last executing test programs:

12m25.76226246s ago: executing program 2 (id=601):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x28, 0x42, 0x1, 0xffffffff, 0x25dfdbfd, {0x4}, [@nested={0x4, 0x42}, @nested={0x10, 0x1, 0x0, 0x1, [@typed={0xc, 0xc8, 0x0, 0x0, @u64=0x200000000000002}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8800}, 0x4040)
socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2, @tid=r1}, &(0x7f0000bbdffc))
syz_open_dev$usbmon(0x0, 0x7, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_open_dev$vim2m(0x0, 0x0, 0x2)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r3, 0xc02054a5, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008001}, 0x40)
sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x24002000)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7000000002060500000000000000000000000000120003006269746d61703a69702c6d6163000000050004000000000009000200f3797a3000000000240007800c0002800800014000008e020c0001800800014000000000080008400000001005000500020000000500010006"], 0x70}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x70}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900010073797a30000000000900030073797a3000000000140004800800024000000000080001400000000571000000060a010400000008000000000100000008000b4000000000400004803c0001800a0001006d617463680000002c0002800800010065636e000c000300e4edf2b75cc7c0a308000240000000000c000100706b7474797065000900010073797a30"], 0xf0}}, 0x0)

12m24.595479003s ago: executing program 2 (id=604):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x28, 0x42, 0x1, 0xffffffff, 0x25dfdbfd, {0x4}, [@nested={0x4, 0x42}, @nested={0x10, 0x1, 0x0, 0x1, [@typed={0xc, 0xc8, 0x0, 0x0, @u64=0x200000000000002}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8800}, 0x4040)
socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2, @tid=r1}, &(0x7f0000bbdffc))
syz_open_dev$usbmon(&(0x7f0000000300), 0x7, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_open_dev$vim2m(0x0, 0x0, 0x2)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r3, 0xc02054a5, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008001}, 0x40)
sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x24002000)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7000000002060500000000000000000000000000120003006269746d61703a69702c6d6163000000050004000000000009000200f3797a3000000000240007800c0002800800014000008e020c0001800800014000000000080008400000001005000500020000000500010006"], 0x70}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x70}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900010073797a30000000000900030073797a3000000000140004800800024000000000080001400000000571000000060a010400000008000000000100000008000b4000000000400004803c0001800a0001006d617463680000002c0002800800010065636e000c000300e4edf2b75cc7c0a308000240000000000c000100706b7474797065000900010073797a30"], 0xf0}}, 0x0)

12m24.206943964s ago: executing program 2 (id=608):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x28100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2)
r1 = openat$qrtrtun(0xffffff9c, &(0x7f0000000540), 0x2)
write$qrtrtun(r1, &(0x7f0000000580)="c82e67932371", 0x6)
r2 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000000080), 0x44d41, 0x0)
writev(r2, &(0x7f0000001600)=[{&(0x7f0000000040)="60b4e2a56b7a7add47a707dbaf1fc907cc8209cca6cf4ff5f9eb4fca7f64f2eb9b15aef7be9a8dadb067", 0x2a}, {&(0x7f0000000180)="4f985c0ab8caa43d59814f1a5fd4cc6038a284ad66d567cbc4ca293a45efe0d1d1da852e0b17c27f56504c305534ffc207485c716bd33a11e20e23e5dc1990f002d1053f4985891795e91d1385257f8b14a668d1ece24ed4a75bf9789ceaf0fbd2d316731b05b8b4d7db190d04548ab0c7f2b82e7875737b689c5537f58dcd30e82ea4c9a65158949417e2baaf38c643b481f3868049fec34884bd1108c154", 0x9f}, {&(0x7f0000002380)="834987985bc560582d90c34e33a8791dacf93ffaca3bf0feb3093a7900704e81105767d56cdd8bc6205233f24ed3507afab6d38d411ff482bfb93e7124def2765f37fc3be4834242fbe6f85c856918cfd8ec46f47eb4233cd3bf8c807db58696c1a18c6fa4e19270ae4bc2f2a30ef78e642d6d3b6062743c2cb96e56702e2d32d1eb0db6020399b76c94629983d621d04e6b282400e126810681adad368d3dd015c8651e3059654d4ca5449f32f7d2831314b78def2813b776b6a0287a86897dad910695032f99d2507861724f25d4b8ae2684ec22e260efa63ac180cb964274684b90dca29fe5213937dc89cd5a30834a25875afd5c8d264cd062a7cdb188c6f9271b4e848491ad492a35bd8e16b7e92f6b7796b0fdddf0e4c9d8176347f936957a8589de1a88a594eb4898affd653f42424a6b219a56ab8d85e2be16afa287388ca961e7fa05463a1b1480940ae5cf3cec2ba30ff518a098a1e7518f8559ea283f1125f545f6d26c832b2eb481fc392c56561cc949ba2190c865630065491a7cfc8d4bc8e9157cc09cc40f09ed20c7a1ac7b43d95079362dff8813df097774f3b6e795cde88b0163b3b7d5de1b58dfce6ceab2e6d3b209702751673f818f2f8dccdf5ccb48a962d2d58b6d88b3280e2b14676d61c7fac30c9568424420ff59e7b93d476c7832ad1ffb6ec043d2df9fe6d41ecaed85ae090716516d79cf2c36c294ab10719346ab3ad2f5e132e257f198e50a69222ce08b25e51525b861e9ce5d4b712f4b87d9f6fee81d63c82b3ab1650eeff80447b7dedd8a7816c8972c0908e893a200b5b138653cbda801cb31950eb9d6a725307fc25743dd6945a1186818c48486696f4d46305cf01afa08a305e36739db61e644aadba7fc2c9e02030d90942bc2f95510da73c4bab33651e043d0508acf6bbc6cd435fe0de8edfb637fff9ee760c71b93751c265c0e7df7d94f613aab664af0245ec0f034358b64b11a805bdb8f93794361543319f4753610f45dfb073fbf3f84d51c402cfc9bb5e5faf938ca6970fa7e67586f2eeb1865f14ec40fde3d2892f9392fcda9a44e80a2f5674cf34e2452d2fbae4bb583654c53404a7a229a39844bbc62dbfa7067bc5f05839e7b0e99bcfe30048758644b8c1997f4e2379311ab767f31bf68e8f90ba0a3fcf5ea9298ea68f016ba134571f81a772f904390fe8edcfe09c7e38a5a8a912abd29075a2cb6ddc8ed8c016b7ffc8b48d4905a35834660310f08745462f43f397f68f018f6e98cd895243fab290442454fdbff4c5c50009d605682d163d9d818cf79b171c97002a6f04a7fa2f2d2cb9f6b2a42f755e0bc2c160378ec94d6e1018f7260a0ab41c291e1ec1ee9b6879ede70d677a5d84e9ad429b9971a59be508cf1eb47cf29d5bb4571e04f35e9bb7d87a6747ca4b9ea30ac66e0820ef58fdae505aca5ab26b3945dece7a387c0a75f706251fed922d65b4223ffb2f405f47ce00c2ad7ede3e2e61d92ed4883238fca8a19ea0bdcd5947f0bc66cc99d854ae601513129a30b4458967b9f80acbad9aa87771bbfd71747f36f0667288d159d2edd0bdaa1b423453917d0ffa8156cb27b2910c8932a870c4203ae02b2b9cd69cae89346c0a5bc5c3d5e1a2c6c3d7f9ca5a4476f61f55fadc869630e3b0743550d4b2ee27dff020e8966d91eff849c956ee7d2a521d6a249335aeacdb3c4430b3be363f0b1ab67a326ec88061e72f437dbc569c84ec187efeb9e38de18bdecba952f729c9971fbe9280e98e46dce6b3a0120dc7bbab28c95aaf0437fc83d314c3a7d258dd443c04d5f4dd2c2efff06cedf3c1fb013f09b4a12554d211c2eec72c1e0cb3de091526637b0763cf4272a15e9dadc1369962d68b8025ebfeae4390989c3c3e4537cd654fbd77bf457e2037699ab112f6f5135057d88642444cf2c5dce11d36b6ae329ea43a2bbbceb8dda68dd79582e75da396f019bf2cb6f10d2ccb8ffc78bd62de6863c468b0667fd46e600bfcacbdad25132dc6e1e831566482040a29a3101fae0c79ede247654ac005ecc3ddb71737c8edf0c922dbda9590e2ec02c10d9004d8d801121e7eb3933c0cf531074be2535f2c7d536f5fd5b806734705b2e59e044ab13c881c3788a42c12effe40a72e8f5c1fb8689651bb5d1a74353d19a8eed84238e3c9a3bc221bb0ffceca6a868852a237c7976514aae83d6e8cf6eaf7f51bf315edbf4416c0ad3b68a5031b743e3b9e0ed3b616a0d574ee67aa2dac523e3936ce9ad29e3aef4d4a0b79030383f880d67070061b8fd034c72dd5b9e58b6db9505c9626a6f07ac04768cce3163d1448cba852c66a16eb0f0825649e9a32f1c59bc1f8c93883a4e93a09c57d1e9d367abc1669102b355a4ec482de852f0f46ee616aac9570e9f2fd03ff3a7b8be59081841d437a5454c0469492e3cd8187c2597c1c7f6dd91d6d3160c8a58d0f4a4038859cf83c02399a5069c8bb7e7573464e1923025ef63613ada1d0cd9b7ca8f4f3ff2737c2c8ffe7fce97cf792dc78872eb034a625fa7649f5266162b2577bb6590cd57e92768ee8765c64be050965914eccd4a68027d6fbda3bab2ae3837fd40d8af1dfd14d25a29f68d4cbac3cd50b4dea209fcd445d8dbc288e79b7f567fd5702916daf1a9abeb2620db34b6be0d82495ac654d224a7fd0a1b521a7b4f6ca777e0171eb08b8b369876386d9a6e446397f3f136a3a39696da066b3025fd0dc649c27422ea53731f889c2a601ab63d4f3e00bc3e0df70b37a763e1d9f9816046a4eb94322d7b526e5c2d0e057a23283d32038576f26131daded127a794068e565e06c362e8a801e7a5e2c489205ccad2ea0e96160fc68a96eced9d4a82b23106b6146e9f437278c883fb5daf73e9cc8930079051a1a3e3ab7f2c640c549f3a0500ca10dc8f1d51beae8126423cff7709f310df78d013a22247341a5c540ebc8f06b3a2805e00d8f024d82b0ddc921742ebeb779fc08c5d9deb248d31c435b64675da289261f0fba98206dbb9360e4403f9ff66b115b4ca67fb220d81dc1f4337a6c5d43da61dd32ad4f2eac1c9faa12bd9d5bc0b601c955fed23c76a24dd52fd43842f52a1b0fae47c55a945f548e1a03232709e06984747bf3f2d5a99593f4ab646001ef60bfb58aa84bf8031b05cf64b6e4dffa1352857e5e9fb3f684b67b5f7b82fec186011215c351b104bc423e7137e9257eb23f79487423a9672f3c4769350a099c9646b77df19d5ef3b7721171d60dec5ade3a2480776a3166dcdf1e5cb043e3597eda74df4ae683d25d1c4d1c7c7c0ed6e66f067cb38d9f736e003ff62c2949f9c69b9a9bfd3ec02b388739d2137d992e3c03ab30d31b2e3d76ce257355f68a42ebf0c2b35ba9ebbf84da8a14abf3c883ac68f4d1098310030f273d4d150e88d19033b2f2d47035d1835332f04f12ed7ba15db77e586a023f8c73b79daf6d3d0debb468ced39dd8b38759130a04c810397798bbd6c64f1289c751e51ca490c6148b1846e689a73e418a6dc88a57d9ad3439e080573fc9f3acf9d57d3d7638dfd8a2d6cc0cd1e5695aeacafffa9e9eed38faef7ec28c765400e588b6ca988a17daa5e427f31b1a2544caf430276508ead90d59c12dbc0f3ce719cbdc502b1920b410052fe76167b1d39960a24e8507a3197c8c8861e1c56fd44b32823d88a29a9966f4d954a8fc1f95301b2ed0ef9d9a3662700a5975c1d6fb4e48f29b290d61d055c88beae6be125cca3f5125ec5b00947126a8b5899c7f25a3352a86c5a9ccba68b843ece37db6d00a8fc66e4b0c9b8a1bc26836448a3576cd4c53ae3a7728cd79205ff5011937db6100a27655295945c3c5832b07a6aa2c0efbb060ac9dfe2f393220ec3481d2837e079185030fa221512197f91751c4f035cdd834d7aba41f116c8ddf85ebe683570c830a9936fed1a208c59e495887b7201aaf284d83b8f838a927342d10d5b89f0f9be9f1927a716f2a602be5f0b3bae8cfafa48776e85b88c2d46979a41247ecd92093350b03441695737e77156e369a14b02dc173d9291a9ea24bb3a2da1c2679a3ba26be214cd8e04d4d7842633ed1777463dae92a307d19edfbf6c4c59e6d6fbac8a91568400a7a58f3451814ef2be88c1169dfb47f7ee5f5f3ac0d7ecc41f05196f2c480a3296f24f76a82e114e03a75f29784f65225a65e556504a56e0df72e671bc3a564c1146133102f46be998683f86cdf6c45468678ded4e3563ef699005c6475219a883e033a7f4494e1baab44a6938be1426514247c694d23485368be2747c517556cc8eae639981b62f70eaa3277d634da961ac7993c220c1f004314a3f05dcd3080f47ffd834faa9d1a841c307ac7b6f599a600e9c314324e28a149f77e34bb123c192a04336d510c2d6a1696cc04e3b61ad2a25563e07059019a0f5ebcbeacc40899612eb217a3bf94dd444c443e88c73100d35857ad873e3301aee96cc5c2378a3e379a0b23bbdf5a49bfe5d1c9c978552a61ba6b06fbae5fde2711290ce9310bf747e7b90be1b9fec43dda499d5de7a7f2b3cdf37a1821301f0b558031bb58c22fffc4274bfff3b6f09247648da3fb2d4cff47e1227c10fdfaac70436d73dd7bef4c027b4418f964111fc606212f8a52dc1af6a836249f6171198fa32f15fd04cd4a68f69ec3e084a716f8ae60928085cccdec0f71637c739974ff5bd11c08a02935df3fd64e1b0ac0a3c131ee8cf662b1e0a47f55d31894ac092f401ce9182721af284b8814780c00e621a32243dc8ec9e8aff019e0a818b064bfcdbae685bed060fbadeb979063a0b25cd275b6e57d3fcd8e4f97d042bf20b735eebebff7f1912cc9591b686ffdd2a6366055114afa6ea7a14e1d7ba8b88adcf4e0e50dd01dc8a8e8dfc94d95c30ffbf894f22603cfae330b8a83280833a28e54886aea36c7e5403c1056b8e9a8b472e64eba723872b02bf698ecda6d5361b93b5cdcddae65764044600601a7f98a0c164007ece2c371e2f81ffa106af9b5b8129a86d458e987d37579994b04c9d763b104a9813b936312bf7dac0cc1e7a31e22cc43c553a4e70fde0b46200d02f781d1deb816528f29080ab2961534a40b1d18366379053475fc6ff914378dc3d942acbb215f4e2c5b9e08656ed067e0ca382df6ba77b09579a022480b8ce7a6c2e2dc8602958ca08679ad1db9fa97d37844a2aa9fa647d9ed2d50ddea24eac6db6131fda5b449ae028affed8b59811147da246b2b774d642462db0e9f299902cf11a8f9c4ab28a2c02e0cc940124f2fd26eb8a731b63e9d20dcf5133e42ccd577fed29311321b37ab4d97d99784ebfb47addfbc00e1fc76aa5a271a54bc34a713579b05265522d8d730bb4b6bb46186209b25133938f8ea0b599c03f1a41f3f278ff1aff87e7c4bad55c6ff81ba8b13d53ce3f2c002535b932739fb6d9fb3b289fa72b0603ef2a0a43ee0f087572df7bf77d54f42859241db2b735edb9f7955b3d1234965edd", 0xf37}], 0x3)
r3 = semget$private(0x0, 0x3, 0xc0)
semctl$GETNCNT(r3, 0x2, 0xe, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/hardlockup_count', 0x800, 0x4)
read$char_usb(r4, &(0x7f0000000040)=""/236, 0xec)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000000)=0x3)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
ioctl$DRM_IOCTL_GET_CLIENT(r4, 0xc0186405, &(0x7f0000000140)={0x9, 0x7846, {<r6=>0xffffffffffffffff}, {0xee01}, 0x9, 0x7})
sched_setattr(r6, &(0x7f0000000280)={0x38, 0x5, 0x2, 0xd, 0xbd, 0x4, 0x8, 0x4, 0x2, 0x3ff}, 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8)
bind$inet6(r5, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000004780)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000240)="9d", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000005c0)="c1", 0x1}], 0x1}}], 0x2, 0x10)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r5, 0x84, 0x78, &(0x7f0000000180), 0x4)
ioctl$PIO_FONT(r0, 0x4b61, 0x0)

12m24.086276651s ago: executing program 2 (id=609):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'vcan0\x00', <r1=>0x0})
connect$can_j1939(r0, &(0x7f0000000180)={0x1d, r1, 0x1, {0x1, 0xff, 0x2}, 0xff}, 0x18)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x2a05404, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000580)='./file0/../file0\x00', 0x0, 0x2b5b093, 0x0)
mount$bind(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x80000, 0x0)
chroot(&(0x7f0000001140)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
chroot(&(0x7f0000000380)='./file0/../file0\x00')
r2 = syz_open_dev$dvb_frontend(&(0x7f0000000640), 0x0, 0x80000)
ioctl$FE_READ_STATUS(r2, 0x80046f45, &(0x7f0000000680))
pivot_root(&(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000100)='./file0\x00')

12m24.011231763s ago: executing program 2 (id=611):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x801, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000380)={{0x0, 0xfff, 0x4b, 0x8009}, 'syz0\x00', 0x3e})
prctl$PR_MCE_KILL(0x21, 0x1, 0x1)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000300)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x8000011000000009, 0x3a, 'B\xd4GGI\x82\\4\xbb\xbb\xbb\xb3\xd4)\xed\x8f\xaa\xf4\xd2{\xc5\t\xa9\xed\xf8e\xaa\xb9\xf5\r\xe3T\x0e\x8a\xd6\x9a_?G\x05\x00\x00\x00\x00\x00\x00\x00\x1e\x9a\xce\xac&x3\x15\x14y\xbf\xc6)\xa8\b/\x01\x00\x00\f\x8e1\xc4\xa1\xb2]I\xa5\x13}9\x1b<B\xc3k\xcd\x01\xe4\x05\n!\x02Y\xc7`ooveu`z\xb9\xf5r\xc0c\x95\xcbQbj5\xb1\x8f\xb9J\xa9#\x13\x92\x05H\x91\xa5\xdfxM\nD\xc70\xa11B\xf1\xab\xccw\x17\xbf\xc8W\xec\xb88\xc9\x1b*h\xc3c\x89n\x89ic\xfd\x9c\xfa~\xb5$VG\x85\xc2\x86\x89}*\x99\xda\x94\xba)\xb9b\xeb\xe9\x0f{V%TD\xbc\xee\x96C\x89No\xc9\n\x91\xe0\xfcqE4\x8c', 0x3a, '\x8c\xf0<\x06\xd3=(\xa0\x96k\xd8cf\x92\xd1\xed\xf5\x00\x00\xb5\xff\xd9o\x1c.\xecU \xc8\x12\xacf\x15I)S\xa5\xdb\x8f!\x8aA\xee$\x0e\x16\xf7wL\x9c~8\x10\xd2\nJ,D;Z \x92\xccY\xd7', 0x3a, './cgroup.cpu/cpuset.cpus/file0'}, 0x147)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="6c0000001000010400"/20, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000000000000000001c0012800b0001006970766c616e00004c"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x84)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040), 0xfffffffffffffffe, 0x2)
dup3(r3, r0, 0x80000)

12m23.719365236s ago: executing program 2 (id=613):
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB, @ANYBLOB, @ANYRESDEC=0x0])
read$FUSE(r0, 0x0, 0x0)
open(0x0, 0x100, 0x0)
write$FUSE_INTERRUPT(r0, 0x0, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000340)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r2 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r2, &(0x7f00000002c0)={0x1, 0x5}, 0x2)
socket$inet6(0xa, 0x80002, 0x0)
read(r2, &(0x7f00000001c0)=""/93, 0x5d)

12m23.453947818s ago: executing program 32 (id=613):
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB, @ANYBLOB, @ANYRESDEC=0x0])
read$FUSE(r0, 0x0, 0x0)
open(0x0, 0x100, 0x0)
write$FUSE_INTERRUPT(r0, 0x0, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000340)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r2 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r2, &(0x7f00000002c0)={0x1, 0x5}, 0x2)
socket$inet6(0xa, 0x80002, 0x0)
read(r2, &(0x7f00000001c0)=""/93, 0x5d)

14.773816454s ago: executing program 1 (id=3792):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002540)=ANY=[@ANYBLOB="140000001000010000005e7918e30b1b3d60000a28000007000a050000000000000000000300000308000240000000050900010073797a300000000028000000000a0104000000000000000003000a0a0900010073797a3000000000080002"], 0x78}, 0x1, 0x0, 0x0, 0x24040010}, 0x20000080)

14.630522323s ago: executing program 1 (id=3793):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd25, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0)
wait4(r0, 0x0, 0x80000000, 0x0)
ptrace(0x10, r0)
r1 = syz_pidfd_open(r0, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000f, 0x204031, 0xffffffffffffffff, 0x42795000)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
waitid$P_PIDFD(0x3, r1, 0x0, 0xa000000c, 0x0)
ptrace$cont(0x7, r0, 0x5, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000004c0)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close(r3)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(r4, 0x0, 0xf, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x240040e5}, 0x24004814)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f0000000440), 0x0, 0x4009, &(0x7f0000000140)={0x11, 0x1c, r6, 0x1, 0xfc, 0x6, @multicast}, 0x14)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000000)=0x5, 0x4)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

13.730247696s ago: executing program 1 (id=3795):
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x2000009, 0x204031, 0xffffffffffffffff, 0xffffd000)
r1 = socket$igmp(0x2, 0x3, 0x2)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x60840, 0x8)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000080)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001500)=ANY=[@ANYBLOB="b702000010000000bfa300000000000007030000f0ffffff7a0af0ff0000000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b2314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8dd63d4b77b206000000000000e254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3813e2c25a61ec45c3af9948f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469600241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c12e28ef97d9ebd9c77f1774cf4683c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f011000000f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497a6103876843ee04ed9ff002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd1304202274f20675eb781925440578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b96508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e25c89b552d7fcd116bce9c764c714c9402c21d1aac59efb28d4f91652f6000000000000000320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a575939206d0c0f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000ff0ffd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8000000edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db76cf059f40fa2640b6bfb74dd35391b8fa18479da9f4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847db97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ccfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000000000000000000003ba34b611569a451564d3a5400f9097ffe7a37e765be352be71ee24250d6828562c7e24cb763062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89a0000bde05c114e7a020fc1a5fd3eeeb822008b2d7d1cc062b51b0aca4956b557e51a1385cc572b0074b0950fb1437de2590bf99ec7ceb69e1fe2465fce099c992d57b804a22e148ae3411523814aee03ee2df877edfabf4aa94f07c6fdd127e57a8bf7975f2e606c25a299980a6e52fcf7849d45bb38573fbba8afef1aa7a24c805f7aee3e39a3000000000000000000000000000000000000878f88c4742ac490951c36c610a0d266588ec6a0bd300cf160b5a5d9e9fafa49ecc8430832d795e727b7fc2b76e7fc4141fdbb82f45d3cdd3fb8d4b443ab4954fdf5c1b9a6ab3e457f098329307ccb0a1989b6c37509692e952e7244f48bc12569ff8eb30d0f887b85b5ef44fb9a7571319190be0c226ed72f346cc4aa071ae0c72fa8bd00d5590c4f4ba65d0c8e1f4870fe3c414681e41b40163eb1aa2a7429a2208cd6e69c7d959e87da3fd0101159a03ab7fe78881ee7a1ee7a2edff75fb18a181e0c54352be2b7a5b5273198291c28d9141deeb3cdba5d414ae4b0000000000000000000000000009eacd83458d8a606be71970497a4fd4ca3b48ca482ab3804e2fac216b3ba613608b1a465456a33fd08491d337d7344c01cfc9e73"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r3, 0xc0, &(0x7f0000000640)={0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe3b, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)={r4}, 0x4)
ioctl$XFS_IOC_SCRUBV_METADATA(r2, 0xc0285840, &(0x7f0000000280)={0x2, 0x3, 0x5, 0x0, 0xd1, 0x4, 0x0, &(0x7f0000000240)=[{0x21, 0xfe, 0xd}, {0x0, 0x101, 0xfffffffd}, {0x1c, 0x1ff, 0xc}, {0xf, 0x1ff, 0x8}]})
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYRES16], 0x8)
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1, 0x7}, 0x1c)
socket$nl_xfrm(0x10, 0x3, 0x6)
unshare(0x6a040000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x2f00020b, 0x822, 0x2f000000, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
sendto$inet(r1, 0x0, 0x0, 0x804, &(0x7f0000000080)={0x2, 0x4e22, @multicast1}, 0x10)
read(r1, &(0x7f0000002140)=""/243, 0xf3)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000080)={0x1, 0x7, 0x8, 0x0})

