last executing test programs:

5m52.37070208s ago: executing program 0 (id=1407):
r0 = io_uring_setup(0x355b, &(0x7f0000000140)={0x0, 0xe24b, 0x10, 0x5, 0x4000020})
r1 = eventfd2(0x9, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
io_uring_setup(0x1de0, &(0x7f0000000440)={0x0, 0x3d8, 0x0, 0x1})
r3 = dup3(r2, r1, 0x0)
pipe(&(0x7f00000000c0))
setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r4=>0x0})
socket$xdp(0x2c, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x400000000000004)
socket$xdp(0x2c, 0x3, 0x0)
writev(r5, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1)
bind$can_j1939(r2, &(0x7f0000000240)={0x1d, r4, 0x0, {0x0, 0x0, 0x4}, 0xfd}, 0x18)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r3, &(0x7f000009de80)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[], 0x4c}}, 0x0)
rseq(&(0x7f0000000300), 0x20, 0x0, 0x0)
msgsnd(0x0, 0x0, 0x8, 0x800)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

5m52.249882433s ago: executing program 0 (id=1412):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000025c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x7, &(0x7f0000000100)="fbffffff", 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)

5m49.830626219s ago: executing program 0 (id=1429):
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000001c0)={'vlan0\x00', &(0x7f0000002fc0)=@ethtool_wolinfo={0x33, 0x8, 0x70051b8, "8f5151239582"}})
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r3 = openat$vicodec1(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
readv(r3, &(0x7f0000000180)=[{&(0x7f0000000980)=""/4096, 0x1000}, {&(0x7f0000000200)=""/211, 0xd3}], 0x2)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x40305829, 0x0)
socket(0x2, 0x80805, 0x0)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10)
sendmmsg$sock(r5, &(0x7f0000002680)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@mark={{0x10, 0x1, 0x24, 0x3}}], 0x10, 0x700}}], 0x11, 0x20000000)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r6=>0x0], 0x1})
getpid()
r7 = socket(0x10, 0x803, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0)
getsockname$packet(r9, &(0x7f0000000200)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r10, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4, 0x5}}}}]}, 0x44}}, 0x4)
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@getchain={0x24, 0x66, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xa, 0xfff1}}}, 0x24}}, 0x0)
fallocate(r1, 0x2, 0x3, 0x5)
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={r6, 0x0, <r11=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000004c0)={r6, <r12=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r12, r11, 0x0, 0x0, 0x0, 0x4, {0x4, 0x1, 0x3, 0x69, 0x200, 0x0, 0x2, 0x5, 0x4cab, 0x7, 0x0, 0x0, 0x0, 0x0, "fe1d0e1cff001704000000341300"}})

5m49.693078172s ago: executing program 0 (id=1433):
getpid()
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x77)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
ioprio_set$uid(0x3, 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4)
sendmmsg$inet(r0, &(0x7f0000001c80)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000440)="e7c6f9e75f", 0x5}], 0x1}}], 0x1, 0x40)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x304}, "bd88818314ff7d84", "0b3ea924c47b25d7624cd362581725c7", "000400", "d5a1d50399459b68"}, 0x28)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$pokeuser(0x6, r1, 0x118, 0x4)
ptrace$pokeuser(0x6, r1, 0x102, 0x5ffffffd)
r2 = open(&(0x7f0000000580)='./file1\x00', 0x806c2, 0x1df2a23c5997fa5f)
r3 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r3, &(0x7f0000000100)={0x11, 0x4}, 0x14)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000000)=@ccm_128={{}, "6fa1af46579b9c52", "dabdcaa401ccfb21a971b1bc34add48d", "9d90dbf0", "ae175e465e8bc897"}, 0x28)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2688ca4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x5, 0x89, 0xd619, 0xd, 0x7fffffff, 0x3, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r2, r2, &(0x7f0000000080), 0x7f03)

5m49.452070225s ago: executing program 0 (id=1434):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f00000004c0)=ANY=[@ANYBLOB="1808000060000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000005000000b7050000080000004608f0ff76000000be9800000000000056080000010000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

5m48.575089383s ago: executing program 0 (id=1438):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000025c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x7, &(0x7f0000000100)="fbffffff", 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)

5m48.419913015s ago: executing program 32 (id=1438):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000025c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x7, &(0x7f0000000100)="fbffffff", 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)

5.482817678s ago: executing program 4 (id=3688):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=ANY=[@ANYBLOB="180200000000000000000000cfffffff850000001700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'veth0_to_bond\x00', <r4=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r2, r4, 0x25, 0x0, @val=@tracing={0x0, 0x20000000}}, 0x20)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c00000010000304000000c3ffffffffffffff00", @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r1], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000)

5.397578329s ago: executing program 4 (id=3692):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000580)=@nat={'nat\x00', 0x2, 0x5, 0x48f, 0x3b8, 0x3b8, 0xffffffff, 0x0, 0x0, 0x45c, 0x45c, 0xffffffff, 0x45c, 0x45c, 0x5, 0x0, {[{{@ip={@multicast2, @multicast1, 0xffffffff, 0x0, 'pim6reg\x00', 'dvmrp0\x00', {0x284867cb942d9816}, {}, 0xbc4f28a35372369e, 0x1}, 0xac030000, 0x1f0, 0x224, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth1_to_batadv\x00', {0x800, 0x81, 0x7, 0x8, 0x11000, 0x3, 0x4, 0x6, 0x0, 0x20}, {0x3}}}, @common=@unspec=@addrtype1={{0x28}, {0x5d, 0x9a0, 0x3}}]}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x0, @broadcast, @private=0xa010102, @icmp_id=0x66, @port=0x4e20}}}}, {{@uncond, 0x0, 0xbc, 0xf0, 0x0, {}, [@common=@socket0={{0x20}}, @common=@addrtype={{0x2c}, {0x802}}]}, @MASQUERADE={0x34, 'MASQUERADE\x00', 0x0, {0x1, {0x4, @broadcast, @empty, @port, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xa4}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x0, @local, @broadcast, @icmp_id, @port=0x2}}}}, {{@ip={@initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, 0xffffff00, 0xffffffff, 'virt_wifi0\x00', 'veth0_to_bond\x00', {0xff}, {}, 0x62, 0x2, 0x14}, 0x0, 0x70, 0xa4, 0x8800}, @DNAT0={0x34, 'DNAT\x00', 0x0, {0x1, {0x14, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @port=0x4e20, @gre_key=0x6}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x54c)

5.386918155s ago: executing program 4 (id=3693):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000300)=ANY=[@ANYBLOB="4800000010000305000000000000000005cf0000", @ANYRES32=0x0, @ANYBLOB="03000000000000002000128008000100677265001400028008000600ac14142e08000700e000030a08000a00", @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x24040000}, 0x2000800)

5.267144946s ago: executing program 4 (id=3694):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x11, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x40000, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x0, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xfffffffffffffeee}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0xe0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f00000003c0)={0x1f, 0x2, 0x3}, 0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000003880)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ssse3\x00'}, 0x58)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, &(0x7f0000000300)=0x80)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)
socket(0xa, 0x3, 0x3a)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x100)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000630110000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0145401, &(0x7f0000000040)={0x3, 0x0, 0x1, 0x3})

3.708547224s ago: executing program 4 (id=3707):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
clock_gettime(0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', <r3=>0x0})
socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5400000010000104000000000200000000000000", @ANYRES32=r3, @ANYBLOB="0000faffffff000034001280110001006272696467655f736c617665000000001c000580050021000000000006001f0000000000080022"], 0x54}, 0x1, 0x0, 0x81000000, 0x800}, 0x0)

3.642748369s ago: executing program 4 (id=3708):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f04000000000000000000850000000f000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001500)=ANY=[@ANYBLOB="b702000010000000bfa300000000000007030000f0ffffff7a0af0ff0000000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b2314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8dd63d4b77b206000000000000e254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3813e2c25a61ec45c3af9948f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469600241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c12e28ef97d9ebd9c77f1774cf4683c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f011000000f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497a6103876843ee04ed9ff002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd1304202274f20675eb781925440578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b96508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e25c89b552d7fcd116bce9c764c714c9402c21d1aac59efb28d4f91652f6000000000000000320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a575939206d0c0f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000ff0ffd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8000000edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db76cf059f40fa2640b6bfb74dd35391b8fa18479da9f4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847db97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ccfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000000000000000000003ba34b611569a451564d3a5400f9097ffe7a37e765be352be71ee24250d6828562c7e24cb763062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89a0000bde05c114e7a020fc1a5fd3eeeb822008b2d7d1cc062b51b0aca4956b557e51a1385cc572b0074b0950fb1437de2590bf99ec7ceb69e1fe2465fce099c992d57b804a22e148ae3411523814aee03ee2df877edfabf4aa94f07c6fdd127e57a8bf7975f2e606c25a299980a6e52fcf7849d45bb38573fbba8afef1aa7a24c805f7aee3e39a3000000000000000000000000000000000000878f88c4742ac490951c36c610a0d266588ec6a0bd300cf160b5a5d9e9fafa49ecc8430832d795e727b7fc2b76e7fc4141fdbb82f45d3cdd3fb8d4b443ab4954fdf5c1b9a6ab3e457f098329307ccb0a1989b6c37509692e952e7244f48bc12569ff8eb30d0f887b85b5ef44fb9a7571319190be0c226ed72f346cc4aa071ae0c72fa8bd00d5590c4f4ba65d0c8e1f4870fe3c414681e41b40163eb1aa2a7429a2208cd6e69c7d959e87da3fd0101159a03ab7fe78881ee7a1ee7a2edff75fb18a181e0c54352be2b7a5b5273198291c28d9141deeb3cdba5d414ae4b0000000000000000000000000009eacd83458d8a606be71970497a4fd4ca3b48ca482ab3804e2fac216b3ba613608b1a465456a33fd08491d337d7344c01cfc9e73"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040), 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r1, 0xc0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe3b, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe91, 0x0, 0x0, 0x0, 0x0}}, 0x10)
syz_open_dev$cec(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0xffffffffffffffff, 0x2, &(0x7f00000002c0)={0xffffffff, 0xbe66}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0)
ioctl$RTC_AIE_ON(r5, 0x7001)
syz_open_procfs$userns(r2, &(0x7f0000000300))
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e20, 0x380000, @loopback}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f00000039c0)=[{{0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1000000084008dbc334de7f973645a3c8d9e7f035a00000000"], 0x10}}], 0x1, 0x400c0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)
utimensat(r5, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={{0x0, 0xea60}}, 0x100)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080)
r7 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r7, 0x5)

3.167184934s ago: executing program 2 (id=3712):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000", @ANYRESHEX=r0, @ANYRES16=r0, @ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = socket(0x15, 0x5, 0x0)
getsockopt(r2, 0x200000000114, 0x2711, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wg0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)=@getchain={0x2c, 0x66, 0x10, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0xf, 0xffff}, {0xa, 0xfff2}, {0xd, 0x10}}, [{0x8, 0xb, 0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20000000)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000080)={0x0, 0x0, 0x6, &(0x7f0000000000)={0x0, "e922fe53e14fcad1ebe6ff00000000000000080000000000000000000021b49d61"}})
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x12}})
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
lsetxattr$security_capability(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000100), &(0x7f0000000880)=@v3={0x3000000, [{0x20102, 0x7}, {0x7, 0x9}], 0xee01}, 0x18, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
lsetxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, 0x0, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x20, 0x3, 0x204, 0x0, 0x8, 0xfa04, 0x94, 0x6c02, 0x170, 0x194, 0x194, 0x170, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'dvmrp0\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6, 0x3, 0x63}, 0x0, 0x70, 0x94, 0x0, {0x0, 0x74020000}}, @common=@inet=@SYNPROXY={0x24, 'SYNPROXY\x00', 0x0, {0x14, 0x9, 0xa}}}, {{@ip={@multicast2, @dev={0xac, 0x14, 0x14, 0x44}, 0x0, 0x0, '\x00', 'tunl0\x00', {}, {}, 0x16}, 0x0, 0x70, 0xdc}, @common=@unspec=@NFLOG={0x6c, 'NFLOG\x00', 0x0, {0x1, 0xf, 0x4, 0x1, 0x0, "62d9bd470fbc11c4108528305cd63bec75d1e5cbe0df69039e4c85908b892eac3131278481a2c3e3e32542d9695f7f9ab790448585d92c2fd25945423f8a6b6c"}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x260)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1700000001000000ae0500000c00000050400100", @ANYRES32, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="01000000040000000200"/24, @ANYRES32, @ANYRESDEC=r2], 0xfffffffffffffdf0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r6 = socket(0x11, 0x800000003, 0x0)
getsockopt$packet_int(r6, 0x107, 0x12, 0x0, &(0x7f0000001cc0))
open_by_handle_at(0xffffffffffffff9c, 0x0, 0x8e79f0352167ea94)
write$binfmt_aout(r5, &(0x7f0000000940)=ANY=[], 0xff2e)
ioctl$TCXONC(r5, 0x540a, 0x0)
ioctl$TCXONC(r5, 0x540a, 0x1)

2.900674401s ago: executing program 3 (id=3714):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r2, 0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000004c0)={r2, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r4, r3, 0x0, 0x0, 0x0, 0x4, {0x4, 0x1, 0x3, 0x69, 0x200, 0x0, 0x2, 0x5, 0x4cab, 0x7, 0x0, 0x0, 0x1000000, 0x0, "fe1d0e1cff001704000000341300"}})

2.899714279s ago: executing program 3 (id=3715):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000800)={0x0, {0x1, 0x0, 0x4, 0x3, 0x3, 0x80000001}})
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000001c0)={{}, 'syz1\x00'})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000900)={'syz1\x00', {0x8000}, 0x37b4, [0xfeff, 0x4, 0x0, 0x0, 0x1, 0x420000, 0x0, 0x10000, 0x0, 0x0, 0x0, 0xfffffffd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x3, 0x0, 0x20, 0x3, 0x200, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20007], [0x0, 0x0, 0x7, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffc, 0x1, 0x0, 0x0, 0xfffffffc, 0x0, 0x1, 0x1, 0x0, 0x0, 0x20000000, 0x40000000, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x8, 0x0, 0xfffffffc, 0x9, 0x8c, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x8000, 0x0, 0x0, 0xfffffffc], [0x0, 0x4, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0xb78, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x3, 0x8000000, 0x520, 0xffffffff, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0xfffffffc, 0xaf, 0x10001, 0x9, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000005, 0x0, 0x5, 0x2], [0x0, 0xfff, 0x0, 0x4, 0x0, 0x0, 0xe17, 0xe, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000001, 0x1, 0x7fff, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffd, 0x0, 0x1, 0x0, 0x3, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x100, 0x0, 0x3, 0x3, 0xfffffffd, 0x53591b27, 0x0, 0x0, 0x0, 0x0, 0x1000008, 0x7, 0x0, 0x0, 0x10000, 0x80000000, 0x1000000]}, 0x45c)

2.793207413s ago: executing program 3 (id=3716):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYRESOCT, @ANYRES64, @ANYRES16, @ANYRESDEC=r0, @ANYRESOCT], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x151f3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x2, &(0x7f0000000100)=[{0x81, 0x6, 0x1, 0xe7}, {0x2, 0xcc, 0x5, 0xd}]})
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706b86e652043617074557265272030303030303034303030"], 0xb8)
dup3(0xffffffffffffffff, r4, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'wlan0\x00'}]}]}]}], {0x14}}, 0x80}}, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r6 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r6, &(0x7f0000000140)='asymmetric\x00', &(0x7f0000000000)=@secondary)
keyctl$get_persistent(0x16, 0x0, r6)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080001040000000000001a0000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf09000000000000350901000000000095000000000700004d9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0xc5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close(0xffffffffffffffff)

2.415196039s ago: executing program 1 (id=3721):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x6, 0x8, 0x8, 0x40, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x97ff, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

2.292831402s ago: executing program 1 (id=3722):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014001100b7030000000000698500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000640)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffa}, [@call={0x85, 0x0, 0x0, 0x2c}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x10000000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

2.25748842s ago: executing program 2 (id=3723):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x800000000, 0xf, &(0x7f0000006680))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket(0x1e, 0x1, 0x0)
connect$tipc(r1, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendto$inet6(r1, 0x0, 0x0, 0x4001, 0x0, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd0900300003003000000060ce902d9f0c2f0081e949b93897bc3b0000000000007d01ff020000000000000000000000000001120022eb"], 0xfdef)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000000000000000000000000401f6d2827717000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000000000000850000008600000018010000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000040000000400000003"], 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
eventfd(0x0)

2.249109674s ago: executing program 1 (id=3724):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=ANY=[@ANYBLOB="180200000000000000000000cfffffff850000001700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'veth0_to_bond\x00', <r4=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r2, r4, 0x25, 0x0, @val=@tracing={0x0, 0x20000000}}, 0x20)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c00000010000304000000fdffffffffffffff00", @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r1], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000)

2.123127446s ago: executing program 1 (id=3725):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x11, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x40000, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x0, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xfffffffffffffeee}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0xe0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f00000003c0)={0x1f, 0x2, 0x3}, 0x6)
tkill(0x0, 0xb)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000003880)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ssse3\x00'}, 0x58)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
r6 = socket$kcm(0xa, 0x3, 0x3a)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$FS_IOC_SETFLAGS(r2, 0x40046602, &(0x7f0000000300)=0x80)
sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)
socket(0xa, 0x3, 0x3a)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x100)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000630110000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1.925238802s ago: executing program 3 (id=3726):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000040000000160a01010000fffffff40000010000000900010073797a30000000000900020073797a300000000014000380080002400000000008000140000000002c000000180a05000000000000000000010000000900010073797a30000000000c000540000000000000000114000000020a01"], 0xc8}}, 0x4000450)

