsg+0x10/0x10
[  227.362783][ T8949]  ? __pfx_____sys_sendmsg+0x10/0x10
[  227.362812][ T8949]  ___sys_sendmsg+0x190/0x1e0
[  227.362836][ T8949]  ? __pfx____sys_sendmsg+0x10/0x10
[  227.362886][ T8949]  ? find_held_lock+0x2b/0x80
[  227.362922][ T8949]  __sys_sendmsg+0x170/0x220
[  227.362939][ T8949]  ? __pfx___sys_sendmsg+0x10/0x10
[  227.362953][ T8949]  ? __fget_files+0x21f/0x3d0
[  227.362979][ T8949]  ? ksys_write+0x1ac/0x250
[  227.362998][ T8949]  ? rcu_is_watching+0x12/0xc0
[  227.363020][ T8949]  __do_fast_syscall_32+0xe7/0x970
[  227.363042][ T8949]  ? lockdep_hardirqs_on+0x78/0x100
[  227.363066][ T8949]  do_fast_syscall_32+0x32/0x70
[  227.363089][ T8949]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  227.363109][ T8949] RIP: 0023:0xf7f25f7c
[  227.363122][ T8949] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  227.363137][ T8949] RSP: 002b:00000000f53e650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  227.363154][ T8949] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000380
[  227.363163][ T8949] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  227.363173][ T8949] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  227.363182][ T8949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  227.363191][ T8949] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  227.363211][ T8949]  </TASK>
[  227.699897][ T8961] bond3: Unable to set down delay as MII monitoring is disabled
[  227.716220][ T8961] bond3 (unregistering): Released all slaves
[  228.717140][ T1253] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  228.723506][ T1253] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  228.736818][ T1253] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  228.744982][ T1253] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  229.271274][ T8978] netlink: 8 bytes leftover after parsing attributes in process `syz.2.845'.
[  229.529768][   T40] audit: type=1326 audit(2000000001.568:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8987 comm="syz.1.848" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f25f7c code=0x0
[  229.555302][ T8985] tipc: Started in network mode
[  229.556915][ T8985] tipc: Node identity , cluster identity 4711
[  229.564150][ T8985] tipc: Failed to obtain node identity
[  229.565916][ T8985] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  229.585499][ T8985] syzkaller0: entered promiscuous mode
[  229.587467][ T8985] syzkaller0: entered allmulticast mode
[  229.765266][ T8992] program syz.0.849 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  229.768889][ T8992] netlink: 4 bytes leftover after parsing attributes in process `syz.0.849'.
[  229.772273][ T8992] openvswitch: netlink: Flow actions attr not present in new flow.
[  229.816266][ T8994] netlink: 4 bytes leftover after parsing attributes in process `syz.0.850'.
[  230.501845][ T9001] FAULT_INJECTION: forcing a failure.
[  230.501845][ T9001] name failslab, interval 1, probability 0, space 0, times 0
[  230.513915][ T9001] CPU: 0 UID: 0 PID: 9001 Comm: syz.3.851 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  230.513954][ T9001] Tainted: [L]=SOFTLOCKUP
[  230.513959][ T9001] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  230.513966][ T9001] Call Trace:
[  230.513970][ T9001]  <TASK>
[  230.513974][ T9001]  dump_stack_lvl+0x100/0x190
[  230.513996][ T9001]  should_fail_ex.cold+0x5/0xa
[  230.514009][ T9001]  should_failslab+0xc2/0x120
[  230.514022][ T9001]  __kmalloc_cache_noprof+0x7a/0x6f0
[  230.514037][ T9001]  ? input_allocate_device+0xc5/0x350
[  230.514056][ T9001]  input_allocate_device+0xc5/0x350
[  230.514073][ T9001]  uinput_ioctl_handler.isra.0+0x3c8/0x1d20
[  230.514087][ T9001]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  230.514098][ T9001]  ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10
[  230.514114][ T9001]  ? find_held_lock+0x2b/0x80
[  230.514127][ T9001]  ? __fget_files+0x215/0x3d0
[  230.514143][ T9001]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  230.514159][ T9001]  ? __pfx_uinput_compat_ioctl+0x10/0x10
[  230.514172][ T9001]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  230.514185][ T9001]  __do_fast_syscall_32+0xe7/0x970
[  230.514200][ T9001]  ? lockdep_hardirqs_on+0x78/0x100
[  230.514216][ T9001]  do_fast_syscall_32+0x32/0x70
[  230.514232][ T9001]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  230.514246][ T9001] RIP: 0023:0xf7f46f7c
[  230.514255][ T9001] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  230.514265][ T9001] RSP: 002b:00000000f540650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  230.514276][ T9001] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000008004552d
[  230.514283][ T9001] RDX: 0000000080000140 RSI: 0000000000000000 RDI: 0000000000000000
[  230.514289][ T9001] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  230.514294][ T9001] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  230.514300][ T9001] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  230.514314][ T9001]  </TASK>
[  230.651274][ T9007] netlink: 4 bytes leftover after parsing attributes in process `syz.1.853'.
[  230.666530][ T9009] program syz.3.855 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  230.671950][ T9009] netlink: 4 bytes leftover after parsing attributes in process `syz.3.855'.
[  230.674895][ T9009] openvswitch: netlink: Flow actions attr not present in new flow.
[  230.794706][ T9007] overlayfs: overlapping lowerdir path
[  232.095883][ T9034] FAULT_INJECTION: forcing a failure.
[  232.095883][ T9034] name failslab, interval 1, probability 0, space 0, times 0
[  232.101549][ T9034] CPU: 3 UID: 0 PID: 9034 Comm: syz.0.861 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  232.101578][ T9034] Tainted: [L]=SOFTLOCKUP
[  232.101584][ T9034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  232.101594][ T9034] Call Trace:
[  232.101599][ T9034]  <TASK>
[  232.101606][ T9034]  dump_stack_lvl+0x100/0x190
[  232.101652][ T9034]  should_fail_ex.cold+0x5/0xa
[  232.101675][ T9034]  should_failslab+0xc2/0x120
[  232.101696][ T9034]  __kmalloc_cache_noprof+0x7a/0x6f0
[  232.101721][ T9034]  ? ip6_route_multipath_add+0xa5b/0x1ba0
[  232.101752][ T9034]  ip6_route_multipath_add+0xa5b/0x1ba0
[  232.101780][ T9034]  ? __pfx_ip6_route_multipath_add+0x10/0x10
[  232.101818][ T9034]  ? kasan_quarantine_put+0x104/0x240
[  232.101841][ T9034]  ? lockdep_hardirqs_on+0x78/0x100
[  232.101880][ T9034]  ? inet6_rtm_newroute+0xf5/0x160
[  232.101898][ T9034]  inet6_rtm_newroute+0xf5/0x160
[  232.101916][ T9034]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[  232.101935][ T9034]  ? __lock_acquire+0x4a5/0x2630
[  232.101973][ T9034]  ? find_held_lock+0x2b/0x80
[  232.101994][ T9034]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  232.102013][ T9034]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  232.102033][ T9034]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[  232.102054][ T9034]  rtnetlink_rcv_msg+0x95e/0xe90
[  232.102075][ T9034]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  232.102101][ T9034]  ? ref_tracker_free+0x37e/0x6c0
[  232.102128][ T9034]  netlink_rcv_skb+0x159/0x420
[  232.102151][ T9034]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  232.102171][ T9034]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  232.102203][ T9034]  ? netlink_deliver_tap+0x1ae/0xcc0
[  232.102229][ T9034]  netlink_unicast+0x585/0x850
[  232.102256][ T9034]  ? __pfx_netlink_unicast+0x10/0x10
[  232.102285][ T9034]  netlink_sendmsg+0x8b0/0xda0
[  232.102313][ T9034]  ? __pfx_netlink_sendmsg+0x10/0x10
[  232.102337][ T9034]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  232.102360][ T9034]  ____sys_sendmsg+0x9e1/0xb70
[  232.102382][ T9034]  ? __pfx_netlink_sendmsg+0x10/0x10
[  232.102406][ T9034]  ? __pfx_____sys_sendmsg+0x10/0x10
[  232.102440][ T9034]  ___sys_sendmsg+0x190/0x1e0
[  232.102465][ T9034]  ? __pfx____sys_sendmsg+0x10/0x10
[  232.102500][ T9034]  ? find_held_lock+0x2b/0x80
[  232.102536][ T9034]  __sys_sendmsg+0x170/0x220
[  232.102556][ T9034]  ? __pfx___sys_sendmsg+0x10/0x10
[  232.102572][ T9034]  ? __fget_files+0x21f/0x3d0
[  232.102600][ T9034]  ? ksys_write+0x1ac/0x250
[  232.102621][ T9034]  ? rcu_is_watching+0x12/0xc0
[  232.102644][ T9034]  __do_fast_syscall_32+0xe7/0x970
[  232.102669][ T9034]  ? lockdep_hardirqs_on+0x78/0x100
[  232.102695][ T9034]  do_fast_syscall_32+0x32/0x70
[  232.102721][ T9034]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  232.102743][ T9034] RIP: 0023:0xf7fc3f7c
[  232.102757][ T9034] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  232.102774][ T9034] RSP: 002b:00000000f548650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  232.102817][ T9034] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  232.102833][ T9034] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[  232.102843][ T9034] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  232.102852][ T9034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  232.102862][ T9034] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  232.102885][ T9034]  </TASK>
[  232.706592][ T5755] Bluetooth: hci1: Malformed LE Event: 0x02
[  233.052957][ T9045] netlink: 4 bytes leftover after parsing attributes in process `syz.1.865'.