12.811470405s ago: executing program 1 (id=3797):
syz_emit_ethernet(0x3b5, &(0x7f00000009c0)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x37f, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x19, 0x0, 0x0, [{0x0, 0xa, "a741e54006598080a8030000004023493b87aafaff0500ffffffe723732472eefa45ad96579269748e254c1e4a948b580a9bc430d3be27df3e34060000ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000100000000001995319cff"}, {0x3, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d893100000000"}, {0x3, 0xb, "d47ae6e8805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "fcf98a102ec1876d4e6fa3b20519bbaa8a029cee00b8d3485e3b63ed09bdb581c9fe68a356f542b043059ff05932e740e077e1d16212fb"}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa76ffff9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4828288e62afbf03269f1f98aea6a58cf45d7c5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c258a6f"}, {0x0, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02c226a6bce65f81ed"}]}}}}}}, 0x0)

12.700713489s ago: executing program 1 (id=3799):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = socket(0x1e, 0x1, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffffff, &(0x7f0000001100)='./file0\x00', 0x0)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_open_dev$video4linux(&(0x7f0000000300), 0xd4, 0x101a82)
r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x2101, 0x0)
pwritev(r6, 0x0, 0x0, 0x0, 0x10000)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000001040)=ANY=[@ANYRES16=r3, @ANYBLOB="a2735a964323d408ae2d680ea62b8ac3fe3c254e98ff4b902394adb2866ea2d712434cf3e820e98b", @ANYRES16=r5, @ANYRESOCT=r0, @ANYRESOCT=r1, @ANYBLOB="9cb7e00e0d5f4d988a7007d66b7468fa27c8ca1aab75ce78b3db3d00000000000000476185a7e1c272fe33a8"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xe, 0x4}, 0x20)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0x1a, {"a2e3ad21ed6b52f99cfbf4c087f71e9b230963ff7fc6e5539b9b3b09719b711b5d34101b080d29308f0e1ac6e7049b3468959b189a242a9b45f3988f7ef319520100ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="300000001800090000000000000000001c140000fe000001000000000a001200"], 0x30}}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000240)="0f20d86635080000000f22d83e64fec266b89cd400000f23c80f21f866350400d0000f23f8650f78cdbaf80c66b87b47d08666efbafc0cb000ee6766c74424004fe272dd6766c7442402c52195506766c744240600000000670f011c240fc759f6660f3a44395966b80500000066b9000000000f01d9b802008ee8", 0x7b}], 0x1, 0x20, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)

12.509771537s ago: executing program 1 (id=3801):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$dsp(0xffffffffffffff9c, 0x0, 0x8041, 0x0)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x24004410)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002600)=ANY=[@ANYBLOB="140001001000010000000000000000000500000a44000000260a010400000000000000000a0000060900010073797a310000000010000480140001800a0001007265646972000099de6e9a5e28382400040002800900020073797a320000b66ae85700001400000011000100000000000000000d0000000a4cb47ccf8949226d86942fb0eb19dad59d4f3f1f4c92d7e04645c7fa7b706f71bef5cf9638f67858268589608271b0ffbd9f909c9e1b0fe98b79965a701180ed6be500441216cf2c92111849139748a3028018add9dcecafcbd5542c62756d0144232cf16d35ebe82038184030"], 0x6c}, 0x1, 0x0, 0x0, 0x4088081}, 0x24000840)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x8ad01, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000000c0)={'pcmmio\x00', [0x6484, 0xd7b, 0xfffffffe, 0x1, 0x4, 0x5, 0x4, 0x7, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x1, 0x6, 0x6a, 0x0, 0xc7c, 0x3, 0x40000003, 0x89, 0xcaa5, 0x10000, 0x20001e57, 0x3, 0x2000e66, 0x3, 0x1, 0x10004086, 0x0, 0xfffffff8]})
write(r2, 0x0, 0x0)
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file7\x00', 0x1ac)
mknod(&(0x7f0000000600)='./file0\x00', 0x8000, 0x5)
syz_emit_ethernet(0x7e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000481100fe8000040000003889423bc9ba170000000000000000bbfe8000000000000000000000000000aa4e200e2200489078030000000200000088c73b21f267636d01dbe5712c1c941e1cdafbbb43f09c28e13808ca72381f41e5fff9620915b6f78670dfaf9a20380831"], 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
r3 = syz_open_procfs(0x0, &(0x7f0000002700)='net/mcfilter\x00')
read$FUSE(r3, &(0x7f0000004780)={0x2020, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
setpgid(0x0, r4)
prlimit64(r4, 0x8, &(0x7f00000001c0)={0x8, 0xff}, 0x0)

6.07052603s ago: executing program 4 (id=3820):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000400)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000805000100070000000900020073797a30000000001400078008001240001500000500150000100000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r7=>0xffffffffffffffff}, 0x111}}, 0xfffffe2c)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r6, &(0x7f0000000140)={0x15, 0x110, 0xfa00, {r7, 0x1, 0x30, 0x30, 0x0, @in6={0x1b, 0x4e22, 0x0, @loopback, 0x10000c01}, @ib={0x1b, 0xd9, 0xffff8001, {"4a50abf0c8ed50f638facd57de629163"}, 0x8000000000000001, 0x2, 0x3}}}, 0x118)
write$RDMA_USER_CM_CMD_LISTEN(r6, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {r7, 0x4734}}, 0x10)
close(0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
select(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000104000000000000000a2c000000060a0904000000000000000002000000090001fc5c7d85d7107d0d00090002007379dc9f5d7a320000000020000000080a45000000000000000000020000000900012488d9f62c32030000000000000000020000000900010073a86a30000000001408000011000100000000000000000000001ff2dad80d0ab0000a000000002000000000674d1d34c2782e0bc38b595a36c893c170997ed17ed63b3767326f58"], 0x94}}, 0x0)
syz_open_pts(r5, 0x141040)

5.31018279s ago: executing program 0 (id=3822):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000100)={0x211, 0xe73, 0x8})
r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='memory.swap.max\x00', 0x2, 0x0)
fsetxattr$trusted_overlay_origin(r1, &(0x7f0000000040), &(0x7f0000000200), 0x2, 0x3)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x4001, 0x0, 0x0, 0x0})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x38, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x60}, 0x1, 0x0, 0x0, 0x890}, 0x24000000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r5, &(0x7f00000002c0)="0b8d5a997fe4798771ba1ccd1043237379452d1eced53c1c7c77b45fd77ea54ecbaefeff31dd1de8d4934f560776cef8de1fb393acf29e1b54aa31c06a8248095b2a4ff67d2f81aa74230ccfcc6cc9b5be4a8e14e51595ab3181eadf4668199331d23db42cfd65cd9f02fc4127f04d27cfe2", 0x72, 0x4000, 0x0, 0x0)
sendmsg$NFT_MSG_GETSET(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14, 0xa, 0xa, 0x5}, 0x14}, 0x1, 0x0, 0x0, 0x40840}, 0xe000)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000440)={'syz1\x00', {0x0, 0x2, 0x0, 0xfffd}, 0xc, [0x4, 0x4, 0x8f7, 0x3, 0x8, 0x7, 0x258a, 0x8, 0x31e, 0x7, 0x1ff, 0x6, 0xfffffff8, 0x7, 0xe1b, 0x8, 0xc4, 0x4, 0x9, 0x8, 0x3, 0xffffffff, 0x6, 0x0, 0x7, 0x5, 0xe, 0x3ff, 0x7fffffff, 0x5, 0x100, 0x7, 0x2e, 0x5, 0x569, 0xfc, 0x5, 0x8001, 0x5, 0x4, 0x10001, 0x40, 0x81, 0xd80, 0x0, 0xfc, 0xe8, 0x9, 0xd8, 0xff, 0x8, 0x1, 0xff, 0x2, 0x400, 0x0, 0x401, 0x6, 0x87f, 0x4, 0x99, 0x2be, 0xfff, 0x4], [0x0, 0x81, 0x1, 0x8, 0x4, 0x0, 0x9, 0x7, 0x80000000, 0x5, 0x3ff, 0x5, 0x5, 0xffff, 0x8001, 0x200, 0x6, 0x400, 0x7fffffff, 0x54ce1def, 0x8, 0x8, 0x6, 0x80, 0x4, 0x5, 0x7, 0x7fffffff, 0xa, 0x10, 0x9, 0x9, 0x0, 0x101, 0x3ff, 0x8001, 0xfffffff8, 0x59d76558, 0x6, 0x4, 0x3, 0x4, 0x7f, 0x0, 0x3ff, 0x6, 0x6, 0xfffffffe, 0x40, 0x9, 0x4, 0x8000, 0x32, 0xf72, 0x4, 0x3, 0x5, 0x7f, 0x9, 0x8, 0x8, 0x3, 0x4, 0x3], [0x1, 0x7, 0x4, 0x3, 0xffff, 0x9, 0x3, 0x2, 0x5, 0xb47, 0x2, 0x5, 0x5, 0x65, 0x2, 0x5, 0x65f, 0x0, 0x0, 0x7, 0x8, 0x1, 0x660, 0x2, 0x942d, 0x0, 0x7, 0x0, 0xa, 0x200, 0x8, 0x9, 0xbef, 0x3ff, 0x3, 0x3, 0x8, 0xb, 0xfffffffd, 0x1, 0x4, 0x400, 0x8, 0x1000, 0x5f8, 0x7, 0x5, 0x11, 0xfffffff8, 0x7, 0x200, 0x400, 0x1, 0x9, 0x2, 0x9, 0xc5, 0x9, 0x6, 0xffff, 0x9d, 0x8, 0x10001, 0x800], [0x8, 0x3, 0x1, 0x6, 0xffffffff, 0x7, 0xc00, 0x1, 0xffffe5e7, 0x2, 0x8000, 0x4, 0x200, 0x3, 0x5, 0x0, 0xcfc5, 0x5, 0xfffff000, 0xa9, 0x2, 0x2, 0xda2, 0x7, 0x185, 0x48, 0xc, 0x101, 0x2, 0x9f, 0x3, 0xc1, 0x1, 0x6, 0xfffffff3, 0x81, 0x5, 0x1, 0x3, 0x9, 0x1, 0x4, 0x3, 0x10001, 0x1, 0xb, 0x7, 0x7, 0x5, 0x80e, 0x3, 0xc3e, 0x6, 0x3, 0x3, 0x6, 0x0, 0x1, 0x7, 0x5, 0x7, 0x9, 0x0, 0x10000]}, 0x45c)
semctl$SETALL(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000340)=[0x3, 0x0, 0x2, 0x8, 0x180])
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r6, 0x89f7, &(0x7f0000000900)={'sit0\x00', &(0x7f00000008c0)={@multicast1, 0x0, 0x0, 0x20, 0x0, [{@remote}, {@private}]}})
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000090000000000000100000a880000089eba283b16efa97b000000000a0000040900020073797a310000000008000a40fffffffc0900010073797a3100000000000005400000000b41ce5a05f7d2fae9"], 0xb0}, 0x1, 0x0, 0x0, 0x24004041}, 0xc805)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

5.100846492s ago: executing program 3 (id=3823):
fanotify_init(0x0, 0x0)
brk(0xb7)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, 0x0, 0x0)
r1 = socket$kcm(0x29, 0x5, 0x0)
sendmmsg$inet(r1, &(0x7f0000001880), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[], 0x0)
memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$inet6(0xffffffffffffffff, 0x0, 0xc044)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000400)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
syz_open_dev$cec(0x0, 0x0, 0xc0b02)
r4 = socket(0x1d, 0x2, 0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000140)={'vxcan1\x00', <r6=>0x0})
bind$can_j1939(r4, &(0x7f0000000000)={0x1d, r6, 0x3, {0x0, 0x1}}, 0x18)
sendmmsg$inet(r4, &(0x7f0000002e00)=[{{0x0, 0x0, &(0x7f0000001300)}}], 0x1, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)

4.980993704s ago: executing program 0 (id=3824):
r0 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
r1 = socket(0x9, 0xa, 0xf)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x2711, @hyper}, 0x10)
ioctl$sock_inet6_udp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000040))
recvmmsg(r1, &(0x7f0000002e00)=[{{&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000300)=""/173, 0xad}], 0x1, &(0x7f0000000440)=""/115, 0x73}, 0xd32e}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000580)=""/235, 0xeb}], 0x1, &(0x7f00000006c0)=""/214, 0xd6}, 0x1000}, {{&(0x7f00000007c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000840)}], 0x1, &(0x7f00000008c0)=""/208, 0xd0}, 0x2}, {{&(0x7f00000009c0)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000a40)=""/33, 0x21}], 0x1, &(0x7f0000000ac0)=""/163, 0xa3}, 0xffffffff}, {{&(0x7f0000000b80)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f0000002d00)=[{&(0x7f0000000c00)=""/4096, 0x1000}, {&(0x7f0000001c00)=""/4096, 0x1000}, {&(0x7f0000002c00)=""/170, 0xaa}, {&(0x7f0000002cc0)}], 0x4, &(0x7f0000002d40)=""/147, 0x93}, 0x8}], 0x5, 0x20, &(0x7f0000002ec0))
r3 = add_key$user(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, &(0x7f00000003c0)="ae", 0x1, r0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000000)=@keyring={'key_or_keyring:', r3})
r4 = socket$alg(0x26, 0x5, 0x0)
openat$ppp(0xffffff9c, 0x0, 0x0, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x200, 0x80, 0x20000, 0x0, 0x0, 0x8}, 0x1c)
mmap(&(0x7f0000568000/0x2000)=nil, 0x1000000, 0x0, 0x11, r5, 0x0)
move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0)
bind$alg(r4, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, &(0x7f0000001c40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=[@iv={0x10}], 0x10, 0x4040800}], 0x1, 0x41085)
add_key$keyring(&(0x7f0000000140), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, r0)

4.800680285s ago: executing program 0 (id=3825):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x1a5242, 0x0)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r2, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x4, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
bind$pptp(0xffffffffffffffff, &(0x7f0000000140)={0x18, 0x2, {0xffff, @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1e)
connect$pptp(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x2, {0x24, @loopback}}, 0x1e)
timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f00000015c0), 0x0, 0x400)
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000440)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xa}}, 0x80})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r6 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fremovexattr(r6, &(0x7f0000000000)=@known='system.posix_acl_default\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0xa63a, 0x1, 0x2, 0x10001}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r1, 0x0)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000000)="01fe000200373a4541062000a59ea940d2cb0b3692f5020000a00000050000000000eb000000a5e5be21c44e", 0x2c, 0xffffffffffffffff)
syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
preadv2(r1, &(0x7f0000000080), 0x28, 0x3000, 0x0, 0x9)
sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x20, 0x2, 0x7, 0x401, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4040000}, 0x4040000)

4.504459132s ago: executing program 4 (id=3826):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x161140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000015c0)={0x1, 0x0, [{0x1, 0x9, 0x7, 0x1, 0x8}]})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000000c0)=0x3)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1000700000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd673c1eeda4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d06c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235eaa92143ce4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05be23dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6f89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.85059082s ago: executing program 0 (id=3827):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000400)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000805000100070000000900020073797a30000000001400078008001240001500000500150000100000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r7=>0xffffffffffffffff}, 0x111}}, 0xfffffe2c)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r6, &(0x7f0000000140)={0x15, 0x110, 0xfa00, {r7, 0x1, 0x30, 0x30, 0x0, @in6={0x1b, 0x4e22, 0x0, @loopback, 0x10000c01}, @ib={0x1b, 0xd9, 0xffff8001, {"4a50abf0c8ed50f638facd57de629163"}, 0x8000000000000001, 0x2, 0x3}}}, 0x118)
write$RDMA_USER_CM_CMD_LISTEN(r6, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {r7, 0x4734}}, 0x10)
close(0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
select(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000104000000000000000a2c000000060a0904000000000000000002000000090001fc5c7d85d7107d0d00090002007379dc9f5d7a320000000020000000080a45000000000000000000020000000900012488d9f62c32030000000000000000020000000900010073a86a30000000001408000011000100000000000000000000001ff2dad80d0ab0000a000000002000000000674d1d34c2782e0bc38b595a36c893c170997ed17ed63b3767326f58"], 0x94}}, 0x0)
syz_open_pts(r5, 0x141040)

3.800683851s ago: executing program 3 (id=3828):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000001c0), 0x121000, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000380)={0xffffffffffffffff, 0x101, {0x0, 0x0, 0x0, 0x3, 0xfffffffffffffff9, 0x0, 0x6, 0x6, 0xc, "84e80d93d1ad5f8216cac43d4bd2023f0a875b7f48c362723ce4272b377d128f6e209e4ccf96d7dc93be043c21f7bf4b05dd4290024d38aec6436f73d2c351b4", "dc3fc3fe9d1f0a206ec2f8d0c6547b888d51343d15edfe88974b07784c1139a208f0d88937dbc5134ef444c4fed1395253859c3af258dfcf83dc9ca360d1fd7d", "3e174d2449cd168bce09c04c2316e6918f0322ac802faf6852017ee513da5707", [0x7, 0x6]}})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af3fef8ffffff71a400fe000000007110100000000000e5000600000000004704000001ed030407030000060000001d440000000000006b0a20fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212ba"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, 0x0, 0x0)
recvfrom$inet(r2, 0x0, 0x0, 0x40000021, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c36919790"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r4, 0x400c4808, &(0x7f00000001c0)={0x2, 0x100, 0xf7})
socket$inet(0x2, 0x1, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000d40)={r1, 0x20, &(0x7f0000000d00)={&(0x7f0000000c40)=""/13, 0xd, 0x0, &(0x7f0000000c80)=""/126, 0x7e}}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000040000000030a09020000000000000000020000000900010073797a30000000000900030073797a3200000000140004800800014000000000080002400000000014000000110001"], 0x88}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)={[{@lowerdir, 0x3a}], [], 0x2f})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000c00)=0xfffffffa, 0x4)
syz_emit_ethernet(0xbe, &(0x7f0000000100)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @dev, @local}, {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "f4cb985d86dd6266b5efb88a2c87eda081bac8b2f9a49d564054f1c9218f47b3", "cf8743eb4d9e776f94a6a58d36e006ac614f6f7bce9217cbfea31675d4a860cf6003977b1e4dbb16dc31cc76522bf19d", "5043edd2a8cc8c41345f8feb1a7a8e23043b8a465b1ed5bf8bc91307", {"c7193f7edd1efc4742dc481e6f57f901", "948177bcc5dea4029ba4683a6bdcd7a1"}}}}}}}, 0x0)

3.467704035s ago: executing program 4 (id=3829):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x40802, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000080)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x29, 0x6c, &(0x7f0000000200)=""/108}, &(0x7f00000025c0)="2836b60bfad6", 0x0, 0x3, 0x20022, 0xfffffffd, 0x0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r3)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x2010040, 0x0)
r4 = syz_clone(0x2b00b100, 0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
r5 = syz_open_procfs$pagemap(r4, &(0x7f0000000080))
ioctl$PAGEMAP_SCAN(r5, 0xc0606610, &(0x7f00000006c0)={0x60, 0x0, &(0x7f000010d000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x80, 0x0, 0x0, 0x4000000003, 0x67, 0x54, 0x8, 0xe})
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, &(0x7f0000000fc0)={0x0, 0x7c, "dd1294f3c1d604c0cc1942d369cbe36f2b77716e789a255979e00960e1faf34c512a821a75a78c6946d8f7501693ab182b5350cb130e9f22c91b92e47ac7e2fabe28c08573c62cff640ba3c964d949999fd3a4bb3456dd312f06bec667678a4a0fc27a8c888b673520a72ce1b82fe530aabec06615d98ee9b223b182"}, &(0x7f0000001080)=0x84)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r8, @ANYBLOB="0000000080020000625c31cd74e400e3c5cb9cddc11d05bdd06efe3dc29ae591a3e3f688c25e5c9b4fbf42df3450de37c719b8071df833d6dec8f282cba0ab779a9727f509b3244a4a1a5cf3da1df260b2cc5a072449"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r1, &(0x7f0000000f80)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000f40)={&(0x7f0000002600)={0xcfc, r7, 0x4, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_TIMEOUT={0x8, 0x110, 0x1ffc0}, @NL80211_ATTR_TIMEOUT={0x8, 0x110, 0x9}, @NL80211_ATTR_PEER_MEASUREMENTS={0xcd8, 0x111, 0x0, 0x1, {0xcd4, 0x5, 0x0, 0x1, [{0x540, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0x1dc, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0xdc, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1d}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x8}]}, @NL80211_PMSR_TYPE_FTM={0x3c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x40}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x19}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xc}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x40}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xc}]}, @NL80211_PMSR_TYPE_FTM={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0xfff}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x6}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x9}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x4}]}, @NL80211_PMSR_REQ_ATTR_DATA={0xe4, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x5}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x1}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x2}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xf}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x9}]}, @NL80211_PMSR_TYPE_FTM={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xa}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x15}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x15}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0xc, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x350, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0xc4, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x38, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x800}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x40}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x6}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xd}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0xb}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x3c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0xb}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1f}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0xcc, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x4}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x6}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x2}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x2}]}, @NL80211_PMSR_TYPE_FTM={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x9}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xb}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xc}]}, @NL80211_PMSR_TYPE_FTM={0x34, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0xc}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xc}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0xac, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x34, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x35}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x0, 0x2, 0x1}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0xc3f3}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xe}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x5c}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xd}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x64, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x8}]}, @NL80211_PMSR_TYPE_FTM={0x34, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x6}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1a}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0xa0, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1b}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x6}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x9}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xd}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xc}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x8}]}]}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x4}]}, {0xa8, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa}, @NL80211_PMSR_PEER_ATTR_CHAN={0x14, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x17}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x1}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x14, 0x2, 0x0, 0x1, [@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1f3}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa}, @NL80211_PMSR_PEER_ATTR_CHAN={0x3c, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1707}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x15f4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x1c, 0x2, 0x0, 0x1, [@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x5}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x325}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x25f}]}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}]}, {0x328, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0xd8, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x90, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0xc}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x7}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x9}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x5e}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x7}]}, @NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1f}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x2}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x40, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x89}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0xf}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x8}]}]}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x19c, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x194, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1e}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x4c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1a}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x12}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0xe}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x40, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x6}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x10}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xc}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xf}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x7}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x3e}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x1}]}, @NL80211_PMSR_TYPE_FTM={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x8}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x0, 0x4, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xa}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x34, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x6}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x16}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xb}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xa}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_CHAN={0xc, 0x2, 0x0, 0x1, [@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}, @NL80211_PMSR_PEER_ATTR_REQ={0x14, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x4c, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7ff}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xe624}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x127}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9a3}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x9272}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x2c, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x438}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x12}]}]}, {0x3b0, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_REQ={0xfc, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0xf4, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x8000}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xe}]}, @NL80211_PMSR_TYPE_FTM={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0xbd}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xb}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0xd}]}, @NL80211_PMSR_TYPE_FTM={0x40, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xc}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xa}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xf}]}, @NL80211_PMSR_TYPE_FTM={0x34, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xf}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x3d}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0xfa}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x3}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x4}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_REQ={0x28, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x2}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x1ec, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xd}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x50, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xd}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x9}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x124, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xf}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x9}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x2}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x11}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xe}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0xaa}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x1e}]}, @NL80211_PMSR_TYPE_FTM={0x34, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xd}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x9}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0xf}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0xf}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x6}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0xc7ca}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x7}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x50, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xd}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x12}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x8}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x60, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1a}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x6}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x19}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}]}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa}, @NL80211_PMSR_PEER_ATTR_CHAN={0xc, 0x2, 0x0, 0x1, [@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0xc, 0x2, 0x0, 0x1, [@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x10000}]}]}]}}]}, 0xcfc}, 0x1, 0x0, 0x0, 0x20000840}, 0x0)

2.549638097s ago: executing program 4 (id=3830):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000400)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000805000100070000000900020073797a30000000001400078008001240001500000500150000100000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r7=>0xffffffffffffffff}, 0x111}}, 0xfffffe2c)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r6, &(0x7f0000000140)={0x15, 0x110, 0xfa00, {r7, 0x1, 0x30, 0x30, 0x0, @in6={0x1b, 0x4e22, 0x0, @loopback, 0x10000c01}, @ib={0x1b, 0xd9, 0xffff8001, {"4a50abf0c8ed50f638facd57de629163"}, 0x8000000000000001, 0x2, 0x3}}}, 0x118)
write$RDMA_USER_CM_CMD_LISTEN(r6, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {r7, 0x4734}}, 0x10)
close(0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
select(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000104000000000000000a2c000000060a0904000000000000000002000000090001fc5c7d85d7107d0d00090002007379dc9f5d7a320000000020000000080a45000000000000000000020000000900012488d9f62c32030000000000000000020000000900010073a86a30000000001408000011000100000000000000000000001ff2dad80d0ab0000a000000002000000000674d1d34c2782e0bc38b595a36c893c170997ed17ed63b3767326f58"], 0x94}}, 0x0)
syz_open_pts(r5, 0x141040)

2.500328977s ago: executing program 0 (id=3831):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x161140, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r4, 0x4008ae8a, &(0x7f00000015c0)={0x1, 0x0, [{0x1, 0x9, 0x7, 0x1, 0x8}]})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f00000000c0)=0x3)
ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1000700000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd673c1eeda4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d06c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235eaa92143ce4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05be23dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6f89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x2, @empty, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$sock_int(r6, 0x1, 0x2d, &(0x7f0000000100)=0xffffffff, 0x4)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe654, 0x2, 0x4, 0x48, 0xff}, 0x9c)
getsockopt$IP_VS_SO_GET_SERVICE(r6, 0x0, 0x483, &(0x7f0000000140), &(0x7f00000002c0)=0x60)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)