1.882534459s ago: executing program 3 (id=3727):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0xffffffffffffff7c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000340)=0x4000000)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000007c0)={0x3, 0x0, [{0x3000, 0xe1, &(0x7f0000000580)=""/225}, {0xd000, 0x0, 0x0}, {0x1, 0x8a, &(0x7f0000000700)=""/138}]})
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x501483, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="74010000", @ANYRES16=r5, @ANYBLOB="11060000000000000000070000000800050001000000200108803c0000801400040002000000ac1e00010000000000000000240001000000000000000000000000000000000000000000000000000000000000000000e0000080a400098028000080060001000a0000001400020020010000000000000000000000000001050003000100000028000080060001000a00000014000200ff010000000000000000000000000001050003000100000028000080060001000a00000014000200ff010000000000000000000000000001050003000300000028020080060001000a00000014000200ff0100000000000000000000000000010500030000000000240001000000000000000000000000000000000000000000000000000000000000000000140004000200000000000000000000000000000024000300000000000000000000000000000000000000000000000000000000000000000014000200776731"], 0x174}}, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x205000, 0x0)
fchown(r6, 0x0, 0xee01)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = fcntl$dupfd(0xffffffffffffffff, 0x0, r7)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x400455c8, 0xb)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000000)=0x5)
openat$dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x8)

1.842013026s ago: executing program 2 (id=3728):
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
r3 = syz_io_uring_setup(0x57a0, &(0x7f0000000080)={0x0, 0xd498, 0x40, 0x1, 0x348}, 0x0, &(0x7f0000000140))
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x800, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x3, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000380)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x4, 0x8, 0x77}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), r0)
setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000240)='pmap_register\x00', r8, 0x0, 0xf69}, 0x18)
sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400448c0}, 0xf4)

1.162315818s ago: executing program 1 (id=3729):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f00000000c0)=0x9, 0x4)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="a8050000", @ANYRES16=r2, @ANYBLOB="08002cbd7000fcdbdf25890000000c009900090000000e00000088051d802c00008005000a000000000005000b000000000006000500ee00000005000a000100000005000a0001000000100000800c00030003000000000000004000008005000a00010000000c00030000040000000000000c00020000000000000000000c000200539b000000000000050006000100000005000900010000003c0000800c00020009000000000000000c000300080000000000000005000900010000000500090001000000050006000000000005000600010000003000008005000c00010000000c0002000200000000000000060005009700000005000a002000000005000900000000002800008005000a000000000005000b000000000006000500fa0000000c00030000020000000000008c010080050009000100000080010d80dc0001800f000100021605180b30120b22360b0038000200241a0a4a7f090e0430481c2a38193d4b2136194e03181e4f49483f352b1629f93022104f1e1b0b1121100f3552294d032f234d1b050004000100000014000500000004000800060002009a00ff07030005000600d7d8ca251400050005000e0005000700040009008000c73f05000700000000004e000200512a0f510a213b033a112a243d370630334f3a1f5018114135401144401b0835354708402d0544304009105143442f3040471c012c4918142720400a1a1408365457001243461f351653000074000280050007000100000005000600020000003f000200152d0b490021394d352e2e303021374a0c380f484938230150543f0d56232e21282a481f3d473a30062e20092d3810425701471f0715513232262d000f0001000c0205240312131b066c0100050006000100000005000700020000002000028014000300050005000900f80106009a000100030005000700000000000c00028005000700010000004400008005000800eb00000005000700aa0000000400040005000b0000000000050006000000000005000b00010000000c00030001000000010000000500080094000000a4020080050009000000000088020d806400028005000400020000000b000100010c3003021b60000500040002000000140003000900a6000600010022b8ed81fa000000070001000603360005000400010000001400030005000000ff0103000500000021cc00020b000100015f04050b1b0c004c0000801400030007000f0004000b2f01000e007f000000290002002f1a1e1a1e011e191e3101314d0b384823093132404e2a4e2c4e4e4c320137452c10040f33000000050004000200000068000180050006000000000005000600020000001400050006000100020000800500ffff640800003e00020047474656071d52353f0b16420b2b1510403d45390815333d21290038184c184d192a44041c44544123083b0001024431423404210a502601413a0000200003801c0002003e16024918290f4f1a2026092d273f4d382e101b2b0956336400008005000600020000004d0002000c39561d133939311213361555181b4540001e380511213a271c1a452e1f1e160e313708084311043a4d2624200d501d26454b3a04183d042437492540193122370412091809414c0a000000050006000200000028000080140005000800bf4d090003007d7101fe4000070005000400020000000500040000000000a0000100000001000416061b030918480c040b12181b300c000560241604120948040000140001000118126c6c181b246c021b126c60030c14000300c900200008009008a200001040b60002140003008100c0fa050019020400ef0067ac0f0014000300090002000500079800800300070003002b0002003f55332d2c1a104d113e414b1611362429234147394f08244d0b311a081e482017434b2c28110b0020000080050006000000000014000300030055009e0000f8ff01ff7f1ef4090005000900000000000500090001000000"], 0x5a8}, 0x1, 0x0, 0x0, 0x40}, 0x80c0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0xc}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x5c}}, 0x200000d4)
bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x397, @empty}, 0x1c)
syz_open_dev$amidi(&(0x7f0000000040), 0xce2, 0x40041)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
fdatasync(r4)

950.116162ms ago: executing program 3 (id=3730):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
fsmount(0xffffffffffffffff, 0x1, 0x84)
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f00000002c0)={&(0x7f0000000700)})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2981)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r3, 0x8b21, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600, 0x0, 0x2000]}}], 0x261c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket(0x10, 0x803, 0x0)

896.986672ms ago: executing program 2 (id=3731):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0xb}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60000000, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)

812.87778ms ago: executing program 2 (id=3732):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = dup(0xffffffffffffffff)
write$6lowpan_enable(r0, 0x0, 0x0)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@none}]})
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, 0x0)
r2 = syz_io_uring_setup(0x5e2, &(0x7f00000003c0), &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000180))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'macvlan0\x00'})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x1d, &(0x7f0000000040)={&(0x7f0000002340)=ANY=[@ANYBLOB="4800000010000104feffffff0000000000000000", @ANYRES32=r3, @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x200440c0}, 0x8000)
socket$inet_sctp(0x2, 0x5, 0x84)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0601, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000003c0)=0x14)
r7 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
r8 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r7)
pipe2$watch_queue(&(0x7f00000003c0)={<r9=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r7, r9, 0x1e)
r10 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000280)={'fscrypt:', @auto=[0x66, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x35, 0x0, 0xd, 0x65]}, &(0x7f0000000180)={0x0, "de8d0d27ca969fa15f8b3b7bae39c1b3327d4332f8c149d2d65a347d67f6db7eb90dfdad3cdebaaf421412f812305c9da91699b5a02c1295596f0fd9ec78f2fd", 0x2d}, 0x48, r7)
r11 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11], &(0x7f0000000200)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r13 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_inet6_SIOCDIFADDR(r13, 0x8936, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000440)='kmem_cache_free\x00', r12}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0xc, &(0x7f0000000480)=[{0x200000000006, 0x1, 0x0, 0x7ffc5ffb}, {0x40a, 0x1, 0x40, 0x7}, {0x800, 0x40, 0x9, 0xb}, {0x8001, 0x8, 0x9, 0x1}, {0x8, 0xd2, 0x5, 0x9}, {0xffff, 0xb, 0x7}, {0x5, 0x27, 0x2, 0x7}, {0x8, 0x8, 0x7, 0xc}, {0x8, 0x96, 0x2, 0x3}, {0x0, 0xca, 0x1, 0xad9}, {0x186e, 0xfe, 0x7, 0x9}, {0x8, 0x9, 0x3, 0x7}]})
keyctl$KEYCTL_MOVE(0x1e, r10, r7, r8, 0x0)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x2})
syz_io_uring_submit(r3, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4})
io_uring_enter(r0, 0x162a, 0x6e29, 0x59, 0x0, 0x0)

178.28752ms ago: executing program 2 (id=3733):
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
r3 = syz_io_uring_setup(0x57a0, &(0x7f0000000080)={0x0, 0xd498, 0x40, 0x1, 0x348}, 0x0, &(0x7f0000000140))
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x800, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x3, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000380)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x4, 0x8, 0x77}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), r0)
setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000240)='pmap_register\x00', r8, 0x0, 0xf69}, 0x18)
sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400448c0}, 0xf4)

0s ago: executing program 1 (id=3734):
mkdir(&(0x7f0000000140)='./file0\x00', 0x88a083111cb19e52) (async)
syz_emit_ethernet(0x2a, &(0x7f0000000040)={@random="8580f83288e1", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x1, 0x5, 0x1c, 0x67, 0x0, 0x2, 0x2, 0x0, @private=0xa010102, @broadcast}, {0x11, 0x81, 0x0, @remote}}}}}, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x12, 0x3, 0x0, 0x300)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0900000007000000000001"], 0x50)
r2 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x862b01) (async)
r3 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0)
ioctl$int_in(r3, 0x5452, &(0x7f0000000180)=0x800) (async)
write$char_usb(r2, &(0x7f0000000040)="e2", 0x2250)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_LABELS={0x8, 0x16, 0x1, 0x0, [0x4]}]}, 0x6c}}, 0x0) (async)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x700, 0x0) (async)
r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x4842, 0x0)
writev(r4, &(0x7f0000000a40)=[{0x0}, {&(0x7f0000000e00)='t', 0x2fd200}, {0x0}, {&(0x7f0000001000)="d6", 0x20c00}], 0x21)

kernel console output (not intermixed with test programs):