[  233.538295][ T9058] program syz.1.868 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  233.542916][ T9058] netlink: 4 bytes leftover after parsing attributes in process `syz.1.868'.
[  233.545893][ T9058] openvswitch: netlink: Flow actions attr not present in new flow.
[  233.866669][ T9067] FAULT_INJECTION: forcing a failure.
[  233.866669][ T9067] name failslab, interval 1, probability 0, space 0, times 0
[  233.870583][ T9067] CPU: 3 UID: 0 PID: 9067 Comm: syz.1.872 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  233.870601][ T9067] Tainted: [L]=SOFTLOCKUP
[  233.870605][ T9067] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  233.870611][ T9067] Call Trace:
[  233.870616][ T9067]  <TASK>
[  233.870620][ T9067]  dump_stack_lvl+0x100/0x190
[  233.870641][ T9067]  should_fail_ex.cold+0x5/0xa
[  233.870655][ T9067]  should_failslab+0xc2/0x120
[  233.870668][ T9067]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  233.870685][ T9067]  ? skb_clone+0x190/0x400
[  233.870695][ T9067]  ? find_held_lock+0x2b/0x80
[  233.870710][ T9067]  skb_clone+0x190/0x400
[  233.870721][ T9067]  bpf_clone_redirect+0x166/0x500
[  233.870733][ T9067]  ? __pfx___cant_migrate+0x10/0x10
[  233.870750][ T9067]  bpf_prog_53f18857bc887b09+0x22/0x2a
[  233.870785][ T9067]  bpf_test_run+0x39c/0xa40
[  233.870799][ T9067]  ? bpf_test_run+0x1c6/0xa40
[  233.870812][ T9067]  ? __pfx_bpf_test_run+0x10/0x10
[  233.870828][ T9067]  ? do_csum+0x1e5/0x380
[  233.870852][ T9067]  bpf_prog_test_run_skb+0x15c4/0x3540
[  233.870874][ T9067]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  233.870889][ T9067]  ? fput+0x79/0x100
[  233.870904][ T9067]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  233.870918][ T9067]  __sys_bpf+0x1725/0x4b90
[  233.870930][ T9067]  ? __pfx___sys_bpf+0x10/0x10
[  233.870939][ T9067]  ? get_pid_task+0x106/0x250
[  233.870954][ T9067]  ? proc_fail_nth_write+0x9f/0x220
[  233.870971][ T9067]  ? find_held_lock+0x2b/0x80
[  233.870986][ T9067]  ? find_held_lock+0x2b/0x80
[  233.870998][ T9067]  ? ksys_write+0x190/0x250
[  233.871012][ T9067]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  233.871027][ T9067]  ? __pfx_vfs_write+0x3/0x10
[  233.871045][ T9067]  ? fput+0x79/0x100
[  233.871059][ T9067]  ? ksys_write+0x1ac/0x250
[  233.871072][ T9067]  __ia32_sys_bpf+0x79/0xf0
[  233.871082][ T9067]  ? lockdep_hardirqs_on+0x78/0x100
[  233.871097][ T9067]  __do_fast_syscall_32+0xe7/0x970
[  233.871112][ T9067]  ? lockdep_hardirqs_on+0x78/0x100
[  233.871127][ T9067]  do_fast_syscall_32+0x32/0x70
[  233.871143][ T9067]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  233.871158][ T9067] RIP: 0023:0xf7f25f7c
[  233.871167][ T9067] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  233.871177][ T9067] RSP: 002b:00000000f53e650c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  233.871188][ T9067] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800003c0
[  233.871194][ T9067] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  233.871200][ T9067] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  233.871206][ T9067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  233.871211][ T9067] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  233.871224][ T9067]  </TASK>
[  234.000739][ T9064] netlink: 8 bytes leftover after parsing attributes in process `syz.3.871'.
[  234.141555][ T9069] FAULT_INJECTION: forcing a failure.
[  234.141555][ T9069] name failslab, interval 1, probability 0, space 0, times 0
[  234.147066][ T9069] CPU: 2 UID: 0 PID: 9069 Comm: syz.1.874 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  234.147093][ T9069] Tainted: [L]=SOFTLOCKUP
[  234.147098][ T9069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  234.147109][ T9069] Call Trace:
[  234.147114][ T9069]  <TASK>
[  234.147121][ T9069]  dump_stack_lvl+0x100/0x190
[  234.147154][ T9069]  should_fail_ex.cold+0x5/0xa
[  234.147176][ T9069]  should_failslab+0xc2/0x120
[  234.147196][ T9069]  __kmalloc_node_track_caller_noprof+0xe3/0x850
[  234.147213][ T9069]  ? __request_module+0x2e1/0x6c0
[  234.147235][ T9069]  kstrdup+0x51/0xe0
[  234.147252][ T9069]  __request_module+0x2e1/0x6c0
[  234.147269][ T9069]  ? __pfx___request_module+0x10/0x10
[  234.147293][ T9069]  ? find_held_lock+0x2b/0x80
[  234.147322][ T9069]  ? rtnl_link_ops_get+0x17b/0x2c0
[  234.147339][ T9069]  ? rtnl_link_ops_get+0x17b/0x2c0
[  234.147364][ T9069]  rtnl_newlink+0x1657/0x2380
[  234.147390][ T9069]  ? __pfx_rtnl_newlink+0x10/0x10
[  234.147406][ T9069]  ? rcu_is_watching+0x12/0xc0
[  234.147425][ T9069]  ? kasan_quarantine_put+0x104/0x240
[  234.147442][ T9069]  ? lockdep_hardirqs_on+0x78/0x100
[  234.147469][ T9069]  ? kfree_skbmem+0x19a/0x210
[  234.147490][ T9069]  ? kmem_cache_free+0x127/0x6c0
[  234.147525][ T9069]  ? __dev_queue_xmit+0x9ef/0x4950
[  234.147555][ T9069]  ? find_held_lock+0x2b/0x80
[  234.147575][ T9069]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  234.147591][ T9069]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  234.147611][ T9069]  ? __pfx_rtnl_newlink+0x10/0x10
[  234.147630][ T9069]  rtnetlink_rcv_msg+0x95e/0xe90
[  234.147650][ T9069]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  234.147675][ T9069]  ? ref_tracker_free+0x37e/0x6c0
[  234.147696][ T9069]  netlink_rcv_skb+0x159/0x420
[  234.147719][ T9069]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  234.147740][ T9069]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  234.147771][ T9069]  ? netlink_deliver_tap+0x1ae/0xcc0
[  234.147797][ T9069]  netlink_unicast+0x585/0x850
[  234.147823][ T9069]  ? __pfx_netlink_unicast+0x10/0x10
[  234.147851][ T9069]  netlink_sendmsg+0x8b0/0xda0
[  234.147877][ T9069]  ? __pfx_netlink_sendmsg+0x10/0x10
[  234.147903][ T9069]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  234.147945][ T9069]  ____sys_sendmsg+0x9e1/0xb70
[  234.147965][ T9069]  ? __pfx_netlink_sendmsg+0x10/0x10
[  234.147991][ T9069]  ? __pfx_____sys_sendmsg+0x10/0x10
[  234.148024][ T9069]  ___sys_sendmsg+0x190/0x1e0
[  234.148049][ T9069]  ? __pfx____sys_sendmsg+0x10/0x10
[  234.148083][ T9069]  ? find_held_lock+0x2b/0x80
[  234.148118][ T9069]  __sys_sendmsg+0x170/0x220
[  234.148137][ T9069]  ? __pfx___sys_sendmsg+0x10/0x10
[  234.148153][ T9069]  ? __fget_files+0x21f/0x3d0
[  234.148180][ T9069]  ? ksys_write+0x1ac/0x250
[  234.148200][ T9069]  ? rcu_is_watching+0x12/0xc0
[  234.148222][ T9069]  __do_fast_syscall_32+0xe7/0x970
[  234.148248][ T9069]  ? lockdep_hardirqs_on+0x78/0x100
[  234.148272][ T9069]  do_fast_syscall_32+0x32/0x70
[  234.148296][ T9069]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  234.148323][ T9069] RIP: 0023:0xf7f25f7c
[  234.148338][ T9069] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  234.148355][ T9069] RSP: 002b:00000000f53e650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  234.148373][ T9069] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340
[  234.148383][ T9069] RDX: 00000000200088c2 RSI: 0000000000000000 RDI: 0000000000000000
[  234.148393][ T9069] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  234.148402][ T9069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  234.148411][ T9069] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  234.148434][ T9069]  </TASK>
[  234.150673][ T9069] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.669055][ T9082] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  234.694842][ T9082] FAULT_INJECTION: forcing a failure.