979.906711ms ago: executing program 0 (id=3832):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x161140, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f00000015c0)={0x1, 0x0, [{0x1, 0x9, 0x7, 0x1, 0x8}]})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000000c0)=0x3)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1000700000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd673c1eeda4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d06c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235eaa92143ce4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05be23dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6f89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = dup(r0)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$sock_int(r6, 0x1, 0x2d, &(0x7f0000000100)=0xffffffff, 0x4)
r7 = dup(r0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe654, 0x2, 0x4, 0x48, 0xff}, 0x9c)
getsockopt$IP_VS_SO_GET_SERVICE(r6, 0x0, 0x483, &(0x7f0000000140), &(0x7f00000002c0)=0x60)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)

840.503347ms ago: executing program 4 (id=3833):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r2=>0x0})
connect$can_bcm(r0, &(0x7f0000001ff0)={0x1d, r2}, 0x10)
sendmsg$can_raw(r0, &(0x7f0000001fc8)={0x0, 0x0, &(0x7f0000000ff0)={&(0x7f000000a000)=@canfd={{0x1}, 0x2, 0x0, 0x0, 0x0, "0327e1ee2b5fcef7739c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76b5ee00000000000000004e2f9663a918fa1efd9b0b"}, 0xfe68}, 0xee}, 0x0)

759.656863ms ago: executing program 3 (id=3834):
mount_setattr(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0x100, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000140)={0x0, 0xdffffffe, 0x80, 0x0, 0x0, "8100e1c8e80b598c36ff000800"})
r2 = syz_open_pts(r1, 0x141601)
fcntl$setstatus(r2, 0x4, 0x102800)
write(r2, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xe)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
dup2(r3, r1)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4044000}, 0x4000)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r6=>0x0})
r7 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000003b00)={{0x1, 0x1, 0x18, r7, {0xee00, <r8=>0xee01}}, './file0\x00'})
statx(0xffffffffffffffff, &(0x7f0000003c40)='./file0\x00', 0x0, 0x80, &(0x7f0000003c80)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000900)="8250af4050086781f2f71a245fb9f38443860e4d4c68804ea663d846ba0ae009c425d16c747bcb540fabc0d2d7b3f5a8a2fe6be28bee5da99a8d7c873492b07fe4a69e8f0387753eb08c16b2a484637ddf388b028320911c36ba6c36c63459538d3a34929a4f9bda5aaa1e1d70dbfca03bb0f11d5815db45fe95871a2bf2037cebcda151ca61d2518fe10415925f48d6a66b72a2a8881b184a343a51692fd1392bca3259262d5d0f5a253a36ab9f19486b645f825859930555c6dd1eef6be3a965ffdb7246af067b40e45593e6f4936af786c8b4ae520a2718aedb041d67cffe55c5187ac1655a3d42008f86cdfda3b66dbd6d20d76ea22fe18430245f5d694c73c388420e1805fa9a059be5f4836e7ae55cd31c328e2ac9490db6f5e4d7edb59264405e7312c5f47000bbc6705e2fb330930eed62f9cc275e58f1f2dbcf748fac66ec1cc92959a1d2627c900ffe0581f1d25784f21368cdb9f849b502da4402eec001ffaf43351068ef1d5db4f34f753567146c695ba1627c74e9b3490cb0b5c5e223610eae98ec8fcaaa021c3e15b2b1872817221b743daec86cebcdf8d34acc632bf7c126b856fee832d19c92d18a080bbe19a207c37d8527fc817f8b458692e0d97e322732fa39a83a1c0ee4de7687f451f30c78496b503c3733e9fc481a1f5b14c2678f6d474c65eb84110187836f23ca547e06cda54f38cef0aac1d670c917a79f6ae8bf95861b4ed7338f0fb73848b0e91f775b38b526ff5562afb8820478f75a8c3e4ca0be1a72ba2eef345c04b460a8440387825e388d37e646b5abed08b10d8d4906d5830f31a7f059b432612e7a7b0b182a8cce86a13cd0bc5588d1a013a78d5a955bc5d31ca96ef55e8788fc0e4d673092db734135d76895fc139a06d389e735afb10e3c46c1673eb553b330c4af4f6b5833790b51df94cdbdfa5850162c9e985925c9c47b116f3175b2825766ae185243ee106b1ff806f5e65ec53d9e59693ee11e27a3446c5c7c2b813684fd32940e6d3090c0c3660e1261ca4429461c55dec9d94d5552ca9232d3ef8591fdbc4a83a8b87b87b654b4e23ab34da27df182db1528cb896e7990c30a41d4289a00f9feee155b633a3e43163974b614baf79825f29b1c0bbae64af61aaf08cc2da5ac9665644e9a1f8f21fded89211c2e220e9e41c983eebe5a358afc22695b29887c3079e859b43491055aa628f6e97188941013c592696b95bf3f363be5a5bd4536b823de697bc900815caaf0ebc95b81602c2403db2f07a63697492da6a9f43582b35c0e09ff2f2290dcce61b9a04d8ed8a80d2b95f69c61dd9a4fafcdafd5093f0765131d137a7debb4336473845715f24d62abdd2ec8d4ec556b1bc5daa908b50aa05d9310578e780d32f0645ae50be12dfafcfa3ac2e0a423c413516d406837c91c78a1ba411fc3657c9f53b189bfe303d9a7a1ad5852e7856d43be0cbb20f846589b4fc70bee04d64a9d22aea7cc272bf827bd967f4822218dc0690708c66fe19143d8543ea4e39210390b1d8f94351adeb2ca3a1e3091a9805dadeb71ac28dc43910151de691c0bfac63a10fb93713bc50004a88b67201511df70a6d290fff049c8eb92bfce4578c13bb4dcff4a848258e1f9db35f7f0b5b8afa44c729f85e7af833c6966edeceb43373657b7827f8988e01e3aa7207b450e3090331b58a60235dbb136326c1d32232050e0576263d5622ae63abce8724a3cbc6081d2bf458428d5ec13053169e86806229863903d64bbae9adad1bfcd2e60e62129093477396074074c1957ad621e1d636899de0091efe63c1dcbb0503918fff7b960a11126f2ea12c0a65f48cde332805d66255ed9647f3e9433676a305780211fe03bdb945c88e780fc8d5b84ebd1e9af235da539bbdf982a1ed0d6b68296cb09d9da17ddd35a39818fd213cb5cceff2bddf4883e050f1a6fcb6f2d274dceefd511f5925f5021633ee7ce7d5a8ac7f32b9e6bb6f28b65d4a67809c46027ca08e182ace0e9e7a77c186b57f5de3fdaccd26f803ec7b03371fac49b77e90eac935fe034b2f971e29452ccac7a226d041902bcb069b9c8c8441dccf2ac546e08c60d268d1b86b3cba6b03b3e451d3a2885bc0332ec6a870404f4b93cc8b3150fb016cee6439a73c4aecafc629b9c9019866eb7e2dd8564f66ba4adf7f2fd12ebcd3871d8e666a40df9b69ab665849d8b834fce52ef73d2d018db9492b4b4e8a90d29661b2fff37f7909523ac759c20bbdb072bc268d69156c3aa61a1b120973d3e2a185a27c2b15d99d94ae2365256d54755c8bdddf184740792d47657800f1bdbbb4bd53ae1d954d6265dd04577c46f7c96a138218b860eb7e38709ef0a1af3cffbf20d4c483664ba124a5c9cd59a33e79775b7c7bf9cb2e19a49fc00753becc63e7f975d8258b1845064e0a771af49bd8ef3516f77f9758b1fb9edc18c01deabec93bca0b282b45b03ec126a6d8f22e5c557aa107368aca7dca72bf3feccdf74f75c89199bedc36d6be2a5270cea4b6767994e6fcc7a92ff55ea78a8a9cc204da1c65de51360162c9d10cb2a161d62cc249bd4ad48918b47b69f0c00a140fe0d550e14d71849bfe31e0cfe7b1dba0b4270baa380eaaed1d16255f0dad58241e4e53ba3fbc94a99a2dd020e03d03dfaa6d70919eb16a8ee7a658a9a1b4f514e8ea8f7d9e4d0db9635aef11c443bb28f7841e0aaaf9e6118e90a8dc8009cf8e68f5dd27dcd7d146e8fb471e28edbdb04a3f25997470827ce8fd9e321121e6b663cc1718d959b19d633706d5cc85c443a18a33208d66291732150bf9108f4409e1ece8385b1c0995db472ee37474c53f409495749af2c18565ad30db1729238970467723894f71be4c513339c0933d899b2e4789a50cace5fbe3107598e36b87dab479b4b48e1ae0ee5cb01659a16ade62209522f17addba534f990bc1f981ee370f3b1b65b6114383b83f5e4293bc9c6ba1088fb7e5e1c4eb39c5ad5b1912c6b221156fe3ef3af5c9ccec4f08c6bee08af9cc8192860bfb53d50d4f40b16bb0a3317b0ef7f9023a2a4141bef1fb8dbd59d5dfae64cb7a0f472ca40a6d12ce5c0b9df5c0faae696f1ae0cb702652158d3edbb1f3b535ed4d718f05523022519192ebc4d815af965c1a8d9bb1a7468f3b3bb047f4f7e190f206807e7c5dcd7781ff664796ce9afb768997f200408cc64bc35c006a51037ce50403c7cde41614022f0fb57a492e590d269a52fa9860cc51f2f791f3af731aafc7f0f0f331244209ed7327cd61ca97c53af2212aecb3e80750c9e990bc342573a2e9eb8c3f19bf458d2b5c6f2e2996136a9200bfb2aafba03a9c89dc12ac40dbb14e3aee9e2f61b3ebe1799a2976c228ab9954282e19cdd93d3bb60c6cab886afb186476d99588b3caa76faad2c8976ec534e1bfe0a2978882ecfec5e37111b6b5944211c9160b7e82bac71d2fe957684127ec8bcc38c3828307382dcfa58b8685403fc92d8e8623db9295e1b049ef776b51aff59f34020bff038d5399803e7df263374d66ac5b6815cb2de631f59b045cf5a242b018f67f161d60e280b4ac8a072274720a100b3f319073dd42224a65e05b11e0ab91c66e31549939eacbab420ab4cc742c7f27202e1a007b4d51007dd6ced6bd890577f38420a3a5239ad1c9da46eb31aa30bdc9e4390234acc5c9f0cac1cd5ff0f4590fea229ff751ffaf0bc0ab6d17d8e6247bf6b1c0132b945a9d3ce487fb81cbb8fcd2236b1ea6c66cbe1bcc1efd1b9991a88db6e06a8a879c76b7ab3ece283473eae46fda6115b082eabe5e30a3a97290de97be08648bf4c4957ee4e294b585a2671f9b3a7f0301be32a216c537a4deff75a3a8771c1d0a9b4543719f389fdc7f112d98142877bc45334c78a0f0b6faf4a54d7a02755c9bca68cf34222938f459b54df57992a1ac04d220f1000f558e64f20d0bde6b90fa23c76ad2a2aad41f9d4a0af39439132f6fcbe4e5bd4212fd23695a062cbee98117b5cf967663baabaa62e0760f085cee5316fe454b248b00876759cbb762302f016b61cc473bce707c8125e4a3534829bade04828fa17614f6880faf9ce925bafcd59623a5f578a548276388a56f963634229e2de7c92fd3c5a67009e0cce93e9ba7a04cf70bb0f390f2726757ac9ebffb3f50a3376dd7d77a011640cef88abbd3fd7cbf0df35ea522db7b219a2b00ccd075e3a9d380b417499e48993563e5c53a59dc063ee35172a83ca159a4e3c79575966db7e868ce289039c89d42f6f10f2b0a782e2881a34e8377923c3ff5f67e42700d1155fb4f3462ec600502997c0914460a1d7ccc481900f8094539ae011c80a9079aabc0295a4378dca0d54472f2a6db1d94db4c862509126cd759b63f17ff0a28f6d3dd000613c02e1e5c30fdf7f2a01c9087fb3d817fad84cabe3826dca9189de64e414bc9afbe2199c1e575828f9b2926732b433c8337eca8e987a4c0fd079a5297c264afd5663173f3e2b0a6a41af164eb60ce97d749c713af1457cb0865ee9b7e913c7ecd753b74abf46268a0b5f11e03386230e76423b64820e839b794a8d9d6e6d97311198d3b34b5cf6b5a0d6a6b95554c7d142bb1b3a7dc3a42735615eb034a7cf31b35f391c43f6b540c2d419c76009d3203849992fe58a783f9d968b8d1d204442d2b259a90cbeabb03c164ffa60b70f1ab7277aa7415ab2a4bb65ccf5521ab379ea490705146b8ac61d42a96c33b9c986b7110f0d95cf0c835e343be9592477aca469c7f5cb651f980ce4e4b201cc169cb51b597a0fddd02da23a11cafed79a2838ca953264f324aa403eb30811260e903baa1b5d2d514e55e7480d678862866a5ed3e0967c308cc76cc9e00c6427e0f02b5dc307c50d103bda2503c896671560f31158e85df4369266a2225c73d11b90fe369eed7e42e2d36b54880cf795d68b8f703b09f6ddbe51f5dc84ecf4f9c11aa74a2329acafc038df83b4224c53902138425a280810ac5ea23930ce6b44e1de58dad4b4e62ef66935cc0790a5de8174329d5689b89147b71668876ac3077271f984cbfc5a188bb30e76b38705a22ca8ff41bbd1e69dad58427cc8bb2a6944374300e356428dc2e32cf8c02ff81543cd2240e53e7ca5c2bc2ae117c4038e0dae26c82cc65432494798ddf94366f4124463b56c8211d06f148d4312dd8e7f67a9a8cc1d301276bb2f3ab9e96f0ba6ca461e06b870a45d7bbc06c196c22feab218912c497cf96eaf7c6afb361edd65891cf30c428717a48c3b3da42e827c6e7f0f383fbc3b6acbbec81b44070771306c177218d3bd45d76bdb85fdbbbac02b5e090a59ffd48443ed8eca9a0501133ff6187dbf8a6155b61a01e8f5d16b2e35d005bea97c4c6d85c132bc8bf01ae23330b831102494fb0cb802c847ad3b16c8ecf7b66d01d8973b2cc101a405f5d85b39830acd38175850ce2c89b43009dbcd736e631a7b38948bc5e2b9a12cfd63f99af8967d1c264cf7ce84b745c02139cc367b16bb70cbc9f4e45f52b66e35e448d0e06180713985ffe3865ee7d75afb760fca6cdd5dadddc4752a7a5a3864f742f952f2b0d2319b9d3cd871e4261c29d52c82572d134d40b0e0daf042aaefe6a6975781592114e11906bc614eae38eaf4013e384d865265e7d22e754e6e2c591697b8d9ce71212f8f75ff07ce4d182d7fc1a7c28e75010e932c53249264431d4695bcddeaf07b04100b5958aba76a29f330227541c64f6e66f2f427ebbe67d34495c3161692da40a41727d5dfe864ebfec32fefcffda3d7dddf23565053a4d1ec547b68f277f8b6568c219d8691faef9a75e0cd2df7e4c71889adaf3ed77c5c6ceeacb0be42844941e9671bea70984144d8f3d26b31025442600351bfd66500ba4068186c44285c10acfbc8d921313c57b9ca642d7ccb5211b2f2fc126eddfc271e0e0b27af444b8b1cb7a7421663cd3c7a3c52d60614be5e8068d132131f326da24fc33d6c90f3026d0bbb0806ae7df455bd1fae1f75472b619e9a5b92152dfd3865f4a5d09823d4fb5f72872cfdacc1c03f84f7fe8497eabeb0b9f03e58bff8c5dfad7aff1a5e8a4f3214ba54942ecf5f26e82667e9eab48d75558fc985d0b210232eb8c8ddf4fba22f99566e3ad65254ce02d352fca6ff6c326cdde6599557153647c28c437a42b96421110b13d02ff65ed567c6fb3ba3e557bca387a43ae5b2f2a0578e4d9be11a72a380a906b12d71ad562c0ab0090a74a6f30c0552cb72fd0a04f6ff2c0e0d44294bfefaec2eecb1f7d61a45dc6489d2ae9fcecff98c76dac3989c45d51c203d3ca62c1b49aa6f958128876043cf106dd658d4407a5c683410ba6efc530c8de338ae91544deb68e8b80b33083585d862c0c12a3debf64ed4b73d90e7a5752ab1bf8671b58e8b3cc8a5425252ad5d98ff75baaaec2440a513b2f057289a21d4c33094df0c682eec7b1d0dc1c83fcb3e644075bea93b3bc627e07f093b4803f170eec303c7b479d2f14970b50b2ec5c629187e0882c7516d0a2e9c74f4818b1bfe7301baf514d956ffd7c4bdc49bd6a695ddf78554285a65ebd449c5e2ca0b46fc3d02640eb1986a07283466a7fdb38dd6415d61e87c4a47f087c3e8074a5421324985dc71f1508fa1edda0299d609ee319a7a9ea3ccd9826819e94d13fb33f0aa703431c9be930257a8f08f810ceda6ceec7a7da878b5991b46406b0ca984b97889c1c86c82bf345c067beb7151956c9034f784f754072cd101254f5c644631d32a9ae25c7a42af1939e4ba5c39b6281dadd1f44fb1b6a94bd3cdf1969d387a50a6b8d00db961bae26589f66ce7f9a23d9562a8fe3fd5d03b3e5a7a51bb42394a20497b6d27309183468e9f7f8374648f0a4a5619f4b2b237e6ee404e2e02c0269c9faa052f8811ad8f259bf98c6c4accb8634013b50d9f36ad52c4d8222526d9aa984c1a83f8b98cd4fbb0afcd7e99bc52cdcce9de63a88d36e1fd449cf955bd6f97cb9bbfcf9e15f35a15e4ad49c1549f276c36074966c5e9b066451418c35353ab85b173fbd0e13e80b0484f9e19486713bcd503a446f4f7007fdc1cee0818726d23845aa5264671724a1b16b4f85f6c96c61b38f4bc3f60fd7b177f5fda96db33f2712540b924a71c6a2cc0ed18df73f969dce9f01d73b1d6298f795af464c3daed3efa214c2b745b2d3566aea650a97af94a6a2295cb9cd486497874dcdbec26b7f5eaa7bd88467262b0d794a4f90b4a866763750448c1d77645f4ae2523167cffe5a4307a57793840edacc70136e0478cce45d49bc49de64d361b612f7a609770a841a188bc446e1a03a3618a674f68428855491f990cdd36f9b2beef878055948163b055f2feecec2b0962236e3b771a93ec2dd9ccb2684f9770c9483555591c800f5d493d8aa774021cbbaea04ad900ae0bd9e7a42a04637a54959b564bcb226d6d6dac6e295da87d90aac44a76d355a0cea296ae0a597a957037e742e54808b86cc896aa19629751216d9174107ad6be4ba8a9d20df42f655fb1988814a4c2286feb47c5644157367d2029e0de418266f4943d926bdf68d7ba1f26301272e77b099f7f9c468745d7dfe50511d2711e0bfc1779bfad96cec7f60968cf93eea700a9138f3d2d7b34b0fb1ccbd3f50accb19b4e7b4e246bcfde262617a8efb0544630ffb7014d9452352fbd9ec4dd0896af7e11dcc616bec0d645ddabaab0cad569b8e6cd6628ac5dba6d164efad1d66f883315e83be03e3b1a2dca88bf0de67d491cfeda69f24e61dc03ba950098966cd18eae94f6904e7f96284295583897f384a7c465bb9fdbb431f9ed51ed2417b501d116fbe25026a24476e66734e1426f156f6db88a09203e27df328b8669527f0f01d28d7f5a80a8ab6ae5c0e420962c4aba1b89e853bd3d7e0478f9009cd07ac6cdb6e03ec6e31d742485399b4e02c5dd0c1bdbaf05b6fb7e8bb37f93c7d98d1f70c6dedf9ac29fc437b97be144c5e2434cb53b21db17c28eb50fe8dbc8fdca90f1c6874013560bad0aef808fade248c7d2e77aefaa52a1358dcc76c023e8fbbf68c5ca53d5d3decba90b998aeb94fd80573c992339796e976ae9d6b7f5373239dfbc2e8f3d9ff15168933a6477d1bb14b9ad6d6174212ce7e22f0069069ab5c31eb7c2784f3f847c3d3334f598093fae73166bd865ab5223f8b2aae4c17a1f48cdc65e7299d6d466efe975d143b89818b22608f9cf3c51aba69954a3acfcd55c42493a6af259b7aef02867e1e086d38e6d4a101826ce82c46619850bbd21443723a1c0b4edb7389114a0cf44ccbf3ee8347925099c6e61ae1ee8cfaf6fa4a3947fa2c9e5087f4c6bb673f664dccf91fae80670f7423113c132c82e8b5b1b842decf58848160a7d22404e97fd808b26397c398ceb816b8d88ce34d05ed130483c5b0f79e6cf12295b55b3fd89320a64045fe76211db1aabbeb0ae1c6bfb099ff997d0fb47b9074165a0d2b86aa59c37db4c6efa5b0a714fed6d33662f6e4382566235fc91cd4400520df9d8f0195be0e5c3d5b9100da274b43adcf711fd2eb8bdbf50dd819626819800a45d5aaf97e4d72e9b2c871ef690427d3ee347a8b241cc2d9a62e9380a577f752f5962892946f15a1db22cb85336bb688528ff784d58613d0141a067a665ab07fb72bea2b0a5ebfc895d5f90a1e8327f668df35c81c00fff305b75303eb2d894861cb1f2deb91201372cd30647a62b9e42fa5fb65bdf93cc7586ca77eadc7ea6f3ad4f2187653e4976dedb065389819a394e34cefb52f3f05c7853cf9fdfb10d07cf1f61970e555837be7e9cca91b50fd447c462c02ad4ca3dc7fcd47adfe2782b8f6131de4debafd2f1d65f7c96f67489ae81686f2c29a2d3af0eb2161f59ddeec21412b70a543edd25a6e46f7a8d1f84b9fbd9151b48ab8e288ee4ec6d1ebfd366e3a6fbae0ff9597316fb05beec81d65b5291e1d0c4945d2a6a261048f8d6b8a25a1864c7fb7a9afcd70a64f139af76995ffc3eed64a91d95026c3dd073ee9d7bc108b7fbcb77a8daa74bb9c95d5eb1e03339c2f973b25bfbf6366508d81bf438d1acf59a723608292bb281ea5972e929c9adc73afb5c3ca21f2cbdf597530524dae689ea4ddddd8eac98faaf43972cff6a7065bf89df092bcb933fe59e216a7e1bf30ce3866c156614c2304dfd9addb73ec3042b8df8211dc7fee836472805382394f3ba12db3b350a2de83c12aba6b6ea7cb50b3ae1371b08e1dd9ed6440c872f0d8ea9a8622fbf3079409eed8dad4d93455bf46664b8c3f4b80dcbcf411c0dec053d197a300da004a88faa1eccdc3f62ed46f546e0f4a12d1e3c6a5fbf3a4000eec9bd1d328fb935db75fdb52c3de7119e9bbb2930762cc91b0bb7ff338767b3bbdc23b13a622da3a5e0f10b50e6af79efc174ba1c552a70cdcd51c901bb0c8fca1e9a280edfe21aedc6a78616ff3be184edc1c80c99f1613509015f89cb4bb2f3f3b994180f685b7362795e1d7c059c283fea274f1f7ef552fda5b63f09eba21b1551bb123c69bb6d7b726504af5edb9db41ce2b6c88a96537508e284b78ea91c7d172dc525f4230fa414d48a2265ef7e738687886105adf50a66e30558f6d872e2f355b0bf13225b6b5e39109340552a5f829905db838ed058f1abf45dcdae2a53b04c9d223660bf49c3daa388e16fac2f12e4b8f80a747e887223495c3e70403a31a418d2cb00a9b433dee96ebca8701bf360f1e29d6c4bfacfdaa3ee51f9c9a9eff906561d10399598d783ed8340c8d625ce3f63f0128f13feb1dfb7c955749ed16d148f6c26758bbad39f5c0e9d709be22f853849082a35bf7e3eb85a54454be83c630870fcc62743b0d6222b48f1e05863b2ae12d49843d667fb983d0e53230b62d029c6caaf1c5b03671f3d2564148803170d339f2075538e593d810ad0372653eae0f33c183dcf7acbad803c7157797469684421e1043b68d9aefd4c7968c16464160e9ea8a44dfe0f04c3663e316bd35edb8ba661410980a48eae34610de5efae6bef45bf1d568c88ac9c90b256e1a86ebaea3449f691ebdfdcab75636742ed1fee03385cbb9a1eca0047bb264c7413dc34daaddd488a77ea709dc93719c45690b01217ace9e75c88f0829654bd1054b1ca4bd51e0465d9f491d9887de15056dce06799a13a31cb8e1f19b69b69e4b162b5bd8a62e0ea7a0ee05dfc672eb815be3f6e247d27ebebbb25caf8ef007519b38fd28c077e2776383dd5e624149192c5e052b8b58a4f264daa112ccfc8de27b8fb99939701e55dbf73ae0843ff3c97e3f9272066c8fb6a8d951e06f892ff33ecdc422946199d5846176073302bec9183d2c3b7835a6358e4de4b258b63901084e20c619c4d5a8c08fba6de7c8fed7d0fc797f822d4a60e30026a4ce87ef09cb7390243bbc700da431756b90dca84a6cd63def9d95dca1b0e45cc2ae9e9eeca4e249bf842c39e9f77c0d8b99d19a125d2ef5636193c829a0b2bc5c728b9b3c931133ee26f9e95dcba559fadea050aad77e82a0a1fe1de0961d50186b890c6094fe655e621145e7a28cc8f5af1cd0efd832eb6673e95bfd3e8ca89ce185a8ea9f75cabb91e4c018eda0c1f93a2dffa7c6fd0a00b219f56ab63bb7d9dbc4ae3d1f6b6f2e2cbb43c2edd160086caa035f2b724210f1f52d585bacd111fa3252ec2d02c02515525463a22e7ea6351e1cf633c5dd8095189ca747b715f5154888e9e4096a75cfa59c15ff121ed9f4996c661394aacbc7df751c2ab46200bf30593048b4367b76e7662004bb10d3a830ed1db7cab761a808a42cc88c353c710863eee0f1184bffe15c5a4ca0c914593aa4e52e05cc3439d90c2aea43a2616ea09ed00005e96b87722bd2629ba5f27d50ea862352159fe00c62a1e8956e55204cbad7868611d7300b1cdbee60d4a64eefa7de5f7521fb1a1bb32287b6f87b6a766e0ea315edb93afc80daa448694c1e7dcb01e5a0a7358a306a9897f5da37451b233ac46bba6bf0f87794a3c3d44fb7f0da1bfb15d50931dfd80ca4df6cd9cefaf5298a874ae83f00acce36617c9784d5c3aed023e50807940110260ede0d964c7fa82f20fe9e08778ff02b150578466e51b537e924e5ce64a800f0a024ebc6727be7e5cd3de44bd625410365a4e640a309c76fdb363cd806ae0ef9569b705cd8342beb7bed5bd341ee288e3e83783f2fc18c2c0d2c90819626eaa8316311ca923bad235edbe5f91f81dcaa94b19a3a6d787fdc89857b88c1e30ed29930647a5c6aa609c376414c500a06d36df0ff31c88727bdc465bf6d0cbcddc03b237334edcc4cc0a934a62753f5baae8532925d0488bb3da8794f4d0316319d5094dbc7b9ba6e23198ece3f639e364df1f0b8d795b60aa9470c5c6a0ee90db203dc3fc8c4516f0a6064372a87b78a896dd51be69feacd6c65edbec19afdeb4aef0e5e2d3db063249aef86fcd7bcfec0e7f8082b95e436a52931a0b80de2363be2fee14cf49b7110a70741a1123785d260a88195d9d1a75a27ee3fe9693e80edd4779f28939f36da3ff04b9f3c7a403d780cc09e69ce67e1b90c72646fe92", 0x2000, &(0x7f0000003ec0)={&(0x7f0000002900)={0x50, 0x0, 0x0, {0x7, 0x2d, 0x6, 0x208000, 0x3, 0x8, 0x44, 0x9, 0x0, 0x0, 0x4, 0x8000}}, &(0x7f0000002980)={0x18, 0x0, 0x2, {0x8}}, &(0x7f00000029c0)={0x18, 0x0, 0x7, {0x7}}, &(0x7f0000002a00)={0x18, 0xfffffffffffffffe, 0x667, {0x7f}}, &(0x7f0000002a40)={0x18, 0xffffffffffffffda, 0x2db, {0x6}}, &(0x7f0000002a80)={0x28, 0x0, 0x795400b0, {{0x3, 0x8000, 0x2}}}, &(0x7f0000002ac0)={0x60, 0x0, 0x2, {{0x10001, 0x90, 0x0, 0x2, 0x400000000000006, 0xda1, 0x6, 0x3}}}, &(0x7f0000002b40)={0x18, 0x0, 0x5, {0x1}}, &(0x7f0000002b80)={0x18, 0x0, 0x0, {'devlink\x00'}}, &(0x7f0000002bc0)={0x20, 0x0, 0xa555, {0x0, 0x10}}, &(0x7f0000002d40)={0x78, 0x0, 0x3f67, {0xd6, 0x3b, 0x0, {0x0, 0xfffffffffffffffb, 0xa0, 0x200, 0x0, 0x8, 0x7, 0xfffffff7, 0x6, 0xa000, 0x3, 0x0, 0x0, 0x7, 0x4}}}, &(0x7f0000002e80)={0x90, 0x0, 0x800000000000000, {0x5, 0x1, 0x7, 0x7, 0x8, 0x500000, {0x5, 0x7, 0x1ff, 0x6, 0x3, 0x3ff, 0x8, 0x401, 0x7fffffff, 0x6000, 0x4, 0x0, 0x0, 0xfffffffc, 0x1}}}, &(0x7f0000002f40)={0x30, 0x0, 0x1, [{0x1, 0x6, 0x8, 0xe5c, 'nl80211\x00'}]}, &(0x7f0000003540)={0x510, 0x0, 0x7, [{{0x6, 0x1, 0x4, 0x200, 0x5, 0x9, {0x1, 0x0, 0xc, 0x2, 0x1866, 0xab1b, 0x6, 0x3, 0x3613, 0x1000, 0x6, 0x0, 0x0, 0x6c, 0x87}}, {0x4, 0x0, 0x8, 0x7, 'nl80211\x00'}}, {{0x4, 0x2, 0x9, 0x3, 0x7, 0x1, {0x4, 0xea, 0x101, 0x0, 0x53eb, 0x4, 0x493d6a0e, 0x6, 0x5, 0x1000, 0x100, 0x0, 0x0, 0x1}}, {0x0, 0x3, 0xf, 0x9, 'cgroup.threads\x00'}}, {{0x5, 0x0, 0x1000, 0x401, 0x161a, 0x6, {0x5, 0x3, 0x81, 0xf, 0x800, 0x400, 0x0, 0x2, 0xc, 0x4000, 0xfffffffa, 0x0, 0x0, 0x6, 0x10000}}, {0x5, 0x400, 0x7, 0x6, 'TIPCv2\x00'}}, {{0x2, 0x2, 0x5, 0x401, 0x800, 0x5, {0x1, 0x7fff, 0x6788, 0x7ff, 0x22bf, 0x2dc88668, 0x5, 0x2a5, 0x3, 0x4000, 0x6, 0x0, 0x0, 0x8, 0x4}}, {0x5, 0x8000, 0x0, 0x3}}, {{0x5, 0x0, 0xffffffffffffffff, 0xd, 0x5, 0xcc000000, {0x0, 0x9, 0x7, 0x81, 0x200, 0x1, 0x9, 0x9, 0x3, 0x6000, 0xfffffff9, 0x0, 0x0, 0x5, 0x21}}, {0x4, 0x7, 0x8, 0x48, 'devlink\x00'}}, {{0x0, 0x3, 0xc, 0x5, 0x6, 0x1ff00, {0x2, 0x7ff, 0x0, 0xfffffffffffffffa, 0xb, 0xc7, 0x8, 0x4, 0x7, 0xc000, 0x8000, 0x0, 0x0, 0xb, 0x1}}, {0x0, 0x401, 0x1, 0xbd14, '\x00'}}, {{0x6, 0x3, 0x1ff, 0x9, 0xcc, 0xa, {0x3, 0x9, 0x9, 0x6c800000000000, 0x2, 0x190, 0x58, 0x4, 0x5, 0x8000, 0x80000000, 0x0, 0x0, 0xfffffffb, 0x8a41}}, {0x6, 0x80000001, 0x7, 0x101, 'TIPCv2\x00'}}, {{0x2, 0x2, 0x8b, 0x59, 0x9, 0x9, {0x4, 0xfff, 0x7, 0xa71, 0x5, 0x6, 0x3, 0x2, 0x8, 0x6000, 0x1, 0x0, 0x0, 0xff}}, {0x3, 0x4, 0x3, 0x8ba, '/%^'}}]}, &(0x7f0000003b40)={0xa0, 0xfffffffffffffffe, 0x9, {{0x0, 0x0, 0x6, 0xc78, 0x81, 0x1000, {0x5, 0x80000000, 0xff, 0xa8, 0x2, 0x2, 0x92, 0x5, 0x9, 0x2000, 0x5, 0x0, r8, 0x4, 0xffff}}, {0x0, 0xf}}}, &(0x7f0000003c00)={0x20, 0x0, 0x614c0000000000, {0xd, 0x4, 0x0, 0x4}}, &(0x7f0000003d80)={0x130, 0x0, 0x100, {0x100000001, 0xffffffcb, 0x0, '\x00', {0x2000, 0x1, 0x3, 0xa4d, r9, 0xffffffffffffffff, 0x8000, '\x00', 0x4, 0x5, 0x5, 0x100000001, {0x3, 0x7a}, {0x9}, {0x3, 0x136}, {0x5, 0x3000000}, 0x1, 0x80000001, 0x74e, 0x3}}}})
sendmsg$nl_generic(r5, &(0x7f0000000900)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000008c0)={&(0x7f0000000580)={0x338, 0x39, 0x300, 0x70bd29, 0x25dfdbfc, {0x1a}, [@nested={0x161, 0x152, 0x0, 0x1, [@generic="0c1c7883095f7dd6e60fc033358a0a44a3398390483d21bf4c923407e14a759120e08439295629e0255723ab7e6fa93706513ed5c22df03bd930f83b69064d31836b024a96aabb15c4f2eabacbe26cea6b1872481c6e05c9775f7dbe5b82603a4f4ac12ca8f3ffa9415839ddee3d191a494a67", @nested={0x4, 0x4e}, @typed={0xe, 0x14, 0x0, 0x0, @str='.\x97-\'\xec{@-{\x00'}, @generic="e52f67d29f8a566f9f72b88783f910aa95c08bdb42970303fc12f76cbd874528a3b2a174eea8a5a45bd80c2fc037ef002214f998edfa3e63970a92781a9847f86c896770742628bff5cac87f97ea5157b653b58fb43f76c069a333dfc241a35156fe313a1dcbf21bf798cb3b017005981c889473bdf2a22a3c5ac85f083e50dc1e5fdecb2cb74f0762ef7f6fe553f97fdacaa328816af3af21ad7d09937e7618609cf408f377d3acbbddc5c07d99af6902fe259a247626b7a6a6372d329f71e97f0da38085e9116669057d1b3cd3631f0db867c0d102"]}, @generic="ced786e9718f624ab41b6dac67693c8c17c50be83a50d8833239093db77099e7e245589698276d07985294cd5dd2f6bbb766e85c472025bcff6f5609f1e27b948e0fc88b22760ae2ac795b2b7e3e43c403e0c29ea3c9b070b59589cdc0f0762d0c0f8f48d0595c3a7cb3c6d0c6dc0c4cdbff84c2654cb4d43aae4863499b05973cdf990f77217396c4f07ced46e4e7c8c063cd502b48f3fbe22f67cfb569b063c844e302abafcd745e850e69f4a2bdf59978d06bf2ea5fcf12d41df6c60e7addba702d2275473b744aa2251f6483501ae5a6d62b16ea0f01246bfadc0b38b4abd03ecce4f40d43c9d4a8066ef5c86584bf67a65334f4", @generic="0a223bbd92e6a2735f7ee18fb6f06e1210d7e4017d14d227c713efefbfc0e5b5b7650457227f007f017fd7caa73a449ba48125acbc3911465f04b418f961bc515a7f3dc15d7b3714f143d699603b6e06676c99a84d4749f2207abcd6e17478fb", @nested={0x68, 0xe6, 0x0, 0x1, [@nested={0x4, 0x144}, @typed={0x8, 0xee, 0x0, 0x0, @uid=r9}, @typed={0xc, 0x101, 0x0, 0x0, @str='nl80211\x00'}, @typed={0x14, 0x125, 0x0, 0x0, @ipv6=@remote}, @typed={0x14, 0x67, 0x0, 0x0, @ipv6=@local}, @typed={0x8, 0xf9, 0x0, 0x0, @fd=r5}, @typed={0x14, 0x14e, 0x0, 0x0, @ipv6=@mcast1}, @nested={0x4, 0xae}, @nested={0x4, 0x87}]}]}, 0x338}, 0x1, 0x0, 0x0, 0x40}, 0x40)
sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r6, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0)
r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r10, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r11)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r11, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r11, 0x74)
r12 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r12, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)