_read+0x1e1/0xc60
[  455.504744][T15538]  ? fdget_pos+0x2a2/0x370
[  455.504771][T15538]  ? __pfx_vfs_read+0x10/0x10
[  455.504792][T15538]  ? find_held_lock+0x2b/0x80
[  455.504818][T15538]  ? __fget_files+0x20e/0x3c0
[  455.504849][T15538]  ksys_read+0x12a/0x250
[  455.504872][T15538]  ? __pfx_ksys_read+0x10/0x10
[  455.504904][T15538]  ? rcu_is_watching+0x12/0xc0
[  455.504926][T15538]  __do_fast_syscall_32+0x7c/0x3a0
[  455.504945][T15538]  do_fast_syscall_32+0x32/0x80
[  455.504961][T15538]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  455.504983][T15538] RIP: 0023:0xf706e579
[  455.504998][T15538] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  455.505013][T15538] RSP: 002b:00000000f505e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  455.505030][T15538] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f505e620
[  455.505041][T15538] RDX: 000000000000000f RSI: 00000000f73d2ff4 RDI: 0000000000000000
[  455.505052][T15538] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  455.505062][T15538] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  455.505072][T15538] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  455.505097][T15538]  </TASK>
[  455.582462][    C0] vkms_vblank_simulate: vblank timer overrun
[  455.685263][T15545] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2853'.
[  455.764291][T15557] FAULT_INJECTION: forcing a failure.
[  455.764291][T15557] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  455.769368][T15557] CPU: 2 UID: 0 PID: 15557 Comm: syz.2.2858 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  455.769384][T15557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  455.769391][T15557] Call Trace:
[  455.769396][T15557]  <TASK>
[  455.769400][T15557]  dump_stack_lvl+0x16c/0x1f0
[  455.769427][T15557]  should_fail_ex+0x512/0x640
[  455.769457][T15557]  should_fail_alloc_page+0xe7/0x130
[  455.769479][T15557]  prepare_alloc_pages+0x3c2/0x610
[  455.769503][T15557]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  455.769524][T15557]  ? rcu_is_watching+0x12/0xc0
[  455.769536][T15557]  ? trace_mm_page_alloc+0x11f/0x1a0
[  455.769548][T15557]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[  455.769569][T15557]  ? stack_trace_save+0x8e/0xc0
[  455.769582][T15557]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  455.769603][T15557]  ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  455.769619][T15557]  ? __get_vm_area_node+0x1ca/0x330
[  455.769632][T15557]  ? __vmalloc_node_noprof+0xad/0xf0
[  455.769644][T15557]  ? bpf_check+0x1e4/0xb4f0
[  455.769661][T15557]  ? bpf_prog_load+0xe41/0x2490
[  455.769684][T15557]  ? __sys_bpf+0x433c/0x4d80
[  455.769709][T15557]  ? __ia32_sys_bpf+0x76/0xe0
[  455.769722][T15557]  ? __do_fast_syscall_32+0x7c/0x3a0
[  455.769737][T15557]  ? do_fast_syscall_32+0x32/0x80
[  455.769760][T15557]  alloc_pages_bulk_noprof+0x71c/0x1410
[  455.769776][T15557]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  455.769794][T15557]  ? policy_nodemask+0xea/0x4e0
[  455.769814][T15557]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  455.769831][T15557]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  455.769847][T15557]  kasan_populate_vmalloc+0xf1/0x1f0
[  455.769870][T15557]  alloc_vmap_area+0x959/0x29c0
[  455.769898][T15557]  ? __pfx_alloc_vmap_area+0x10/0x10
[  455.769925][T15557]  __get_vm_area_node+0x1ca/0x330
[  455.769950][T15557]  __vmalloc_node_range_noprof+0x271/0x14b0
[  455.769970][T15557]  ? bpf_check+0x1e4/0xb4f0
[  455.769995][T15557]  ? rcu_read_unlock+0x17/0x60
[  455.770012][T15557]  ? bpf_check+0x1e4/0xb4f0
[  455.770036][T15557]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  455.770057][T15557]  ? rcu_is_watching+0x12/0xc0
[  455.770074][T15557]  ? rcu_is_watching+0x12/0xc0
[  455.770088][T15557]  ? bpf_check+0x1e4/0xb4f0
[  455.770100][T15557]  __vmalloc_node_noprof+0xad/0xf0
[  455.770113][T15557]  ? bpf_check+0x1e4/0xb4f0
[  455.770127][T15557]  bpf_check+0x1e4/0xb4f0
[  455.770140][T15557]  ? __mutex_trylock_common+0xe9/0x250
[  455.770158][T15557]  ? __mutex_trylock_common+0xe9/0x250
[  455.770178][T15557]  ? __pfx_bpf_check+0x10/0x10
[  455.770194][T15557]  ? css_rstat_updated+0x9d/0xd30
[  455.770207][T15557]  ? __lock_acquire+0xb8a/0x1c90
[  455.770228][T15557]  ? find_held_lock+0x2b/0x80
[  455.770240][T15557]  ? rcu_is_watching+0x12/0xc0
[  455.770250][T15557]  ? ktime_get_with_offset+0x26e/0x3b0
[  455.770264][T15557]  ? __asan_memset+0x23/0x50
[  455.770278][T15557]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  455.770295][T15557]  bpf_prog_load+0xe41/0x2490
[  455.770315][T15557]  ? __pfx_bpf_prog_load+0x10/0x10
[  455.770344][T15557]  __sys_bpf+0x433c/0x4d80
[  455.770386][T15557]  ? __pfx___sys_bpf+0x10/0x10
[  455.770404][T15557]  ? ksys_write+0x190/0x250
[  455.770421][T15557]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  455.770448][T15557]  ? fput+0x70/0xf0
[  455.770458][T15557]  ? ksys_write+0x1ac/0x250
[  455.770472][T15557]  ? __pfx_ksys_write+0x10/0x10
[  455.770490][T15557]  __ia32_sys_bpf+0x76/0xe0
[  455.770501][T15557]  __do_fast_syscall_32+0x7c/0x3a0
[  455.770512][T15557]  do_fast_syscall_32+0x32/0x80
[  455.770522][T15557]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  455.770537][T15557] RIP: 0023:0xf706e579
[  455.770546][T15557] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  455.770557][T15557] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  455.770571][T15557] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000840
[  455.770578][T15557] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  455.770584][T15557] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  455.770602][T15557] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  455.770609][T15557] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  455.770623][T15557]  </TASK>
[  455.770688][T15557] syz.2.2858: vmalloc error: size 2240, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  455.942093][T15557] CPU: 2 UID: 0 PID: 15557 Comm: syz.2.2858 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  455.942110][T15557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  455.942117][T15557] Call Trace:
[  455.942121][T15557]  <TASK>
[  455.942126][T15557]  dump_stack_lvl+0x16c/0x1f0
[  455.942146][T15557]  warn_alloc+0x248/0x3a0
[  455.942175][T15557]  ? __pfx_warn_alloc+0x10/0x10
[  455.942194][T15557]  ? kfree+0x2b4/0x4d0
[  455.942210][T15557]  ? __get_vm_area_node+0x208/0x330
[  455.942227][T15557]  __vmalloc_node_range_noprof+0xb2d/0x14b0
[  455.942243][T15557]  ? rcu_read_unlock+0x17/0x60
[  455.942255][T15557]  ? bpf_check+0x1e4/0xb4f0
[  455.942272][T15557]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  455.942287][T15557]  ? rcu_is_watching+0x12/0xc0
[  455.942299][T15557]  ? rcu_is_watching+0x12/0xc0
[  455.942311][T15557]  ? bpf_check+0x1e4/0xb4f0
[  455.942323][T15557]  __vmalloc_node_noprof+0xad/0xf0
[  455.942336][T15557]  ? bpf_check+0x1e4/0xb4f0
[  455.942353][T15557]  bpf_check+0x1e4/0xb4f0
[  455.942388][T15557]  ? __mutex_trylock_common+0xe9/0x250
[  455.942407][T15557]  ? __mutex_trylock_common+0xe9/0x250
[  455.942427][T15557]  ? __pfx_bpf_check+0x10/0x10
[  455.942443][T15557]  ? css_rstat_updated+0x9d/0xd30
[  455.942456][T15557]  ? __lock_acquire+0xb8a/0x1c90
[  455.942477][T15557]  ? find_held_lock+0x2b/0x80
[  455.942489][T15557]  ? rcu_is_watching+0x12/0xc0
[  455.942502][T15557]  ? ktime_get_with_offset+0x26e/0x3b0
[  455.942516][T15557]  ? __asan_memset+0x23/0x50
[  455.942535][T15557]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  455.942553][T15557]  bpf_prog_load+0xe41/0x2490
[  455.942572][T15557]  ? __pfx_bpf_prog_load+0x10/0x10
[  455.942602][T15557]  __sys_bpf+0x433c/0x4d80
[  455.942620][T15557]  ? __pfx___sys_bpf+0x10/0x10
[  455.942637][T15557]  ? ksys_write+0x190/0x250
[  455.942656][T15557]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  455.942682][T15557]  ? fput+0x70/0xf0
[  455.942692][T15557]  ? ksys_write+0x1ac/0x250
[  455.942706][T15557]  ? __pfx_ksys_write+0x10/0x10
[  455.942724][T15557]  __ia32_sys_bpf+0x76/0xe0
[  455.942735][T15557]  __do_fast_syscall_32+0x7c/0x3a0
[  455.942747][T15557]  do_fast_syscall_32+0x32/0x80
[  455.942757][T15557]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  455.942770][T15557] RIP: 0023:0xf706e579
[  455.942779][T15557] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  455.942789][T15557] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  455.942800][T15557] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000840
[  455.942806][T15557] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  455.942812][T15557] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  455.942818][T15557] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  455.942824][T15557] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  455.942837][T15557]  </TASK>
[  455.942853][T15557] Mem-Info:
[  456.038700][T15557] active_anon:4840 inactive_anon:4386 isolated_anon:0
[  456.038700][T15557]  active_file:2856 inactive_file:19083 isolated_file:0
[  456.038700][T15557]  unevictable:1768 dirty:563 writeback:0
[  456.038700][T15557]  slab_reclaimable:6036 slab_unreclaimable:60549
[  456.038700][T15557]  mapped:27995 shmem:5102 pagetables:1397
[  456.038700][T15557]  sec_pagetables:323 bounce:0
[  456.038700][T15557]  kernel_misc_reclaimable:0
[  456.038700][T15557]  free:59250 free_pcp:9555 free_cma:0
[  456.052637][T15557] Node 0 active_anon:2020kB inactive_anon:168kB active_file:0kB inactive_file:12kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:11856kB dirty:8kB writeback:0kB shmem:7300kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:8364kB pagetables:2216kB sec_pagetables:1140kB all_unreclaimable? no Balloon:0kB
[  456.066096][T15557] Node 1 active_anon:17340kB inactive_anon:17376kB active_file:11424kB inactive_file:76320kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:100124kB dirty:2244kB writeback:0kB shmem:13108kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5164kB pagetables:3372kB sec_pagetables:152kB all_unreclaimable? no Balloon:0kB
[  456.080677][T15557] Node 0 DMA free:2816kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:12kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:196kB local_pcp:8kB free_cma:0kB
[  456.094309][T15557] lowmem_reserve[]: 0 289 289 289 289
[  456.096571][T15557] Node 0 DMA32 free:18332kB boost:0kB min:13216kB low:16520kB high:19824kB reserved_highatomic:2048KB free_highatomic:644KB active_anon:2012kB inactive_anon:156kB active_file:0kB inactive_file:12kB unevictable:3536kB writepending:8kB present:1032196kB managed:296392kB mlocked:0kB bounce:0kB free_pcp:9972kB local_pcp:1976kB free_cma:0kB
[  456.109688][T15557] lowmem_reserve[]: 0 0 0 0 0
[  456.112509][T15557] Node 1 DMA32 free:215840kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:2048KB free_highatomic:1816KB active_anon:17280kB inactive_anon:17376kB active_file:11424kB inactive_file:76320kB unevictable:3536kB writepending:2332kB present:1048432kB managed:948268kB mlocked:0kB bounce:0kB free_pcp:28308kB local_pcp:2904kB free_cma:0kB
[  456.125642][T15557] lowmem_reserve[]: 0 0 0 0 0
[  456.127562][T15557] Node 0 DMA: 28*4kB (U) 18*8kB (U) 26*16kB (U) 21*32kB (U) 3*64kB (U) 2*128kB (U) 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 2816kB
[  456.133702][T15557] Node 0 DMA32: 8*4kB (EH) 61*8kB (UMEH) 37*16kB (UEH) 145*32kB (UMEH) 54*64kB (UMEH) 23*128kB (UME) 8*256kB (UM) 4*512kB (UM) 2*1024kB (U) 0*2048kB 0*4096kB = 18296kB
[  456.141514][T15557] Node 1 DMA32: 715*4kB (ME) 790*8kB (UMEH) 882*16kB (UMEH) 465*32kB (UMEH) 305*64kB (UMEH) 79*128kB (UMEH) 56*256kB (MEH) 29*512kB (MEH) 32*1024kB (UM) 26*2048kB (UM) 8*4096kB (M) = 215772kB
[  456.149536][T15557] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  456.155217][T15557] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  456.158830][T15566] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2862'.
[  456.158909][T15557] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  456.166630][T15557] Node 1 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  456.170372][T15557] 27917 total pagecache pages
[  456.172545][T15557] 880 pages in swap cache
[  456.174387][T15557] Free swap  = 118236kB
[  456.176129][T15557] Total swap = 124996kB
[  456.177875][T15557] 524155 pages RAM
[  456.179467][T15557] 0 pages HighMem/MovableOnly
[  456.181416][T15557] 209150 pages reserved
[  456.183820][T15557] 0 pages cma reserved
[  456.228468][T15569] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2862'.
[  456.244196][T15569] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2862'.
[  456.250472][T15569] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2862'.
[  456.286397][T15573] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2865'.
[  456.307862][T15573] 8021q: adding VLAN 0 to HW filter on device bond3
[  456.325916][T15573] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  456.390631][T15577] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2866'.
[  456.465610][T15579] lo speed is unknown, defaulting to 1000
[  456.482787][T15580] loop6: detected capacity change from 0 to 524287999
[  457.016157][ T6009] usb 6-1: USB disconnect, device number 23
[  457.091423][T15586] syzkaller0: entered promiscuous mode
[  457.093192][T15586] syzkaller0: entered allmulticast mode
[  458.606113][T15595] lo speed is unknown, defaulting to 1000
[  458.998761][T15612] program syz.1.2875 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  459.072434][ T1108] ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
[  459.075005][ T1108] ata1.00: irq_stat 0x40000000
[  459.076696][ T1108] ata1.00: failed command: ZAC MANAGEMENT OUT
[  459.078733][ T1108] ata1.00: cmd 9f/02:00:00:00:00/00:00:00:00:00/40 tag 20
[  459.078733][ T1108]          res 41/04:00:00:00:00/00:00:00:00:00/40 Emask 0x1 (device error)
[  459.084932][ T1108] ata1.00: status: { DRDY ERR }
[  459.087177][ T1108] ata1.00: error: { ABRT }
[  459.089062][ T1108] ata1.00: device reported invalid CHS sector 0
[  459.604493][    C3] ata1: illegal qc_active transition (00000000->00200000)
[  459.637735][T15620] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  459.965179][ T1108] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[  459.975143][ T1108] ata1.00: configured for UDMA/100
[  460.547901][T15630] lo speed is unknown, defaulting to 1000
[  461.099541][   T40] kauditd_printk_skb: 1824 callbacks suppressed
[  461.099553][   T40] audit: type=1326 audit(2000000109.579:131482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15633 comm="syz.1.2882" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  461.114336][   T40] audit: type=1326 audit(2000000109.589:131483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15633 comm="syz.1.2882" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  461.127539][   T40] audit: type=1326 audit(2000000109.589:131484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15633 comm="syz.1.2882" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  461.137258][   T40] audit: type=1326 audit(2000000109.589:131485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15633 comm="syz.1.2882" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  461.146143][   T40] audit: type=1326 audit(2000000109.589:131486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15633 comm="syz.1.2882" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  461.153890][   T40] audit: type=1326 audit(2000000109.589:131487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15633 comm="syz.1.2882" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  461.160982][   T40] audit: type=1326 audit(2000000109.589:131488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15633 comm="syz.1.2882" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  461.169982][   T40] audit: type=1326 audit(2000000109.589:131489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15633 comm="syz.1.2882" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  461.179074][   T40] audit: type=1326 audit(2000000109.589:131490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15633 comm="syz.1.2882" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  461.187876][   T40] audit: type=1326 audit(2000000109.589:131491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15633 comm="syz.1.2882" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  461.979573][T15656] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2886'.
[  462.026669][T15657] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2888'.
[  462.407304][T15665] xt_ecn: cannot match TCP bits for non-tcp packets
[  464.072521][T15699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2904'.
[  464.076256][T15699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2904'.
[  464.079632][T15699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2904'.
[  464.084400][T15699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2904'.
[  464.256566][T15710] xt_ecn: cannot match TCP bits for non-tcp packets
[  465.199765][T15718] Set syz0 is full, maxelem 0 reached
[  465.209906][T15712] netlink: 'syz.1.2907': attribute type 23 has an invalid length.
[  465.297144][T15723] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2914'.
[  465.465937][T15729] lo speed is unknown, defaulting to 1000
[  465.740669][T15736] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  465.746868][T15736] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  465.753608][T15736] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  465.758924][T15736] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  465.762621][T15736] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  465.791449][T15735] lo speed is unknown, defaulting to 1000
[  465.971394][T15735] chnl_net:caif_netlink_parms(): no params data found
[  466.066897][T15735] bridge0: port 1(bridge_slave_0) entered blocking state
[  466.069944][T15735] bridge0: port 1(bridge_slave_0) entered disabled state
[  466.075457][T15735] bridge_slave_0: entered allmulticast mode
[  466.079411][T15735] bridge_slave_0: entered promiscuous mode
[  466.084174][T15735] bridge0: port 2(bridge_slave_1) entered blocking state
[  466.086772][T15735] bridge0: port 2(bridge_slave_1) entered disabled state
[  466.089364][T15735] bridge_slave_1: entered allmulticast mode
[  466.094012][T15735] bridge_slave_1: entered promiscuous mode
[  466.146584][T15735] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  466.153145][T15735] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  466.214295][T15735] team0: Port device team_slave_0 added
[  466.219729][T15735] team0: Port device team_slave_1 added
[  466.281995][T15735] batman_adv: batadv0: Adding interface: batadv_slave_0
[  466.284276][T15735] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  466.296447][T15735] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  466.302564][T15735] batman_adv: batadv0: Adding interface: batadv_slave_1
[  466.305335][T15735] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  466.322108][T15735] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  466.363565][T15735] hsr_slave_0: entered promiscuous mode
[  466.366057][T15735] hsr_slave_1: entered promiscuous mode
[  466.368207][T15735] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  466.370678][T15735] Cannot create hsr debugfs directory
[  466.489377][T15751] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  466.559406][T15735] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.645051][T15735] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.754893][T15735] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.856417][T15735] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.973191][T15735] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  466.979143][T15735] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  466.992756][T15735] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  466.999819][T15735] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  467.097025][T15735] 8021q: adding VLAN 0 to HW filter on device bond0
[  467.111794][T15735] 8021q: adding VLAN 0 to HW filter on device team0
[  467.120221][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state
[  467.123264][ T1178] bridge0: port 1(bridge_slave_0) entered forwarding state
[  467.137371][ T1178] bridge0: port 2(bridge_slave_1) entered blocking state
[  467.140382][ T1178] bridge0: port 2(bridge_slave_1) entered forwarding state
[  467.171237][T15735] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  467.175704][T15735] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  467.330969][T15735] 8021q: adding VLAN 0 to HW filter on device batadv0
[  467.355195][T15735] veth0_vlan: entered promiscuous mode
[  467.360254][T15735] veth1_vlan: entered promiscuous mode
[  467.398172][T15735] veth0_macvtap: entered promiscuous mode
[  467.404015][T15735] veth1_macvtap: entered promiscuous mode
[  467.418546][T15735] batman_adv: batadv0: Interface activated: batadv_slave_0
[  467.425212][T15735] batman_adv: batadv0: Interface activated: batadv_slave_1
[  467.430590][T15735] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  467.435676][T15735] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  467.438412][T15735] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  467.441086][T15735] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  467.555481][ T1178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  467.561507][ T1178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  467.573771][ T1178] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  467.576869][ T1178] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  467.657458][T15783] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2918'.
[  467.663807][T15783] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2918'.
[  467.772152][ T5951] Bluetooth: hci0: command tx timeout