[  234.694842][ T9082] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  234.701153][ T9082] CPU: 0 UID: 0 PID: 9082 Comm: syz.0.876 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  234.701182][ T9082] Tainted: [L]=SOFTLOCKUP
[  234.701188][ T9082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  234.701198][ T9082] Call Trace:
[  234.701205][ T9082]  <TASK>
[  234.701212][ T9082]  dump_stack_lvl+0x100/0x190
[  234.701245][ T9082]  should_fail_ex.cold+0x5/0xa
[  234.701268][ T9082]  _copy_to_iter+0x1f3/0x1720
[  234.701298][ T9082]  ? __pfx__copy_to_iter+0x10/0x10
[  234.701320][ T9082]  ? find_held_lock+0x2b/0x80
[  234.701341][ T9082]  ? aa_file_perm+0x7e4/0x14d0
[  234.701365][ T9082]  ? aa_file_perm+0x7e4/0x14d0
[  234.701397][ T9082]  copy_page_to_iter+0x285/0x370
[  234.701425][ T9082]  anon_pipe_read+0x47e/0x1200
[  234.701456][ T9082]  ? __pfx_anon_pipe_read+0x10/0x10
[  234.701480][ T9082]  ? apparmor_file_permission+0x13f/0x1c0
[  234.701502][ T9082]  ? bpf_lsm_file_permission+0x9/0x10
[  234.701518][ T9082]  ? security_file_permission+0x76/0x210
[  234.701542][ T9082]  ? rw_verify_area+0xce/0x6d0
[  234.701558][ T9082]  ? __pfx_anon_pipe_read+0x10/0x10
[  234.701579][ T9082]  vfs_read+0x957/0xb30
[  234.701602][ T9082]  ? __pfx_vfs_read+0x10/0x10
[  234.701618][ T9082]  ? find_held_lock+0x2b/0x80
[  234.701656][ T9082]  ksys_read+0x1f8/0x250
[  234.701675][ T9082]  ? __pfx_ksys_read+0x10/0x10
[  234.701692][ T9082]  ? exit_to_user_mode_loop+0xf3/0x670
[  234.701720][ T9082]  ? rcu_is_watching+0x12/0xc0
[  234.701740][ T9082]  ? rcu_is_watching+0x12/0xc0
[  234.701768][ T9082]  __do_fast_syscall_32+0xe7/0x970
[  234.701791][ T9082]  ? lockdep_hardirqs_on+0x78/0x100
[  234.701818][ T9082]  do_fast_syscall_32+0x32/0x70
[  234.701844][ T9082]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  234.701861][ T9082] RIP: 0023:0xf7fc3f7c
[  234.701874][ T9082] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  234.701890][ T9082] RSP: 002b:00000000f546550c EFLAGS: 00000292 ORIG_RAX: 0000000000000003
[  234.701906][ T9082] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000780
[  234.701916][ T9082] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000000
[  234.701926][ T9082] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  234.701936][ T9082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  234.701945][ T9082] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  234.701968][ T9082]  </TASK>
[  235.552766][ T9086] netlink: 8 bytes leftover after parsing attributes in process `syz.3.881'.
[  235.599144][ T9090] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.879'.
[  235.719703][ T9094] netlink: 8 bytes leftover after parsing attributes in process `syz.0.882'.
[  235.723008][ T9094] netlink: 4 bytes leftover after parsing attributes in process `syz.0.882'.
[  235.757023][ T9094] loop8: detected capacity change from 0 to 7
[  235.840654][ T9094] Dev loop8: unable to read RDB block 7
[  235.843012][ T9094]  loop8: AHDI p2
[  235.844442][ T9094] loop8: partition table partially beyond EOD, truncated
[  235.991864][ T9106] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.998193][ T5153] Dev loop8: unable to read RDB block 7
[  236.002027][ T5153]  loop8: AHDI p2
[  236.003796][ T5153] loop8: partition table partially beyond EOD, truncated
[  236.106257][ T9106] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.190868][ T9106] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.256139][ T9106] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.366902][   T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  236.375717][   T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  236.394378][   T46] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  236.415724][   T46] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  236.475695][ T9109] FAULT_INJECTION: forcing a failure.