598.496643ms ago: executing program 3 (id=3835):
r0 = landlock_create_ruleset(&(0x7f0000000000)={0xa091, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
timer_create(0x1, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040), 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000)
recvmmsg(0xffffffffffffffff, &(0x7f0000006880)=[{{0x0, 0x0, &(0x7f0000002ac0)=[{0x0}, {&(0x7f00000015c0)=""/245, 0xf5}], 0x2}, 0xb2}], 0x1, 0x102, 0x0)
r2 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
recvmmsg(r2, &(0x7f0000001740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xd000}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$FS_IOC_GETFLAGS(r3, 0x80046601, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv2(r4, 0x0, 0x0, 0x867, 0x0, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0xf1, @empty, 0x19f4929}], 0x1c)
listen(r6, 0x100)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$inet_sctp(r7, &(0x7f00000000c0)={&(0x7f0000000000)=@in={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000300)="d9", 0x1}], 0x1, &(0x7f0000000100)=[@dstaddrv4={0x18, 0x84, 0x7, @local}], 0x18, 0x48d5}, 0x8050)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r8, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="55ae436011c69df1b144e8c0cbb54ba01bb1e541f96e61023c00000070009e", @ANYRES32=r8, @ANYBLOB="0c00018005000300040000000c00018005000300030000000c000180060002000e000000"], 0x3c}, 0x1, 0x0, 0x0, 0x5}, 0x4)

266.251ms ago: executing program 3 (id=3836):
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0xfff, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCGPTLCK(r1, 0x5420, &(0x7f0000001d40))
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
r4 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e008104df635e731a5bfcd942f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd4f6cfdfe756bc00d08e36655c00"})
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402505a8a4410001020b0109021b00010100c00009040000020701010009050102"], 0x0)
syz_usb_control_io$printer(r7, 0x0, &(0x7f00000011c0)={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}})
r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r8, 0x604, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @quota={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x2c}, @NFTA_QUOTA_CONSUMED={0xc, 0x4, 0x1, 0x0, 0x7}]}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}, 0x1, 0x0, 0x0, 0xc}, 0x20008844)
close_range(r5, 0xffffffffffffffff, 0x0)
readv(r3, &(0x7f0000000e00)=[{&(0x7f0000000900)=""/215, 0xd7}], 0x1)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc040563d, &(0x7f0000000080)={0x1, 0x0, 0x2, 0x4, {0x4, 0xfffffffd, 0x2, 0x9}})
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r10 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$KVM_GET_API_VERSION(r10, 0xae00, 0x0)
ioctl$TIOCL_PASTESEL(r9, 0x541c, &(0x7f0000000000))

633.209µs ago: executing program 3 (id=3837):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x161140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000015c0)={0x1, 0x0, [{0x1, 0x9, 0x7, 0x1, 0x8}]})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000000c0)=0x3)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1000700000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd673c1eeda4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d06c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235eaa92143ce4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05be23dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6f89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

0s ago: executing program 4 (id=3838):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="2000000052000100a6bd700000020000020000000c00010001"], 0x20}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x34, r2, 0x6a9354ab0d020bb7, 0x0, 0x0, {0x2a}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1)
sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000240)={0x120, r3, 0x10, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_QOS_MAP={0x1e, 0xc7, {[{0x2, 0x4}, {0x7, 0x2}, {0x8, 0x1}, {0x7, 0x5}, {0xbb, 0x5}, {0xe, 0x5}, {0x10, 0x1}, {0x3, 0x7}, {0xe, 0x4}], "8c7aa8c8478b4a05"}}, @NL80211_ATTR_QOS_MAP={0x30, 0xc7, {[{0x8, 0x3}, {0x5, 0x5}, {0xf8, 0x6}, {0xf1, 0x5}, {0x7, 0x2}, {0xb, 0x1}, {0x4, 0x6}, {0x10}, {0x1, 0x1}, {0xf8, 0x5}, {0x6, 0x3}, {0x4, 0x2}, {0xa, 0x6}, {0x8, 0x3}, {0x6}, {0x81, 0x5}, {0xd9, 0x4}, {0xa}], "03975be38447fdcd"}}, @NL80211_ATTR_QOS_MAP={0x14, 0xc7, {[{0xd, 0x6}, {0x1, 0x2}, {0xd}, {0x3, 0x2}], "26fe758c06da62f0"}}, @NL80211_ATTR_QOS_MAP={0x22, 0xc7, {[{0xf, 0x2}, {0x7f, 0x3}, {0x7, 0x6}, {0x6, 0x2}, {0x6, 0x4}, {0xfb, 0x7}, {0x3a}, {0x9c, 0x7}, {0xff, 0x5}, {0x10, 0x5}, {0x9, 0x6}], "333d7190fe9238f8"}}, @NL80211_ATTR_QOS_MAP={0x20, 0xc7, {[{0x2, 0x1}, {0x1, 0x1}, {0x9, 0x7}, {0x7, 0x1}, {0x7}, {0x7, 0x3}, {0x5, 0x1}, {0x80}, {0x3, 0x2}, {0x5, 0x5}], "0acdf0a53feae113"}}, @NL80211_ATTR_QOS_MAP={0x20, 0xc7, {[{0x81, 0x7}, {0x3, 0x1}, {0xb, 0x2}, {0xff, 0x1}, {0x6, 0x2}, {0x4, 0x43}, {0x8, 0x1}, {0xe, 0x4}, {0x4, 0x1}, {0xf8}], "e944dea722c8b006"}}, @NL80211_ATTR_QOS_MAP={0x34, 0xc7, {[{0x6, 0x3}, {0x1, 0x6}, {0x40, 0x4}, {0x7, 0x7}, {0x6, 0x4}, {0x7, 0x2}, {0x7}, {0x1, 0x86}, {0x8, 0x3}, {0x9e, 0x5}, {0xd7, 0x3}, {0x9, 0x1}, {0xff, 0x4}, {0x1, 0x4}, {0x4, 0x5}, {0x8, 0x3}, {0x2, 0x5}, {0x3, 0x7}, {0x80, 0x4}, {0xe6, 0x6}], "7e506a1e49923c77"}}, @NL80211_ATTR_QOS_MAP={0xe, 0xc7, {[{0x2, 0x1}], "b2a0aedef3c3462e"}}]}, 0x120}, 0x1, 0x0, 0x0, 0x40}, 0x41)
r4 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e23, 0x3fc, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfffbfffe}, 0x1c)
syz_usb_connect$cdc_ncm(0x0, 0x72, 0x0, 0x0)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$XFS_IOC_SCRUB_METADATA(r5, 0xc040583c, 0x0)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r4, 0x84, 0xc, &(0x7f0000000400)=0x8, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x2, 0x8000}, 0x50)
setsockopt$inet6_mtu(r4, 0x29, 0x1e, &(0x7f0000000040), 0x4)

kernel console output (not intermixed with test programs):