[  468.064467][T15791] bridge0: port 2(bridge_slave_1) entered disabled state
[  469.693386][ T6009] IPVS: starting estimator thread 0...
[  469.782185][T15813] IPVS: using max 42 ests per chain, 100800 per kthread
[  469.852123][ T5951] Bluetooth: hci0: command tx timeout
[  470.221323][T15818] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2937'.
[  470.349018][   T40] kauditd_printk_skb: 5532 callbacks suppressed
[  470.349034][   T40] audit: type=1326 audit(2000000118.829:137024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15820 comm="syz.2.2938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7fc00000
[  470.370021][   T40] audit: type=1326 audit(2000000118.839:137025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15820 comm="syz.2.2938" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70fe579 code=0x7fc00000
[  470.378612][   T40] audit: type=1326 audit(2000000118.849:137026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15820 comm="syz.2.2938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7fc00000
[  470.673874][T15831] Bluetooth: MGMT ver 1.23
[  470.992924][ T6009] usb 7-1: new full-speed USB device number 14 using dummy_hcd
[  471.138460][T15847] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2946'.
[  471.144408][ T6009] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[  471.147081][ T6009] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  471.150343][ T6009] usb 7-1: too many endpoints for config 0 interface 0 altsetting 255: 255, using maximum allowed: 30
[  471.154166][T15847] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2946'.
[  471.159178][T15847] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2946'.
[  471.163995][ T6009] usb 7-1: config 0 interface 0 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  471.168500][ T6009] usb 7-1: config 0 interface 0 has no altsetting 0
[  471.172380][ T6009] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  471.185163][ T6009] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  471.189939][ T6009] usb 7-1: Product: syz
[  471.192051][ T6009] usb 7-1: Manufacturer: syz
[  471.193900][ T6009] usb 7-1: SerialNumber: syz
[  471.196758][ T6009] usb 7-1: config 0 descriptor??
[  471.203103][ T6009] ldusb 7-1:0.0: Interrupt in endpoint not found
[  471.490504][   T40] audit: type=1400 audit(2000000119.969:137027): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435
[  471.492013][T15854] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2947'.
[  471.711794][T15860] vlan2: entered promiscuous mode
[  471.714597][T15860] bridge0: entered promiscuous mode
[  471.716333][T15860] vlan2: entered allmulticast mode
[  471.717971][T15860] bridge0: entered allmulticast mode
[  471.932143][ T5951] Bluetooth: hci0: command tx timeout
[  471.959312][T15865] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2951'.
[  472.003397][T15865] 8021q: adding VLAN 0 to HW filter on device bond3
[  472.023697][T15865] bond2: (slave veth0_to_bond): Releasing backup interface
[  472.026727][T15870] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2952'.
[  472.035099][T15865] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  472.180475][T15879] xt_ecn: cannot match TCP bits for non-tcp packets
[  472.219357][T15881] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  472.222302][T15881] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  472.497197][   T40] audit: type=1326 audit(2000000120.979:137028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15885 comm="syz.1.2956" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  472.515697][   T40] audit: type=1326 audit(2000000120.979:137029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15885 comm="syz.1.2956" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  472.542049][   T40] audit: type=1326 audit(2000000120.979:137030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15885 comm="syz.1.2956" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  472.549235][   T40] audit: type=1326 audit(2000000120.979:137031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15885 comm="syz.1.2956" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  472.557719][   T40] audit: type=1326 audit(2000000120.979:137032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15885 comm="syz.1.2956" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  472.565061][   T40] audit: type=1326 audit(2000000120.989:137033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15885 comm="syz.1.2956" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  473.934545][   T53] usb 7-1: USB disconnect, device number 14
[  474.012652][ T5951] Bluetooth: hci0: command tx timeout
[  474.538704][ T6009] usb 6-1: new full-speed USB device number 24 using dummy_hcd
[  474.742019][ T6009] usb 6-1: config index 0 descriptor too short (expected 65535, got 27)
[  474.745311][ T6009] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  474.760459][ T6009] usb 6-1: config 0 has no interfaces?
[  474.822047][ T6009] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  474.833860][ T6009] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  474.849649][ T6009] usb 6-1: Product: syz
[  474.857461][ T6009] usb 6-1: Manufacturer: syz
[  474.868916][ T6009] usb 6-1: SerialNumber: syz
[  474.974301][ T6009] usb 6-1: config 0 descriptor??
[  475.461492][T15948] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2975'.
[  477.287515][   T53] usb 6-1: USB disconnect, device number 24
[  479.129152][T16032] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2999'.
[  479.232052][   T53] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  479.258377][T16036] netlink: 'syz.3.3001': attribute type 1 has an invalid length.
[  479.260950][T16036] netlink: 216 bytes leftover after parsing attributes in process `syz.3.3001'.
[  479.385461][   T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  479.389967][   T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  479.400662][   T53] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  479.410311][   T53] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  479.417043][   T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  479.422413][   T53] usb 7-1: config 0 descriptor??
[  479.831721][   T53] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  479.843797][   T53] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  480.051792][T16053] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  480.092277][T15736] Bluetooth: hci0: command 0x0405 tx timeout
[  480.442497][T16072] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3011'.
[  480.552320][   T40] kauditd_printk_skb: 665 callbacks suppressed
[  480.552366][   T40] audit: type=1400 audit(2000000128.919:137699): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435
[  481.035049][    C2] plantronics 0003:047F:FFFF.0006: usb_submit_urb(ctrl) failed: -1
[  481.071479][   T24] usb 7-1: USB disconnect, device number 15
[  481.080728][T16080] input: syz1 as /devices/virtual/input/input31
[  481.220148][T16086] cgroup: Need name or subsystem set
[  481.231572][T16086] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3017'.
[  481.403961][T16096] cgroup: Need name or subsystem set
[  481.818228][T16096] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3019'.
[  483.157935][T16142] overlay: ./file0 is not a directory
[  483.220966][T16144] tipc: Started in network mode
[  483.223406][T16144] tipc: Node identity ac1414aa, cluster identity 4711
[  483.229993][T16144] tipc: Enabled bearer <udp:syz2>, priority 10
[  483.474672][T16149] netlink: 13 bytes leftover after parsing attributes in process `syz.4.3035'.
[  483.537347][   T40] audit: type=1400 audit(2000000132.019:137700): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435
[  483.537538][T16153] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3034'.
[  483.728659][   T40] audit: type=1326 audit(2000000132.209:137701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16161 comm="syz.1.3039" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff5579 code=0x0
[  484.343636][ T6026] tipc: Node number set to 2886997162
[  484.863793][T16180] cgroup: Need name or subsystem set
[  484.870549][T16180] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3045'.
[  484.945395][T16188] 9pnet_virtio: no channels available for device /dev/md0
[  485.412385][T16209] syzkaller0: entered promiscuous mode
[  485.414179][T16209] syzkaller0: entered allmulticast mode
[  485.982628][   T40] audit: type=1326 audit(2000000134.459:137702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16221 comm="syz.1.3054" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  485.991730][   T40] audit: type=1326 audit(2000000134.459:137703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16221 comm="syz.1.3054" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  485.999523][   T40] audit: type=1326 audit(2000000134.459:137704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16221 comm="syz.1.3054" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  486.008214][   T40] audit: type=1326 audit(2000000134.469:137705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16221 comm="syz.1.3054" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  486.015665][   T40] audit: type=1326 audit(2000000134.469:137706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16221 comm="syz.1.3054" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  486.023657][   T40] audit: type=1326 audit(2000000134.469:137707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16221 comm="syz.1.3054" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  486.031369][   T40] audit: type=1326 audit(2000000134.469:137708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16221 comm="syz.1.3054" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  486.040514][   T40] audit: type=1326 audit(2000000134.469:137709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16221 comm="syz.1.3054" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  486.049273][   T40] audit: type=1326 audit(2000000134.469:137710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16221 comm="syz.1.3054" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff5598 code=0x7ffc0000
[  486.058024][   T40] audit: type=1326 audit(2000000134.469:137711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16221 comm="syz.1.3054" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff5579 code=0x7ffc0000
[  486.642251][ T1334] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  486.793901][ T1334] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  486.798439][ T1334] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  486.802591][ T1334] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  486.807748][ T1334] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  486.811428][ T1334] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  486.816721][ T1334] usb 6-1: config 0 descriptor??
[  487.240145][ T1334] plantronics 0003:047F:FFFF.0007: reserved main item tag 0xd
[  487.252543][ T1334] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  487.264042][ T1334] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  487.445255][ T1149] Bluetooth: hci4: Frame reassembly failed (-84)
[  488.393077][T16254] netlink: 'syz.2.3064': attribute type 3 has an invalid length.
[  488.453324][T16264] bridge: RTM_NEWNEIGH with unconfigured vlan 2 on bridge0
[  488.773683][T16275] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3072'.
[  489.462127][T15736] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  489.463304][ T5951] Bluetooth: hci4: command 0x1003 tx timeout
[  489.487149][ T1019] usb 6-1: USB disconnect, device number 25
[  489.663862][T16286] binder: 16277:16286 ioctl c018620c 80000380 returned -22
[  490.623465][T16297] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3077'.
[  490.641348][T16297] 8021q: adding VLAN 0 to HW filter on device bond2
[  490.709630][T16297] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  491.507274][T16317] vlan2: entered promiscuous mode
[  491.509572][T16317] bridge0: entered promiscuous mode
[  491.512293][T16317] vlan2: entered allmulticast mode
[  491.514614][T16317] bridge0: entered allmulticast mode
[  492.145148][T16331] usb usb8: usbfs: process 16331 (syz.4.3084) did not claim interface 0 before use
[  492.182211][T16331] netlink: 'syz.4.3084': attribute type 1 has an invalid length.
[  493.323988][T16361] input: syz1 as /devices/virtual/input/input33
[  493.404798][T16372] vivid-000: =================  START STATUS  =================
[  493.409684][T16372] vivid-000: Test Pattern: 75% Colorbar
[  493.415273][T16372] vivid-000: Fill Percentage of Frame: 100
[  493.417813][T16372] vivid-000: Horizontal Movement: No Movement
[  493.420387][T16372] vivid-000: Vertical Movement: No Movement
[  493.422785][T16372] vivid-000: OSD Text Mode: All
[  493.424855][T16372] vivid-000: Show Border: false
[  493.426633][T16372] vivid-000: Show Square: false
[  493.428176][T16372] vivid-000: Sensor Flipped Horizontally: false
[  493.430392][T16372] vivid-000: Sensor Flipped Vertically: false
[  493.432777][T16372] vivid-000: Insert SAV Code in Image: false
[  493.436705][T16372] vivid-000: Insert EAV Code in Image: false
[  493.438938][T16372] vivid-000: Insert Video Guard Band: false
[  493.441033][T16372] vivid-000: Reduced Framerate: false
[  493.446058][T16372] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  493.448815][T16372] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  493.452799][T16372] vivid-000: Enable Capture Cropping: true
[  493.454725][T16372] vivid-000: Enable Capture Composing: true
[  493.456625][T16372] vivid-000: Enable Capture Scaler: true
[  493.458395][T16372] vivid-000: Timestamp Source: End of Frame
[  493.460252][T16372] vivid-000: Colorspace: sRGB
[  493.464862][T16372] vivid-000: Transfer Function: Default
[  493.467006][T16372] vivid-000: Y'CbCr Encoding: Default
[  493.468688][T16372] vivid-000: HSV Encoding: Hue 0-179
[  493.470393][T16372] vivid-000: Quantization: Default
[  493.472253][T16372] vivid-000: Apply Alpha To Red Only: false
[  493.474761][T16372] vivid-000: Standard Aspect Ratio: 4x3
[  493.477254][T16372] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  493.480448][T16372] vivid-000: DV Timings: 640x480p59 inactive
[  493.484105][T16372] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  493.487147][T16372] vivid-000: Maximum EDID Blocks: 1
[  493.489485][T16372] vivid-000: Limited RGB Range (16-235): false
[  493.492144][T16372] vivid-000: Rx RGB Quantization Range: Automatic
[  493.494825][T16372] vivid-000: Power Present: 0x00000001
[  493.498875][T16372] tpg source WxH: 320x180 (R'G'B)
[  493.503651][T16372] tpg field: 1
[  493.505281][T16372] tpg crop: (0,0)/320x180
[  493.507170][T16372] tpg compose: (0,0)/320x180
[  493.509243][T16372] tpg colorspace: 8
[  493.510938][T16372] tpg transfer function: 0/0
[  493.513221][T16372] tpg quantization: 0/0
[  493.515066][T16372] tpg RGB range: 0/2
[  493.516727][T16372] vivid-000: ==================  END STATUS  ==================
[  494.021207][T16382] lo speed is unknown, defaulting to 1000
[  494.454221][T16383] netlink: 9 bytes leftover after parsing attributes in process `syz.2.3098'.
[  494.594687][T16383] gretap0: entered promiscuous mode
[  494.661553][T16394] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3102'.
[  495.052023][T16402] random: crng reseeded on system resumption
[  495.097484][T16402] Restarting kernel threads ...
[  495.100501][T16402] Done restarting kernel threads.
[  495.333639][T16407] xt_CT: You must specify a L4 protocol and not use inversions on it
[  495.690220][T16411] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  496.485983][T16423] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3108'.
[  496.489026][   T40] kauditd_printk_skb: 1664 callbacks suppressed
[  496.489035][   T40] audit: type=1400 audit(2000000144.969:139376): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435
[  498.589695][T16442] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3115'.
[  498.608475][T16442] 8021q: adding VLAN 0 to HW filter on device bond1
[  498.635324][T16442] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  499.816682][T16465] FAULT_INJECTION: forcing a failure.
[  499.816682][T16465] name failslab, interval 1, probability 0, space 0, times 0
[  499.822000][T16465] CPU: 1 UID: 0 PID: 16465 Comm: syz.3.3122 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  499.822017][T16465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  499.822024][T16465] Call Trace:
[  499.822029][T16465]  <TASK>
[  499.822033][T16465]  dump_stack_lvl+0x16c/0x1f0
[  499.822055][T16465]  should_fail_ex+0x512/0x640
[  499.822072][T16465]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  499.822089][T16465]  should_failslab+0xc2/0x120
[  499.822100][T16465]  __kmalloc_cache_noprof+0x6a/0x3e0
[  499.822114][T16465]  ? landlock_init_hierarchy_log+0xa7/0x810
[  499.822131][T16465]  landlock_init_hierarchy_log+0xa7/0x810
[  499.822153][T16465]  landlock_merge_ruleset+0x6e1/0x870
[  499.822172][T16465]  ? prepare_creds+0x583/0x7d0
[  499.822200][T16465]  __do_sys_landlock_restrict_self+0x2a2/0x910
[  499.822225][T16465]  ? rcu_is_watching+0x12/0xc0
[  499.822246][T16465]  __do_fast_syscall_32+0x7c/0x3a0
[  499.822258][T16465]  do_fast_syscall_32+0x32/0x80
[  499.822268][T16465]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  499.822281][T16465] RIP: 0023:0xf7f98579
[  499.822291][T16465] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  499.822314][T16465] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 00000000000001be
[  499.822326][T16465] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000001
[  499.822332][T16465] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  499.822338][T16465] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  499.822344][T16465] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  499.822350][T16465] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  499.822363][T16465]  </TASK>
[  499.904716][    C1] vkms_vblank_simulate: vblank timer overrun
[  499.963711][T16469] nvme_fabrics: missing parameter 'transport=%s'
[  499.966773][T16469] nvme_fabrics: missing parameter 'nqn=%s'
[  500.293796][ T1334] usb 7-1: new full-speed USB device number 16 using dummy_hcd
[  500.454800][ T1334] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[  500.534163][ T1334] usb 7-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  500.538106][ T1334] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  500.542881][ T1334] usb 7-1: config 0 interface 0 altsetting 191 has 0 endpoint descriptors, different from the interface descriptor's value: 144
[  500.548689][ T1334] usb 7-1: config 0 interface 0 has no altsetting 0
[  500.554088][ T1334] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  500.557981][ T1334] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  500.561578][ T1334] usb 7-1: Product: syz
[  500.564155][ T1334] usb 7-1: Manufacturer: syz
[  500.566244][ T1334] usb 7-1: SerialNumber: syz
[  500.582731][ T1334] usb 7-1: config 0 descriptor??
[  500.895989][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  501.845730][T16503] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3131'.
[  502.600798][T16517] xt_CT: You must specify a L4 protocol and not use inversions on it
[  503.043214][ T1334] ldusb 7-1:0.0: Interrupt in endpoint not found
[  503.048668][ T1334] usb 7-1: USB disconnect, device number 16
[  503.134168][T16524] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3137'.
[  503.136737][T16522] loop6: detected capacity change from 0 to 524287999
[  503.375898][T16535] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3142'.
[  503.793135][T16543] xt_ecn: cannot match TCP bits for non-tcp packets
[  504.429323][T16545] fuse: Bad value for 'fd'
[  505.516981][T16565] cgroup: Need name or subsystem set
[  505.521433][T16565] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3151'.
[  505.566911][T16567] tmpfs: Unknown parameter 'ÿÿÿÿÿÿÿÿ'
[  505.568871][T16567] tmpfs: Unknown parameter 'ÿÿÿÿÿÿÿÿ'
[  505.878143][T16592] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3162'.
[  506.203323][T16610] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  506.930542][T16626] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3171'.
[  507.353780][T16638] tty tty3: ldisc open failed (-12), clearing slot 2
[  507.528077][T16647] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3175'.
[  508.170702][T16678] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  508.617674][T16687] input: syz0 as /devices/virtual/input/input34
[  508.622275][T16687] netlink: 'syz.2.3189': attribute type 1 has an invalid length.
[  508.624706][T16687] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3189'.
[  508.722744][T16691] FAULT_INJECTION: forcing a failure.
[  508.722744][T16691] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  508.727956][T16691] CPU: 2 UID: 0 PID: 16691 Comm: syz.1.3190 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  508.727971][T16691] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  508.727978][T16691] Call Trace:
[  508.727982][T16691]  <TASK>
[  508.727987][T16691]  dump_stack_lvl+0x16c/0x1f0
[  508.728008][T16691]  should_fail_ex+0x512/0x640
[  508.728027][T16691]  _copy_to_user+0x32/0xd0
[  508.728046][T16691]  simple_read_from_buffer+0xcb/0x170
[  508.728062][T16691]  proc_fail_nth_read+0x197/0x270
[  508.728076][T16691]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  508.728090][T16691]  ? rw_verify_area+0xcf/0x680
[  508.728104][T16691]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  508.728116][T16691]  vfs_read+0x1e1/0xc60
[  508.728131][T16691]  ? fdget_pos+0x2a2/0x370
[  508.728149][T16691]  ? __pfx_vfs_read+0x10/0x10
[  508.728162][T16691]  ? find_held_lock+0x2b/0x80