[  236.475695][ T9109] name failslab, interval 1, probability 0, space 0, times 0
[  236.492615][ T9109] CPU: 1 UID: 0 PID: 9109 Comm: syz.0.886 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  236.492635][ T9109] Tainted: [L]=SOFTLOCKUP
[  236.492638][ T9109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  236.492645][ T9109] Call Trace:
[  236.492649][ T9109]  <TASK>
[  236.492655][ T9109]  dump_stack_lvl+0x100/0x190
[  236.492677][ T9109]  should_fail_ex.cold+0x5/0xa
[  236.492704][ T9109]  should_failslab+0xc2/0x120
[  236.492717][ T9109]  __kvmalloc_node_noprof+0xfa/0xa00
[  236.492728][ T9109]  ? page_pool_create_percpu+0x2e0/0xd50
[  236.492747][ T9109]  page_pool_create_percpu+0x2e0/0xd50
[  236.492764][ T9109]  bpf_test_run_xdp_live+0x192/0x760
[  236.492778][ T9109]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  236.492790][ T9109]  ? preempt_schedule_thunk+0x16/0x30
[  236.492807][ T9109]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  236.492826][ T9109]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  236.492847][ T9109]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  236.492864][ T9109]  ? 0xffffffffa0206480
[  236.492874][ T9109]  ? 0xffffffffa0206480
[  236.492882][ T9109]  ? 0xffffffffa0206480
[  236.492893][ T9109]  bpf_prog_test_run_xdp+0xd7d/0x1670
[  236.492911][ T9109]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  236.492928][ T9109]  ? fput+0x79/0x100
[  236.492943][ T9109]  ? __bpf_prog_get+0x97/0x2a0
[  236.492957][ T9109]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  236.492970][ T9109]  __sys_bpf+0x1725/0x4b90
[  236.492981][ T9109]  ? __pfx___sys_bpf+0x10/0x10
[  236.492990][ T9109]  ? get_pid_task+0x106/0x250
[  236.493005][ T9109]  ? proc_fail_nth_write+0x9f/0x220
[  236.493021][ T9109]  ? find_held_lock+0x2b/0x80
[  236.493036][ T9109]  ? find_held_lock+0x2b/0x80
[  236.493049][ T9109]  ? ksys_write+0x190/0x250
[  236.493063][ T9109]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  236.493077][ T9109]  ? __pfx_vfs_write+0x3/0x10
[  236.493096][ T9109]  ? fput+0x79/0x100
[  236.493110][ T9109]  ? ksys_write+0x1ac/0x250
[  236.493123][ T9109]  __ia32_sys_bpf+0x79/0xf0
[  236.493133][ T9109]  ? lockdep_hardirqs_on+0x78/0x100
[  236.493148][ T9109]  __do_fast_syscall_32+0xe7/0x970
[  236.493163][ T9109]  ? lockdep_hardirqs_on+0x78/0x100
[  236.493182][ T9109]  do_fast_syscall_32+0x32/0x70
[  236.493198][ T9109]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  236.493212][ T9109] RIP: 0023:0xf7fc3f7c
[  236.493221][ T9109] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  236.493231][ T9109] RSP: 002b:00000000f548650c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  236.493241][ T9109] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000b80
[  236.493248][ T9109] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  236.493254][ T9109] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  236.493259][ T9109] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  236.493265][ T9109] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  236.493278][ T9109]  </TASK>
[  236.495026][ T9109] page_pool_create_percpu() gave up with errno -12
[  236.982887][ T9124] FAULT_INJECTION: forcing a failure.
[  236.982887][ T9124] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  236.987511][ T9124] CPU: 2 UID: 0 PID: 9124 Comm: syz.1.891 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  236.987528][ T9124] Tainted: [L]=SOFTLOCKUP
[  236.987532][ T9124] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  236.987538][ T9124] Call Trace:
[  236.987542][ T9124]  <TASK>
[  236.987546][ T9124]  dump_stack_lvl+0x100/0x190
[  236.987567][ T9124]  should_fail_ex.cold+0x5/0xa
[  236.987581][ T9124]  _copy_to_user+0x32/0xd0
[  236.987597][ T9124]  simple_read_from_buffer+0xcb/0x170
[  236.987611][ T9124]  proc_fail_nth_read+0x1af/0x230
[  236.987629][ T9124]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  236.987646][ T9124]  ? rw_verify_area+0xce/0x6d0
[  236.987657][ T9124]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  236.987672][ T9124]  vfs_read+0x1e4/0xb30
[  236.987686][ T9124]  ? __pfx_vfs_read+0x10/0x10
[  236.987696][ T9124]  ? find_held_lock+0x2b/0x80
[  236.987710][ T9124]  ? __fget_files+0x215/0x3d0
[  236.987724][ T9124]  ? __fget_files+0x21f/0x3d0
[  236.987739][ T9124]  ksys_read+0x12a/0x250
[  236.987751][ T9124]  ? __pfx_ksys_read+0x10/0x10
[  236.987762][ T9124]  ? rcu_is_watching+0x12/0xc0
[  236.987775][ T9124]  ? rcu_is_watching+0x12/0xc0
[  236.987793][ T9124]  do_int80_emulation+0x14b/0x720
[  236.987811][ T9124]  asm_int80_emulation+0x1a/0x20
[  236.987822][ T9124] RIP: 0023:0xf71261ab
[  236.987830][ T9124] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  236.987841][ T9124] RSP: 002b:00000000f53e64bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  236.987851][ T9124] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f53e65d0
[  236.987858][ T9124] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  236.987864][ T9124] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  236.987884][ T9124] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  236.987890][ T9124] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  236.987903][ T9124]  </TASK>
[  237.075646][ T9127] openvswitch: netlink: Flow actions attr not present in new flow.
[  237.098300][ T9127] exFAT-fs (nbd0): unable to read boot sector
[  237.101283][ T9127] exFAT-fs (nbd0): failed to read boot sector
[  237.103857][ T9127] exFAT-fs (nbd0): failed to recognize exfat type
[  237.103965][ T9126] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  237.111436][ T9126] overlayfs: failed to set xattr on upper
[  237.113680][ T9126] overlayfs: ...falling back to redirect_dir=nofollow.
[  237.116411][ T9126] overlayfs: ...falling back to index=off.
[  237.118654][ T9126] overlayfs: ...falling back to uuid=null.
[  237.120929][ T9126] overlayfs: ...falling back to xino=off.
[  237.123233][ T9126] overlayfs: conflicting lowerdir path
[  237.909317][ T9141] fuse: Unknown parameter 'Ād<0x0000000000000004'
[  237.926409][ T9143] syzkaller1: entered promiscuous mode
[  237.928024][ T9143] syzkaller1: entered allmulticast mode
[  239.204117][ T9175] netlink: 4 bytes leftover after parsing attributes in process `syz.2.905'.
[  240.073751][ T9195] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  240.107266][ T9195] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  240.121459][ T9195] overlayfs: failed to look up (tracing) for ino (-66)
[  240.223643][ T9195] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.410835][ T9195] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  240.431793][ T9195] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  240.587147][   T13] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 256 - 0
[  240.598742][   T13] netdevsim netdevsim1 eth0: unset [1, 1] type 2 family 0 port 6081 - 0
[  240.604348][   T13] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 256 - 0
[  240.607353][   T13] netdevsim netdevsim1 eth1: unset [1, 1] type 2 family 0 port 6081 - 0
[  240.612634][   T13] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 256 - 0
[  240.617076][   T13] netdevsim netdevsim1 eth2: unset [1, 1] type 2 family 0 port 6081 - 0
[  240.620824][   T13] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 256 - 0
[  240.623557][   T13] netdevsim netdevsim1 eth3: unset [1, 1] type 2 family 0 port 6081 - 0
[  240.945606][ T9210] input: syz1 as /devices/virtual/input/input27
[  241.687461][ T9212] FAULT_INJECTION: forcing a failure.