sb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  764.566994][ T5971] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  764.578115][ T5971] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  764.590275][ T5971] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  764.598071][ T5971] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.601031][T17417] fuse: Unknown parameter '�
p0x0000000000000009'
[  764.664108][T17419] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3105'.
[  764.821959][ T5971] usb 6-1: usb_control_msg returned -32
[  764.833625][ T5971] usbtmc 6-1:16.0: can't read capabilities
[  764.862608][ T5971] usb 6-1: USB disconnect, device number 18
[  764.945918][T17425] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3108'.
[  765.628361][T17431] The dccp option matching is deprecated and scheduled to be removed in 2027.
[  765.628361][T17431] Please contact the netfilter-devel mailing list or update your nftables rules.
[  766.470758][ T5971] usb 9-1: new high-speed USB device number 55 using dummy_hcd
[  766.525978][T17450] netlink: zone id is out of range
[  766.530957][T17450] netlink: zone id is out of range
[  766.532757][T17450] netlink: zone id is out of range
[  766.539341][T17450] netlink: zone id is out of range
[  766.541390][T17450] netlink: zone id is out of range
[  766.558330][T17450] netlink: zone id is out of range
[  766.560704][T17450] netlink: zone id is out of range
[  766.567426][T17450] netlink: zone id is out of range
[  766.569168][T17450] netlink: set zone limit has 8 unknown bytes
[  766.595496][T17448] netlink: zone id is out of range
[  766.633867][ T5971] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  766.641800][ T5971] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  766.645832][ T5971] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  766.650262][ T5971] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  766.654879][ T5971] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  766.657731][ T5971] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  766.672114][ T5971] usb 9-1: config 0 descriptor??
[  766.674208][T17445] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  766.706564][T17459] FAULT_INJECTION: forcing a failure.
[  766.706564][T17459] name failslab, interval 1, probability 0, space 0, times 0
[  766.713115][T17459] CPU: 1 UID: 0 PID: 17459 Comm: syz.3.3121 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  766.713135][T17459] Tainted: [L]=SOFTLOCKUP
[  766.713139][T17459] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  766.713146][T17459] Call Trace:
[  766.713151][T17459]  <TASK>
[  766.713156][T17459]  dump_stack_lvl+0x100/0x190
[  766.713179][T17459]  should_fail_ex.cold+0x5/0xa
[  766.713196][T17459]  should_failslab+0xc2/0x120
[  766.713212][T17459]  __kmalloc_cache_noprof+0x7a/0x6f0
[  766.713229][T17459]  ? sctp_add_bind_addr+0xae/0x3e0
[  766.713243][T17459]  ? __sctp_v6_cmp_addr+0x206/0x530
[  766.713291][T17459]  sctp_add_bind_addr+0xae/0x3e0
[  766.713309][T17459]  sctp_copy_local_addr_list+0x349/0x550
[  766.713330][T17459]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  766.713350][T17459]  ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360
[  766.713365][T17459]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  766.713385][T17459]  sctp_bind_addr_copy+0xe0/0x530
[  766.713406][T17459]  sctp_connect_new_asoc+0x1c9/0x770
[  766.713424][T17459]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  766.713439][T17459]  ? sctp_endpoint_lookup_assoc+0x15c/0x2a0
[  766.713454][T17459]  ? sctp_endpoint_lookup_assoc+0x15c/0x2a0
[  766.713470][T17459]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  766.713487][T17459]  sctp_sendmsg+0x1743/0x22e0
[  766.713506][T17459]  ? __pfx_sctp_sendmsg+0x10/0x10
[  766.713521][T17459]  ? __lock_acquire+0x4a5/0x2630
[  766.713536][T17459]  ? aa_sk_perm+0x309/0xaa0
[  766.713554][T17459]  ? __pfx_aa_sk_perm+0x10/0x10
[  766.713571][T17459]  ? __pfx_sctp_sendmsg+0x10/0x10
[  766.713587][T17459]  inet_sendmsg+0x11c/0x140
[  766.713602][T17459]  ____sys_sendmsg+0x98d/0xb70
[  766.713618][T17459]  ? __pfx_inet_sendmsg+0x10/0x10
[  766.713631][T17459]  ? __pfx_____sys_sendmsg+0x10/0x10
[  766.713650][T17459]  ? _kstrtoull+0x13c/0x1f0
[  766.713667][T17459]  ? __pfx__kstrtoull+0x10/0x10
[  766.713682][T17459]  ___sys_sendmsg+0x190/0x1e0
[  766.713700][T17459]  ? __pfx____sys_sendmsg+0x10/0x10
[  766.713717][T17459]  ? __lock_acquire+0x4a5/0x2630
[  766.713742][T17459]  __sys_sendmmsg+0x2ff/0x430
[  766.713757][T17459]  ? __pfx___sys_sendmmsg+0x10/0x10
[  766.713776][T17459]  ? __fget_files+0x215/0x3d0
[  766.713796][T17459]  ? fput+0x79/0x100
[  766.713812][T17459]  ? ksys_write+0x1ac/0x250
[  766.713827][T17459]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  766.713843][T17459]  ? lockdep_hardirqs_on+0x78/0x100
[  766.713860][T17459]  __do_fast_syscall_32+0xe7/0x950
[  766.713871][T17459]  ? lockdep_hardirqs_on+0x78/0x100
[  766.713889][T17459]  do_fast_syscall_32+0x32/0x70
[  766.713900][T17459]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  766.713916][T17459] RIP: 0023:0xf7f43f7c
[  766.713927][T17459] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  766.713938][T17459] RSP: 002b:00000000f540650c EFLAGS: 00000292 ORIG_RAX: 0000000000000159
[  766.713951][T17459] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480
[  766.713957][T17459] RDX: 0000000000000001 RSI: 0000000000008000 RDI: 0000000000000000
[  766.713964][T17459] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  766.713970][T17459] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  766.713976][T17459] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  766.713990][T17459]  </TASK>
[  766.890663][T14109] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  767.039785][T14109] usb 6-1: Using ep0 maxpacket: 32
[  767.044116][T14109] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  767.047778][T14109] usb 6-1: config 0 has no interface number 0
[  767.050559][T14109] usb 6-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  767.055730][T14109] usb 6-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  767.062747][T14109] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  767.066490][T14109] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  767.070168][T14109] usb 6-1: Product: syz
[  767.072068][T14109] usb 6-1: Manufacturer: syz
[  767.074267][T14109] usb 6-1: SerialNumber: syz
[  767.079151][T14109] usb 6-1: config 0 descriptor??
[  767.088094][T14109] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  767.100547][T17445] overlayfs: cannot append lower layer
[  767.108833][ T5971] usbhid 9-1:0.0: can't add hid device: -71
[  767.112828][ T5971] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  767.129524][ T5971] usb 9-1: USB disconnect, device number 55
[  767.375600][T14109] usb 6-1: qt2_attach - failed to power on unit: -71
[  767.379204][T14109] quatech2 6-1:0.51: probe with driver quatech2 failed with error -71
[  767.389002][T14109] usb 6-1: USB disconnect, device number 19
[  768.698778][T17475] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3127'.
[  769.633615][T17517] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  769.866547][T17523] overlayfs: failed to resolve './file1': -2
[  771.777443][T17544] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  771.837009][T17545] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  771.983193][T17549] netlink: 228 bytes leftover after parsing attributes in process `syz.1.3146'.
[  772.123887][T17557] net_ratelimit: 161 callbacks suppressed
[  772.123902][T17557] netlink: zone id is out of range
[  772.132257][T17557] netlink: zone id is out of range
[  772.142498][T17557] netlink: zone id is out of range
[  772.147519][T17557] netlink: zone id is out of range
[  772.156482][T17558] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  772.160001][T17557] netlink: zone id is out of range
[  772.162486][T17557] netlink: zone id is out of range
[  772.164742][T17557] netlink: zone id is out of range
[  772.166934][T17557] netlink: zone id is out of range
[  772.169283][T17557] netlink: zone id is out of range
[  772.181256][T17557] netlink: zone id is out of range
[  772.185702][T17560] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3150'.
[  772.278796][T17560] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3150'.
[  772.529832][ T5971] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  772.682240][ T5971] usb 5-1: Using ep0 maxpacket: 8
[  772.687718][ T5971] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  772.696551][ T5971] usb 5-1: config 0 interface 0 has no altsetting 0
[  772.705925][ T5971] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  772.717464][ T5971] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  772.740778][ T5971] usb 5-1: config 0 descriptor??
[  773.202856][ T5971] mcp2221 0003:04D8:00DD.000D: unknown main item tag 0x0
[  773.209938][ T5971] mcp2221 0003:04D8:00DD.000D: unknown main item tag 0x0
[  773.212164][ T5971] mcp2221 0003:04D8:00DD.000D: unknown main item tag 0x0
[  773.215440][ T5971] mcp2221 0003:04D8:00DD.000D: unknown main item tag 0x0
[  773.217646][ T5971] mcp2221 0003:04D8:00DD.000D: unknown main item tag 0x0
[  773.220680][ T5971] mcp2221 0003:04D8:00DD.000D: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  773.268883][T17573] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3155'.
[  773.272320][T17573] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3155'.
[  773.275191][T17573] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3155'.
[  773.425294][    T9] usb 5-1: USB disconnect, device number 49
[  774.200903][T17597] netlink: 120 bytes leftover after parsing attributes in process `syz.0.3162'.
[  774.203877][T17597] netlink: 'syz.0.3162': attribute type 1 has an invalid length.
[  774.206341][T17597] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3162'.
[  774.212941][T17599] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3163'.
[  774.217113][   T40] audit: type=1326 audit(774.105:34822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17595 comm="syz.0.3162" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f62f7c code=0x0
[  776.455204][T17623] exFAT-fs (nbd1): unable to read boot sector
[  776.458244][T17623] exFAT-fs (nbd1): failed to read boot sector
[  776.460398][T17623] exFAT-fs (nbd1): failed to recognize exfat type
[  777.280448][T17640] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3173'.
[  777.313792][T17635] netlink: 120 bytes leftover after parsing attributes in process `syz.3.3178'.
[  777.322092][T17635] netlink: 'syz.3.3178': attribute type 1 has an invalid length.
[  777.325991][T17635] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3178'.
[  777.370754][   T40] audit: type=1326 audit(777.265:34823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17633 comm="syz.3.3178" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f43f7c code=0x0
[  777.664048][T17646] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  780.159266][T17679] net_ratelimit: 44 callbacks suppressed
[  780.159379][T17679] netlink: zone id is out of range
[  780.166341][T17679] netlink: zone id is out of range
[  780.172158][T17679] netlink: zone id is out of range
[  780.182990][T17679] netlink: zone id is out of range
[  780.200705][T17679] netlink: zone id is out of range
[  780.209505][T17679] netlink: zone id is out of range
[  780.217024][T17679] netlink: zone id is out of range
[  780.220997][T17679] netlink: zone id is out of range
[  780.228622][T17679] netlink: zone id is out of range
[  780.236164][T17679] netlink: zone id is out of range
[  780.551849][T17682] netlink: 120 bytes leftover after parsing attributes in process `syz.3.3183'.
[  780.555821][T17682] netlink: 'syz.3.3183': attribute type 1 has an invalid length.
[  780.558948][T17682] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3183'.
[  780.728519][   T40] audit: type=1400 audit(780.615:34824): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=17685 comm="syz.1.3185"
[  781.046084][   T40] audit: type=1326 audit(780.935:34825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17678 comm="syz.3.3183" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f43f7c code=0x0
[  781.433844][T17694] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[  781.433894][T17694] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  781.437635][T17694] vhci_hcd vhci_hcd.0: Device attached
[  781.740182][ T6766] usb 38-1: SetAddress Request (10) to port 0
[  781.744043][ T6766] usb 38-1: new SuperSpeed USB device number 10 using vhci_hcd
[  782.059178][T17697] vhci_hcd: connection reset by peer
[  782.062713][ T1246] vhci_hcd vhci_hcd.0: stop threads
[  782.064620][ T1246] vhci_hcd vhci_hcd.0: release socket
[  782.067107][ T1246] vhci_hcd vhci_hcd.0: disconnect device
[  782.391600][T17717] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3191'.
[  782.511699][T17720] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  782.889839][  T843] usb 9-1: new high-speed USB device number 56 using dummy_hcd
[  782.899953][ T5971] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  783.050047][ T5971] usb 6-1: Using ep0 maxpacket: 8
[  783.054480][  T843] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  783.058976][  T843] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  783.063185][  T843] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  783.067205][ T5971] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  783.071480][  T843] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  783.076407][ T5971] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  783.080788][  T843] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  783.084582][ T5971] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  783.090509][  T843] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  783.093858][ T5971] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  783.103497][  T843] usb 9-1: config 0 descriptor??
[  783.106344][ T5971] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  783.110079][T17724] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  783.113039][ T5971] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  783.324757][ T5971] usb 6-1: GET_CAPABILITIES returned 0
[  783.327142][ T5971] usbtmc 6-1:16.0: can't read capabilities
[  783.539220][T17724] overlayfs: cannot append lower layer
[  783.541081][ T5971] usb 6-1: USB disconnect, device number 20
[  783.564366][  T843] usbhid 9-1:0.0: can't add hid device: -71
[  783.566794][  T843] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  783.591998][  T843] usb 9-1: USB disconnect, device number 56
[  783.757494][T17736] overlayfs: failed to resolve './file1': -2
[  784.414633][T17747] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3200'.
[  785.295241][T17764] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  785.770205][T17769] netlink: 120 bytes leftover after parsing attributes in process `syz.1.3205'.
[  785.774363][T17769] netlink: 'syz.1.3205': attribute type 1 has an invalid length.
[  785.777002][T17769] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3205'.
[  785.782782][   T40] audit: type=1326 audit(785.665:34826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17768 comm="syz.1.3205" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f15f7c code=0x0
[  786.339176][T17791] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3211'.
[  786.559117][T17795] netlink: 120 bytes leftover after parsing attributes in process `syz.0.3210'.
[  786.563726][T17795] netlink: 'syz.0.3210': attribute type 1 has an invalid length.
[  786.567321][T17795] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3210'.
[  786.578692][   T40] audit: type=1326 audit(786.465:34827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17792 comm="syz.0.3210" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f62f7c code=0x0
[  786.732033][T17801] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3220'.
[  786.780630][ T6766] usb 38-1: device descriptor read/8, error -110
[  786.909867][T17806] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  786.995500][T17808] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3223'.
[  787.133472][T17817] NILFS (loop4): device size too small
[  787.205049][ T6766] usb usb38-port1: attempt power cycle
[  787.791524][ T6766] usb usb38-port1: unable to enumerate USB device
[  788.260421][T17844] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  788.358524][T17846] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3225'.
[  788.618549][T17850] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  788.922028][T17869] netlink: 816 bytes leftover after parsing attributes in process `syz.0.3233'.
[  789.002145][T17869] ocfs2: Unknown parameter 'grpquota'�p'
[  789.345725][T17871] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  789.896048][T17886] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  790.798120][T17896] overlayfs: failed to resolve './file2': -2
[  790.902719][T17900] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  791.655403][   T40] audit: type=1326 audit(791.545:34828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17921 comm="syz.1.3249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f7c code=0x7ffc0000
[  791.675921][   T40] audit: type=1326 audit(791.555:34829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17921 comm="syz.1.3249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f7c code=0x7ffc0000
[  791.695545][   T40] audit: type=1326 audit(791.555:34830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17921 comm="syz.1.3249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f7c code=0x7ffc0000
[  791.716996][   T40] audit: type=1326 audit(791.555:34831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17921 comm="syz.1.3249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f7c code=0x7ffc0000
[  791.731280][   T40] audit: type=1326 audit(791.555:34832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17921 comm="syz.1.3249" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf7f15f7c code=0x7ffc0000
[  791.738378][   T40] audit: type=1326 audit(791.555:34833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17921 comm="syz.1.3249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f7c code=0x7ffc0000
[  791.745448][   T40] audit: type=1326 audit(791.555:34834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17921 comm="syz.1.3249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f7c code=0x7ffc0000
[  791.752524][   T40] audit: type=1326 audit(791.555:34835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17921 comm="syz.1.3249" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f15f7c code=0x7ffc0000
[  791.759029][   T40] audit: type=1326 audit(791.625:34836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17921 comm="syz.1.3249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f7c code=0x7ffc0000
[  791.766255][   T40] audit: type=1326 audit(791.625:34837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17921 comm="syz.1.3249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f7c code=0x7ffc0000
[  792.242543][T17938] overlayfs: failed to resolve './file2': -2
[  792.414436][T17942] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  795.127968][T17956] program syz.0.3257 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  795.505941][T17964] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  795.961628][T17970] overlayfs: failed to resolve './file2': -2
[  796.086372][T17972] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  796.169783][T14111] usb 9-1: new high-speed USB device number 57 using dummy_hcd
[  796.360397][T14111] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  796.375322][T14111] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  796.381303][T14111] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  796.385393][T14111] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  796.391086][T14111] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  796.394786][T14111] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  796.415770][T14111] usb 9-1: config 0 descriptor??
[  796.428990][T17968] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  796.937487][T17968] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3261'.
[  796.970048][T17968] overlayfs: cannot append lower layer
[  797.077289][T14111] usbhid 9-1:0.0: can't add hid device: -71
[  797.080519][T14111] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  797.095290][T14111] usb 9-1: USB disconnect, device number 57
[  797.260033][T17995] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  797.737486][T17996] netlink: 120 bytes leftover after parsing attributes in process `syz.0.3269'.
[  797.742054][T17996] netlink: 'syz.0.3269': attribute type 1 has an invalid length.
[  797.746210][T17996] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3269'.
[  797.855244][   T40] kauditd_printk_skb: 23 callbacks suppressed
[  797.855258][   T40] audit: type=1326 audit(797.745:34861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17993 comm="syz.0.3269" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f62f7c code=0x0
[  797.865665][T18002] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  797.883013][T18002] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  797.887097][T18002] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  797.896599][T18002] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  797.906908][T18002] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  798.401666][    C2] hpet: Lost 1 RTC interrupts
[  798.422646][T14302] syz_tun (unregistering): left allmulticast mode
[  798.729550][ T1246] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  798.813743][T18018] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  798.978353][ T1246] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  799.069635][T18000] bridge0: port 1(bridge_slave_0) entered blocking state
[  799.076762][T18000] bridge0: port 1(bridge_slave_0) entered disabled state
[  799.080499][T18000] bridge_slave_0: entered allmulticast mode
[  799.084667][T18000] bridge_slave_0: entered promiscuous mode
[  799.091583][T18000] bridge0: port 2(bridge_slave_1) entered blocking state
[  799.094940][T18000] bridge0: port 2(bridge_slave_1) entered disabled state
[  799.098089][T18000] bridge_slave_1: entered allmulticast mode
[  799.102659][T18000] bridge_slave_1: entered promiscuous mode
[  799.131896][T18000] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  799.143993][T18032] net_ratelimit: 44 callbacks suppressed
[  799.144015][T18032] netlink: zone id is out of range
[  799.149641][T18032] netlink: zone id is out of range
[  799.152910][T18032] netlink: zone id is out of range
[  799.155430][T18032] netlink: zone id is out of range
[  799.157839][T18032] netlink: zone id is out of range
[  799.160766][T18032] netlink: zone id is out of range
[  799.163228][T18032] netlink: zone id is out of range
[  799.165552][T18032] netlink: zone id is out of range
[  799.168688][T18032] netlink: zone id is out of range
[  799.171131][T18032] netlink: zone id is out of range
[  799.187103][ T1246] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  799.233401][T18000] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  799.279565][T18000] team0: Port device team_slave_0 added
[  799.298857][T18000] team0: Port device team_slave_1 added
[  799.405194][ T1246] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  799.482923][T18000] batman_adv: batadv0: Adding interface: batadv_slave_0
[  799.489795][T18000] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  799.518238][T18000] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  799.538695][T18000] batman_adv: batadv0: Adding interface: batadv_slave_1
[  799.547746][T18000] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  799.563766][T18000] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  799.623366][T18000] hsr_slave_0: entered promiscuous mode
[  799.626889][T18000] hsr_slave_1: entered promiscuous mode
[  799.906672][T18039] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3277'.
[  799.994620][T17530] Bluetooth: hci1: command tx timeout
[  800.595477][ T1246] batman_adv: batadv0: Removing interface: gretap1
[  800.707373][ T1246] bond0 (unregistering): Released all slaves
[  800.737137][ T1246] bond1 (unregistering): Released all slaves
[  800.846777][ T5455] 8021q: adding VLAN 0 to HW filter on device eth6
[  801.678603][T18059] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3279'.
[  801.686132][T18059] syzkaller0: entered promiscuous mode
[  801.690138][T18059] syzkaller0: entered allmulticast mode
[  801.948281][ T1246] hsr_slave_0: left promiscuous mode
[  801.958851][ T1246] hsr_slave_1: left promiscuous mode
[  801.988666][ T1246] veth1_vlan: left promiscuous mode
[  801.994408][ T1246] veth0_vlan: left promiscuous mode
[  802.062371][T17530] Bluetooth: hci1: command tx timeout
[  802.371363][T18077] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  802.556508][ T1246] IPVS: stop unused estimator thread 0...
[  802.693293][T18000] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  802.720228][T18000] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  802.726603][T18000] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  802.739136][T18000] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  802.742778][T18000] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  802.753678][T18000] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  802.757158][T18000] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  802.769327][T18000] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  802.781431][T18089] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  802.841452][T18000] 8021q: adding VLAN 0 to HW filter on device bond0
[  802.855136][T18000] 8021q: adding VLAN 0 to HW filter on device team0
[  802.862985][T13082] bridge0: port 1(bridge_slave_0) entered blocking state
[  802.865367][T13082] bridge0: port 1(bridge_slave_0) entered forwarding state
[  802.873649][ T1161] bridge0: port 2(bridge_slave_1) entered blocking state
[  802.875991][ T1161] bridge0: port 2(bridge_slave_1) entered forwarding state
[  803.215605][T18000] 8021q: adding VLAN 0 to HW filter on device batadv0
[  803.388651][T18000] veth0_vlan: entered promiscuous mode
[  803.400277][T18000] veth1_vlan: entered promiscuous mode
[  803.422218][T18000] veth0_macvtap: entered promiscuous mode
[  803.426892][T18000] veth1_macvtap: entered promiscuous mode
[  803.439541][T18000] batman_adv: batadv0: Interface activated: batadv_slave_0
[  803.446343][T18000] batman_adv: batadv0: Interface activated: batadv_slave_1
[  803.454943][ T1246] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  803.458029][ T1246] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  803.462223][ T1246] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  803.465861][ T1246] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  803.592624][ T1246] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  803.595677][ T1246] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  803.615303][T13087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  803.617964][T13087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  803.743753][T18116] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3284'.
[  803.864347][T18118] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  803.938366][T18121] netlink: 120 bytes leftover after parsing attributes in process `syz.1.3286'.
[  803.942389][T18121] netlink: 'syz.1.3286': attribute type 1 has an invalid length.
[  803.945132][T18121] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3286'.
[  803.965645][   T40] audit: type=1326 audit(803.855:34862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18119 comm="syz.1.3286" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f15f7c code=0x0
[  804.149973][T17530] Bluetooth: hci1: command tx timeout
[  804.284935][T18131] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  804.779226][T18133] mtd partition "" doesn't have enough space: 0x20003 < 0x2001f, disabled
[  804.821907][T18133] ftl_cs: FTL header not found.
[  806.219888][T17530] Bluetooth: hci1: command tx timeout
[  806.902163][    C2] hpet: Lost 1 RTC interrupts
[  807.213353][T18174] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  808.533019][T18185] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  808.536307][T18188] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  808.568280][T18191] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3304'.
[  808.714808][    C2] hpet: Lost 1 RTC interrupts
[  808.930769][T18204] loop7: detected capacity change from 0 to 7
[  808.961367][    C0] blk_print_req_error: 27 callbacks suppressed
[  808.961383][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  808.966962][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  808.970017][    C0] buffer_io_error: 27 callbacks suppressed
[  808.970027][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  809.003604][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.007520][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[  809.017898][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.021774][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  809.032058][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.035753][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  809.040247][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.044149][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  809.048834][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.052759][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  809.057525][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.061498][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  809.065926][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.066169][T18208] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  809.069250][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  809.069344][T18204] ldm_validate_partition_table(): Disk read failed.
[  809.069720][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.069742][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  809.070506][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  809.094101][T18204] Dev loop7: unable to read RDB block 0
[  809.097648][T18204]  loop7: unable to read partition table
[  809.100505][T18204] loop7: partition table beyond EOD, truncated
[  809.103589][T18204] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%�֐�ȵ4FLQk݊5) failed (rc=-5)
[  809.121796][T18207] ldm_validate_partition_table(): Disk read failed.
[  809.124408][T18207] Dev loop7: unable to read RDB block 0
[  809.126805][T18207]  loop7: unable to read partition table
[  809.128858][T18207] loop7: partition table beyond EOD, truncated