[  508.728177][T16691]  ? __fget_files+0x20e/0x3c0
[  508.728196][T16691]  ksys_read+0x12a/0x250
[  508.728211][T16691]  ? __pfx_ksys_read+0x10/0x10
[  508.728227][T16691]  ? rcu_is_watching+0x12/0xc0
[  508.728240][T16691]  __do_fast_syscall_32+0x7c/0x3a0
[  508.728252][T16691]  do_fast_syscall_32+0x32/0x80
[  508.728262][T16691]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  508.728276][T16691] RIP: 0023:0xf7ff5579
[  508.728285][T16691] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  508.728296][T16691] RSP: 002b:00000000f5116590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  508.728307][T16691] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f5116620
[  508.728313][T16691] RDX: 000000000000000f RSI: 00000000f7482ff4 RDI: 0000000000000000
[  508.728319][T16691] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  508.728325][T16691] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  508.728332][T16691] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  508.728346][T16691]  </TASK>
[  508.825950][T15736] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  508.872445][T16704] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3195'.
[  509.363459][T16712] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  509.586872][T16730] cgroup: Need name or subsystem set
[  509.591467][T16730] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3204'.
[  509.675700][T16733] [U] 	
[  510.200009][   T40] audit: type=1326 audit(2000000158.679:139377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16768 comm="syz.1.3213" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff5579 code=0x0
[  510.295062][T16780] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3215'.
[  510.326435][T16774] sd 0:0:0:0: PR command failed: 1026
[  510.328254][T16774] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[  510.330402][T16774] sd 0:0:0:0: Add. Sense: Invalid command operation code
[  510.479774][T16795] cgroup: Need name or subsystem set
[  510.485024][T16795] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3218'.
[  511.005031][T16809] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3221'.
[  511.022075][   T57] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  511.101466][   T40] audit: type=1326 audit(2000000159.579:139378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16814 comm="syz.3.3224" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  511.111523][   T40] audit: type=1326 audit(2000000159.579:139379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16814 comm="syz.3.3224" exe="/syz-executor" sig=0 arch=40000003 syscall=384 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  511.216422][   T57] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  511.220498][   T57] usb 7-1: config 0 interface 0 has no altsetting 0
[  511.226847][   T57] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  511.230616][   T57] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  511.234310][   T57] usb 7-1: Product: syz
[  511.235993][   T57] usb 7-1: Manufacturer: syz
[  511.237948][   T57] usb 7-1: SerialNumber: syz
[  511.242707][   T57] usb 7-1: config 0 descriptor??
[  511.256287][   T57] usb 7-1: selecting invalid altsetting 0
[  511.261612][   T40] audit: type=1326 audit(2000000159.589:139380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16814 comm="syz.3.3224" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  511.270465][   T40] audit: type=1326 audit(2000000159.589:139381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16814 comm="syz.3.3224" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  511.279086][   T40] audit: type=1326 audit(2000000159.589:139382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16814 comm="syz.3.3224" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  511.287770][   T40] audit: type=1326 audit(2000000159.589:139383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16814 comm="syz.3.3224" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  511.296713][   T40] audit: type=1326 audit(2000000159.589:139384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16814 comm="syz.3.3224" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  511.304973][   T40] audit: type=1326 audit(2000000159.589:139385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16814 comm="syz.3.3224" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  511.311650][   T40] audit: type=1326 audit(2000000159.589:139386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16814 comm="syz.3.3224" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  512.134397][T16834] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  512.640477][T16842] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3232'.
[  512.700559][T16847] 9pnet_virtio: no channels available for device éq‰Y’3aK
[  512.815603][T16849] cgroup: Need name or subsystem set
[  512.859910][T16849] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3235'.
[  513.292097][T15736] Bluetooth: hci1: command 0x0406 tx timeout
[  513.545655][ T6008] usb 7-1: USB disconnect, device number 17
[  513.663070][T16872] cgroup: Need name or subsystem set
[  513.683283][T16872] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3244'.
[  513.822095][T16880] netlink: zone id is out of range
[  513.831874][T16880] netlink: zone id is out of range
[  513.839493][T16880] netlink: zone id is out of range
[  513.846827][T16880] netlink: zone id is out of range
[  513.852083][T16880] netlink: zone id is out of range
[  513.860720][T16880] netlink: zone id is out of range
[  513.863058][T16880] netlink: zone id is out of range
[  513.865359][T16880] netlink: zone id is out of range
[  513.868022][T16880] netlink: zone id is out of range
[  513.882022][T16880] netlink: set zone limit has 4 unknown bytes
[  513.889308][T16880] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3246'.
[  514.022022][T16880] hsr_slave_1 (unregistering): left promiscuous mode
[  514.084640][T16888] overlayfs: failed to resolve './file0': -2
[  514.335013][T16893] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3248'.
[  515.320121][T16901] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3251'.
[  515.640759][T16919] xt_CT: You must specify a L4 protocol and not use inversions on it
[  515.866936][T16920] No such timeout policy "syz0"
[  515.883059][T16920] ubi31: attaching mtd0
[  515.894941][T16920] ubi31: scanning is finished
[  515.898513][T16920] ubi31: empty MTD device detected
[  516.029602][T16920] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  516.035251][T16920] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  516.039667][T16920] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  516.044779][T16920] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  516.049074][T16920] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  516.211168][T16920] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  516.217027][T16920] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2602775553
[  516.221570][T16920] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  516.226960][T16922] ubi31: background thread "ubi_bgt31d" started, PID 16922
[  516.345742][T16927] xt_CT: You must specify a L4 protocol and not use inversions on it
[  516.489678][T16930] 9pnet_virtio: no channels available for device syz
[  516.690289][T16929] syzkaller1: entered promiscuous mode
[  516.692134][T16929] syzkaller1: entered allmulticast mode
[  516.694867][T16929] program syz.1.3257 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  516.697952][T16933] program syz.1.3257 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  517.310967][T16960] cgroup: Need name or subsystem set
[  517.365961][T16960] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3268'.
[  517.417555][   T40] kauditd_printk_skb: 37 callbacks suppressed
[  517.417572][   T40] audit: type=1400 audit(2000000165.899:139424): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435
[  517.422289][T16966] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3269'.
[  518.124637][T16998] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3281'.
[  518.130816][T16999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3280'.
[  518.174535][T15736] Bluetooth: unknown link type 108
[  518.178724][T15736] Bluetooth: hci1: connection err: -111
[  518.183015][T17002] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  518.492281][    C0] vcan0: j1939_tp_rxtimer: 0xffff88806d79b400: rx timeout, send abort
[  518.995721][    C0] vcan0: j1939_tp_rxtimer: 0xffff88806d79b400: abort rx timeout. Force session deactivation
[  519.699119][T17027] lo speed is unknown, defaulting to 1000
[  519.772166][T17035] random: crng reseeded on system resumption
[  520.119938][   T40] audit: type=1326 audit(2000000168.599:139425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17034 comm="syz.3.3292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  520.131608][   T40] audit: type=1326 audit(2000000168.599:139426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17034 comm="syz.3.3292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  520.151720][   T40] audit: type=1326 audit(2000000168.599:139427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17034 comm="syz.3.3292" exe="/syz-executor" sig=0 arch=40000003 syscall=393 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  520.165722][   T40] audit: type=1326 audit(2000000168.599:139428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17034 comm="syz.3.3292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  520.176318][   T40] audit: type=1326 audit(2000000168.599:139429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17034 comm="syz.3.3292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  520.188666][   T40] audit: type=1326 audit(2000000168.599:139430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17034 comm="syz.3.3292" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  520.207264][   T40] audit: type=1326 audit(2000000168.599:139431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17034 comm="syz.3.3292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  520.216658][   T40] audit: type=1326 audit(2000000168.599:139432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17034 comm="syz.3.3292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  520.230252][   T40] audit: type=1326 audit(2000000168.599:139433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17034 comm="syz.3.3292" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  520.625179][T17050] xt_ecn: cannot match TCP bits for non-tcp packets
[  522.095992][T17082] 9pnet_fd: Insufficient options for proto=fd
[  522.133451][T17090] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3308'.
[  522.145644][T17092] netlink: 236 bytes leftover after parsing attributes in process `syz.2.3309'.
[  522.860643][T17109] binder: BINDER_SET_CONTEXT_MGR already set
[  522.863234][T17109] binder: 17108:17109 ioctl 4018620d 80000040 returned -16
[  523.203298][ T6008] libceph: connect (1)[c::]:6789 error -101
[  523.205845][ T6008] libceph: mon0 (1)[c::]:6789 connect error
[  523.288593][T17123] ceph: No mds server is up or the cluster is laggy
[  523.300715][T17131] netlink: 'syz.1.3321': attribute type 4 has an invalid length.
[  523.622292][ T1334] usb 6-1: new full-speed USB device number 26 using dummy_hcd
[  523.972359][ T1334] usb 6-1: device descriptor read/64, error -71
[  524.064741][T17142] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9)
[  524.066880][T17142] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  524.070732][T17142] vhci_hcd vhci_hcd.0: Device attached
[  524.078087][T17143] usbip_core: unknown command
[  524.080554][T17143] vhci_hcd: unknown pdu 0
[  524.084516][T17143] usbip_core: unknown command
[  524.087832][T14435] vhci_hcd: stop threads
[  524.089581][T14435] vhci_hcd: release socket
[  524.091580][T14435] vhci_hcd: disconnect device
[  524.212276][ T1334] usb 6-1: new full-speed USB device number 27 using dummy_hcd
[  524.352109][ T1334] usb 6-1: device descriptor read/64, error -71
[  524.462329][ T1334] usb usb6-port1: attempt power cycle
[  524.802102][ T1334] usb 6-1: new full-speed USB device number 28 using dummy_hcd
[  524.822564][ T1334] usb 6-1: device descriptor read/8, error -71
[  525.082105][ T1334] usb 6-1: new full-speed USB device number 29 using dummy_hcd
[  525.106090][ T1334] usb 6-1: device descriptor read/8, error -71
[  525.216902][ T1334] usb usb6-port1: unable to enumerate USB device
[  526.124171][T17174] cgroup: Need name or subsystem set
[  526.133664][T17174] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3335'.
[  526.490966][T17200] dlm: plock device version mismatch: kernel (1.2.0), user (1.230.0)
[  526.695792][T17199] netlink: 'syz.1.3338': attribute type 1 has an invalid length.
[  526.701172][T17208] xt_CT: You must specify a L4 protocol and not use inversions on it
[  526.817112][T17199] 8021q: adding VLAN 0 to HW filter on device bond3
[  527.041685][T17228] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3343'.
[  527.046556][T17228] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3343'.
[  527.251777][   T40] kauditd_printk_skb: 10 callbacks suppressed
[  527.251789][   T40] audit: type=1326 audit(2000000175.729:139444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17233 comm="syz.4.3346" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb4579 code=0x7ffc0000
[  527.267835][   T40] audit: type=1326 audit(2000000175.729:139445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17233 comm="syz.4.3346" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb4579 code=0x7ffc0000
[  527.279227][   T40] audit: type=1326 audit(2000000175.729:139446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17233 comm="syz.4.3346" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb4598 code=0x7ffc0000
[  527.312980][   T40] audit: type=1326 audit(2000000175.729:139447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17233 comm="syz.4.3346" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb4598 code=0x7ffc0000
[  527.330695][   T40] audit: type=1326 audit(2000000175.729:139448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17233 comm="syz.4.3346" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb4598 code=0x7ffc0000
[  527.342263][   T40] audit: type=1326 audit(2000000175.729:139449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17233 comm="syz.4.3346" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb4598 code=0x7ffc0000
[  527.342379][T17248] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3351'.
[  527.349207][T17248] netlink: 'syz.2.3351': attribute type 7 has an invalid length.
[  527.354135][   T40] audit: type=1326 audit(2000000175.729:139450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17233 comm="syz.4.3346" exe="/syz-executor" sig=0 arch=40000003 syscall=384 compat=1 ip=0xf7fb4579 code=0x7ffc0000
[  527.363616][   T40] audit: type=1326 audit(2000000175.729:139451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17233 comm="syz.4.3346" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb4579 code=0x7ffc0000
[  527.372062][T17248] netlink: 'syz.2.3351': attribute type 8 has an invalid length.
[  527.374589][T17248] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3351'.
[  527.374975][   T40] audit: type=1326 audit(2000000175.729:139452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17233 comm="syz.4.3346" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb4598 code=0x7ffc0000
[  527.379847][T17248] syz_tun: entered promiscuous mode
[  527.388834][   T40] audit: type=1326 audit(2000000175.729:139453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17233 comm="syz.4.3346" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb4579 code=0x7ffc0000
[  527.396651][T17248] syz_tun: left promiscuous mode
[  527.413030][T17254] lo speed is unknown, defaulting to 1000
[  527.645617][T17262] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3353'.
[  527.663447][T17262] 8021q: adding VLAN 0 to HW filter on device bond2
[  527.687502][T17262] bond1: (slave veth0_to_bond): Releasing backup interface
[  527.697516][T17262] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  527.984241][T17283] lo speed is unknown, defaulting to 1000
[  528.787242][T17300] lo speed is unknown, defaulting to 1000
[  528.790049][T17306] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3369'.
[  529.475163][T17314] xt_CT: You must specify a L4 protocol and not use inversions on it
[  529.608601][T17324] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3373'.
[  530.974832][T17345] bridge_slave_0: left allmulticast mode
[  530.975627][T17349] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3382'.
[  530.976742][T17345] bridge_slave_0: left promiscuous mode
[  530.981594][T17345] bridge0: port 1(bridge_slave_0) entered disabled state
[  530.985956][T17345] bridge_slave_1: left allmulticast mode
[  530.987835][T17345] bridge_slave_1: left promiscuous mode
[  530.989663][T17345] bridge0: port 2(bridge_slave_1) entered disabled state
[  531.015809][T17345] bond2: (slave veth0_to_bond): Releasing backup interface
[  531.020715][T17345] bond0: (slave bond_slave_0): Releasing backup interface
[  531.028142][T17345] bond0: (slave bond_slave_1): Releasing backup interface
[  531.046633][T17345] team0: Port device team_slave_0 removed
[  531.055135][T17345] team0: Port device team_slave_1 removed
[  531.057378][T17345] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  531.059707][T17345] batman_adv: batadv0: Removing interface: batadv_slave_0
[  531.065010][T17345] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  531.067298][T17345] batman_adv: batadv0: Removing interface: batadv_slave_1
[  531.346775][T17362] loop6: detected capacity change from 0 to 524287999
[  531.496260][T17366] cgroup: Need name or subsystem set
[  531.504357][T17366] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3387'.
[  531.734257][T17381] lo speed is unknown, defaulting to 1000
[  531.773822][T17384] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3393'.
[  531.793962][T17384] 8021q: adding VLAN 0 to HW filter on device bond4
[  531.803770][T17384] bond3: (slave veth0_to_bond): Releasing backup interface
[  531.810967][T17384] bond4: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  531.862413][T17391] netlink: 'syz.3.3394': attribute type 1 has an invalid length.
[  531.908219][T17391] netlink: 'syz.3.3394': attribute type 1 has an invalid length.
[  532.450421][T17406] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3398'.
[  532.453684][T17406] bridge: RTM_NEWNEIGH with unconfigured vlan 2 on bridge0
[  532.547589][T17410] trusted_key: encrypted_key: keyword 'nøÿult' not recognized
[  533.145552][T17420] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3404'.
[  533.482142][ T1334] usb 6-1: new full-speed USB device number 30 using dummy_hcd
[  533.643313][ T1334] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  533.645934][ T1334] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  533.649307][ T1334] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  533.652904][ T1334] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  533.656394][ T1334] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  533.660784][ T1334] usb 6-1: config 0 interface 0 has no altsetting 0
[  533.664553][ T1334] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  533.667502][ T1334] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  533.670158][ T1334] usb 6-1: Product: syz
[  533.671551][ T1334] usb 6-1: Manufacturer: syz
[  533.673032][ T1334] usb 6-1: SerialNumber: syz
[  533.677034][ T1334] usb 6-1: config 0 descriptor??
[  533.679118][T17427] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  533.683476][ T1334] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  533.689084][ T1334] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  534.309480][T17451] lo speed is unknown, defaulting to 1000
[  534.391167][T17455] lo speed is unknown, defaulting to 1000
[  535.478697][T17477] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3418'.
[  535.483532][T17477] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3418'.
[  535.561708][T17481] cgroup: Need name or subsystem set
[  535.572462][T17481] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3421'.
[  535.808366][T17494] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3423'.
[  536.268807][   T53] usb 6-1: USB disconnect, device number 30
[  536.278187][   T53] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[  536.546865][T17531] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3431'.
[  536.565068][T17531] 8021q: adding VLAN 0 to HW filter on device bond4
[  536.620354][T17531] bond2: (slave veth0_to_bond): Releasing backup interface
[  536.627926][T17531] bond4: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  536.952592][ T6009] usb 6-1: new full-speed USB device number 31 using dummy_hcd
[  537.124118][ T6009] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  537.132009][ T6009] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  537.135643][ T6009] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  537.140100][ T6009] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  537.144792][ T6009] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  537.150094][ T6009] usb 6-1: config 0 interface 0 has no altsetting 0
[  537.155568][ T6009] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  537.159961][ T6009] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  537.163015][ T6009] usb 6-1: Product: syz
[  537.166770][ T6009] usb 6-1: Manufacturer: syz
[  537.168589][ T6009] usb 6-1: SerialNumber: syz
[  537.173366][ T6009] usb 6-1: config 0 descriptor??
[  537.179802][T17553] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  537.184264][ T6009] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  537.189326][ T6009] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  538.222360][T17593] lo speed is unknown, defaulting to 1000