[  241.687461][ T9212] name failslab, interval 1, probability 0, space 0, times 0
[  241.692150][ T9212] CPU: 0 UID: 0 PID: 9212 Comm: syz.0.918 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  241.692180][ T9212] Tainted: [L]=SOFTLOCKUP
[  241.692186][ T9212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  241.692194][ T9212] Call Trace:
[  241.692201][ T9212]  <TASK>
[  241.692207][ T9212]  dump_stack_lvl+0x100/0x190
[  241.692238][ T9212]  should_fail_ex.cold+0x5/0xa
[  241.692259][ T9212]  should_failslab+0xc2/0x120
[  241.692277][ T9212]  __kmalloc_cache_noprof+0x7a/0x6f0
[  241.692298][ T9212]  ? tcf_block_get_ext+0x94d/0x1950
[  241.692318][ T9212]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  241.692343][ T9212]  tcf_block_get_ext+0x94d/0x1950
[  241.692361][ T9212]  ? qdisc_create+0x70/0x1070
[  241.692384][ T9212]  ? netlink_unicast+0x585/0x850
[  241.692402][ T9212]  ? netlink_sendmsg+0x8b0/0xda0
[  241.692424][ T9212]  tcf_block_get+0xa8/0x100
[  241.692443][ T9212]  ? __pfx_tcf_block_get+0x10/0x10
[  241.692462][ T9212]  ? __pfx_tcf_chain_head_change_dflt+0x10/0x10
[  241.692493][ T9212]  prio_init+0x3b/0x80
[  241.692511][ T9212]  ? __pfx_prio_init+0x10/0x10
[  241.692527][ T9212]  qdisc_create+0x47b/0x1070
[  241.692549][ T9212]  ? do_raw_read_unlock+0x3f/0x70
[  241.692569][ T9212]  tc_modify_qdisc+0xdcf/0x2120
[  241.692596][ T9212]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  241.692619][ T9212]  ? __lock_acquire+0x4a5/0x2630
[  241.692658][ T9212]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  241.692682][ T9212]  rtnetlink_rcv_msg+0x3c9/0xe90
[  241.692701][ T9212]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  241.692725][ T9212]  ? ref_tracker_free+0x37e/0x6c0
[  241.692744][ T9212]  netlink_rcv_skb+0x159/0x420
[  241.692764][ T9212]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  241.692782][ T9212]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  241.692829][ T9212]  ? netlink_deliver_tap+0x1ae/0xcc0
[  241.692852][ T9212]  netlink_unicast+0x585/0x850
[  241.692876][ T9212]  ? __pfx_netlink_unicast+0x10/0x10
[  241.692902][ T9212]  netlink_sendmsg+0x8b0/0xda0
[  241.692926][ T9212]  ? __pfx_netlink_sendmsg+0x10/0x10
[  241.692948][ T9212]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  241.692968][ T9212]  ____sys_sendmsg+0x9e1/0xb70
[  241.692987][ T9212]  ? __pfx_netlink_sendmsg+0x10/0x10
[  241.693008][ T9212]  ? __pfx_____sys_sendmsg+0x10/0x10
[  241.693038][ T9212]  ___sys_sendmsg+0x190/0x1e0
[  241.693061][ T9212]  ? __pfx____sys_sendmsg+0x10/0x10
[  241.693092][ T9212]  ? find_held_lock+0x2b/0x80
[  241.693125][ T9212]  __sys_sendmsg+0x170/0x220
[  241.693142][ T9212]  ? __pfx___sys_sendmsg+0x10/0x10
[  241.693156][ T9212]  ? __fget_files+0x21f/0x3d0
[  241.693186][ T9212]  ? ksys_write+0x1ac/0x250
[  241.693205][ T9212]  ? rcu_is_watching+0x12/0xc0
[  241.693226][ T9212]  __do_fast_syscall_32+0xe7/0x970
[  241.693248][ T9212]  ? lockdep_hardirqs_on+0x78/0x100
[  241.693271][ T9212]  do_fast_syscall_32+0x32/0x70
[  241.693287][ T9212]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  241.693301][ T9212] RIP: 0023:0xf7fc3f7c
[  241.693310][ T9212] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  241.693320][ T9212] RSP: 002b:00000000f548650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  241.693331][ T9212] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  241.693338][ T9212] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  241.693344][ T9212] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  241.693349][ T9212] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  241.693355][ T9212] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  241.693369][ T9212]  </TASK>
[  241.959722][ T9228] hsr0: entered promiscuous mode
[  241.965814][   T40] audit: type=1326 audit(2000000013.056:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9227 comm="syz.2.923" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f14f7c code=0x0
[  242.903616][ T9251] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  243.160201][ T9258] input: syz1 as /devices/virtual/input/input28
[  243.515713][ T9268] netlink: 20 bytes leftover after parsing attributes in process `syz.3.936'.
[  243.584348][ T9270] netlink: 4 bytes leftover after parsing attributes in process `syz.3.936'.
[  243.671191][ T9274] FAULT_INJECTION: forcing a failure.
[  243.671191][ T9274] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  243.671231][ T9274] CPU: 0 UID: 0 PID: 9274 Comm: syz.1.937 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  243.671247][ T9274] Tainted: [L]=SOFTLOCKUP
[  243.671251][ T9274] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  243.671257][ T9274] Call Trace:
[  243.671261][ T9274]  <TASK>
[  243.671266][ T9274]  dump_stack_lvl+0x100/0x190
[  243.671288][ T9274]  should_fail_ex.cold+0x5/0xa
[  243.671303][ T9274]  _copy_to_user+0x32/0xd0
[  243.671321][ T9274]  simple_read_from_buffer+0xcb/0x170
[  243.671336][ T9274]  proc_fail_nth_read+0x1af/0x230
[  243.671354][ T9274]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  243.671373][ T9274]  ? rw_verify_area+0xce/0x6d0
[  243.671384][ T9274]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  243.671401][ T9274]  vfs_read+0x1e4/0xb30
[  243.671415][ T9274]  ? __pfx_vfs_read+0x10/0x10
[  243.671427][ T9274]  ? find_held_lock+0x2b/0x80
[  243.671441][ T9274]  ? __fget_files+0x215/0x3d0
[  243.671456][ T9274]  ? __fget_files+0x21f/0x3d0
[  243.671473][ T9274]  ksys_read+0x12a/0x250
[  243.671485][ T9274]  ? __pfx_ksys_read+0x10/0x10
[  243.671497][ T9274]  ? rcu_is_watching+0x12/0xc0
[  243.671510][ T9274]  ? rcu_is_watching+0x12/0xc0
[  243.671524][ T9274]  do_int80_emulation+0x14b/0x720
[  243.671543][ T9274]  asm_int80_emulation+0x1a/0x20
[  243.671554][ T9274] RIP: 0023:0xf71261ab
[  243.671563][ T9274] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  243.671574][ T9274] RSP: 002b:00000000f53e64bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  243.671591][ T9274] RAX: ffffffffffffffda RBX: 000000000000000e RCX: 00000000f53e65d0
[  243.671597][ T9274] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  243.671603][ T9274] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  243.671609][ T9274] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  243.671616][ T9274] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  243.671630][ T9274]  </TASK>
[  243.816238][ T9278] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0
[  243.965075][ T9281] fuse: Unknown parameter '0x0000000000000006'
[  244.099768][ T5755] Bluetooth: hci1: unexpected event for opcode 0x0c12
[  244.211995][ T9285] netlink: 'syz.0.935': attribute type 1 has an invalid length.
[  244.244387][ T9285] 8021q: adding VLAN 0 to HW filter on device bond3
[  244.605195][ T5755] Bluetooth: hci2: unexpected event for opcode 0x110d
[  244.610269][ T9292] netlink: 'syz.3.941': attribute type 1 has an invalid length.
[  244.616329][ T9290] x_tables: duplicate underflow at hook 1
[  244.632120][ T9292] 8021q: adding VLAN 0 to HW filter on device bond3
[  244.650804][ T9292] 8021q: adding VLAN 0 to HW filter on device bond3
[  244.653320][ T9292] bond3: (slave gre1): The slave device specified does not support setting the MAC address
[  244.657944][ T9292] bond3: (slave gre1): Error -95 calling set_mac_address
[  244.760165][ T9292] netlink: 8 bytes leftover after parsing attributes in process `syz.3.941'.
[  244.772341][ T9292] gretap1: entered promiscuous mode
[  244.784090][ T9292] macvlan3: entered promiscuous mode
[  244.788648][ T9292] macvlan3: entered allmulticast mode
[  244.798680][ T9292] bond3: entered promiscuous mode
[  244.802807][ T9292] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  244.810665][ T9292] bond3: left promiscuous mode
[  244.974489][ T9302] netlink: 8 bytes leftover after parsing attributes in process `syz.3.944'.
[  245.198960][ T9314] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  245.270892][ T9314] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  245.275905][ T9314] overlayfs: failed to look up (tracing) for ino (-66)
[  245.299093][ T9314] netlink: 'syz.0.943': attribute type 16 has an invalid length.
[  245.906257][ T9319] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  246.852122][ T9335] netlink: 4 bytes leftover after parsing attributes in process `syz.3.952'.