[  809.450857][T18220] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3314'.
[  809.465126][T18221] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  810.286002][T18237] syzkaller1: entered promiscuous mode
[  810.288353][T18237] syzkaller1: entered allmulticast mode
[  810.862106][T18253] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3323'.
[  811.066799][T18262] overlayfs: missing 'lowerdir'
[  811.095824][T18264] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  811.135203][T18267] bad cache= option: nonemlock 0
[  811.135203][T18267] nr_zspages 1406
[  811.135203][T18267] nr_free_cma 0
[  811.135203][T18267] numa_hit 340829
[  811.135203][T18267] numa_miss 4993545
[  811.135203][T18267] numa_foreign 4993545
[  811.135203][T18267] numa_interleave 6978
[  811.135203][T18267] numa_local 333036
[  811.135203][T18267] numa_other 5001338
[  811.135203][T18267] nr_inactive_anon 1856
[  811.135203][T18267] nr_active_anon 728
[  811.135203][T18267] nr_inactive_file 13949
[  811.135203][T18267] nr_active_file 11616
[  811.135203][T18267] nr_unevictable 1768
[  811.135203][T18267] nr_slab_reclaimable 6025
[  811.135203][T18267] nr_slab_unreclaimable 55943
[  811.135203][T18267] nr_isolated_anon 0
[  811.135203][T18267] nr_isolated_file 0
[  811.135203][T18267] workingset_nodes 120
[  811.135203][T18267] workingset_refault_anon 15942
[  811.135203][T18267] workingset_refault_file 230189
[  811.135203][T18267] workingset_activate_anon 5571
[  811.135203][T18267] workingset_activate_file 83660
[  811.135203][T18267] workingset_restore_anon 465
[  811.135203][T18267] workingset_restore_file 8886
[  811.135203][T18267] workingset_nodereclaim 1181
[  811.135203][T18267] nr_anon_pages 1495
[  811.135203][T18267] nr_mapped 25338
[  811.135203][T18267] nr_file_pages 28967
[  811.135203][T18267] nr_dirty 219
[  811.135203][T18267] nr_writeback 0
[  811.135203][T18267] nr_shmem 1777
[  811.135203][T18267] nr_shmem_hugepages 0
[  811.135203][T18267] nr_shmem_pmdmapped 0
[  811.135203][T18267] nr_file_hugepages 0
[  811.135203][T18267] nr_file_pmdmapped 0
[  811.135203][T18267] nr_anon_transparent_hugepages 0
[  811.135203][T18267] nr_vmscan_write 43443
[  811.135203][T18267] nr_vmscan_immediate_reclaim 1537
[  811.135203][T18267] nr_dirtied 25209
[  811.135203][T18267] nr_written 24990
[  811.135203][T18267] nr_throttled_written 0
[  811.135203][T18267] nr_kernel_misc_reclaimable 0
[  811.135203][T18267] nr_foll_pin_acquired 185405
[  811.135203][T18267] nr_foll_pin_released 185405
[  811.135463][T18267] CIFS: VFS: bad cache= option: nonemlock 0
[  811.135463][T18267] nr_zspages 1406
[  811.135463][T18267] nr_free_cma 0
[  811.135463][T18267] numa_hit 340829
[  811.135463][T18267] numa_miss 4993545
[  811.135463][T18267] numa_foreign 4993545
[  811.135463][T18267] numa_interleave 6978
[  811.135463][T18267] numa_local 333036
[  811.135463][T18267] numa_other 5001338
[  811.135463][T18267] nr_inactive_anon 1856
[  811.135463][T18267] nr_active_anon 728
[  811.135463][T18267] nr_inactive_file 13949
[  811.135463][T18267] nr_active_file 11616
[  811.135463][T18267] nr_unevictable 1768
[  811.135463][T18267] nr_slab_reclaimable 6025
[  811.135463][T18267] nr_slab_unreclaimable 55943
[  811.135463][T18267] nr_isolated_anon 0
[  811.135463][T18267] nr_isolated_file 0
[  811.135463][T18267] workingset_nodes 120
[  811.135463][T18267] workingset_refault_anon 15942
[  811.135463][T18267] workingset_refault_file 230189
[  811.135463][T18267] workingset_activate_anon 5571
[  811.135463][T18267] workingset_activate_file 83660
[  811.135463][T18267] workingset_restore_anon 465
[  811.135463][T18267] workingset_restore_file 8886
[  811.135463][T18267] workingset_nodereclaim 1181
[  811.135463][T18267] nr_anon_pages 1495
[  811.135463][T18267] nr_mapped 25338
[  811.135463][T18267] nr_file_pages 28967
[  811.135463][T18267] nr_dirty 219
[  811.135463][T18267] nr_writeback 0
[  811.135463][T18267] nr_shmem 1777
[  811.135463][T18267] nr_shmem_hugepages 0
[  811.135463][T18267] nr_shmem_pmdmapped 0
[  811.135463][T18267] nr_file_hugepages 0
[  811.135463][T18267] nr_file_pmdmapped 0
[  811.135463][T18267] nr_anon_transparent_hugepages 0
[  811.135463][T18267] nr_vmscan_write 43443
[  811.135463][T18267] nr_vmscan_immediate_reclaim 1537
[  811.135463][T18267] nr_dirtied 25209
[  811.135463][T18267] nr_written 24990
[  811.135463][T18267] nr_throttled_written 0
[  811.135463][T18267] nr_kernel_misc_reclaimable 0
[  811.135463][T18267] nr_foll_pin_acquired 185405
[  811.545211][T18281] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3332'.
[  812.192863][T18287] binder: 18284:18287 ioctl c0306201 80000640 returned -22
[  812.349095][T18298] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  812.374543][T18300] overlayfs: missing 'lowerdir'
[  812.394825][T18301] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3338'.
[  812.462859][   T40] audit: type=1326 audit(812.355:34863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18304 comm="syz.1.3340" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f15f7c code=0x0
[  813.218476][T18311] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  813.661394][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  813.766319][T18334] overlayfs: missing 'lowerdir'
[  813.883809][T18338] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  814.129715][T18341] usb usb7: usbfs: process 18341 (syz.0.3351) did not claim interface 0 before use
[  814.216794][T18344] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  814.499646][T18350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3352'.
[  814.515822][T18350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3352'.
[  814.618436][T18352] use of bytesused == 0 is deprecated and will be removed in the future,
[  814.623839][T18352] use the actual size instead.
[  814.904021][T18360] overlayfs: missing 'lowerdir'
[  815.059854][   T39] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  815.224814][   T39] usb 6-1: Using ep0 maxpacket: 8
[  815.232124][   T39] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  815.236357][   T39] usb 6-1: config 0 has no interface number 0
[  815.238916][   T39] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  815.250524][   T39] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  815.268896][   T39] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  815.297991][   T39] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  815.326259][   T39] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  815.337727][   T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  815.349883][   T39] usb 6-1: config 0 descriptor??
[  815.359477][   T39] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  815.552513][T18376] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3361'.
[  815.555519][T18376] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3361'.
[  815.584720][T18356] libceph: resolve '0' (ret=-3): failed
[  816.485048][T18382] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  816.965453][T18385] overlayfs: missing 'lowerdir'
[  817.100863][T18388] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  817.538546][T18396] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.3370'.
[  817.542717][T18396] veth0_to_bond: default FDB implementation only supports local addresses
[  817.661074][    T9] usb 6-1: USB disconnect, device number 21
[  817.672649][    T9] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  817.974305][T18407] overlayfs: missing 'lowerdir'
[  818.113617][T18413] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3377'.
[  818.126476][T18411] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3376'.
[  818.169237][T18414] FAULT_INJECTION: forcing a failure.
[  818.169237][T18414] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  818.175444][T18414] CPU: 3 UID: 0 PID: 18414 Comm: syz.3.3377 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  818.175464][T18414] Tainted: [L]=SOFTLOCKUP
[  818.175468][T18414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  818.175475][T18414] Call Trace:
[  818.175479][T18414]  <TASK>
[  818.175484][T18414]  dump_stack_lvl+0x100/0x190
[  818.175503][T18414]  should_fail_ex.cold+0x5/0xa
[  818.175523][T18414]  _copy_from_iter+0x1f4/0x1690
[  818.175540][T18414]  ? __pfx__copy_from_iter+0x10/0x10
[  818.175552][T18414]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  818.175570][T18414]  ? skb_page_frag_refill+0x309/0x4b0
[  818.175585][T18414]  mptcp_sendmsg+0xf52/0x2210
[  818.175609][T18414]  ? __pfx_mptcp_sendmsg+0x10/0x10
[  818.175648][T18414]  ? __pfx_mptcp_sendmsg+0x10/0x10
[  818.175665][T18414]  inet_sendmsg+0x11c/0x140
[  818.175679][T18414]  ____sys_sendmsg+0x98d/0xb70
[  818.175696][T18414]  ? __pfx_inet_sendmsg+0x10/0x10
[  818.175709][T18414]  ? __pfx_____sys_sendmsg+0x10/0x10
[  818.175732][T18414]  ___sys_sendmsg+0x190/0x1e0
[  818.175750][T18414]  ? __pfx____sys_sendmsg+0x10/0x10
[  818.175775][T18414]  ? find_held_lock+0x2b/0x80
[  818.175799][T18414]  __sys_sendmsg+0x170/0x220
[  818.175813][T18414]  ? __pfx___sys_sendmsg+0x10/0x10
[  818.175825][T18414]  ? __fget_files+0x21f/0x3d0
[  818.175843][T18414]  ? ksys_write+0x1ac/0x250
[  818.175857][T18414]  ? rcu_is_watching+0x12/0xc0
[  818.175874][T18414]  __do_fast_syscall_32+0xe7/0x950
[  818.175885][T18414]  ? lockdep_hardirqs_on+0x78/0x100
[  818.175903][T18414]  do_fast_syscall_32+0x32/0x70
[  818.175915][T18414]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  818.175930][T18414] RIP: 0023:0xf7f43f7c
[  818.175941][T18414] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  818.175952][T18414] RSP: 002b:00000000f53e550c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  818.175964][T18414] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  818.175971][T18414] RDX: 0000000000014051 RSI: 0000000000000000 RDI: 0000000000000000
[  818.175978][T18414] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  818.175984][T18414] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  818.175991][T18414] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  818.176005][T18414]  </TASK>
[  819.242691][T18427] binder: 18426:18427 ioctl 541b 0 returned -22
[  819.345937][T18430] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  819.624930][T18433] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  819.628537][T18433] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  819.717667][T18435] xt_policy: neither incoming nor outgoing policy selected
[  819.889835][T18444] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  820.223002][T18458] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  820.226238][T18458] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  820.271536][T18459] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  820.485915][T18467] Bluetooth: MGMT ver 1.23
[  821.254016][T18475] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3399'.
[  821.335436][T18477] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  821.737354][  T843] hid-generic 0080:0008:0000.000E: unknown main item tag 0x0
[  821.740716][  T843] hid-generic 0080:0008:0000.000E: unknown main item tag 0x0
[  821.743934][  T843] hid-generic 0080:0008:0000.000E: unknown main item tag 0x0
[  821.747997][  T843] hid-generic 0080:0008:0000.000E: unknown main item tag 0x0
[  821.755662][  T843] hid-generic 0080:0008:0000.000E: unknown main item tag 0x0
[  821.760041][  T843] hid-generic 0080:0008:0000.000E: unknown main item tag 0x0
[  821.784823][  T843] hid-generic 0080:0008:0000.000E: unknown main item tag 0x0
[  821.788161][  T843] hid-generic 0080:0008:0000.000E: unknown main item tag 0x0
[  821.790481][T18485] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  821.792720][  T843] hid-generic 0080:0008:0000.000E: unknown main item tag 0x0
[  821.795771][T18485] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  821.798026][  T843] hid-generic 0080:0008:0000.000E: unknown main item tag 0x0
[  821.849615][  T843] hid-generic 0080:0008:0000.000E: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  821.975264][T18489] fido_id[18489]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  821.978382][T18492] syzkaller0: entered promiscuous mode
[  821.985442][T18492] syzkaller0: entered allmulticast mode
[  821.991838][T18492] net_ratelimit: 44 callbacks suppressed
[  821.991857][T18492] TC_ACT_REPEAT abuse ?
[  822.038808][T18495] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3407'.
[  822.539843][T17530] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  822.541692][T18002] Bluetooth: hci0: command 0x0c1a tx timeout
[  822.683774][T18517] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  823.140017][T18527] comedi comedi3: comedi_parport: I/O base address or length out of range
[  823.578708][T18545] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3416'.
[  824.096607][T18553] sch_tbf: burst 1 is lower than device syzkaller0 mtu (1500) !
[  824.108325][T18555] syzkaller0: entered promiscuous mode
[  824.114620][T18555] syzkaller0: entered allmulticast mode
[  824.120618][T18561] overlayfs: missing 'lowerdir'
[  824.308832][T18570] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  825.097841][T18582] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3425'.
[  825.248041][T18589] overlayfs: failed to resolve './file1': -2
[  825.324578][T18593] overlayfs: missing 'lowerdir'
[  825.739850][T14111] usb 9-1: new high-speed USB device number 58 using dummy_hcd
[  825.891236][T14111] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  825.895022][T14111] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  825.898803][T14111] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  825.902958][T14111] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  825.907569][T14111] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  825.910588][T14111] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  825.918788][T14111] usb 9-1: config 0 descriptor??
[  825.921585][T18598] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  826.080324][T18603] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3432'.
[  826.310087][T18612] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3435'.
[  826.342635][T18598] overlayfs: cannot append lower layer
[  826.370484][T14111] usbhid 9-1:0.0: can't add hid device: -71
[  826.372543][T18615] usb usb7: usbfs: process 18615 (syz.0.3434) did not claim interface 0 before use
[  826.375335][T14111] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  826.396709][T14111] usb 9-1: USB disconnect, device number 58
[  826.553854][T18621] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  826.627032][T18625] overlayfs: missing 'workdir'
[  827.093780][T18635] netlink: 112 bytes leftover after parsing attributes in process `syz.4.3443'.
[  827.190907][T18637] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3444'.
[  827.661899][T18657] netlink: 'syz.4.3449': attribute type 2 has an invalid length.
[  827.678294][T18657] �#{6c: entered promiscuous mode
[  827.708592][T18657] netlink: 'syz.4.3449': attribute type 2 has an invalid length.
[  827.714594][T18657] �#{6c: left promiscuous mode
[  827.803410][T15488] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  827.861107][T18658] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  827.863501][T18658] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  827.877853][T18658] vhci_hcd vhci_hcd.0: Device attached
[  827.908580][T18658] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3445'.
[  827.965504][T18668] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3452'.
[  827.979413][T15488] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  827.984582][T15488] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  828.006393][T15488] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  828.012389][T15488] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  828.020525][T15488] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  828.023740][T15488] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  828.046503][T18658] syz_tun (unregistering): left allmulticast mode
[  828.046798][T15488] usb 5-1: config 0 descriptor??
[  828.078106][T18654] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  828.155779][T18673] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  828.185399][   T53] usb 40-1: SetAddress Request (2) to port 0
[  828.189077][   T53] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd
[  828.395303][T18663] vhci_hcd: connection reset by peer
[  828.402707][   T46] vhci_hcd vhci_hcd.1: stop threads
[  828.412860][   T46] vhci_hcd vhci_hcd.1: release socket
[  828.422897][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  828.494799][T18654] overlayfs: cannot append lower layer
[  828.507026][T15488] usbhid 5-1:0.0: can't add hid device: -71
[  828.517796][T15488] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  828.534622][T15488] usb 5-1: USB disconnect, device number 50
[  828.720241][T18675] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3454'.
[  829.103817][ T1341] IPVS: starting estimator thread 0...
[  829.200073][T18701] IPVS: wrr: FWM 3 0x00000003 - no destination available
[  829.228532][T18696] IPVS: using max 42 ests per chain, 100800 per kthread
[  829.252712][T18703] netlink: 120 bytes leftover after parsing attributes in process `syz.0.3461'.
[  829.257425][T18703] netlink: 'syz.0.3461': attribute type 1 has an invalid length.
[  829.261366][T18703] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3461'.
[  829.282233][   T40] audit: type=1326 audit(829.165:34864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18694 comm="syz.0.3461" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f62f7c code=0x0
[  829.429871][  T843] usb 6-1: new low-speed USB device number 22 using dummy_hcd
[  829.435240][T18709] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3465'.
[  829.569837][  T843] usb 6-1: device descriptor read/64, error -71
[  829.785723][T18715] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  829.835965][  T843] usb 6-1: new low-speed USB device number 23 using dummy_hcd
[  829.920505][T18717] overlayfs: missing 'workdir'
[  829.989855][  T843] usb 6-1: device descriptor read/64, error -71
[  830.100180][  T843] usb usb6-port1: attempt power cycle
[  830.440004][  T843] usb 6-1: new low-speed USB device number 24 using dummy_hcd
[  830.470624][  T843] usb 6-1: device descriptor read/8, error -71
[  830.730211][  T843] usb 6-1: new low-speed USB device number 25 using dummy_hcd
[  830.750673][  T843] usb 6-1: device descriptor read/8, error -71
[  830.860492][  T843] usb usb6-port1: unable to enumerate USB device
[  831.370035][T18730] random: crng reseeded on system resumption
[  831.417269][T18730] Restarting kernel threads ...
[  831.420491][T18730] Done restarting kernel threads.
[  832.449801][T18747] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3474'.
[  832.894000][T18756] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  832.978547][T18759] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  833.259898][   T53] usb 40-1: device descriptor read/8, error -110
[  833.274512][T18766] netlink: 120 bytes leftover after parsing attributes in process `syz.1.3479'.
[  833.279130][T18766] netlink: 'syz.1.3479': attribute type 1 has an invalid length.
[  833.295640][T18766] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3479'.
[  833.411318][   T40] audit: type=1326 audit(833.265:34865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18764 comm="syz.1.3479" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f15f7c code=0x0
[  833.675400][   T53] usb usb40-port1: attempt power cycle
[  833.770247][T18769] FAULT_FLAG_ALLOW_RETRY missing 801
[  833.778476][T18769] CPU: 3 UID: 0 PID: 18769 Comm: syz.3.3480 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  833.778512][T18769] Tainted: [L]=SOFTLOCKUP
[  833.778522][T18769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  833.778550][T18769] Call Trace:
[  833.778557][T18769]  <TASK>
[  833.778566][T18769]  dump_stack_lvl+0x100/0x190
[  833.778598][T18769]  handle_userfault.cold+0x56/0x69
[  833.778626][T18769]  ? do_raw_spin_unlock+0x145/0x1e0
[  833.778654][T18769]  ? _raw_spin_unlock+0x28/0x50
[  833.778683][T18769]  ? __free_frozen_pages+0x59e/0x1040
[  833.778714][T18769]  ? __pfx_handle_userfault+0x10/0x10
[  833.778753][T18769]  ? rcu_read_unlock+0x2d/0xb0
[  833.778785][T18769]  ? rcu_read_unlock+0x2d/0xb0
[  833.778822][T18769]  do_anonymous_page+0x1a83/0x2050
[  833.778868][T18769]  __handle_mm_fault+0x1d2c/0x2a00
[  833.778904][T18769]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  833.778950][T18769]  ? __pfx___handle_mm_fault+0x10/0x10
[  833.778983][T18769]  ? pte_offset_map_lock+0x174/0x320
[  833.779008][T18769]  ? find_held_lock+0x2b/0x80
[  833.779044][T18769]  ? follow_page_pte+0x4d0/0x13f0
[  833.779075][T18769]  handle_mm_fault+0x36d/0xa20
[  833.779111][T18769]  __get_user_pages+0x1178/0x32a0
[  833.779148][T18769]  ? __pfx___get_user_pages+0x10/0x10
[  833.779182][T18769]  populate_vma_page_range+0x267/0x3f0
[  833.779215][T18769]  ? __pfx_populate_vma_page_range+0x10/0x10
[  833.779245][T18769]  ? vma_set_page_prot+0xb1/0x120
[  833.779276][T18769]  mprotect_fixup+0x955/0xe30
[  833.779317][T18769]  ? __pfx_mprotect_fixup+0x10/0x10
[  833.779376][T18769]  ? __pfx_mas_prev+0x10/0x10
[  833.779418][T18769]  do_mprotect_pkey+0xa4b/0xef0
[  833.779458][T18769]  ? __pfx_do_mprotect_pkey+0x10/0x10
[  833.779528][T18769]  __ia32_sys_mprotect+0x75/0xb0
[  833.779558][T18769]  ? lockdep_hardirqs_on+0x78/0x100
[  833.779588][T18769]  __do_fast_syscall_32+0xe7/0x950
[  833.779606][T18769]  ? lockdep_hardirqs_on+0x78/0x100
[  833.779637][T18769]  do_fast_syscall_32+0x32/0x70
[  833.779673][T18769]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  833.779703][T18769] RIP: 0023:0xf7f43f7c
[  833.779721][T18769] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  833.779738][T18769] RSP: 002b:00000000f540650c EFLAGS: 00000292 ORIG_RAX: 000000000000007d
[  833.779759][T18769] RAX: ffffffffffffffda RBX: 0000000080ffc000 RCX: 0000000000004000
[  833.779772][T18769] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  833.779783][T18769] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  833.779794][T18769] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  833.779805][T18769] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  833.779833][T18769]  </TASK>
[  833.908402][T18772] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_bridge, syncid = 32, id = 0
[  834.146300][T18780] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3483'.
[  834.273173][   T53] usb usb40-port1: unable to enumerate USB device
[  834.669961][   T34] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  834.757666][T17530] Bluetooth: hci1: unexpected event 0x18 length: 247 > 23
[  834.832177][   T34] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  834.849805][   T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  834.859789][   T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  834.869796][   T34] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  834.879814][   T34] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  834.889783][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  834.900359][   T34] usb 5-1: config 0 descriptor??
[  834.908907][T18795] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  835.335856][T18795] overlayfs: cannot append lower layer
[  835.355733][   T34] usbhid 5-1:0.0: can't add hid device: -71
[  835.364346][   T34] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  835.376332][   T34] usb 5-1: USB disconnect, device number 51
[  835.457134][T18811] program syz.4.3492 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  835.702563][T18815] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3494'.
[  835.707306][T18816] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  835.728866][T18815] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3494'.
[  836.026989][T18825] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  836.075255][T18827] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3497'.
[  836.079047][T18827] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3497'.
[  836.466525][T18830] netlink: 120 bytes leftover after parsing attributes in process `syz.1.3498'.
[  836.470453][T18830] netlink: 'syz.1.3498': attribute type 1 has an invalid length.
[  836.474719][T18830] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3498'.
[  836.492020][   T40] audit: type=1326 audit(836.375:34866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18828 comm="syz.1.3498" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f15f7c code=0x0
[  836.845755][T18836] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  836.955598][T18839] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  838.179890][   T34] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  838.332657][   T34] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  838.336771][   T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  838.340930][   T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  838.345281][   T34] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  838.350380][   T34] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  838.353610][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  838.358445][   T34] usb 5-1: config 0 descriptor??
[  838.365915][T18851] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  838.776406][T18856] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3506'.
[  838.787798][T18851] overlayfs: cannot append lower layer
[  838.802411][T18858] netlink: 'syz.4.3505': attribute type 3 has an invalid length.
[  838.803565][   T34] usbhid 5-1:0.0: can't add hid device: -71
[  838.812949][   T34] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  838.820594][   T34] usb 5-1: USB disconnect, device number 52
[  838.918212][T18863] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3507'.
[  838.925110][T18863] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3507'.
[  838.991823][T18865] tipc: Started in network mode
[  838.997691][T18865] tipc: Node identity 2e5b3119c8da, cluster identity 4711
[  839.006393][T18865] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  839.012124][T18865] syzkaller0: entered promiscuous mode
[  839.014265][T18865] syzkaller0: entered allmulticast mode
[  839.050495][T18865] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3508'.
[  839.055459][T18865] syzkaller0: mtu less than device minimum
[  839.070546][T18864] tipc: Resetting bearer <eth:syzkaller0>
[  839.092651][T18864] tipc: Disabling bearer <eth:syzkaller0>
[  839.796053][T18881] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  840.255353][T18889] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3515'.
[  840.309798][T18891] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  840.708313][T18904] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3520'.
[  840.733725][T18904] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3520'.
[  840.870701][T18907] netlink: 112 bytes leftover after parsing attributes in process `syz.1.3521'.
[  840.896487][T18907] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3521'.
[  841.812423][T18917] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3524'.
[  841.881943][T18919] bridge_slave_0: left allmulticast mode
[  841.884700][T18919] bridge_slave_0: left promiscuous mode
[  841.887434][T18919] bridge0: port 1(bridge_slave_0) entered disabled state
[  841.895465][T18919] bridge_slave_1: left allmulticast mode
[  841.897782][T18919] bridge_slave_1: left promiscuous mode
[  841.904509][T18919] bridge0: port 2(bridge_slave_1) entered disabled state
[  841.912576][T18919] bond0: (slave bond_slave_0): Releasing backup interface
[  841.930985][T18919] bond0: (slave bond_slave_1): Releasing backup interface
[  841.948614][T18919] team0: Port device team_slave_0 removed
[  841.953938][T18919] team0: Port device team_slave_1 removed
[  841.956653][T18919] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  841.959429][T18919] batman_adv: batadv0: Removing interface: batadv_slave_0
[  841.965449][T18919] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  841.968210][T18919] batman_adv: batadv0: Removing interface: batadv_slave_1
[  841.972843][T18919] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  842.255092][T18929] bond2: peer notification delay (512) is not a multiple of miimon (5), value rounded to 510 ms
[  842.260350][T18929] bond2 (unregistering): Released all slaves
[  842.491788][T18936] hub 1-0:1.0: USB hub found
[  842.498847][T18936] hub 1-0:1.0: 2 ports detected
[  843.415917][T18950] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  844.944406][T18972] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  845.111361][T18978] random: crng reseeded on system resumption
[  845.379003][T18978] Restarting kernel threads ...
[  845.381600][T18978] Done restarting kernel threads.
[  845.769977][  T843] usb 9-1: new high-speed USB device number 59 using dummy_hcd
[  845.971831][  T843] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  845.987244][  T843] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  846.022747][  T843] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  846.035968][  T843] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  846.063127][  T843] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  846.074723][  T843] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  846.139869][  T843] usb 9-1: config 0 descriptor??
[  846.142081][T18980] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  846.198832][T18990] __nla_validate_parse: 1 callbacks suppressed
[  846.198848][T18990] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3544'.
[  846.309302][T18997] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  846.487855][T19004] netlink: 120 bytes leftover after parsing attributes in process `syz.3.3547'.
[  846.491147][T19004] netlink: 'syz.3.3547': attribute type 1 has an invalid length.
[  846.495230][T19004] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3547'.
[  846.503811][   T40] audit: type=1326 audit(846.395:34867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18996 comm="syz.3.3547" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f43f7c code=0x0
[  846.569549][  T843] usbhid 9-1:0.0: can't add hid device: -71
[  846.576950][  T843] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  846.586393][  T843] usb 9-1: USB disconnect, device number 59
[  848.041793][T19012] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  848.044459][T19012] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  848.046818][T19012] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  848.049308][T19012] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  848.060458][T19012] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  848.447958][T19026] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3552'.