[  539.105914][T17610] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  539.105914][T17610]    program syz.2.3454 not setting count and/or reply_len properly
[  539.307738][T17618] input: syz1 as /devices/virtual/input/input36
[  539.324706][T17618] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3454'.
[  540.356343][ T6008] usb 6-1: USB disconnect, device number 31
[  540.362388][ T6008] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[  541.594495][   T40] kauditd_printk_skb: 1058 callbacks suppressed
[  541.594506][   T40] audit: type=1326 audit(2000000190.079:140512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17652 comm="syz.3.3466" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  541.608273][   T40] audit: type=1326 audit(2000000190.079:140513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17652 comm="syz.3.3466" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  541.618238][   T40] audit: type=1326 audit(2000000190.079:140514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17652 comm="syz.3.3466" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  541.625430][   T40] audit: type=1326 audit(2000000190.079:140515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17652 comm="syz.3.3466" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  541.632817][   T40] audit: type=1326 audit(2000000190.089:140516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17652 comm="syz.3.3466" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  541.639661][   T40] audit: type=1326 audit(2000000190.089:140517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17652 comm="syz.3.3466" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  541.646767][   T40] audit: type=1326 audit(2000000190.089:140518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17652 comm="syz.3.3466" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  541.653939][   T40] audit: type=1326 audit(2000000190.089:140519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17652 comm="syz.3.3466" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  541.660766][   T40] audit: type=1326 audit(2000000190.089:140520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17652 comm="syz.3.3466" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  541.667652][   T40] audit: type=1326 audit(2000000190.089:140521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17652 comm="syz.3.3466" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  542.659064][T17681] cgroup: Need name or subsystem set
[  542.742487][T17681] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3476'.
[  542.904002][T17691] ubi: mtd0 is already attached to ubi31
[  543.060017][T17697] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3482'.
[  543.415763][T17708] lo speed is unknown, defaulting to 1000
[  543.523751][T17712] cgroup: Need name or subsystem set
[  543.535878][T17712] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3488'.
[  543.550256][T17713] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3486'.
[  546.132075][   T57] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  546.174147][T17755] nbd: must specify at least one socket
[  546.289519][   T57] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  546.293320][   T57] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  546.298694][   T57] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  546.305435][   T57] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  546.324649][   T57] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  546.417665][   T57] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  546.421675][   T57] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  546.430825][   T57] usb 6-1: Product: syz
[  546.435460][   T57] usb 6-1: Manufacturer: syz
[  546.473483][   T57] cdc_wdm 6-1:1.0: skipping garbage
[  546.475322][   T57] cdc_wdm 6-1:1.0: skipping garbage
[  546.504681][   T57] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  546.506705][   T57] cdc_wdm 6-1:1.0: Unknown control protocol
[  546.651243][   T40] kauditd_printk_skb: 8716 callbacks suppressed
[  546.651317][   T40] audit: type=1326 audit(2000000195.069:149238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.2.3479" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe598 code=0x7ffc0000
[  546.719496][   T40] audit: type=1326 audit(2000000195.069:149239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.2.3479" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe598 code=0x7ffc0000
[  546.727209][   T56] usb 6-1: USB disconnect, device number 32
[  546.729811][   T40] audit: type=1326 audit(2000000195.069:149240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.2.3479" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe598 code=0x7ffc0000
[  546.738166][   T40] audit: type=1326 audit(2000000195.069:149241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.2.3479" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe598 code=0x7ffc0000
[  546.745062][   T40] audit: type=1326 audit(2000000195.069:149242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.2.3479" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe598 code=0x7ffc0000
[  546.751801][   T40] audit: type=1326 audit(2000000195.069:149243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.2.3479" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe598 code=0x7ffc0000
[  546.763513][   T40] audit: type=1326 audit(2000000195.069:149244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.2.3479" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe598 code=0x7ffc0000
[  546.771550][   T40] audit: type=1326 audit(2000000195.069:149245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.2.3479" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe598 code=0x7ffc0000
[  546.781673][   T40] audit: type=1326 audit(2000000195.069:149246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.2.3479" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe598 code=0x7ffc0000
[  546.792403][   T40] audit: type=1326 audit(2000000195.069:149247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17687 comm="syz.2.3479" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe598 code=0x7ffc0000
[  546.981152][T17764] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3500'.
[  546.984668][T17764] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3500'.
[  547.182484][T17775] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3505'.
[  548.218752][T17784] mmap: syz.3.3509 (17784): VmData 37507072 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  548.345176][T17789] cgroup: Need name or subsystem set
[  548.410865][T17792] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3510'.
[  549.316994][T17824] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3516'.
[  549.872152][T17842] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3524'.
[  550.044023][T17840] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  550.046046][T17840] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  550.048015][T17840] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  550.049936][T17840] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  550.056479][T17840] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  550.058472][T17840] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  550.066348][T17840] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  550.078134][T17851] input: syz1 as /devices/virtual/input/input37
[  550.330365][T17864] veth0_virt_wifi: entered allmulticast mode
[  551.544649][T17885] input: syz0 as /devices/virtual/input/input38
[  551.560065][T17885] netlink: 'syz.2.3538': attribute type 1 has an invalid length.
[  551.568420][T17885] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3538'.
[  551.652262][   T40] kauditd_printk_skb: 6536 callbacks suppressed
[  551.652274][   T40] audit: type=1326 audit(2000000200.139:155784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17870 comm="syz.3.3534" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  551.664269][T17889] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3540'.
[  551.667455][   T40] audit: type=1326 audit(2000000200.139:155785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17870 comm="syz.3.3534" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  551.679113][   T40] audit: type=1326 audit(2000000200.139:155786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17870 comm="syz.3.3534" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  551.685891][T17889] 8021q: adding VLAN 0 to HW filter on device bond3
[  551.688198][   T40] audit: type=1326 audit(2000000200.139:155787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17870 comm="syz.3.3534" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  551.694920][   T40] audit: type=1326 audit(2000000200.139:155788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17870 comm="syz.3.3534" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  551.701594][   T40] audit: type=1326 audit(2000000200.139:155789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17870 comm="syz.3.3534" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  551.709847][   T40] audit: type=1326 audit(2000000200.139:155790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17870 comm="syz.3.3534" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  551.711345][T17889] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  551.718191][   T40] audit: type=1326 audit(2000000200.139:155791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17870 comm="syz.3.3534" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  551.728115][   T40] audit: type=1326 audit(2000000200.139:155792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17870 comm="syz.3.3534" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  551.734994][   T40] audit: type=1326 audit(2000000200.139:155793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17870 comm="syz.3.3534" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  552.029428][ T5308] Bluetooth: hci2: command 0x0406 tx timeout
[  552.100387][ T5308] Bluetooth: hci3: command 0x0405 tx timeout
[  552.103614][T15736] Bluetooth: hci1: command 0x0406 tx timeout
[  552.103902][ T5951] Bluetooth: hci0: command 0x0405 tx timeout
[  552.354382][T17909] netlink: 'syz.1.3547': attribute type 1 has an invalid length.
[  552.357433][T17909] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3547'.
[  553.790638][T17938] netlink: 'syz.2.3556': attribute type 1 has an invalid length.
[  553.793036][T17938] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3556'.
[  553.815866][T17939] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3554'.
[  553.974525][T17946] FAULT_INJECTION: forcing a failure.
[  553.974525][T17946] name failslab, interval 1, probability 0, space 0, times 0
[  553.978411][T17946] CPU: 2 UID: 0 PID: 17946 Comm: syz.2.3559 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  553.978426][T17946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  553.978433][T17946] Call Trace:
[  553.978437][T17946]  <TASK>
[  553.978442][T17946]  dump_stack_lvl+0x16c/0x1f0
[  553.978464][T17946]  should_fail_ex+0x512/0x640
[  553.978480][T17946]  ? fs_reclaim_acquire+0xae/0x150
[  553.978495][T17946]  ? tomoyo_encode2+0x100/0x3e0
[  553.978509][T17946]  should_failslab+0xc2/0x120
[  553.978520][T17946]  __kmalloc_noprof+0xd2/0x510
[  553.978535][T17946]  ? d_absolute_path+0x136/0x1a0
[  553.978549][T17946]  tomoyo_encode2+0x100/0x3e0
[  553.978566][T17946]  tomoyo_encode+0x29/0x50
[  553.978580][T17946]  tomoyo_realpath_from_path+0x18f/0x6e0
[  553.978599][T17946]  tomoyo_path_number_perm+0x245/0x580
[  553.978612][T17946]  ? tomoyo_path_number_perm+0x237/0x580
[  553.978626][T17946]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  553.978657][T17946]  ? find_held_lock+0x2b/0x80
[  553.978669][T17946]  ? hook_file_ioctl_common+0x145/0x410
[  553.978684][T17946]  ? __fget_files+0x20e/0x3c0
[  553.978698][T17946]  ? fput+0x60/0xf0
[  553.978711][T17946]  security_file_ioctl_compat+0x9b/0x240
[  553.978726][T17946]  __ia32_compat_sys_ioctl+0xc3/0x370
[  553.978741][T17946]  __do_fast_syscall_32+0x7c/0x3a0
[  553.978753][T17946]  do_fast_syscall_32+0x32/0x80
[  553.978763][T17946]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  553.978777][T17946] RIP: 0023:0xf70fe579
[  553.978785][T17946] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  553.978796][T17946] RSP: 002b:00000000f50ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  553.978806][T17946] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b4e
[  553.978813][T17946] RDX: 000000000000003d RSI: 0000000000000000 RDI: 0000000000000000
[  553.978819][T17946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  553.978825][T17946] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  553.978831][T17946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  553.978845][T17946]  </TASK>
[  553.978854][T17946] ERROR: Out of memory at tomoyo_realpath_from_path.
[  554.172085][ T5951] Bluetooth: hci0: command 0x0405 tx timeout
[  554.174190][ T5951] Bluetooth: hci1: command 0x0406 tx timeout
[  554.692105][T17959] cgroup: Need name or subsystem set
[  554.786790][T17963] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3564'.
[  554.793197][T17959] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3563'.
[  555.302060][   T57] usb 7-1: new full-speed USB device number 18 using dummy_hcd
[  555.453179][   T57] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[  555.455784][   T57] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  555.459217][   T57] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  555.462769][   T57] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  555.466124][   T57] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  555.470191][   T57] usb 7-1: config 0 interface 0 has no altsetting 0
[  555.474375][   T57] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  555.477180][   T57] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  555.479787][   T57] usb 7-1: Product: syz
[  555.481147][   T57] usb 7-1: Manufacturer: syz
[  555.482724][   T57] usb 7-1: SerialNumber: syz
[  555.485493][   T57] usb 7-1: config 0 descriptor??
[  555.487510][T17971] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  555.491007][   T57] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  555.495223][   T57] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  556.252170][ T5951] Bluetooth: hci0: command 0x0405 tx timeout
[  557.151851][T18002] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3575'.
[  557.185906][T18004] cgroup: Need name or subsystem set
[  557.191671][T18004] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3576'.
[  557.810121][ T6008] libceph: connect (1)[c::]:6789 error -101
[  557.812435][ T6008] libceph: mon0 (1)[c::]:6789 connect error
[  557.867702][   T40] kauditd_printk_skb: 1442 callbacks suppressed
[  557.867715][   T40] audit: type=1326 audit(2000000206.349:157236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18027 comm="syz.3.3584" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  557.877010][   T40] audit: type=1326 audit(2000000206.349:157237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18027 comm="syz.3.3584" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  557.883929][   T40] audit: type=1326 audit(2000000206.349:157238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18027 comm="syz.3.3584" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  557.890690][   T40] audit: type=1326 audit(2000000206.349:157239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18027 comm="syz.3.3584" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  557.899710][   T40] audit: type=1326 audit(2000000206.349:157240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18027 comm="syz.3.3584" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  557.907464][   T40] audit: type=1326 audit(2000000206.349:157241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18027 comm="syz.3.3584" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  557.912781][T18023] ceph: No mds server is up or the cluster is laggy
[  557.914783][   T40] audit: type=1326 audit(2000000206.349:157242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18027 comm="syz.3.3584" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  557.923693][   T40] audit: type=1326 audit(2000000206.349:157243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18027 comm="syz.3.3584" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  557.930384][   T40] audit: type=1326 audit(2000000206.349:157244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18027 comm="syz.3.3584" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  557.938175][   T40] audit: type=1326 audit(2000000206.349:157245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18027 comm="syz.3.3584" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  558.294764][ T6008] usb 7-1: USB disconnect, device number 18
[  558.307000][ T6008] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  558.352325][T18039] input: syz0 as /devices/virtual/input/input39
[  558.391034][T18039] netlink: 'syz.1.3587': attribute type 1 has an invalid length.
[  558.394966][T18039] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3587'.
[  558.432677][T18043] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3588'.
[  558.445796][T18043] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3588'.
[  559.522674][T18058] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  559.524863][T18058] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  559.529402][T18058] vhci_hcd vhci_hcd.0: Device attached
[  559.702047][ T6026] vhci_hcd: vhci_device speed not set
[  559.762137][ T6026] usb 39-1: new full-speed USB device number 2 using vhci_hcd
[  559.783598][ T1019] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  559.842024][   T10] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  559.933713][ T1019] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  559.937565][ T1019] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  559.941076][ T1019] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  559.944285][ T1019] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  559.950285][ T1019] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  559.953518][ T1019] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  559.956239][ T1019] usb 6-1: Manufacturer: syz
[  559.959319][ T1019] usb 6-1: config 0 descriptor??
[  559.996101][   T10] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  559.999761][   T10] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  560.003669][   T10] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  560.007313][   T10] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  560.012183][   T10] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  560.018713][   T10] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  560.021657][   T10] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  560.024554][   T10] usb 9-1: Product: syz
[  560.025982][   T10] usb 9-1: Manufacturer: syz
[  560.033978][   T10] cdc_wdm 9-1:1.0: skipping garbage
[  560.036128][   T10] cdc_wdm 9-1:1.0: skipping garbage
[  560.039023][   T10] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[  560.041052][   T10] cdc_wdm 9-1:1.0: Unknown control protocol
[  560.240201][   T57] usb 9-1: USB disconnect, device number 14
[  560.377465][ T1019] appleir 0003:05AC:8243.0008: unknown main item tag 0x0
[  560.380235][ T1019] appleir 0003:05AC:8243.0008: No inputs registered, leaving
[  560.385917][ T1019] appleir 0003:05AC:8243.0008: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  560.786839][T18073] input: syz0 as /devices/virtual/input/input40
[  560.797585][T18073] netlink: 'syz.2.3598': attribute type 1 has an invalid length.
[  560.800450][T18073] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3598'.
[  560.810429][T18075] netlink: 'syz.4.3597': attribute type 10 has an invalid length.
[  560.925521][T18081] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3601'.
[  560.984312][T18081] set match dimension is over the limit!
[  561.077924][T18084] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  561.083781][T18084] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  561.202675][T18081] can: request_module (can-proto-0) failed.
[  561.452424][T18087] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3602'.
[  561.666400][T18099] input: syz0 as /devices/virtual/input/input41
[  561.671340][T18099] netlink: 'syz.2.3607': attribute type 1 has an invalid length.
[  561.683893][T18099] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3607'.
[  561.690835][T18059] vhci_hcd: connection reset by peer
[  561.693883][T14435] vhci_hcd: stop threads
[  561.695370][T14435] vhci_hcd: release socket
[  561.696870][T14435] vhci_hcd: disconnect device
[  562.336641][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  562.618152][T18126] 9pnet: Unknown protocol version 9p20\++}
[  562.708466][   T57] usb 6-1: USB disconnect, device number 33
[  562.968505][T18126] ip6tnl1: entered promiscuous mode
[  562.970606][T18126] ip6tnl1: entered allmulticast mode
[  562.976164][T18126] team0: Device ip6tnl1 is up. Set it down before adding it as a team port
[  563.679452][   T40] kauditd_printk_skb: 3213 callbacks suppressed