[  248.506950][ T5755] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  248.513977][ T5755] Bluetooth: hci1: Injecting HCI hardware error event
[  248.520848][ T5755] Bluetooth: hci1: hardware error 0x00
[  250.535149][ T9383] tipc: Started in network mode
[  250.537261][ T9383] tipc: Node identity 080211000001, cluster identity 4711
[  250.540155][ T9383] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  250.546162][ T9383] tipc: Resetting bearer <eth:syzkaller0>
[  250.549822][  T161] tipc: Resetting bearer <eth:syzkaller0>
[  250.558493][ T9383] tmpfs: Unknown parameter 'v����1/���)��;'
[  250.562158][ T9383] netlink: 'syz.1.966': attribute type 10 has an invalid length.
[  250.568194][ T9383] team0: Port device dummy0 added
[  250.584867][ T9383] netlink: 'syz.1.966': attribute type 10 has an invalid length.
[  250.631488][ T9383] team0: Port device dummy0 removed
[  250.636869][ T9383] .`: (slave dummy0): Enslaving as an active interface with an up link
[  250.847728][ T5755] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  251.383015][ T9395] netlink: 4 bytes leftover after parsing attributes in process `syz.0.968'.
[  251.588798][ T9398] input: syz1 as /devices/virtual/input/input29
[  251.834030][ T5826] tipc: Node number set to 134418688
[  252.345362][ T9404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.972'.
[  252.437217][ T9411] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  252.689708][ T9422] input: syz1 as /devices/virtual/input/input30
[  252.692754][ T9422] input: failed to attach handler leds to device input30, error: -6
[  254.268483][ T9445] netlink: 68 bytes leftover after parsing attributes in process `syz.1.983'.
[  254.278173][ T9445] netlink: 32 bytes leftover after parsing attributes in process `syz.1.983'.
[  254.678357][ T9450] input: syz1 as /devices/virtual/input/input32
[  254.725570][ T9452] netlink: 4 bytes leftover after parsing attributes in process `syz.2.986'.
[  255.256510][ T9455] FAULT_INJECTION: forcing a failure.
[  255.256510][ T9455] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  255.261519][ T9455] CPU: 3 UID: 0 PID: 9455 Comm: syz.3.987 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  255.261537][ T9455] Tainted: [L]=SOFTLOCKUP
[  255.261540][ T9455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  255.261561][ T9455] Call Trace:
[  255.261566][ T9455]  <TASK>
[  255.261570][ T9455]  dump_stack_lvl+0x100/0x190
[  255.261592][ T9455]  should_fail_ex.cold+0x5/0xa
[  255.261606][ T9455]  _copy_from_user+0x2e/0xd0
[  255.261622][ T9455]  ? __pfx_binder_ioctl+0x10/0x10
[  255.261634][ T9455]  binder_ioctl+0x4cb/0x7550
[  255.261649][ T9455]  ? find_held_lock+0x2b/0x80
[  255.261662][ T9455]  ? tomoyo_path_number_perm+0x28f/0x580
[  255.261674][ T9455]  ? tomoyo_path_number_perm+0x28f/0x580
[  255.261692][ T9455]  ? tomoyo_path_number_perm+0x188/0x580
[  255.261704][ T9455]  ? hrtimer_start_range_ns+0x804/0x1a50
[  255.261717][ T9455]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  255.261730][ T9455]  ? __pfx_binder_ioctl+0x10/0x10
[  255.261750][ T9455]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  255.261773][ T9455]  ? do_vfs_ioctl+0x226/0x13e0
[  255.261791][ T9455]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  255.261814][ T9455]  ? find_held_lock+0x2b/0x80
[  255.261836][ T9455]  ? __fget_files+0x215/0x3d0
[  255.261856][ T9455]  ? hook_file_ioctl_common+0x149/0x410
[  255.261883][ T9455]  ? __fget_files+0x21f/0x3d0
[  255.261904][ T9455]  ? __pfx_binder_ioctl+0x10/0x10
[  255.261928][ T9455]  compat_ptr_ioctl+0x6e/0xa0
[  255.261947][ T9455]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  255.261961][ T9455]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  255.261999][ T9455]  __do_fast_syscall_32+0xe7/0x970
[  255.262023][ T9455]  ? lockdep_hardirqs_on+0x78/0x100
[  255.262050][ T9455]  do_fast_syscall_32+0x32/0x70
[  255.262076][ T9455]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  255.262098][ T9455] RIP: 0023:0xf7f46f7c
[  255.262114][ T9455] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  255.262132][ T9455] RSP: 002b:00000000f540650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  255.262150][ T9455] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201
[  255.262162][ T9455] RDX: 0000000080000480 RSI: 0000000000000000 RDI: 0000000000000000
[  255.262174][ T9455] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  255.262183][ T9455] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  255.262190][ T9455] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  255.262212][ T9455]  </TASK>
[  255.262979][ T9455] binder: 9454:9455 ioctl c0306201 80000480 returned -14
[  255.766939][ T9462] input: syz1 as /devices/virtual/input/input33
[  255.769474][ T9462] input: failed to attach handler leds to device input33, error: -6
[  256.100978][ T9467] vcan0: tx drop: invalid da for name 0x0000000000000002
[  256.113671][ T9469] netlink: 4 bytes leftover after parsing attributes in process `syz.2.992'.
[  256.215082][   T40] audit: type=1326 audit(2000000026.204:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.0.990" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  256.230139][   T40] audit: type=1326 audit(2000000026.204:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.0.990" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  256.246516][   T40] audit: type=1326 audit(2000000026.213:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.0.990" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  256.257078][   T40] audit: type=1326 audit(2000000026.213:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.0.990" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  256.264566][   T40] audit: type=1326 audit(2000000026.213:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.0.990" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  256.271268][   T40] audit: type=1326 audit(2000000026.213:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.0.990" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  256.278661][   T40] audit: type=1326 audit(2000000026.213:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.0.990" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  256.285197][   T40] audit: type=1326 audit(2000000026.213:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.0.990" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  256.292715][   T40] audit: type=1326 audit(2000000026.213:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.0.990" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  256.299728][   T40] audit: type=1326 audit(2000000026.213:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9463 comm="syz.0.990" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc3f7c code=0x7ffc0000
[  256.625768][ T9479] program syz.1.995 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  256.703871][ T9481] netlink: 'syz.3.996': attribute type 11 has an invalid length.
[  257.021379][ T9495] program syz.0.1000 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  257.027664][ T9495] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1000'.
[  257.031821][ T9495] openvswitch: netlink: Flow actions attr not present in new flow.
[  257.897453][ T9510] random: crng reseeded on system resumption
[  257.971565][ T9513] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1005'.
[  257.991691][ T9513] syz.3.1005: attempt to access beyond end of device
[  257.991691][ T9513] sr0: rw=6144, sector=128, nr_sectors = 8 limit=128
[  257.996187][ T9513] gfs2: error -5 reading superblock
[  258.030403][ T9515] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1006'.
[  258.297790][ T9522] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.429951][ T9522] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.520171][ T9522] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.620246][ T9522] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.664835][ T9534] FAULT_INJECTION: forcing a failure.