[  849.479751][T17530] Bluetooth: hci0: command 0x0c1a tx timeout
[  850.062225][T17530] Bluetooth: hci1: command 0x0c1a tx timeout
[  850.062300][T18002] Bluetooth: hci2: command 0x0c1a tx timeout
[  850.241576][ T5971] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  850.320806][T19043] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  850.402642][ T5971] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  850.406564][ T5971] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  850.410388][ T5971] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  850.414791][ T5971] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  850.420903][ T5971] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  850.424721][ T5971] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  850.433684][ T5971] usb 5-1: config 0 descriptor??
[  850.437127][T19036] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  850.859015][ T5971] usbhid 5-1:0.0: can't add hid device: -71
[  850.873024][ T5971] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  850.884252][ T5971] usb 5-1: USB disconnect, device number 53
[  851.472225][T19050] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  851.938601][T19054] netlink: 120 bytes leftover after parsing attributes in process `syz.4.3561'.
[  851.946856][T19054] netlink: 'syz.4.3561': attribute type 1 has an invalid length.
[  851.953757][T19054] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3561'.
[  852.039955][   T40] audit: type=1326 audit(851.925:34868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19051 comm="syz.4.3561" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f14f7c code=0x0
[  852.150209][T18002] Bluetooth: hci1: command 0x0c1a tx timeout
[  852.188295][   T40] audit: type=1326 audit(852.075:34869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19057 comm="syz.1.3562" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f15f7c code=0x0
[  853.582527][T19066] syzkaller0: entered promiscuous mode
[  853.584316][T19066] syzkaller0: entered allmulticast mode
[  853.935680][T19078] random: crng reseeded on system resumption
[  853.971313][T19078] Restarting kernel threads ...
[  853.978149][T19079] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  853.985396][T19078] Done restarting kernel threads.
[  854.222285][T18002] Bluetooth: hci1: command 0x0c1a tx timeout
[  855.142523][T19088] random: crng reseeded on system resumption
[  855.203672][T19088] Restarting kernel threads ...
[  855.206262][T19088] Done restarting kernel threads.
[  856.669080][T19097] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  856.819856][T19098] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  857.605051][T19106] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3574'.
[  857.705370][T19108] netlink: 120 bytes leftover after parsing attributes in process `syz.4.3573'.
[  857.710110][T19108] netlink: 'syz.4.3573': attribute type 1 has an invalid length.
[  857.728005][T19108] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3573'.
[  857.895024][T19112] random: crng reseeded on system resumption
[  857.933659][T19112] Restarting kernel threads ...
[  857.935951][T19112] Done restarting kernel threads.
[  857.976839][   T40] audit: type=1326 audit(857.865:34870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19102 comm="syz.4.3573" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f14f7c code=0x0
[  858.507375][T19117] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  859.175205][T19125] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  859.281143][T19129] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3580'.
[  859.306514][T19129] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3580'.
[  859.456891][T19134] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  860.107642][T19138] binder: 19135:19138 ioctl c0306201 0 returned -14
[  860.226914][T19142] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3583'.
[  860.281832][T19136] binder: 19135:19136 ioctl c020662a 800002c0 returned -22
[  860.620809][T19150] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  860.916886][T19155] netlink: 112 bytes leftover after parsing attributes in process `syz.4.3587'.
[  860.935727][T19155] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3587'.
[  861.630078][ T5850] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  861.803160][ T5850] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  861.813281][ T5850] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  861.823066][ T5850] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  861.830703][ T5850] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  861.838064][ T5850] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  861.841679][ T5850] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  861.863864][ T5850] usb 5-1: config 0 descriptor??
[  861.873249][T19161] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  861.968943][T19166] random: crng reseeded on system resumption
[  862.385807][ T5850] usbhid 5-1:0.0: can't add hid device: -71
[  862.399299][ T5850] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  862.450133][T19167] Restarting kernel threads ...
[  862.456912][ T5850] usb 5-1: USB disconnect, device number 54
[  862.458265][T19167] Done restarting kernel threads.
[  863.015953][T19178] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3592'.
[  863.558363][T19191] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  863.633792][T19193] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  865.050667][T19210] random: crng reseeded on system resumption
[  865.056463][T19210] Restarting kernel threads ...
[  865.058886][T19210] Done restarting kernel threads.
[  865.397454][T19214] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3601'.
[  865.408628][T19214] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3601'.
[  865.474172][   T40] audit: type=1326 audit(865.365:34871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19211 comm="syz.1.3600" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f7c code=0x7ffc0000
[  865.485270][   T40] audit: type=1326 audit(865.365:34872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19211 comm="syz.1.3600" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f7c code=0x7ffc0000
[  865.495089][   T40] audit: type=1326 audit(865.365:34873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19211 comm="syz.1.3600" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15f98 code=0x7ffc0000
[  865.510857][   T40] audit: type=1326 audit(865.365:34874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19211 comm="syz.1.3600" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15f98 code=0x7ffc0000
[  865.520624][   T40] audit: type=1326 audit(865.365:34875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19211 comm="syz.1.3600" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f7c code=0x7ffc0000
[  865.531092][   T40] audit: type=1326 audit(865.365:34876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19211 comm="syz.1.3600" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15f98 code=0x7ffc0000
[  865.540455][   T40] audit: type=1326 audit(865.365:34877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19211 comm="syz.1.3600" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15f98 code=0x7ffc0000
[  865.551066][   T40] audit: type=1326 audit(865.365:34878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19211 comm="syz.1.3600" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15f98 code=0x7ffc0000
[  865.561309][   T40] audit: type=1326 audit(865.365:34879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19211 comm="syz.1.3600" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15f98 code=0x7ffc0000
[  865.570881][   T40] audit: type=1326 audit(865.365:34880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19211 comm="syz.1.3600" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f15f98 code=0x7ffc0000
[  865.727265][T19219] netlink: 120 bytes leftover after parsing attributes in process `syz.0.3602'.
[  865.730718][T19219] netlink: 'syz.0.3602': attribute type 1 has an invalid length.
[  865.734084][T19219] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3602'.
[  865.970505][T19233] libceph: resolve '
[  865.970505][T19233] -&���f�Y�ǝ�a���2i�
[  865.970505][T19233] .���?��&�*��&' (ret=-3): failed
[  867.019023][T19254] random: crng reseeded on system resumption
[  867.037519][T19254] Restarting kernel threads ...
[  867.040647][T19254] Done restarting kernel threads.
[  867.273297][T19255] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  867.903174][T19264] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  869.963519][T19280] syzkaller0: entered promiscuous mode
[  869.965339][T19280] syzkaller0: entered allmulticast mode
[  870.836155][T19283] input: syz0 as /devices/virtual/input/input26
[  870.929440][T19293] netlink: 120 bytes leftover after parsing attributes in process `syz.4.3623'.
[  870.934265][T19293] netlink: 'syz.4.3623': attribute type 1 has an invalid length.
[  870.937102][T19293] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3623'.
[  870.946780][   T40] kauditd_printk_skb: 85 callbacks suppressed
[  870.946796][   T40] audit: type=1326 audit(870.835:34966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19290 comm="syz.4.3623" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f14f7c code=0x0
[  871.274136][T19302] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  872.142649][T19309] netlink: 112 bytes leftover after parsing attributes in process `syz.0.3627'.
[  872.159055][T19309] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3627'.
[  873.180773][T19336] random: crng reseeded on system resumption
[  873.221408][T19336] Restarting kernel threads ...
[  873.223922][T19336] Done restarting kernel threads.
[  873.451740][T19343] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3634'.
[  873.637956][T19345] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3635'.
[  873.671238][T19345] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3635'.
[  874.975613][T19364] netlink: 120 bytes leftover after parsing attributes in process `syz.0.3639'.
[  874.984365][T19364] netlink: 'syz.0.3639': attribute type 1 has an invalid length.
[  874.990397][T19364] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3639'.
[  875.005940][   T40] audit: type=1326 audit(874.895:34967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19359 comm="syz.0.3639" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f62f7c code=0x0
[  875.009074][T19366] netlink: 112 bytes leftover after parsing attributes in process `syz.4.3641'.
[  875.103068][ T1433] ieee802154 phy1 wpan1: encryption failed: -22
[  876.093933][T19381] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  876.189792][   T34] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  876.350911][   T34] usb 5-1: Using ep0 maxpacket: 8
[  876.354995][   T34] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  876.358568][   T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  876.363927][   T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  876.366746][   T34] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  876.371290][   T34] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  876.374446][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  876.614994][T19385] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  876.828757][   T34] usb 5-1: GET_CAPABILITIES returned 0
[  876.830658][   T34] usbtmc 5-1:16.0: can't read capabilities
[  877.525111][   T34] usb 5-1: USB disconnect, device number 55
[  877.568734][T19397] __nla_validate_parse: 1 callbacks suppressed
[  877.568788][T19397] netlink: 120 bytes leftover after parsing attributes in process `syz.4.3650'.
[  877.576225][T19397] netlink: 'syz.4.3650': attribute type 1 has an invalid length.
[  877.578793][T19397] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3650'.
[  877.678310][T19401] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  877.830282][   T40] audit: type=1326 audit(877.695:34968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19394 comm="syz.4.3650" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f14f7c code=0x0
[  877.952711][ T5971] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  878.122068][ T5971] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  878.126824][ T5971] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  878.132065][ T5971] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  878.137054][ T5971] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  878.142902][ T5971] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  878.146687][ T5971] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  878.159585][ T5971] usb 6-1: config 0 descriptor??
[  878.168220][T19405] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  878.607759][ T5971] usbhid 6-1:0.0: can't add hid device: -71
[  878.609862][ T5971] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  878.614179][ T5971] usb 6-1: USB disconnect, device number 26
[  879.276693][T19416] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  881.373923][T19436] FAULT_INJECTION: forcing a failure.
[  881.373923][T19436] name failslab, interval 1, probability 0, space 0, times 0
[  881.379710][T19436] CPU: 3 UID: 0 PID: 19436 Comm: syz.4.3661 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  881.379781][T19436] Tainted: [L]=SOFTLOCKUP
[  881.379787][T19436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  881.379795][T19436] Call Trace:
[  881.379807][T19436]  <TASK>
[  881.379816][T19436]  dump_stack_lvl+0x100/0x190
[  881.379845][T19436]  should_fail_ex.cold+0x5/0xa
[  881.379866][T19436]  ? tomoyo_realpath_from_path+0xb6/0x690
[  881.379893][T19436]  should_failslab+0xc2/0x120
[  881.379916][T19436]  __kmalloc_noprof+0xe0/0x850
[  881.379931][T19436]  ? kfree+0x1dd/0x6c0
[  881.379949][T19436]  tomoyo_realpath_from_path+0xb6/0x690
[  881.379967][T19436]  tomoyo_check_open_permission+0x2af/0x3c0
[  881.379980][T19436]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  881.379992][T19436]  ? open_namespace_file+0xd7/0x130
[  881.380008][T19436]  ? __do_fast_syscall_32+0xe7/0x950
[  881.380021][T19436]  ? do_fast_syscall_32+0x32/0x70
[  881.380034][T19436]  ? hook_file_open+0x24e/0x7a0
[  881.380056][T19436]  ? path_get+0x61/0x80
[  881.380079][T19436]  tomoyo_file_open+0x6b/0x90
[  881.380104][T19436]  security_file_open+0xb5/0x1e0
[  881.380127][T19436]  do_dentry_open+0x5aa/0x1660
[  881.380150][T19436]  ? lockdep_init_map_type+0x5c/0x250
[  881.380172][T19436]  vfs_open+0x82/0x3f0
[  881.380201][T19436]  dentry_open+0x71/0xd0
[  881.380227][T19436]  open_namespace_file+0xd7/0x130
[  881.380252][T19436]  ? __pfx_open_namespace_file+0x10/0x10
[  881.380280][T19436]  vfs_open_tree+0x8ec/0xae0
[  881.380306][T19436]  ? _raw_spin_unlock+0x28/0x50
[  881.380330][T19436]  ? __pfx_vfs_open_tree+0x10/0x10
[  881.380373][T19436]  __ia32_sys_open_tree+0xa3/0x150
[  881.380399][T19436]  __do_fast_syscall_32+0xe7/0x950
[  881.380416][T19436]  ? lockdep_hardirqs_on+0x78/0x100
[  881.380437][T19436]  do_fast_syscall_32+0x32/0x70
[  881.380447][T19436]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  881.380463][T19436] RIP: 0023:0xf7f14f7c
[  881.380475][T19436] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  881.380486][T19436] RSP: 002b:00000000f53d650c EFLAGS: 00000292 ORIG_RAX: 00000000000001ac
[  881.380499][T19436] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000640
[  881.380506][T19436] RDX: 0000000000009902 RSI: 0000000000000000 RDI: 0000000000000000
[  881.380512][T19436] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  881.380519][T19436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  881.380525][T19436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  881.380539][T19436]  </TASK>
[  881.380546][T19436] ERROR: Out of memory at tomoyo_realpath_from_path.
[  881.724995][T19451] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  882.059745][T17530] Bluetooth: hci0: command 0x0c1a tx timeout
[  882.059760][T18002] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  882.069866][ T6766] usb 9-1: new high-speed USB device number 60 using dummy_hcd
[  882.672517][ T6766] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  882.676997][ T6766] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  882.681616][ T6766] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  882.686812][ T6766] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  882.711083][ T6766] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  882.715404][ T6766] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  882.731360][T19464] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  882.756586][ T6766] usb 9-1: config 0 descriptor??
[  882.771450][T19446] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  882.837829][T19470] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  883.188634][T19446] overlayfs: missing 'lowerdir'
[  883.205790][ T6766] usbhid 9-1:0.0: can't add hid device: -71
[  883.211410][ T6766] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  883.231320][ T6766] usb 9-1: USB disconnect, device number 60
[  883.846290][T19486] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  884.272491][T19490] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  885.033283][T19502] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  885.440387][ T6766] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  885.609782][ T6766] usb 5-1: Using ep0 maxpacket: 8
[  885.617812][ T6766] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  885.620730][ T6766] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  885.629867][ T6766] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  885.634236][ T6766] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  885.654144][ T6766] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  885.658621][ T6766] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  885.661787][ T6766] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  885.927839][ T6766] usb 5-1: usb_control_msg returned -32
[  885.930361][ T6766] usbtmc 5-1:16.0: can't read capabilities
[  886.133212][ T1341] usb 5-1: USB disconnect, device number 56
[  886.160586][T19517] netlink: 120 bytes leftover after parsing attributes in process `syz.1.3683'.
[  886.164301][T19517] netlink: 'syz.1.3683': attribute type 1 has an invalid length.
[  886.166826][T19517] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3683'.
[  886.176652][   T40] audit: type=1326 audit(886.065:34969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19515 comm="syz.1.3683" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f15f7c code=0x0
[  886.580168][ T1341] usb 5-1: new low-speed USB device number 57 using dummy_hcd
[  887.093901][ T1341] usb 5-1: config index 0 descriptor too short (expected 1307, got 27)
[  887.097625][ T1341] usb 5-1: config 0 has an invalid interface number: 0 but max is -1
[  887.101416][ T1341] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0
[  887.105401][ T1341] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  887.109804][ T1341] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  887.113471][ T1341] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  887.123867][ T1341] usb 5-1: string descriptor 0 read error: -22
[  887.127166][ T1341] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  887.131439][ T1341] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  887.140675][ T1341] usb 5-1: config 0 descriptor??
[  887.143400][T19504] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  887.149483][ T1341] hub 5-1:0.0: bad descriptor, ignoring hub
[  887.152439][ T1341] hub 5-1:0.0: probe with driver hub failed with error -5
[  887.163929][ T1341] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input27
[  887.962457][   T56] usb 5-1: USB disconnect, device number 57
[  888.079582][T19532] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  888.215770][T19535] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  889.063775][T19539] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3689'.
[  889.089186][T19539] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3689'.
[  889.146366][T19541] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  890.506289][T19560] random: crng reseeded on system resumption
[  890.531666][T19560] Restarting kernel threads ...
[  890.534379][T19560] Done restarting kernel threads.
[  890.817931][T19564] netlink: 120 bytes leftover after parsing attributes in process `syz.1.3697'.
[  890.821348][T19564] netlink: 'syz.1.3697': attribute type 1 has an invalid length.
[  890.824132][T19564] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3697'.
[  890.830318][   T40] audit: type=1326 audit(890.725:34970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19559 comm="syz.1.3697" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f15f7c code=0x0
[  890.880859][T19568] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  891.434071][T19574] netlink: 112 bytes leftover after parsing attributes in process `syz.4.3702'.
[  891.446053][T19574] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3702'.
[  891.519844][ T6766] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  891.669805][ T6766] usb 5-1: Using ep0 maxpacket: 16
[  891.674230][ T6766] usb 5-1: unable to get BOS descriptor or descriptor too short
[  891.678932][ T6766] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  891.690566][ T6766] usb 5-1: string descriptor 0 read error: -22
[  891.693206][ T6766] usb 5-1: New USB device found, idVendor=0b05, idProduct=1743, bcdDevice= 0.40
[  891.696299][ T6766] usb 5-1: New USB device strings: Mfr=132, Product=132, SerialNumber=3
[  891.712488][ T6766] usb 5-1: Audio class v2/v3 interfaces need an interface association
[  891.827899][ T6766] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[  891.962323][T19570] could not allocate digest TFM handle sha1-avx
[  892.913051][T19590] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  894.247054][T19610] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3712'.
[  894.292938][  T843] usb 5-1: USB disconnect, device number 58
[  894.324044][T19613] netlink: 120 bytes leftover after parsing attributes in process `syz.3.3709'.
[  894.334864][T19613] netlink: 'syz.3.3709': attribute type 1 has an invalid length.
[  894.340351][T19616] netlink: 112 bytes leftover after parsing attributes in process `syz.1.3713'.
[  894.356436][T19613] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3709'.
[  894.357304][T19616] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3713'.
[  894.414938][T19620] netlink: 120 bytes leftover after parsing attributes in process `syz.4.3711'.
[  894.419078][T19620] netlink: 'syz.4.3711': attribute type 1 has an invalid length.
[  894.422692][T19620] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3711'.
[  894.550226][   T40] audit: type=1326 audit(894.435:34971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19609 comm="syz.4.3711" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f14f7c code=0x0
[  895.096268][   T40] audit: type=1326 audit(894.985:34972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19600 comm="syz.3.3709" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f43f7c code=0x0
[  896.587244][T19629] netlink: 120 bytes leftover after parsing attributes in process `syz.0.3716'.
[  896.591937][T19629] netlink: 'syz.0.3716': attribute type 1 has an invalid length.
[  896.599470][T19629] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3716'.
[  896.619129][   T40] audit: type=1326 audit(896.505:34973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19628 comm="syz.0.3716" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f62f7c code=0x0
[  897.035968][T19637] bad cache= option: noner_mlock 0
[  897.035968][T19637] nr_zspages 1465
[  897.035968][T19637] nr_free_cma 0
[  897.035968][T19637] numa_hit 367907
[  897.035968][T19637] numa_miss 5367483
[  897.035968][T19637] numa_foreign 5367483
[  897.035968][T19637] numa_interleave 6988
[  897.035968][T19637] numa_local 359961
[  897.035968][T19637] numa_other 5375429
[  897.035968][T19637] nr_inactive_anon 1307
[  897.035968][T19637] nr_active_anon 4658
[  897.035968][T19637] nr_inactive_file 13261
[  897.035968][T19637] nr_active_file 670
[  897.035968][T19637] nr_unevictable 1768
[  897.035968][T19637] nr_slab_reclaimable 6016
[  897.035968][T19637] nr_slab_unreclaimable 56415
[  897.035968][T19637] nr_isolated_anon 0
[  897.035968][T19637] nr_isolated_file 0
[  897.035968][T19637] workingset_nodes 214
[  897.035968][T19637] workingset_refault_anon 17789
[  897.035968][T19637] workingset_refault_file 253016
[  897.035968][T19637] workingset_activate_anon 5960
[  897.035968][T19637] workingset_activate_file 87061
[  897.035968][T19637] workingset_restore_anon 490
[  897.035968][T19637] workingset_restore_file 9442
[  897.035968][T19637] workingset_nodereclaim 1310
[  897.035968][T19637] nr_anon_pages 2008
[  897.035968][T19637] nr_mapped 24283
[  897.035968][T19637] nr_file_pages 19934
[  897.035968][T19637] nr_dirty 210
[  897.035968][T19637] nr_writeback 0
[  897.035968][T19637] nr_shmem 4616
[  897.035968][T19637] nr_shmem_hugepages 0
[  897.035968][T19637] nr_shmem_pmdmapped 0
[  897.035968][T19637] nr_file_hugepages 0
[  897.035968][T19637] nr_file_pmdmapped 0
[  897.035968][T19637] nr_anon_transparent_hugepages 0
[  897.035968][T19637] nr_vmscan_write 47892
[  897.035968][T19637] nr_vmscan_immediate_reclaim 1537
[  897.035968][T19637] nr_dirtied 27580
[  897.035968][T19637] nr_written 27370
[  897.035968][T19637] nr_throttled_written 0
[  897.035968][T19637] nr_kernel_misc_reclaimable 0
[  897.035968][T19637] nr_foll_pin_acquired 190269
[  897.035968][T19637] nr_foll_pin_released 190269
[  897.036078][T19637] CIFS: VFS: bad cache= option: noner_mlock 0
[  897.036078][T19637] nr_zspages 1465
[  897.036078][T19637] nr_free_cma 0
[  897.036078][T19637] numa_hit 367907
[  897.036078][T19637] numa_miss 5367483
[  897.036078][T19637] numa_foreign 5367483
[  897.036078][T19637] numa_interleave 6988
[  897.036078][T19637] numa_local 359961
[  897.036078][T19637] numa_other 5375429
[  897.036078][T19637] nr_inactive_anon 1307
[  897.036078][T19637] nr_active_anon 4658
[  897.036078][T19637] nr_inactive_file 13261
[  897.036078][T19637] nr_active_file 670
[  897.036078][T19637] nr_unevictable 1768
[  897.036078][T19637] nr_slab_reclaimable 6016
[  897.036078][T19637] nr_slab_unreclaimable 56415
[  897.036078][T19637] nr_isolated_anon 0
[  897.036078][T19637] nr_isolated_file 0
[  897.036078][T19637] workingset_nodes 214
[  897.036078][T19637] workingset_refault_anon 17789
[  897.036078][T19637] workingset_refault_file 253016
[  897.036078][T19637] workingset_activate_anon 5960
[  897.036078][T19637] workingset_activate_file 87061
[  897.036078][T19637] workingset_restore_anon 490
[  897.036078][T19637] workingset_restore_file 9442
[  897.036078][T19637] workingset_nodereclaim 1310
[  897.036078][T19637] nr_anon_pages 2008
[  897.036078][T19637] nr_mapped 24283
[  897.036078][T19637] nr_file_pages 19934
[  897.036078][T19637] nr_dirty 210
[  897.036078][T19637] nr_writeback 0
[  897.036078][T19637] nr_shmem 4616
[  897.036078][T19637] nr_shmem_hugepages 0
[  897.036078][T19637] nr_shmem_pmdmapped 0
[  897.036078][T19637] nr_file_hugepages 0
[  897.036078][T19637] nr_file_pmdmapped 0
[  897.036078][T19637] nr_anon_transparent_hugepages 0
[  897.036078][T19637] nr_vmscan_write 47892
[  897.036078][T19637] nr_vmscan_immediate_reclaim 1537
[  897.036078][T19637] nr_dirtied 27580
[  897.036078][T19637] nr_written 27370
[  897.036078][T19637] nr_throttled_written 0
[  897.036078][T19637] nr_kernel_misc_reclaimable 0
[  897.036078][T19637] nr_foll_pin_acquired 190269
[  897.546258][T19657] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3722'.
[  897.779793][T15488] usb 9-1: new full-speed USB device number 61 using dummy_hcd
[  897.857479][T19662] netlink: 112 bytes leftover after parsing attributes in process `syz.0.3724'.
[  897.928077][T19662] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3724'.
[  897.942071][T15488] usb 9-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40
[  897.945219][T15488] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  897.948626][T15488] usb 9-1: Product: syz
[  897.952317][T15488] usb 9-1: Manufacturer: syz
[  897.956004][T15488] usb 9-1: SerialNumber: syz
[  898.407524][T15488] usblp 9-1:1.0: usblp0: USB Unidirectional printer dev 61 if 0 alt 0 proto 1 vid 0x04B8 pid 0x0202
[  898.698366][   T40] audit: type=1326 audit(898.585:34974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19665 comm="syz.1.3725" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f15f7c code=0x0
[  898.803599][T19673] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  899.063365][T19674] netlink: 'syz.4.3723': attribute type 1 has an invalid length.
[  899.162969][T19674] bond1: entered promiscuous mode
[  899.166866][T19674] 8021q: adding VLAN 0 to HW filter on device bond1
[  899.204537][T19676] bond1: (slave bridge1): making interface the new active one
[  899.208925][T19676] bridge1: entered promiscuous mode
[  899.214491][T19676] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  899.387650][T19674] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  899.391569][T19674] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  899.419692][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  900.724287][    C3] usblp0: nonzero write bulk status received: -71
[  900.724624][ T1341] usb 9-1: USB disconnect, device number 61
[  900.962577][T19654] usblp0: removed
[  901.379913][ T1341] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  901.541216][ T1341] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  901.547698][ T1341] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  901.552487][ T1341] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  901.556334][ T1341] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  901.560706][ T1341] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  901.563618][ T1341] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  901.567497][ T1341] usb 6-1: config 0 descriptor??
[  901.572496][T19694] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  901.668598][T19698] random: crng reseeded on system resumption
[  901.738607][T19702] netlink: 112 bytes leftover after parsing attributes in process `syz.0.3734'.
[  901.754320][T19702] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3734'.
[  901.834969][T19706] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  901.990566][T19694] overlay: Unknown parameter '/�+��O3Ӑ'
[  901.998619][ T1341] usbhid 6-1:0.0: can't add hid device: -71
[  902.001518][ T1341] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  902.018536][T19697] Restarting kernel threads ...