[  563.679463][   T40] audit: type=1326 audit(2000000212.159:160459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18195 comm="syz.3.3623" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  563.688284][   T40] audit: type=1326 audit(2000000212.169:160460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18195 comm="syz.3.3623" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  563.695634][   T40] audit: type=1326 audit(2000000212.169:160461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18195 comm="syz.3.3623" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  563.704328][   T40] audit: type=1326 audit(2000000212.179:160462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18195 comm="syz.3.3623" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  563.713055][   T40] audit: type=1326 audit(2000000212.179:160463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18195 comm="syz.3.3623" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  563.721182][   T40] audit: type=1326 audit(2000000212.179:160464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18195 comm="syz.3.3623" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  563.732501][   T40] audit: type=1326 audit(2000000212.179:160465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18195 comm="syz.3.3623" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  563.739850][   T40] audit: type=1326 audit(2000000212.179:160466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18195 comm="syz.3.3623" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  563.757493][   T40] audit: type=1326 audit(2000000212.179:160467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18195 comm="syz.3.3623" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  563.766234][   T40] audit: type=1326 audit(2000000212.179:160468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18195 comm="syz.3.3623" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f98598 code=0x7ffc0000
[  563.911189][T18205] xt_ecn: cannot match TCP bits for non-tcp packets
[  564.732144][ T1334] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  564.924398][ T6026] vhci_hcd: vhci_device speed not set
[  565.042814][ T1334] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  565.045649][ T1334] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  565.048829][ T1334] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  565.051727][ T1334] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  565.575641][ T1334] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  565.580276][ T1334] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  565.583271][ T1334] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  565.585777][ T1334] usb 7-1: Product: syz
[  565.587100][ T1334] usb 7-1: Manufacturer: syz
[  565.591387][ T1334] cdc_wdm 7-1:1.0: skipping garbage
[  565.593586][ T1334] cdc_wdm 7-1:1.0: skipping garbage
[  565.596188][ T1334] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  565.598084][ T1334] cdc_wdm 7-1:1.0: Unknown control protocol
[  565.616526][T18217] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3627'.
[  565.620114][T18217] netlink: 'syz.4.3627': attribute type 5 has an invalid length.
[  565.623247][T18217] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3627'.
[  565.644361][T18217] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  565.649338][T18217] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  565.653114][T18217] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  565.656618][T18217] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  565.660331][T18217] geneve3: entered promiscuous mode
[  565.662653][T18217] geneve3: entered allmulticast mode
[  565.793537][   T57] usb 7-1: USB disconnect, device number 19
[  566.397468][T18235] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3632'.
[  566.799469][T18245] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3637'.
[  567.210030][T18258] e1000e 0000:00:02.0 eth1: NIC Link is Down
[  567.369232][T18268] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3642'.
[  567.428160][T18271] input: syz1 as /devices/virtual/input/input42
[  567.534640][T18277] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3645'.
[  567.795719][T18287] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3646'.
[  568.186952][T18307] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  568.186970][T18307] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  568.187017][T18307] vhci_hcd vhci_hcd.0: Device attached
[  568.190850][T18308] vhci_hcd: connection closed
[  568.196898][T18190] vhci_hcd: stop threads
[  568.196910][T18190] vhci_hcd: release socket
[  568.196917][T18190] vhci_hcd: disconnect device
[  568.702266][ T1334] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  568.858164][ T1334] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  568.861466][ T1334] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  568.866300][ T1334] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  568.869036][ T1334] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  568.872850][ T1334] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  568.883004][ T1334] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  568.886083][ T1334] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  568.888670][ T1334] usb 9-1: Product: syz
[  568.890487][ T1334] usb 9-1: Manufacturer: syz
[  568.908475][T18294] block nbd3: shutting down sockets
[  568.933973][ T1334] cdc_wdm 9-1:1.0: skipping garbage
[  568.939915][ T1334] cdc_wdm 9-1:1.0: skipping garbage
[  568.951037][ T1334] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[  568.953424][ T1334] cdc_wdm 9-1:1.0: Unknown control protocol
[  569.142889][ T6026] usb 9-1: USB disconnect, device number 15
[  569.784083][   T40] kauditd_printk_skb: 3022 callbacks suppressed
[  569.784093][   T40] audit: type=1326 audit(2000000218.269:163491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18347 comm="syz.4.3661" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb4598 code=0x7ffc0000
[  569.794495][   T40] audit: type=1326 audit(2000000218.279:163492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18347 comm="syz.4.3661" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb4579 code=0x7ffc0000
[  569.801269][   T40] audit: type=1326 audit(2000000218.279:163493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18347 comm="syz.4.3661" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb4579 code=0x7ffc0000
[  569.810653][   T40] audit: type=1326 audit(2000000218.289:163494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18347 comm="syz.4.3661" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb4579 code=0x7ffc0000
[  569.819874][   T40] audit: type=1326 audit(2000000218.299:163495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18347 comm="syz.4.3661" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb4598 code=0x7ffc0000
[  569.830583][   T40] audit: type=1326 audit(2000000218.299:163496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18347 comm="syz.4.3661" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb4598 code=0x7ffc0000
[  569.839276][   T40] audit: type=1326 audit(2000000218.299:163497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18347 comm="syz.4.3661" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb4579 code=0x7ffc0000
[  569.846099][   T40] audit: type=1326 audit(2000000218.299:163498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18347 comm="syz.4.3661" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb4598 code=0x7ffc0000
[  569.855304][ T5308] Bluetooth: hci0: command 0x0405 tx timeout
[  569.858776][   T40] audit: type=1326 audit(2000000218.299:163499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18347 comm="syz.4.3661" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb4579 code=0x7ffc0000
[  569.865678][   T40] audit: type=1326 audit(2000000218.299:163500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18347 comm="syz.4.3661" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb4598 code=0x7ffc0000
[  570.135937][T18358] IPVS: sync thread started: state = BACKUP, mcast_ifn = team_slave_0, syncid = 3, id = 0
[  571.391888][T18377] syz.2.3672: vmalloc error: size 2003292160, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  571.397038][T18377] CPU: 1 UID: 0 PID: 18377 Comm: syz.2.3672 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  571.397064][T18377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  571.397072][T18377] Call Trace:
[  571.397077][T18377]  <TASK>
[  571.397082][T18377]  dump_stack_lvl+0x16c/0x1f0
[  571.397104][T18377]  warn_alloc+0x248/0x3a0
[  571.397123][T18377]  ? __pfx_warn_alloc+0x10/0x10
[  571.397138][T18377]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  571.397155][T18377]  ? stack_depot_save_flags+0x3e0/0xa40
[  571.397176][T18377]  ? kasan_save_stack+0x42/0x60
[  571.397193][T18377]  ? kasan_save_stack+0x33/0x60
[  571.397208][T18377]  ? kasan_save_track+0x14/0x30
[  571.397223][T18377]  ? vb2_vmalloc_alloc+0xf9/0x3f0
[  571.397236][T18377]  ? __vb2_queue_alloc+0x8c9/0x1280
[  571.397246][T18377]  ? vb2_core_create_bufs+0x559/0xab0
[  571.397258][T18377]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  571.397271][T18377]  __vmalloc_node_range_noprof+0xff5/0x14b0
[  571.397285][T18377]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  571.397325][T18377]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  571.397347][T18377]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  571.397367][T18377]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  571.397380][T18377]  vmalloc_user_noprof+0x9e/0xe0
[  571.397395][T18377]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  571.397409][T18377]  vb2_vmalloc_alloc+0x135/0x3f0
[  571.397423][T18377]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  571.397436][T18377]  __vb2_queue_alloc+0x8c9/0x1280
[  571.397455][T18377]  vb2_core_create_bufs+0x559/0xab0
[  571.397469][T18377]  ? __pfx_vb2_core_create_bufs+0x10/0x10
[  571.397484][T18377]  ? __pfx___schedule+0x10/0x10
[  571.397502][T18377]  vb2_create_bufs+0x5e8/0x840
[  571.397522][T18377]  ? __pfx_vb2_create_bufs+0x10/0x10
[  571.397540][T18377]  ? v4l_sanitize_colorspace+0x213/0x400
[  571.397560][T18377]  vb2_ioctl_create_bufs+0x244/0x3e0
[  571.397577][T18377]  ? v4l_create_bufs+0x8a/0x270
[  571.397592][T18377]  vidioc_create_bufs+0x7d/0xf0
[  571.397611][T18377]  v4l_create_bufs+0x156/0x270
[  571.397626][T18377]  __video_do_ioctl+0xb40/0xfc0
[  571.397644][T18377]  ? __pfx___video_do_ioctl+0x10/0x10
[  571.397665][T18377]  video_usercopy+0x47c/0x1440
[  571.397682][T18377]  ? __pfx___video_do_ioctl+0x10/0x10
[  571.397697][T18377]  ? __pfx_video_usercopy+0x10/0x10
[  571.397718][T18377]  ? irqentry_exit+0x3b/0x90
[  571.397734][T18377]  ? lockdep_hardirqs_on+0x7c/0x110
[  571.397753][T18377]  v4l2_ioctl+0x1bd/0x250
[  571.397769][T18377]  v4l2_compat_ioctl32+0x214/0x2c0
[  571.397783][T18377]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  571.397797][T18377]  __ia32_compat_sys_ioctl+0x242/0x370
[  571.397813][T18377]  __do_fast_syscall_32+0x7c/0x3a0
[  571.397824][T18377]  do_fast_syscall_32+0x32/0x80
[  571.397835][T18377]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  571.397853][T18377] RIP: 0023:0xf70fe579
[  571.397863][T18377] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  571.397874][T18377] RSP: 002b:00000000f50cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  571.397885][T18377] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00000000c0f8565c
[  571.397893][T18377] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000
[  571.397900][T18377] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  571.397907][T18377] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  571.397914][T18377] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  571.397928][T18377]  </TASK>
[  571.397963][T18377] Mem-Info:
[  571.506697][T18377] active_anon:7965 inactive_anon:4335 isolated_anon:0
[  571.506697][T18377]  active_file:3613 inactive_file:19317 isolated_file:0
[  571.506697][T18377]  unevictable:1768 dirty:225 writeback:0
[  571.506697][T18377]  slab_reclaimable:6128 slab_unreclaimable:66205
[  571.506697][T18377]  mapped:30250 shmem:7962 pagetables:1440
[  571.506697][T18377]  sec_pagetables:325 bounce:0
[  571.506697][T18377]  kernel_misc_reclaimable:0
[  571.506697][T18377]  free:43397 free_pcp:10917 free_cma:0
[  571.520569][T18377] Node 0 active_anon:4kB inactive_anon:144kB active_file:4kB inactive_file:8kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:10032kB dirty:4kB writeback:0kB shmem:5472kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:8560kB pagetables:2076kB sec_pagetables:1140kB all_unreclaimable? yes Balloon:0kB
[  571.530491][T18377] Node 1 active_anon:31856kB inactive_anon:17196kB active_file:14448kB inactive_file:77260kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:110968kB dirty:896kB writeback:0kB shmem:26376kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7556kB pagetables:3684kB sec_pagetables:160kB all_unreclaimable? no Balloon:0kB
[  571.540917][T18377] Node 0 DMA free:2264kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:12kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:444kB local_pcp:36kB free_cma:0kB
[  571.549944][T18377] lowmem_reserve[]: 0 289 289 289 289
[  571.551669][T18377] Node 0 DMA32 free:18824kB boost:2048kB min:15264kB low:18568kB high:21872kB reserved_highatomic:2048KB free_highatomic:320KB active_anon:4kB inactive_anon:132kB active_file:4kB inactive_file:8kB unevictable:3536kB writepending:4kB present:1032196kB managed:296392kB mlocked:0kB bounce:0kB free_pcp:5824kB local_pcp:492kB free_cma:0kB
[  571.561286][T18377] lowmem_reserve[]: 0 0 0 0 0
[  571.562940][T18377] Node 1 DMA32 free:150708kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:2048KB free_highatomic:1856KB active_anon:31856kB inactive_anon:17196kB active_file:14448kB inactive_file:77260kB unevictable:3536kB writepending:896kB present:1048432kB managed:948268kB mlocked:0kB bounce:0kB free_pcp:37552kB local_pcp:17848kB free_cma:0kB
[  571.577180][T18377] lowmem_reserve[]: 0 0 0 0 0
[  571.578731][T18377] Node 0 DMA: 10*4kB (UM) 28*8kB (UM) 23*16kB (UM) 7*32kB (UM) 4*64kB (M) 3*128kB (M) 1*256kB (M) 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 2264kB
[  571.583423][T18377] Node 0 DMA32: 399*4kB (UMEH) 188*8kB (UMEH) 133*16kB (UMEH) 107*32kB (UMEH) 56*64kB (UMEH) 23*128kB (UME) 8*256kB (M) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 18764kB
[  571.588600][T18377] Node 1 DMA32: 367*4kB (UE) 577*8kB (UMEH) 409*16kB (UMEH) 382*32kB (UMEH) 472*64kB (UMEH) 145*128kB (UMEH) 71*256kB (UMEH) 34*512kB (UMEH) 14*1024kB (UM) 5*2048kB (UM) 4*4096kB (UM) = 150164kB
[  571.594619][T18377] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  571.597690][T18377] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  571.600565][T18377] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  571.603610][T18377] Node 1 hugepages_total=5 hugepages_free=0 hugepages_surp=1 hugepages_size=2048kB
[  571.606493][T18377] 31601 total pagecache pages
[  571.608026][T18377] 713 pages in swap cache
[  571.609423][T18377] Free swap  = 118964kB
[  571.610772][T18377] Total swap = 124996kB
[  571.612178][T18377] 524155 pages RAM
[  571.613378][T18377] 0 pages HighMem/MovableOnly
[  571.614872][T18377] 209150 pages reserved
[  571.616187][T18377] 0 pages cma reserved
[  571.967161][T18385] input: syz0 as /devices/virtual/input/input43
[  571.971427][T18385] netlink: 'syz.1.3674': attribute type 1 has an invalid length.
[  571.974466][T18385] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3674'.
[  572.030253][T18387] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3675'.
[  572.208739][T18389] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3675'.
[  572.218809][T18389] netlink: 'syz.1.3675': attribute type 10 has an invalid length.
[  572.248104][T18389] 8021q: adding VLAN 0 to HW filter on device bond0
[  572.257123][T18389] team0: Port device bond0 added
[  573.264630][T18395] binder: 18390:18395 ioctl c018620c 80000380 returned -22
[  573.421190][T18397] lo speed is unknown, defaulting to 1000
[  574.452146][T18405] cgroup: Need name or subsystem set
[  574.523006][T18407] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3679'.
[  574.595083][T18412] cgroup: Need name or subsystem set
[  574.607397][T18412] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3680'.
[  575.583530][T18448] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3688'.
[  575.595132][T18448] 8021q: adding VLAN 0 to HW filter on device bond3
[  575.610194][T18448] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  575.957588][T18467] netlink: 'syz.2.3691': attribute type 3 has an invalid length.
[  575.960547][T18467] net_ratelimit: 1 callbacks suppressed
[  575.960604][T18467] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  576.077005][T18470] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3695'.
[  576.122192][T18472] input: syz1 as /devices/virtual/input/input44
[  577.736231][   T40] kauditd_printk_skb: 12458 callbacks suppressed
[  577.736244][   T40] audit: type=1804 audit(2000000226.219:175959): pid=18515 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3709" name="/newroot/198/file0/file0" dev="9p" ino=41025611 res=1 errno=0
[  577.907369][T18523] evm: overlay not supported
[  578.171494][T18530] input: syz1 as /devices/virtual/input/input45
[  578.365408][T18535] input: syz0 as /devices/virtual/input/input46
[  578.372157][T18535] netlink: 'syz.1.3717': attribute type 1 has an invalid length.
[  578.374967][T18535] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3717'.
[  578.622663][ T5308] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  578.630730][ T5308] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  578.644657][ T5308] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  578.653993][ T5308] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  578.658107][ T5308] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  578.679298][T18542] lo speed is unknown, defaulting to 1000
[  578.792437][T18549] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3724'.
[  578.835041][T18549] 8021q: adding VLAN 0 to HW filter on device bond5
[  578.860298][T18551] syzkaller1: entered promiscuous mode
[  578.862728][T18551] syzkaller1: entered allmulticast mode
[  578.870019][T18549] bond4: (slave veth0_to_bond): Releasing backup interface
[  578.875927][T18549] bond5: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  578.981057][T18542] chnl_net:caif_netlink_parms(): no params data found
[  579.100598][T18542] bridge0: port 1(bridge_slave_0) entered blocking state
[  579.103380][T18542] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.105729][T18542] bridge_slave_0: entered allmulticast mode
[  579.108554][T18542] bridge_slave_0: entered promiscuous mode
[  579.142182][T18188] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  579.145776][T18188] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  579.157375][T18542] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.159739][T18542] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.164153][T18542] bridge_slave_1: entered allmulticast mode
[  579.166826][T18542] bridge_slave_1: entered promiscuous mode
[  579.215593][T18542] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  579.220897][T18542] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  579.255782][T18188] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  579.259125][T18188] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  579.709982][T18542] team0: Port device team_slave_0 added
[  579.715354][T18542] team0: Port device team_slave_1 added
[  579.751353][T18188] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  579.754775][T18188] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  579.778285][T18542] batman_adv: batadv0: Adding interface: batadv_slave_0
[  579.780497][T18542] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  579.790762][T18542] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  579.796289][T18542] batman_adv: batadv0: Adding interface: batadv_slave_1
[  579.798894][T18542] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  579.807663][T18542] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  579.829938][T18188] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  579.834001][T18188] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  579.911011][T18542] hsr_slave_0: entered promiscuous mode
[  579.913760][T18542] hsr_slave_1: entered promiscuous mode
[  579.916366][T18542] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  579.919883][T18542] Cannot create hsr debugfs directory
[  580.122183][ T6009] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  580.208315][T18582] cgroup: Need name or subsystem set
[  580.221282][T18582] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3732'.
[  580.276854][ T6009] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  580.280405][ T6009] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  580.286483][ T6009] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  580.292094][ T6009] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  580.295885][ T6009] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  580.300532][ T6009] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  580.304040][ T6009] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  580.306695][ T6009] usb 6-1: Product: syz
[  580.308016][ T6009] usb 6-1: Manufacturer: syz
[  580.313300][ T6009] cdc_wdm 6-1:1.0: skipping garbage
[  580.314987][ T6009] cdc_wdm 6-1:1.0: skipping garbage
[  580.318803][ T6009] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  580.320722][ T6009] cdc_wdm 6-1:1.0: Unknown control protocol
[  580.531311][ T6009] usb 6-1: USB disconnect, device number 34
[  580.577678][T18188] bond0 (unregistering): Released all slaves
[  580.668296][T18188] bond1 (unregistering): Released all slaves
[  580.679321][T18188] bond2 (unregistering): Released all slaves
[  580.733455][ T5951] Bluetooth: hci4: command tx timeout
[  580.780910][T18188] bond3 (unregistering): (slave veth0_to_bond): Releasing backup interface