[  258.664835][ T9534] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  258.671562][ T9534] CPU: 3 UID: 0 PID: 9534 Comm: syz.1.1011 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  258.671581][ T9534] Tainted: [L]=SOFTLOCKUP
[  258.671585][ T9534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  258.671591][ T9534] Call Trace:
[  258.671596][ T9534]  <TASK>
[  258.671601][ T9534]  dump_stack_lvl+0x100/0x190
[  258.671622][ T9534]  should_fail_ex.cold+0x5/0xa
[  258.671635][ T9534]  _copy_from_user+0x2e/0xd0
[  258.671654][ T9534]  kstrtouint_from_user+0xd6/0x1d0
[  258.671671][ T9534]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  258.671687][ T9534]  ? __lock_acquire+0x4a5/0x2630
[  258.671724][ T9534]  proc_fail_nth_write+0x83/0x220
[  258.671751][ T9534]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  258.671784][ T9534]  vfs_write+0x2aa/0x1070
[  258.671807][ T9534]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  258.671835][ T9534]  ? __pfx_vfs_write+0x10/0x10
[  258.671853][ T9534]  ? find_held_lock+0x2b/0x80
[  258.671876][ T9534]  ? __fget_files+0x215/0x3d0
[  258.671902][ T9534]  ? __fget_files+0x21f/0x3d0
[  258.671929][ T9534]  ksys_write+0x12a/0x250
[  258.671950][ T9534]  ? __pfx_ksys_write+0x10/0x10
[  258.671971][ T9534]  ? rcu_is_watching+0x12/0xc0
[  258.671995][ T9534]  do_int80_emulation+0x14b/0x720
[  258.672026][ T9534]  asm_int80_emulation+0x1a/0x20
[  258.672043][ T9534] RIP: 0023:0xf71261ab
[  258.672058][ T9534] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  258.672075][ T9534] RSP: 002b:00000000f53e64bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  258.672092][ T9534] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f53e65d0
[  258.672104][ T9534] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  258.672113][ T9534] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  258.672122][ T9534] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  258.672133][ T9534] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  258.672156][ T9534]  </TASK>
[  258.872461][ T9027] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  258.919787][ T9027] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  258.935552][ T9027] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  258.955794][ T9027] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  259.320948][   T13] Bluetooth: hci4: Frame reassembly failed (-84)
[  259.325718][   T13] Bluetooth: hci4: Frame reassembly failed (-84)
[  259.624671][ T9550] random: crng reseeded on system resumption
[  259.868766][ T9556] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1019'.
[  261.511989][ T5755] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  261.512373][ T5756] Bluetooth: hci4: command 0x1003 tx timeout
[  262.573462][ T9566] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1023'.
[  262.655951][ T9569] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1024'.
[  262.827848][ T9573] fuse: Unknown parameter 'grou|��*'h�����Kd'
[  263.795572][ T9584] fuse: fd is not a fuse device
[  264.353847][ T9608] openvswitch: netlink: Flow actions attr not present in new flow.
[  264.359935][ T9608] exFAT-fs (nbd3): unable to read boot sector
[  264.361901][ T9608] exFAT-fs (nbd3): failed to read boot sector
[  264.365028][ T9608] exFAT-fs (nbd3): failed to recognize exfat type
[  264.540420][ T9616] binder: 9615:9616 ioctl c0306201 80000080 returned -14
[  264.783435][ T9621] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  264.920874][ T9625] netlink: 27 bytes leftover after parsing attributes in process `syz.0.1038'.
[  265.134751][ T9632] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1041'.
[  265.150249][ T1042] IPVS: starting estimator thread 0...
[  265.184090][ T9635] netlink: 'syz.3.1042': attribute type 1 has an invalid length.
[  265.186710][ T9635] netlink: 'syz.3.1042': attribute type 2 has an invalid length.
[  265.262871][ T9633] IPVS: using max 28 ests per chain, 67200 per kthread
[  265.894321][ T9644] lo speed is unknown, defaulting to 1000
[  265.897438][ T9644] lo speed is unknown, defaulting to 1000
[  265.899540][ T9644] lo speed is unknown, defaulting to 1000
[  265.901887][ T9644] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[  265.906217][ T9644] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[  265.912083][ T9644] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[  265.920463][ T9644] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  265.931597][ T9644] lo speed is unknown, defaulting to 1000
[  265.934665][ T9644] lo speed is unknown, defaulting to 1000
[  265.937119][ T9644] lo speed is unknown, defaulting to 1000
[  265.939620][ T9644] lo speed is unknown, defaulting to 1000
[  265.958406][ T9644] smc: removing ib device syz1
[  265.974432][ T9644] smbdirect: ib_dev[syz1] removed
[  266.316385][ T9644] ------------[ cut here ]------------
[  266.318126][ T9644] !xa_empty(&pool->xa)
[  266.318134][ T9644] WARNING: drivers/infiniband/sw/rxe/rxe_pool.c:116 at rxe_pool_cleanup+0x46/0x60, CPU#0: syz.2.1044/9644
[  266.322885][ T9644] Modules linked in:
[  266.324649][ T9644] CPU: 0 UID: 0 PID: 9644 Comm: syz.2.1044 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  266.328127][ T9644] Tainted: [L]=SOFTLOCKUP
[  266.329561][ T9644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  266.332691][ T9644] RIP: 0010:rxe_pool_cleanup+0x46/0x60
[  266.334404][ T9644] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 29 48 83 bb 80 00 00 00 00 75 0b e8 f6 e3 52 f9 5b c3 cc cc cc cc e8 eb e3 52 f9 90 <0f> 0b 90 e8 e2 e3 52 f9 5b c3 cc cc cc cc e8 97 d0 bf f9 eb d0 0f
[  266.341476][ T9644] RSP: 0000:ffffc90002e8f150 EFLAGS: 00010246
[  266.343399][ T9644] RAX: 0000000000080000 RBX: ffff888024439398 RCX: ffffc9000cc04000
[  266.345875][ T9644] RDX: 0000000000080000 RSI: ffffffff88b51975 RDI: ffff888024439418
[  266.348293][ T9644] RBP: ffffffff88b37560 R08: 0000000000000005 R09: 0000000000000001
[  266.351165][ T9644] R10: 0000000000000002 R11: 0000000000000000 R12: ffff888024438698
[  266.354244][ T9644] R13: ffff888024437fe0 R14: ffff888024437fe0 R15: ffff8880244390f8
[  266.357446][ T9644] FS:  0000000000000000(0000) GS:ffff88809718e000(0063) knlGS:00000000f53d6b40
[  266.360198][ T9644] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  266.362211][ T9644] CR2: 00000000f734f68c CR3: 0000000026410000 CR4: 0000000000352ef0
[  266.364673][ T9644] Call Trace:
[  266.365718][ T9644]  <TASK>
[  266.366645][ T9644]  rxe_dealloc+0x25/0xc0
[  266.368085][ T9644]  ib_dealloc_device+0x49/0x230
[  266.369587][ T9644]  __ib_unregister_device+0x396/0x480
[  266.371492][ T9644]  ib_unregister_device_and_put+0x5a/0x80
[  266.373455][ T9644]  nldev_dellink+0x308/0x430
[  266.374943][ T9644]  ? __pfx_nldev_dellink+0x10/0x10
[  266.376869][ T9644]  ? rcu_is_watching+0x12/0xc0
[  266.378811][ T9644]  ? apparmor_capable+0x1d7/0x4d0
[  266.380632][ T9644]  ? bpf_lsm_capable+0x9/0x10
[  266.382437][ T9644]  ? security_capable+0x80/0x260
[  266.384315][ T9644]  ? ns_capable+0xd2/0xf0
[  266.385860][ T9644]  ? __pfx_nldev_dellink+0x10/0x10
[  266.387370][ T9644]  rdma_nl_rcv_msg+0x392/0x6f0
[  266.388924][ T9644]  ? __pfx_rdma_nl_rcv_msg+0x10/0x10
[  266.390589][ T9644]  ? __lock_acquire+0x4a5/0x2630