[  902.021261][T19697] Done restarting kernel threads.
[  902.030182][ T1341] usb 6-1: USB disconnect, device number 27
[  902.849857][T19717] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  903.442896][   T40] audit: type=1326 audit(903.315:34975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19720 comm="syz.4.3738" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f14f7c code=0x0
[  905.300449][  T843] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  906.202055][T19742] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  906.589898][  T843] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  906.741517][  T843] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  906.747714][  T843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  906.752948][  T843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  906.758237][  T843] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  906.764912][  T843] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  906.769250][  T843] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  906.779051][  T843] usb 5-1: config 0 descriptor??
[  906.784714][T19746] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  906.815527][T19751] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  907.267087][T19746] overlay: Unknown parameter '/�+��O3Ӑ'
[  907.346638][  T843] usbhid 5-1:0.0: can't add hid device: -71
[  907.348774][  T843] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  907.378512][T19759] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  907.591637][  T843] usb 5-1: USB disconnect, device number 59
[  908.824592][T19776] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  909.125859][T19779] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  910.083323][T19789] random: crng reseeded on system resumption
[  910.098995][T19789] Restarting kernel threads ...
[  910.101236][T19789] Done restarting kernel threads.
[  912.432376][T19824] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  912.671743][T19830] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  913.552779][T19841] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  913.827694][T19846] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  914.352720][   T40] audit: type=1326 audit(914.245:34976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19847 comm="syz.3.3765" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f43f7c code=0x0
[  915.414641][T19861] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  915.904186][T19877] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  916.337947][T19878] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3771'.
[  916.341024][T19878] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3771'.
[  916.359827][  T843] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  916.541772][  T843] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  916.551899][  T843] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  916.562106][  T843] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  916.574100][  T843] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  916.614681][  T843] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  916.623254][  T843] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  916.636059][  T843] usb 6-1: config 0 descriptor??
[  916.640322][T19882] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  917.053504][T19882] overlayfs: cannot append lower layer
[  917.061370][  T843] usbhid 6-1:0.0: can't add hid device: -71
[  917.063360][  T843] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  917.067922][  T843] usb 6-1: USB disconnect, device number 28
[  917.089971][T19891] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  917.721700][T19903] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  918.311901][T19920] fuse: Unknown parameter '18446744073709551615'
[  918.509522][T19926] syzkaller0: entered promiscuous mode
[  918.511539][T19926] syzkaller0: entered allmulticast mode
[  918.620322][T19931] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  918.671421][T19933] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  919.410975][T19937] comedi comedi3: pcmmio: I/O base address not correctly aligned
[  919.709770][T19943] netlink: 120 bytes leftover after parsing attributes in process `syz.4.3791'.
[  919.719905][T19943] netlink: 'syz.4.3791': attribute type 1 has an invalid length.
[  919.722844][T19943] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3791'.
[  919.761815][   T40] audit: type=1326 audit(919.655:34977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19938 comm="syz.4.3791" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f14f7c code=0x0
[  920.603715][T19952] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  921.606130][T19969] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3799'.
[  921.827061][T19974] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3802'.
[  922.343243][T19985] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  923.259980][ T5971] usb 9-1: new high-speed USB device number 62 using dummy_hcd
[  923.411915][ T5971] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  923.417688][ T5971] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  923.422618][ T5971] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  923.427549][ T5971] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  923.434472][ T5971] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  923.438447][ T5971] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  923.444715][ T5971] usb 9-1: config 0 descriptor??
[  923.449139][T19994] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  923.570252][T19998] netlink: 120 bytes leftover after parsing attributes in process `syz.3.3807'.
[  923.575103][T19998] netlink: 'syz.3.3807': attribute type 1 has an invalid length.
[  923.578524][T19998] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3807'.
[  923.588041][   T40] audit: type=1326 audit(923.475:34978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19995 comm="syz.3.3807" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f43f7c code=0x0
[  923.864972][T19994] overlayfs: cannot append lower layer
[  923.873421][ T5971] usbhid 9-1:0.0: can't add hid device: -71
[  923.876914][ T5971] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  923.886268][ T5971] usb 9-1: USB disconnect, device number 62
[  924.340457][T20006] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3809'.
[  924.349594][T20006] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3809'.
[  924.524275][T20015] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  924.531732][T20015] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  924.536031][T20015] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  924.603585][T20017] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  925.539917][T20030] block nbd2: server does not support multiple connections per device.
[  925.551176][T20030] block nbd2: shutting down sockets
[  926.517668][   T53] usb 9-1: new high-speed USB device number 63 using dummy_hcd
[  926.892374][   T53] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  926.905794][   T53] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  926.974098][   T53] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  926.996353][   T53] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  927.022141][   T53] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  927.040588][   T53] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  927.144694][   T53] usb 9-1: config 0 descriptor??
[  927.190439][T20040] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  927.680186][T20040] overlayfs: cannot append lower layer
[  927.693169][   T53] usbhid 9-1:0.0: can't add hid device: -71
[  927.695208][   T53] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  927.710978][   T53] usb 9-1: USB disconnect, device number 63
[  928.983578][T20061] syz.0.3822: page allocation failure: order:10, mode:0x140dc0(GFP_USER|__GFP_ZERO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0-1
[  928.983743][T20061] CPU: 2 UID: 0 PID: 20061 Comm: syz.0.3822 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  928.983762][T20061] Tainted: [L]=SOFTLOCKUP
[  928.983767][T20061] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  928.983774][T20061] Call Trace:
[  928.983779][T20061]  <TASK>
[  928.983794][T20061]  dump_stack_lvl+0x100/0x190
[  928.983817][T20061]  warn_alloc.cold+0x95/0x1c1
[  928.983832][T20061]  ? __pfx_warn_alloc+0x10/0x10
[  928.983860][T20061]  ? __pfx___might_resched+0x10/0x10
[  928.983879][T20061]  __alloc_frozen_pages_noprof+0xf25/0x2bc0
[  928.983905][T20061]  ? is_bpf_text_address+0x8a/0x1a0
[  928.983924][T20061]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  928.983944][T20061]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  928.983963][T20061]  ? kernel_text_address+0x8d/0x100
[  928.983975][T20061]  ? __pfx_widen_string+0x10/0x10
[  928.983990][T20061]  ? unwind_get_return_address+0x59/0xa0
[  928.984011][T20061]  ? tomoyo_path_number_perm+0x46d/0x580
[  928.984023][T20061]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  928.984042][T20061]  ? policy_nodemask+0xed/0x4f0
[  928.984100][T20061]  alloc_pages_mpol+0x1fb/0x540
[  928.984115][T20061]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  928.984128][T20061]  ? kasan_save_stack+0x3f/0x50
[  928.984139][T20061]  ? kasan_save_track+0x14/0x30
[  928.984150][T20061]  ? kasan_save_free_info+0x3b/0x70
[  928.984167][T20061]  ? __kasan_slab_free+0x5f/0x80
[  928.984178][T20061]  ? kfree+0x223/0x6c0
[  928.984195][T20061]  ? tomoyo_path_number_perm+0x46d/0x580
[  928.984207][T20061]  ? security_file_ioctl_compat+0xd3/0x230
[  928.984224][T20061]  ? vc_do_resize+0x1dd/0xeb0
[  928.984243][T20061]  ___kmalloc_large_node+0xe5/0x120
[  928.984258][T20061]  __kmalloc_large_node_noprof+0x1c/0x70
[  928.984274][T20061]  __kmalloc_noprof+0x5be/0x850
[  928.984290][T20061]  vc_do_resize+0x1dd/0xeb0
[  928.984311][T20061]  ? __pfx_vc_do_resize+0x10/0x10
[  928.984327][T20061]  ? rcu_is_watching+0x12/0xc0
[  928.984345][T20061]  vt_ioctl+0x28fc/0x31a0
[  928.984361][T20061]  ? __pfx_vt_ioctl+0x10/0x10
[  928.984374][T20061]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  928.984392][T20061]  ? rcu_is_watching+0x12/0xc0
[  928.984405][T20061]  ? apparmor_capable+0x1d7/0x4d0
[  928.984418][T20061]  ? bpf_lsm_capable+0x9/0x10
[  928.984431][T20061]  ? security_capable+0x80/0x260
[  928.984451][T20061]  vt_compat_ioctl+0x33f/0x4e0
[  928.984466][T20061]  ? __pfx_vt_compat_ioctl+0x10/0x10
[  928.984479][T20061]  ? __fget_files+0x215/0x3d0
[  928.984493][T20061]  ? hook_file_ioctl_common+0x149/0x410
[  928.984509][T20061]  ? __fget_files+0x21f/0x3d0
[  928.984522][T20061]  ? __pfx_vt_compat_ioctl+0x10/0x10
[  928.984536][T20061]  tty_compat_ioctl+0x1b4/0x420
[  928.984554][T20061]  ? __pfx_tty_compat_ioctl+0x10/0x10
[  928.984571][T20061]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  928.984586][T20061]  __do_fast_syscall_32+0xe7/0x950
[  928.984597][T20061]  ? lockdep_hardirqs_on+0x78/0x100
[  928.984615][T20061]  do_fast_syscall_32+0x32/0x70
[  928.984626][T20061]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  928.984642][T20061] RIP: 0023:0xf7f62f7c
[  928.984653][T20061] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  928.984664][T20061] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  928.984675][T20061] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005609
[  928.984682][T20061] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
[  928.984689][T20061] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  928.984696][T20061] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  928.984703][T20061] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  928.984718][T20061]  </TASK>
[  928.987086][T20061] Mem-Info:
[  928.987098][T20061] active_anon:3546 inactive_anon:1421 isolated_anon:0
[  928.987098][T20061]  active_file:3150 inactive_file:9587 isolated_file:0
[  928.987098][T20061]  unevictable:1768 dirty:406 writeback:0
[  928.987098][T20061]  slab_reclaimable:6015 slab_unreclaimable:56274
[  928.987098][T20061]  mapped:28238 shmem:4657 pagetables:1347
[  928.987098][T20061]  sec_pagetables:365 bounce:0
[  928.987098][T20061]  kernel_misc_reclaimable:0
[  928.987098][T20061]  free:69496 free_pcp:200 free_cma:0
[  928.987129][T20061] Node 0 active_anon:56kB inactive_anon:204kB active_file:0kB inactive_file:8kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:60kB dirty:4kB writeback:0kB shmem:3572kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8032kB pagetables:1524kB sec_pagetables:1180kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  928.987162][T20061] Node 1 active_anon:14128kB inactive_anon:5480kB active_file:12600kB inactive_file:38340kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:112892kB dirty:1620kB writeback:0kB shmem:15056kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5692kB pagetables:3864kB sec_pagetables:280kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  928.987192][T20061] Node 0 DMA free:2268kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12kB inactive_anon:28kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:4kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  928.987227][T20061] lowmem_reserve[]: 0 285 285 285 285
[  928.987251][T20061] Node 0 DMA32 free:20080kB boost:0kB min:13088kB low:16360kB high:19632kB reserved_highatomic:0KB free_highatomic:0KB active_anon:68kB inactive_anon:176kB active_file:0kB inactive_file:8kB unevictable:3536kB writepending:4kB zspages:1192kB present:1032196kB managed:292512kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  928.987285][T20061] lowmem_reserve[]: 0 0 0 0 0
[  928.987306][T20061] Node 1 DMA32 free:255636kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14128kB inactive_anon:5480kB active_file:12600kB inactive_file:38340kB unevictable:3536kB writepending:1620kB zspages:4516kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:800kB local_pcp:768kB free_cma:0kB
[  928.987337][T20061] lowmem_reserve[]: 0 0 0 0 0
[  928.987358][T20061] Node 0 DMA: 27*4kB (UM) 65*8kB (UM) 30*16kB (UM) 13*32kB (UM) 6*64kB (UM) 3*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2292kB
[  928.987460][T20061] Node 0 DMA32: 64*4kB (UME) 80*8kB (UME) 85*16kB (UM) 153*32kB (UME) 66*64kB (UME) 42*128kB (UME) 9*256kB (UM) 2*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 20080kB
[  928.987555][T20061] Node 1 DMA32: 3367*4kB (UME) 3387*8kB (UME) 2568*16kB (UME) 485*32kB (UME) 212*64kB (UME) 322*128kB (UME) 365*256kB (UME) 8*512kB (UM) 4*1024kB (U) 1*2048kB (U) 0*4096kB = 255636kB
[  928.987658][T20061] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  928.987667][T20061] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  928.987676][T20061] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  928.987686][T20061] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  928.987695][T20061] 19040 total pagecache pages
[  928.987700][T20061] 1575 pages in swap cache
[  928.987704][T20061] Free swap  = 98836kB
[  928.987709][T20061] Total swap = 124996kB
[  928.987714][T20061] 524155 pages RAM
[  928.987718][T20061] 0 pages HighMem/MovableOnly
[  928.987723][T20061] 210134 pages reserved
[  928.987727][T20061] 0 pages cma reserved
[  929.923603][T20078] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  931.079758][T20090] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3829'.
[  931.897956][T20100] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  933.383926][T20110] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  934.330582][T20127] 
[  934.331805][T20127] ======================================================
[  934.334212][T20127] WARNING: possible circular locking dependency detected
[  934.336936][T20127] syzkaller #0 Tainted: G             L     
[  934.339503][T20127] ------------------------------------------------------
[  934.341933][T20127] syz.4.3838/20127 is trying to acquire lock:
[  934.344039][T20127] ffffffff8e9b09c0 (fs_reclaim){+.+.}-{0:0}, at: kmem_cache_alloc_node_noprof+0x53/0x6f0
[  934.347384][T20127] 
[  934.347384][T20127] but task is already holding lock:
[  934.349905][T20127] ffff8880599b1d60 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: inet_stream_connect+0x43/0xa0
[  934.353194][T20127] 
[  934.353194][T20127] which lock already depends on the new lock.
[  934.353194][T20127] 
[  934.356630][T20127] 
[  934.356630][T20127] the existing dependency chain (in reverse order) is:
[  934.359730][T20127] 
[  934.359730][T20127] -> #7 (k-sk_lock-AF_INET6){+.+.}-{0:0}:
[  934.361648][T20125] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  934.362590][T20127]        lock_sock_nested+0x41/0xf0
[  934.362617][T20127]        mptcp_listen+0x1ef/0x4c0
[  934.373429][T20127]        __sys_listen_socket+0x108/0x150
[  934.375349][T20127]        __sys_listen+0xa7/0x130
[  934.377030][T20127]        __ia32_sys_listen+0x53/0x80
[  934.378834][T20127]        __do_fast_syscall_32+0xe7/0x950
[  934.380730][T20127]        do_fast_syscall_32+0x32/0x70
[  934.382574][T20127]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  934.384976][T20127] 
[  934.384976][T20127] -> #6 (sk_lock-AF_INET6){+.+.}-{0:0}:
[  934.387707][T20127]        lock_sock_nested+0x41/0xf0
[  934.389840][T20127]        inet_shutdown+0x67/0x410
[  934.391866][T20127]        nbd_mark_nsock_dead+0xae/0x5c0
[  934.394025][T20127]        sock_shutdown+0x16b/0x200
[  934.396049][T20127]        nbd_config_put+0x1eb/0x750
[  934.398075][T20127]        nbd_genl_connect+0xaf8/0x1a40
[  934.400134][T20127]        genl_family_rcv_msg_doit+0x214/0x300
[  934.402661][T20127]        genl_rcv_msg+0x560/0x800
[  934.404416][T20127]        netlink_rcv_skb+0x159/0x420
[  934.406362][T20127]        genl_rcv+0x28/0x40
[  934.408205][T20127]        netlink_unicast+0x585/0x850
[  934.409999][T20127]        netlink_sendmsg+0x8b0/0xda0
[  934.411740][T20127]        ____sys_sendmsg+0x9e1/0xb70
[  934.413504][T20127]        ___sys_sendmsg+0x190/0x1e0
[  934.415378][T20127]        __sys_sendmsg+0x170/0x220
[  934.417305][T20127]        __do_fast_syscall_32+0xe7/0x950
[  934.419733][T20127]        do_fast_syscall_32+0x32/0x70
[  934.421639][T20127]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  934.423869][T20127] 
[  934.423869][T20127] -> #5 (&nsock->tx_lock){+.+.}-{4:4}:
[  934.426242][T20127]        __mutex_lock+0x1a4/0x1b10
[  934.427872][T20127]        nbd_queue_rq+0x428/0x1080
[  934.429479][T20127]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  934.431503][T20127]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  934.433788][T20127]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  934.436252][T20127]        blk_mq_run_hw_queue+0x23c/0x670
[  934.438263][T20127]        blk_mq_dispatch_list+0x51d/0x1360
[  934.440184][T20127]        blk_mq_flush_plug_list+0x130/0x600
[  934.442286][T20127]        __blk_flush_plug+0x2c4/0x4b0
[  934.444092][T20127]        __submit_bio+0x584/0x6c0
[  934.445699][T20127]        submit_bio_noacct_nocheck+0x543/0xbf0
[  934.447858][T20127]        submit_bio_noacct+0xd18/0x2000
[  934.450061][T20127]        submit_bh_wbc+0x681/0x890
[  934.452223][T20127]        block_read_full_folio+0x4c8/0x8e0
[  934.454485][T20127]        filemap_read_folio+0xfc/0x3b0
[  934.456802][T20127]        do_read_cache_folio+0x2d7/0x6b0
[  934.459076][T20127]        read_part_sector+0xd1/0x370
[  934.461005][T20127]        adfspart_check_ICS+0x91/0x7d0
[  934.463031][T20127]        bdev_disk_changed+0x7a3/0x1250
[  934.464908][T20127]        blkdev_get_whole+0x187/0x290
[  934.466711][T20127]        bdev_open+0x2c7/0xe40
[  934.468374][T20127]        blkdev_open+0x34e/0x4f0
[  934.470095][T20127]        do_dentry_open+0x6d8/0x1660
[  934.471942][T20127]        vfs_open+0x82/0x3f0
[  934.473487][T20127]        path_openat+0x208c/0x31a0
[  934.475154][T20127]        do_file_open+0x20e/0x430
[  934.476757][T20127]        do_sys_openat2+0x10d/0x1e0
[  934.478462][T20127]        __x64_sys_openat+0x12d/0x210
[  934.480320][T20127]        do_syscall_64+0x10b/0xf80
[  934.482063][T20127]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  934.484191][T20127] 
[  934.484191][T20127] -> #4 (&cmd->lock){+.+.}-{4:4}:
[  934.486622][T20127]        __mutex_lock+0x1a4/0x1b10
[  934.488402][T20127]        nbd_queue_rq+0xba/0x1080
[  934.490005][T20127]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  934.492154][T20127]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  934.494429][T20127]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  934.496558][T20127]        blk_mq_run_hw_queue+0x23c/0x670
[  934.498363][T20127]        blk_mq_dispatch_list+0x51d/0x1360
[  934.500307][T20127]        blk_mq_flush_plug_list+0x130/0x600
[  934.502384][T20127]        __blk_flush_plug+0x2c4/0x4b0
[  934.504292][T20127]        __submit_bio+0x584/0x6c0
[  934.506091][T20127]        submit_bio_noacct_nocheck+0x543/0xbf0
[  934.508192][T20127]        submit_bio_noacct+0xd18/0x2000
[  934.510065][T20127]        submit_bh_wbc+0x681/0x890
[  934.511793][T20127]        block_read_full_folio+0x4c8/0x8e0
[  934.513704][T20127]        filemap_read_folio+0xfc/0x3b0
[  934.515547][T20127]        do_read_cache_folio+0x2d7/0x6b0
[  934.517459][T20127]        read_part_sector+0xd1/0x370
[  934.519256][T20127]        adfspart_check_ICS+0x91/0x7d0
[  934.520977][T20127]        bdev_disk_changed+0x7a3/0x1250
[  934.522855][T20127]        blkdev_get_whole+0x187/0x290
[  934.524699][T20127]        bdev_open+0x2c7/0xe40
[  934.526368][T20127]        blkdev_open+0x34e/0x4f0
[  934.528075][T20127]        do_dentry_open+0x6d8/0x1660
[  934.529764][T20127]        vfs_open+0x82/0x3f0
[  934.531311][T20127]        path_openat+0x208c/0x31a0
[  934.532954][T20127]        do_file_open+0x20e/0x430
[  934.534709][T20127]        do_sys_openat2+0x10d/0x1e0
[  934.536652][T20127]        __x64_sys_openat+0x12d/0x210
[  934.538513][T20127]        do_syscall_64+0x10b/0xf80
[  934.540310][T20127]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  934.542467][T20127] 
[  934.542467][T20127] -> #3 (set->srcu){.+.+}-{0:0}:
[  934.544913][T20127]        __synchronize_srcu+0xa2/0x300
[  934.546718][T20127]        blk_mq_quiesce_queue+0x149/0x1c0
[  934.548618][T20127]        elevator_switch+0x17b/0x7e0
[  934.550407][T20127]        elevator_change+0x352/0x530
[  934.552220][T20127]        elevator_set_default+0x29e/0x360
[  934.554114][T20127]        blk_register_queue+0x48e/0x630
[  934.555957][T20127]        __add_disk+0x73f/0xe40
[  934.557635][T20127]        add_disk_fwnode+0x118/0x5c0
[  934.559564][T20127]        nbd_dev_add+0x77a/0xb10
[  934.561446][T20127]        nbd_init+0x291/0x2b0
[  934.563110][T20127]        do_one_initcall+0x121/0x750
[  934.564898][T20127]        kernel_init_freeable+0x6ea/0x7b0
[  934.566747][T20127]        kernel_init+0x1f/0x1e0
[  934.568340][T20127]        ret_from_fork+0x72b/0xd50
[  934.569996][T20127]        ret_from_fork_asm+0x1a/0x30
[  934.571888][T20127] 
[  934.571888][T20127] -> #2 (&q->elevator_lock){+.+.}-{4:4}:
[  934.574458][T20127]        __mutex_lock+0x1a4/0x1b10
[  934.576396][T20127]        elevator_change+0x1bc/0x530
[  934.578222][T20127]        elevator_set_none+0x92/0xf0
[  934.580167][T20127]        blk_mq_update_nr_hw_queues+0x4c1/0x15f0
[  934.582316][T20127]        nbd_start_device+0x1a6/0xbd0
[  934.584043][T20127]        nbd_genl_connect+0xff2/0x1a40
[  934.585760][T20127]        genl_family_rcv_msg_doit+0x214/0x300
[  934.587679][T20127]        genl_rcv_msg+0x560/0x800
[  934.589346][T20127]        netlink_rcv_skb+0x159/0x420
[  934.591192][T20127]        genl_rcv+0x28/0x40
[  934.592709][T20127]        netlink_unicast+0x585/0x850
[  934.594597][T20127]        netlink_sendmsg+0x8b0/0xda0
[  934.596411][T20127]        ____sys_sendmsg+0x9e1/0xb70
[  934.598199][T20127]        ___sys_sendmsg+0x190/0x1e0
[  934.600197][T20127]        __sys_sendmsg+0x170/0x220
[  934.602067][T20127]        __do_fast_syscall_32+0xe7/0x950
[  934.603983][T20127]        do_fast_syscall_32+0x32/0x70
[  934.605792][T20127]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  934.608091][T20127] 
[  934.608091][T20127] -> #1 (&q->q_usage_counter(io)#50){++++}-{0:0}:
[  934.610967][T20127]        blk_alloc_queue+0x610/0x790
[  934.612766][T20127]        blk_mq_alloc_queue+0x174/0x290
[  934.614602][T20127]        __blk_mq_alloc_disk+0x29/0x120
[  934.616783][T20127]        nbd_dev_add+0x492/0xb10
[  934.618491][T20127]        nbd_init+0x291/0x2b0
[  934.620151][T20127]        do_one_initcall+0x121/0x750
[  934.622059][T20127]        kernel_init_freeable+0x6ea/0x7b0
[  934.623994][T20127]        kernel_init+0x1f/0x1e0
[  934.625627][T20127]        ret_from_fork+0x72b/0xd50
[  934.627516][T20127]        ret_from_fork_asm+0x1a/0x30
[  934.629367][T20127] 
[  934.629367][T20127] -> #0 (fs_reclaim){+.+.}-{0:0}:
[  934.631966][T20127]        __lock_acquire+0x14b8/0x2630
[  934.633850][T20127]        lock_acquire+0x1b1/0x370
[  934.635536][T20127]        fs_reclaim_acquire+0xc4/0x100
[  934.637388][T20127]        kmem_cache_alloc_node_noprof+0x53/0x6f0
[  934.639574][T20127]        __alloc_skb+0x140/0x710
[  934.641311][T20127]        tcp_stream_alloc_skb+0x34/0x660
[  934.643215][T20127]        tcp_connect+0xf06/0x5530
[  934.644931][T20127]        tcp_v4_connect+0x15fe/0x1b40
[  934.646803][T20127]        tcp_v6_connect+0x779/0x23e0
[  934.648643][T20127]        __inet_stream_connect+0x208/0xfa0
[  934.650607][T20127]        inet_stream_connect+0x57/0xa0
[  934.652600][T20127]        kernel_connect+0x107/0x160
[  934.654590][T20127]        smc_connect+0x394/0x750
[  934.656410][T20127]        __sys_connect_file+0x141/0x1a0
[  934.658365][T20127]        __sys_connect+0x141/0x170
[  934.660357][T20127]        __ia32_sys_connect+0x71/0xb0
[  934.662231][T20127]        __do_fast_syscall_32+0xe7/0x950
[  934.664136][T20127]        do_fast_syscall_32+0x32/0x70
[  934.665943][T20127]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  934.668340][T20127] 
[  934.668340][T20127] other info that might help us debug this:
[  934.668340][T20127] 
[  934.671543][T20127] Chain exists of:
[  934.671543][T20127]   fs_reclaim --> sk_lock-AF_INET6 --> k-sk_lock-AF_INET6
[  934.671543][T20127] 
[  934.675551][T20127]  Possible unsafe locking scenario:
[  934.675551][T20127] 
[  934.677874][T20127]        CPU0                    CPU1
[  934.679576][T20127]        ----                    ----
[  934.681273][T20127]   lock(k-sk_lock-AF_INET6);
[  934.682916][T20127]                                lock(sk_lock-AF_INET6);
[  934.685446][T20127]                                lock(k-sk_lock-AF_INET6);
[  934.687949][T20127]   lock(fs_reclaim);
[  934.689239][T20127] 
[  934.689239][T20127]  *** DEADLOCK ***
[  934.689239][T20127] 
[  934.691914][T20127] 2 locks held by syz.4.3838/20127:
[  934.693641][T20127]  #0: ffff88800b8d72e0 (sk_lock-AF_SMC){+.+.}-{0:0}, at: smc_connect+0xd5/0x750
[  934.696711][T20127]  #1: ffff8880599b1d60 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: inet_stream_connect+0x43/0xa0
[  934.700254][T20127] 
[  934.700254][T20127] stack backtrace:
[  934.702320][T20127] CPU: 2 UID: 0 PID: 20127 Comm: syz.4.3838 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  934.702340][T20127] Tainted: [L]=SOFTLOCKUP
[  934.702344][T20127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  934.702353][T20127] Call Trace:
[  934.702359][T20127]  <TASK>
[  934.702366][T20127]  dump_stack_lvl+0x100/0x190
[  934.702383][T20127]  print_circular_bug.cold+0x178/0x1c7
[  934.702404][T20127]  check_noncircular+0x146/0x160
[  934.702425][T20127]  __lock_acquire+0x14b8/0x2630
[  934.702438][T20127]  ? ipv4_dst_check+0x1a8/0x3b0
[  934.702452][T20127]  lock_acquire+0x1b1/0x370
[  934.702463][T20127]  ? kmem_cache_alloc_node_noprof+0x53/0x6f0
[  934.702484][T20127]  ? __lock_acquire+0x4a5/0x2630
[  934.702496][T20127]  fs_reclaim_acquire+0xc4/0x100
[  934.702512][T20127]  ? kmem_cache_alloc_node_noprof+0x53/0x6f0
[  934.702531][T20127]  kmem_cache_alloc_node_noprof+0x53/0x6f0
[  934.702550][T20127]  ? __alloc_skb+0x140/0x710
[  934.702565][T20127]  __alloc_skb+0x140/0x710
[  934.702578][T20127]  ? __pfx___alloc_skb+0x10/0x10
[  934.702592][T20127]  tcp_stream_alloc_skb+0x34/0x660
[  934.702608][T20127]  tcp_connect+0xf06/0x5530
[  934.702627][T20127]  ? find_held_lock+0x2b/0x80
[  934.702644][T20127]  ? __pfx_tcp_connect+0x10/0x10
[  934.702658][T20127]  ? __pfx_tcp_fastopen_defer_connect+0x10/0x10
[  934.702680][T20127]  tcp_v4_connect+0x15fe/0x1b40
[  934.702696][T20127]  ? __pfx_tcp_v4_connect+0x10/0x10
[  934.702708][T20127]  ? mark_held_locks+0x40/0x70
[  934.702719][T20127]  ? finish_task_switch.isra.0+0x2cb/0x1010
[  934.702735][T20127]  ? lockdep_hardirqs_on+0x78/0x100
[  934.702780][T20127]  tcp_v6_connect+0x779/0x23e0
[  934.702805][T20127]  ? trace_sched_exit_tp+0x11c/0x160
[  934.702824][T20127]  ? __pfx_tcp_v6_connect+0x10/0x10
[  934.702843][T20127]  __inet_stream_connect+0x208/0xfa0
[  934.702856][T20127]  ? __pfx___schedule+0x10/0x10
[  934.702873][T20127]  ? __pfx___inet_stream_connect+0x10/0x10
[  934.702886][T20127]  ? preempt_schedule_thunk+0x16/0x30
[  934.702909][T20127]  ? preempt_schedule_common+0x42/0xc0
[  934.702926][T20127]  ? preempt_schedule_thunk+0x16/0x30
[  934.702945][T20127]  inet_stream_connect+0x57/0xa0
[  934.702958][T20127]  kernel_connect+0x107/0x160
[  934.702975][T20127]  ? __pfx_kernel_connect+0x10/0x10
[  934.702993][T20127]  ? __local_bh_enable_ip+0x9e/0x120
[  934.703010][T20127]  smc_connect+0x394/0x750
[  934.703027][T20127]  ? __pfx_smc_connect+0x10/0x10
[  934.703042][T20127]  __sys_connect_file+0x141/0x1a0
[  934.703056][T20127]  __sys_connect+0x141/0x170
[  934.703067][T20127]  ? __pfx___sys_connect+0x10/0x10
[  934.703083][T20127]  __ia32_sys_connect+0x71/0xb0
[  934.703094][T20127]  ? lockdep_hardirqs_on+0x78/0x100
[  934.703112][T20127]  __do_fast_syscall_32+0xe7/0x950
[  934.703125][T20127]  do_fast_syscall_32+0x32/0x70
[  934.703136][T20127]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  934.703153][T20127] RIP: 0023:0xf7f14f7c
[  934.703165][T20127] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  934.703176][T20127] RSP: 002b:00000000f53d650c EFLAGS: 00000292 ORIG_RAX: 000000000000016a
[  934.703189][T20127] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800001c0
[  934.703196][T20127] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000
[  934.703203][T20127] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  934.703210][T20127] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  934.703217][T20127] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  934.703228][T20127]  </TASK>
[  934.820547][    C2] hpet: Lost 30 RTC interrupts
[  936.540730][ T1433] ieee802154 phy1 wpan1: encryption failed: -22