[  266.392165][ T9644]  rdma_nl_rcv_skb.constprop.0.isra.0+0x2cb/0x410
[  266.394496][ T9644]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[  266.396717][ T9644]  ? netlink_deliver_tap+0x1ae/0xcc0
[  266.398399][ T9644]  netlink_unicast+0x585/0x850
[  266.400307][ T9644]  ? __pfx_netlink_unicast+0x10/0x10
[  266.402204][ T9644]  netlink_sendmsg+0x8b0/0xda0
[  266.404051][ T9644]  ? __pfx_netlink_sendmsg+0x10/0x10
[  266.406095][ T9644]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  266.408171][ T9644]  ____sys_sendmsg+0x9e1/0xb70
[  266.409656][ T9644]  ? __pfx_netlink_sendmsg+0x10/0x10
[  266.411369][ T9644]  ? __pfx_____sys_sendmsg+0x10/0x10
[  266.412956][ T9644]  ? __pfx___futex_wait+0x10/0x10
[  266.414543][ T9644]  ? __pfx_futex_wake_mark+0x10/0x10
[  266.416223][ T9644]  ___sys_sendmsg+0x190/0x1e0
[  266.417862][ T9644]  ? __pfx____sys_sendmsg+0x10/0x10
[  266.419964][ T9644]  ? find_held_lock+0x2b/0x80
[  266.421911][ T9644]  __sys_sendmsg+0x170/0x220
[  266.423483][ T9644]  ? __pfx___sys_sendmsg+0x10/0x10
[  266.425076][ T9644]  ? rcu_is_watching+0x12/0xc0
[  266.426576][ T9644]  __do_fast_syscall_32+0xe7/0x970
[  266.428179][ T9644]  ? lockdep_hardirqs_on+0x78/0x100
[  266.429790][ T9644]  do_fast_syscall_32+0x32/0x70
[  266.431304][ T9644]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  266.433298][ T9644] RIP: 0023:0xf7f14f7c
[  266.434573][ T9644] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  266.440373][ T9644] RSP: 002b:00000000f53d650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  266.442835][ T9644] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000800002c0
[  266.445543][ T9644] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  266.448599][ T9644] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  266.451811][ T9644] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  266.454376][ T9644] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  266.457027][ T9644]  </TASK>
[  266.458100][ T9644] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  266.460516][ T9644] CPU: 0 UID: 0 PID: 9644 Comm: syz.2.1044 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  266.463971][ T9644] Tainted: [L]=SOFTLOCKUP
[  266.465385][ T9644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  266.468640][ T9644] Call Trace:
[  266.469674][ T9644]  <TASK>
[  266.470585][ T9644]  dump_stack_lvl+0x100/0x190
[  266.472047][ T9644]  vpanic+0x552/0x970
[  266.473297][ T9644]  ? __pfx_vpanic+0x10/0x10
[  266.474738][ T9644]  panic+0xd1/0xe0
[  266.475918][ T9644]  ? __pfx_panic+0x10/0x10
[  266.477302][ T9644]  check_panic_on_warn.cold+0x19/0x34
[  266.479033][ T9644]  ? rxe_pool_cleanup+0x46/0x60
[  266.480691][ T9644]  __warn.cold+0x191/0x328
[  266.482074][ T9644]  __report_bug+0x296/0x3d0
[  266.483515][ T9644]  ? rxe_pool_cleanup+0x46/0x60
[  266.485141][ T9644]  ? __pfx___report_bug+0x10/0x10
[  266.487040][ T9644]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  266.488957][ T9644]  ? flush_workqueue_prep_pwqs+0x2e9/0x510
[  266.490871][ T9644]  ? __flush_workqueue+0x426/0x1200
[  266.492546][ T9644]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  266.494276][ T9644]  ? rxe_pool_cleanup+0x46/0x60
[  266.495831][ T9644]  report_bug+0xb2/0x220
[  266.497120][ T9644]  ? rxe_pool_cleanup+0x46/0x60
[  266.498736][ T9644]  handle_bug+0x16a/0x2a0
[  266.500083][ T9644]  exc_invalid_op+0x17/0x50
[  266.501492][ T9644]  asm_exc_invalid_op+0x1a/0x20
[  266.503057][ T9644] RIP: 0010:rxe_pool_cleanup+0x46/0x60
[  266.504737][ T9644] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 29 48 83 bb 80 00 00 00 00 75 0b e8 f6 e3 52 f9 5b c3 cc cc cc cc e8 eb e3 52 f9 90 <0f> 0b 90 e8 e2 e3 52 f9 5b c3 cc cc cc cc e8 97 d0 bf f9 eb d0 0f
[  266.511211][ T9644] RSP: 0000:ffffc90002e8f150 EFLAGS: 00010246
[  266.513364][ T9644] RAX: 0000000000080000 RBX: ffff888024439398 RCX: ffffc9000cc04000
[  266.516023][ T9644] RDX: 0000000000080000 RSI: ffffffff88b51975 RDI: ffff888024439418
[  266.518718][ T9644] RBP: ffffffff88b37560 R08: 0000000000000005 R09: 0000000000000001
[  266.521617][ T9644] R10: 0000000000000002 R11: 0000000000000000 R12: ffff888024438698
[  266.524277][ T9644] R13: ffff888024437fe0 R14: ffff888024437fe0 R15: ffff8880244390f8
[  266.526690][ T9644]  ? __pfx_rxe_dealloc+0x10/0x10
[  266.528241][ T9644]  ? rxe_pool_cleanup+0x45/0x60
[  266.529769][ T9644]  rxe_dealloc+0x25/0xc0
[  266.531103][ T9644]  ib_dealloc_device+0x49/0x230
[  266.532615][ T9644]  __ib_unregister_device+0x396/0x480
[  266.534324][ T9644]  ib_unregister_device_and_put+0x5a/0x80
[  266.536024][ T9644]  nldev_dellink+0x308/0x430
[  266.537432][ T9644]  ? __pfx_nldev_dellink+0x10/0x10
[  266.539079][ T9644]  ? rcu_is_watching+0x12/0xc0
[  266.540553][ T9644]  ? apparmor_capable+0x1d7/0x4d0
[  266.542366][ T9644]  ? bpf_lsm_capable+0x9/0x10
[  266.543876][ T9644]  ? security_capable+0x80/0x260
[  266.545410][ T9644]  ? ns_capable+0xd2/0xf0
[  266.546773][ T9644]  ? __pfx_nldev_dellink+0x10/0x10
[  266.548387][ T9644]  rdma_nl_rcv_msg+0x392/0x6f0
[  266.549885][ T9644]  ? __pfx_rdma_nl_rcv_msg+0x10/0x10
[  266.551543][ T9644]  ? __lock_acquire+0x4a5/0x2630
[  266.553078][ T9644]  rdma_nl_rcv_skb.constprop.0.isra.0+0x2cb/0x410
[  266.555021][ T9644]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[  266.557113][ T9644]  ? netlink_deliver_tap+0x1ae/0xcc0
[  266.558734][ T9644]  netlink_unicast+0x585/0x850
[  266.560221][ T9644]  ? __pfx_netlink_unicast+0x10/0x10
[  266.561863][ T9644]  netlink_sendmsg+0x8b0/0xda0
[  266.563412][ T9644]  ? __pfx_netlink_sendmsg+0x10/0x10
[  266.565083][ T9644]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  266.566829][ T9644]  ____sys_sendmsg+0x9e1/0xb70
[  266.568436][ T9644]  ? __pfx_netlink_sendmsg+0x10/0x10
[  266.570037][ T9644]  ? __pfx_____sys_sendmsg+0x10/0x10
[  266.571659][ T9644]  ? __pfx___futex_wait+0x10/0x10
[  266.573248][ T9644]  ? __pfx_futex_wake_mark+0x10/0x10
[  266.574877][ T9644]  ___sys_sendmsg+0x190/0x1e0
[  266.576323][ T9644]  ? __pfx____sys_sendmsg+0x10/0x10
[  266.577922][ T9644]  ? find_held_lock+0x2b/0x80
[  266.579413][ T9644]  __sys_sendmsg+0x170/0x220
[  266.580856][ T9644]  ? __pfx___sys_sendmsg+0x10/0x10
[  266.582443][ T9644]  ? rcu_is_watching+0x12/0xc0
[  266.583939][ T9644]  __do_fast_syscall_32+0xe7/0x970
[  266.585514][ T9644]  ? lockdep_hardirqs_on+0x78/0x100
[  266.587130][ T9644]  do_fast_syscall_32+0x32/0x70
[  266.588659][ T9644]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  266.590657][ T9644] RIP: 0023:0xf7f14f7c
[  266.591922][ T9644] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  266.597737][ T9644] RSP: 002b:00000000f53d650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  266.600299][ T9644] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000800002c0
[  266.602682][ T9644] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  266.605077][ T9644] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  266.607503][ T9644] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  266.609908][ T9644] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  266.612305][ T9644]  </TASK>
[  266.613970][ T9644] Kernel Offset: disabled
[  266.615296][ T9644] Rebooting in 86400 seconds..