[  580.785127][T18188] bond3 (unregistering): Released all slaves
[  580.880331][T18188] tipc: Disabling bearer <udp:syz2>
[  580.883601][T18188] tipc: Left network mode
[  581.074087][T18594] 
[  581.074904][T18594] =====================================================
[  581.077040][T18594] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[  581.079366][T18594] 6.16.0-rc2-syzkaller #0 Not tainted
[  581.080984][T18594] -----------------------------------------------------
[  581.084827][T18594] syz.1.3734/18594 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  581.087227][T18594] ffff88806b137018 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510
[  581.090067][T18594] 
[  581.090067][T18594] and this task is already holding:
[  581.092368][T18594] ffff88804bc39028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0
[  581.095437][T18594] which would create a new lock dependency:
[  581.097277][T18594]  (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3}
[  581.099771][T18594] 
[  581.099771][T18594] but this new dependency connects a SOFTIRQ-irq-safe lock:
[  581.102657][T18594]  (&dev->event_lock#2){..-.}-{3:3}
[  581.102678][T18594] 
[  581.102678][T18594] ... which became SOFTIRQ-irq-safe at:
[  581.106654][T18594]   lock_acquire+0x179/0x350
[  581.108130][T18594]   _raw_spin_lock_irqsave+0x3a/0x60
[  581.109833][T18594]   input_inject_event+0x9f/0x390
[  581.111463][T18594]   led_set_brightness+0x217/0x290
[  581.113111][T18594]   led_trigger_event+0xda/0x270
[  581.114890][T18594]   kbd_bh+0x21b/0x300
[  581.116535][T18594]   tasklet_action_common+0x281/0x400
[  581.118688][T18594]   handle_softirqs+0x219/0x8e0
[  581.120575][T18594]   __irq_exit_rcu+0x109/0x170
[  581.122425][T18594]   irq_exit_rcu+0x9/0x30
[  581.123791][T18594]   sysvec_apic_timer_interrupt+0xa4/0xc0
[  581.125575][T18594]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  581.127993][T18594]   _raw_spin_unlock_irqrestore+0x31/0x80
[  581.130253][T18594]   input_inject_event+0x1a5/0x390
[  581.132326][T18594]   evdev_write+0x2e1/0x440
[  581.133970][T18594]   vfs_write+0x2a0/0x1150
[  581.135775][T18594]   ksys_write+0x1f8/0x250
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  581.137585][T18594]   __do_fast_syscall_32+0x7c/0x3a0
[  581.139617][T18594]   do_fast_syscall_32+0x32/0x80
[  581.141613][T18594]   entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  581.144153][T18594] 
[  581.144153][T18594] to a SOFTIRQ-irq-unsafe lock:
[  581.146929][T18594]  (tasklist_lock){.+.+}-{3:3}
[  581.146953][T18594] 
[  581.146953][T18594] ... which became SOFTIRQ-irq-unsafe at:
[  581.151961][T18594] ...
[  581.151968][T18594]   lock_acquire+0x179/0x350
[  581.154936][T18594]   _raw_read_lock+0x5f/0x70
[  581.156772][T18594]   __do_wait+0x105/0x890
[  581.158427][T18594]   do_wait+0x21e/0x5a0
[  581.159749][T18594]   kernel_wait+0x9f/0x160
[  581.161365][T18594]   call_usermodehelper_exec_work+0xf1/0x170
[  581.163691][T18594]   process_one_work+0x9cf/0x1b70
[  581.165662][T18594]   worker_thread+0x6c8/0xf10
[  581.167150][T18594]   kthread+0x3c2/0x780
[  581.168467][T18594]   ret_from_fork+0x5d4/0x6f0
[  581.170052][T18594]   ret_from_fork_asm+0x1a/0x30
[  581.171667][T18594] 
[  581.171667][T18594] other info that might help us debug this:
[  581.171667][T18594] 
[  581.175534][T18594] Chain exists of:
[  581.175534][T18594]   &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock
[  581.175534][T18594] 
[  581.180543][T18594]  Possible interrupt unsafe locking scenario:
[  581.180543][T18594] 
[  581.183546][T18594]        CPU0                    CPU1
[  581.185688][T18594]        ----                    ----
[  581.187755][T18594]   lock(tasklist_lock);
[  581.189479][T18594]                                local_irq_disable();
[  581.192131][T18594]                                lock(&dev->event_lock#2);
[  581.195040][T18594]                                lock(&client->buffer_lock);
[  581.197884][T18594]   <Interrupt>
[  581.199285][T18594]     lock(&dev->event_lock#2);
[  581.201268][T18594] 
[  581.201268][T18594]  *** DEADLOCK ***
[  581.201268][T18594] 
[  581.203962][T18594] 7 locks held by syz.1.3734/18594:
[  581.205722][T18594]  #0: ffff888028ec1118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x184/0x440
[  581.209277][T18594]  #1: ffff888041348230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x390
[  581.212587][T18594]  #2: ffffffff8e5c46c0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x390
[  581.215947][T18594]  #3: ffffffff8e5c46c0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x890
[  581.219690][T18594]  #4: ffffffff8e5c46c0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390
[  581.223085][T18594]  #5: ffff88804bc39028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0
[  581.227037][T18594]  #6: ffffffff8e5c46c0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510
[  581.229902][T18594] 
[  581.229902][T18594] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[  581.233071][T18594]  -> (&dev->event_lock#2){..-.}-{3:3} {
[  581.234823][T18594]     IN-SOFTIRQ-W at:
[  581.236060][T18594]                       lock_acquire+0x179/0x350
[  581.237800][T18594]                       _raw_spin_lock_irqsave+0x3a/0x60
[  581.239874][T18594]                       input_inject_event+0x9f/0x390
[  581.241981][T18594]                       led_set_brightness+0x217/0x290
[  581.244112][T18594]                       led_trigger_event+0xda/0x270
[  581.246246][T18594]                       kbd_bh+0x21b/0x300
[  581.248064][T18594]                       tasklet_action_common+0x281/0x400
[  581.250315][T18594]                       handle_softirqs+0x219/0x8e0
[  581.252408][T18594]                       __irq_exit_rcu+0x109/0x170
[  581.254483][T18594]                       irq_exit_rcu+0x9/0x30
[  581.256371][T18594]                       sysvec_apic_timer_interrupt+0xa4/0xc0
[  581.258712][T18594]                       asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  581.261121][T18594]                       _raw_spin_unlock_irqrestore+0x31/0x80
[  581.263434][T18594]                       input_inject_event+0x1a5/0x390
[  581.265576][T18594]                       evdev_write+0x2e1/0x440
[  581.267503][T18594]                       vfs_write+0x2a0/0x1150
[  581.269404][T18594]                       ksys_write+0x1f8/0x250
[  581.271290][T18594]                       __do_fast_syscall_32+0x7c/0x3a0
[  581.273437][T18594]                       do_fast_syscall_32+0x32/0x80
[  581.275539][T18594]                       entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  581.278570][T18594]     INITIAL USE at:
[  581.279785][T18594]                      lock_acquire+0x179/0x350
[  581.281899][T18594]                      _raw_spin_lock_irqsave+0x3a/0x60
[  581.284108][T18594]                      input_inject_event+0x9f/0x390
[  581.286211][T18594]                      led_set_brightness+0x217/0x290
[  581.288296][T18594]                      kbd_led_trigger_activate+0xcb/0x110
[  581.290552][T18594]                      led_trigger_set+0x59a/0xc50
[  581.292567][T18594]                      led_trigger_set_default+0x1e0/0x2e0
[  581.294827][T18594]                      led_classdev_register_ext+0x7b8/0xa10
[  581.297161][T18594]                      input_leds_connect+0x552/0x8e0
[  581.299282][T18594]                      input_attach_handler.isra.0+0x184/0x260
[  581.301635][T18594]                      input_register_device+0xa84/0x1130
[  581.303836][T18594]                      atkbd_connect+0x5da/0xa20
[  581.305805][T18594]                      serio_driver_probe+0x74/0xb0
[  581.307849][T18594]                      really_probe+0x23e/0xa90
[  581.309797][T18594]                      __driver_probe_device+0x1de/0x440
[  581.312024][T18594]                      driver_probe_device+0x4c/0x1b0
[  581.314545][T18594]                      __driver_attach+0x283/0x580
[  581.316657][T18594]                      bus_for_each_dev+0x13e/0x1d0
[  581.318712][T18594]                      serio_handle_event+0x247/0xa50
[  581.320791][T18594]                      process_one_work+0x9cf/0x1b70
[  581.323279][T18594]                      worker_thread+0x6c8/0xf10
[  581.325377][T18594]                      kthread+0x3c2/0x780
[  581.327309][T18594]                      ret_from_fork+0x5d4/0x6f0
[  581.329316][T18594]                      ret_from_fork_asm+0x1a/0x30
[  581.331408][T18594]   }
[  581.332281][T18594]   ... key      at: [<ffffffff9b0bb740>] __key.7+0x0/0x40
[  581.334832][T18594] -> (&client->buffer_lock){....}-{3:3} {
[  581.336702][T18594]    INITIAL USE at:
[  581.337943][T18594]                    lock_acquire+0x179/0x350
[  581.339832][T18594]                    _raw_spin_lock+0x2e/0x40
[  581.342113][T18594]                    evdev_pass_values+0x10e/0x9b0
[  581.344365][T18594]                    evdev_events+0x1bb/0x390
[  581.346274][T18594]                    input_pass_values+0x6c7/0x890
[  581.348810][T18594]                    input_handle_event+0xf00/0x14d0
[  581.351462][T18594]                    input_inject_event+0x1cd/0x390
[  581.354070][T18594]                    evdev_write+0x2e1/0x440
[  581.356072][T18594]                    vfs_write+0x2a0/0x1150
[  581.358037][T18594]                    ksys_write+0x1f8/0x250
[  581.359875][T18594]                    __do_fast_syscall_32+0x7c/0x3a0
[  581.362444][T18594]                    do_fast_syscall_32+0x32/0x80
[  581.364787][T18594]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  581.367232][T18594]  }
[  581.368034][T18594]  ... key      at: [<ffffffff9b0bbbc0>] __key.1+0x0/0x40
[  581.370294][T18594]  ... acquired at:
[  581.371504][T18594]    _raw_spin_lock+0x2e/0x40
[  581.372980][T18594]    evdev_pass_values+0x10e/0x9b0
[  581.374610][T18594]    evdev_events+0x1bb/0x390
[  581.376128][T18594]    input_pass_values+0x6c7/0x890
[  581.377747][T18594]    input_handle_event+0xf00/0x14d0
[  581.379395][T18594]    input_inject_event+0x1cd/0x390
[  581.381028][T18594]    evdev_write+0x2e1/0x440
[  581.382492][T18594]    vfs_write+0x2a0/0x1150
[  581.383942][T18594]    ksys_write+0x1f8/0x250
[  581.385392][T18594]    __do_fast_syscall_32+0x7c/0x3a0
[  581.387044][T18594]    do_fast_syscall_32+0x32/0x80
[  581.388617][T18594]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  581.390653][T18594] 
[  581.391418][T18594] 
[  581.391418][T18594] the dependencies between the lock to be acquired
[  581.391425][T18594]  and SOFTIRQ-irq-unsafe lock:
[  581.395568][T18594]   -> (tasklist_lock){.+.+}-{3:3} {
[  581.397034][T18594]      HARDIRQ-ON-R at:
[  581.398329][T18594]                         lock_acquire+0x179/0x350
[  581.400341][T18594]                         _raw_read_lock+0x5f/0x70
[  581.402384][T18594]                         __do_wait+0x105/0x890
[  581.404348][T18594]                         do_wait+0x21e/0x5a0
[  581.406276][T18594]                         kernel_wait+0x9f/0x160
[  581.408242][T18594]                         call_usermodehelper_exec_work+0xf1/0x170
[  581.410749][T18594]                         process_one_work+0x9cf/0x1b70
[  581.412887][T18594]                         worker_thread+0x6c8/0xf10
[  581.414948][T18594]                         kthread+0x3c2/0x780
[  581.416836][T18594]                         ret_from_fork+0x5d4/0x6f0
[  581.418880][T18594]                         ret_from_fork_asm+0x1a/0x30
[  581.420967][T18594]      SOFTIRQ-ON-R at:
[  581.422278][T18594]                         lock_acquire+0x179/0x350
[  581.424076][T18594]                         _raw_read_lock+0x5f/0x70
[  581.426061][T18594]                         __do_wait+0x105/0x890
[  581.427999][T18594]                         do_wait+0x21e/0x5a0
[  581.429908][T18594]                         kernel_wait+0x9f/0x160
[  581.431886][T18594]                         call_usermodehelper_exec_work+0xf1/0x170
[  581.434329][T18594]                         process_one_work+0x9cf/0x1b70
[  581.436473][T18594]                         worker_thread+0x6c8/0xf10
[  581.438503][T18594]                         kthread+0x3c2/0x780
[  581.440388][T18594]                         ret_from_fork+0x5d4/0x6f0
[  581.442423][T18594]                         ret_from_fork_asm+0x1a/0x30
[  581.444535][T18594]      INITIAL USE at:
[  581.445822][T18594]                        lock_acquire+0x179/0x350
[  581.447808][T18594]                        _raw_write_lock_irq+0x36/0x50
[  581.449911][T18594]                        copy_process+0x4caf/0x76a0
[  581.451994][T18594]                        kernel_clone+0xfc/0x960
[  581.453978][T18594]                        user_mode_thread+0xc7/0x110
[  581.456037][T18594]                        rest_init+0x23/0x2b0
[  581.457931][T18594]                        start_kernel+0x3ee/0x4d0
[  581.459892][T18594]                        x86_64_start_reservations+0x18/0x30
[  581.462171][T18594]                        x86_64_start_kernel+0x130/0x190
[  581.464123][T18594]                        common_startup_64+0x13e/0x148
[  581.466236][T18594]      INITIAL READ USE at:
[  581.467690][T18594]                             lock_acquire+0x179/0x350
[  581.469804][T18594]                             _raw_read_lock+0x5f/0x70
[  581.471925][T18594]                             __do_wait+0x105/0x890
[  581.474001][T18594]                             do_wait+0x21e/0x5a0
[  581.475976][T18594]                             kernel_wait+0x9f/0x160
[  581.478105][T18594]                             call_usermodehelper_exec_work+0xf1/0x170
[  581.480656][T18594]                             process_one_work+0x9cf/0x1b70
[  581.482971][T18594]                             worker_thread+0x6c8/0xf10
[  581.485201][T18594]                             kthread+0x3c2/0x780
[  581.487200][T18594]                             ret_from_fork+0x5d4/0x6f0
[  581.489333][T18594]                             ret_from_fork_asm+0x1a/0x30
[  581.491536][T18594]    }
[  581.492391][T18594]    ... key      at: [<ffffffff8e20c098>] tasklist_lock+0x18/0x40
[  581.494857][T18594]    ... acquired at:
[  581.496205][T18594]    _raw_read_lock+0x5f/0x70
[  581.497810][T18594]    send_sigio+0xb8/0x3e0
[  581.499212][T18594]    kill_fasync+0x214/0x510
[  581.500659][T18594]    lease_break_callback+0x23/0x30
[  581.502296][T18594]    __break_lease+0x671/0x1810
[  581.503860][T18594]    vfs_truncate+0x4d3/0x6e0
[  581.505346][T18594]    __ia32_compat_sys_truncate+0x171/0x1e0
[  581.507188][T18594]    __do_fast_syscall_32+0x7c/0x3a0
[  581.508832][T18594]    do_fast_syscall_32+0x32/0x80
[  581.510421][T18594]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  581.512454][T18594] 
[  581.513231][T18594]  -> (&f_owner->lock){....}-{3:3} {
[  581.514931][T18594]     INITIAL USE at:
[  581.516278][T18594]                      lock_acquire+0x179/0x350
[  581.518446][T18594]                      _raw_write_lock_irq+0x36/0x50
[  581.520532][T18594]                      __f_setown+0x61/0x3c0
[  581.522397][T18594]                      generic_setlease+0xeef/0x1300
[  581.524467][T18594]                      kernel_setlease+0x106/0x140
[  581.526488][T18594]                      vfs_setlease+0x258/0x2d0
[  581.528402][T18594]                      fcntl_setlease+0x3ed/0x5a0
[  581.530410][T18594]                      do_fcntl+0x751/0x15a0
[  581.532268][T18594]                      do_compat_fcntl64+0x367/0x710
[  581.534348][T18594]                      __do_fast_syscall_32+0x7c/0x3a0
[  581.536461][T18594]                      do_fast_syscall_32+0x32/0x80
[  581.538510][T18594]                      entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  581.540983][T18594]     INITIAL READ USE at:
[  581.542393][T18594]                           lock_acquire+0x179/0x350
[  581.544473][T18594]                           _raw_read_lock_irqsave+0x74/0x90
[  581.546777][T18594]                           send_sigio+0x31/0x3e0
[  581.548756][T18594]                           kill_fasync+0x214/0x510
[  581.550819][T18594]                           sock_wake_async+0x132/0x160
[  581.552949][T18594]                           unix_release_sock+0xb7d/0x12e0
[  581.555204][T18594]                           unix_release+0x91/0xf0
[  581.557235][T18594]                           __sock_release+0xb0/0x270
[  581.559341][T18594]                           sock_close+0x1c/0x30
[  581.561321][T18594]                           __fput+0x402/0xb70
[  581.563239][T18594]                           task_work_run+0x150/0x240
[  581.565365][T18594]                           get_signal+0x1d1/0x26d0
[  581.567404][T18594]                           arch_do_signal_or_restart+0x8f/0x790
[  581.569795][T18594]                           exit_to_user_mode_loop+0x84/0x110
[  581.572109][T18594]                           __do_fast_syscall_32+0x2ac/0x3a0
[  581.574397][T18594]                           do_fast_syscall_32+0x32/0x80
[  581.576556][T18594]                           entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  581.579177][T18594]   }
[  581.580019][T18594]   ... key      at: [<ffffffff9ade9780>] __key.1+0x0/0x40
[  581.582247][T18594]   ... acquired at:
[  581.583460][T18594]    _raw_read_lock_irqsave+0x74/0x90
[  581.585140][T18594]    send_sigio+0x31/0x3e0
[  581.586554][T18594]    kill_fasync+0x214/0x510
[  581.588000][T18594]    sock_wake_async+0x132/0x160
[  581.589564][T18594]    unix_release_sock+0xb7d/0x12e0
[  581.591195][T18594]    unix_release+0x91/0xf0
[  581.592653][T18594]    __sock_release+0xb0/0x270
[  581.594371][T18594]    sock_close+0x1c/0x30
[  581.595749][T18594]    __fput+0x402/0xb70
[  581.597067][T18594]    task_work_run+0x150/0x240
[  581.598591][T18594]    get_signal+0x1d1/0x26d0
[  581.600046][T18594]    arch_do_signal_or_restart+0x8f/0x790
[  581.601834][T18594]    exit_to_user_mode_loop+0x84/0x110
[  581.603535][T18594]    __do_fast_syscall_32+0x2ac/0x3a0
[  581.605208][T18594]    do_fast_syscall_32+0x32/0x80
[  581.606799][T18594]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  581.608807][T18594] 
[  581.609581][T18594] -> (&new->fa_lock){....}-{3:3} {
[  581.611198][T18594]    INITIAL USE at:
[  581.612430][T18594]                    lock_acquire+0x179/0x350
[  581.614342][T18594]                    _raw_write_lock_irq+0x36/0x50
[  581.616351][T18594]                    fasync_remove_entry+0xb2/0x1e0
[  581.618380][T18594]                    fasync_helper+0xaf/0xd0
[  581.620235][T18594]                    sock_fasync+0x92/0x140
[  581.622073][T18594]                    __fput+0x96b/0xb70
[  581.623794][T18594]                    task_work_run+0x150/0x240
[  581.625687][T18594]                    exit_to_user_mode_loop+0xeb/0x110
[  581.627789][T18594]                    __do_fast_syscall_32+0x2ac/0x3a0
[  581.629950][T18594]                    do_fast_syscall_32+0x32/0x80
[  581.632423][T18594]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  581.635508][T18594]    INITIAL READ USE at:
[  581.637191][T18594]                         lock_acquire+0x179/0x350
[  581.639742][T18594]                         _raw_read_lock_irqsave+0x74/0x90
[  581.642521][T18594]                         kill_fasync+0x138/0x510
[  581.644727][T18594]                         sock_wake_async+0x132/0x160
[  581.647245][T18594]                         unix_shutdown+0x4be/0xa50
[  581.649810][T18594]                         __sys_shutdown+0x116/0x1b0
[  581.652410][T18594]                         __ia32_sys_shutdown+0x53/0x80
[  581.655124][T18594]                         __do_fast_syscall_32+0x7c/0x3a0
[  581.657898][T18594]                         do_fast_syscall_32+0x32/0x80
[  581.660585][T18594]                         entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  581.663817][T18594]  }
[  581.664823][T18594]  ... key      at: [<ffffffff9ade9740>] __key.0+0x0/0x40
[  581.667512][T18594]  ... acquired at:
[  581.669028][T18594]    lock_acquire+0x179/0x350
[  581.670928][T18594]    _raw_read_lock_irqsave+0x74/0x90
[  581.673044][T18594]    kill_fasync+0x138/0x510
[  581.674932][T18594]    evdev_pass_values+0x619/0x9b0
[  581.676955][T18594]    evdev_events+0x1bb/0x390
[  581.678812][T18594]    input_pass_values+0x6c7/0x890
[  581.680805][T18594]    input_handle_event+0xf00/0x14d0
[  581.682891][T18594]    input_inject_event+0x1cd/0x390
[  581.684957][T18594]    evdev_write+0x2e1/0x440
[  581.686793][T18594]    vfs_write+0x2a0/0x1150
[  581.688576][T18594]    ksys_write+0x1f8/0x250
[  581.690388][T18594]    __do_fast_syscall_32+0x7c/0x3a0
[  581.692459][T18594]    do_fast_syscall_32+0x32/0x80
[  581.694465][T18594]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  581.696982][T18594] 
[  581.697953][T18594] 
[  581.697953][T18594] stack backtrace:
[  581.700239][T18594] CPU: 0 UID: 0 PID: 18594 Comm: syz.1.3734 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) 
[  581.700259][T18594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  581.700270][T18594] Call Trace:
[  581.700278][T18594]  <TASK>
[  581.700286][T18594]  dump_stack_lvl+0x116/0x1f0
[  581.700312][T18594]  check_irq_usage+0x7dc/0x920
[  581.700331][T18594]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  581.700358][T18594]  ? check_path.constprop.0+0x24/0x50
[  581.700379][T18594]  ? __lock_acquire+0x1285/0x1c90
[  581.700398][T18594]  __lock_acquire+0x1285/0x1c90
[  581.700422][T18594]  lock_acquire+0x179/0x350
[  581.700439][T18594]  ? kill_fasync+0x138/0x510
[  581.700457][T18594]  _raw_read_lock_irqsave+0x74/0x90
[  581.700484][T18594]  ? kill_fasync+0x138/0x510
[  581.700499][T18594]  kill_fasync+0x138/0x510
[  581.700516][T18594]  evdev_pass_values+0x619/0x9b0
[  581.700538][T18594]  evdev_events+0x1bb/0x390
[  581.700558][T18594]  input_pass_values+0x6c7/0x890
[  581.700581][T18594]  input_handle_event+0xf00/0x14d0
[  581.700602][T18594]  ? _copy_from_user+0x59/0xd0
[  581.700628][T18594]  input_inject_event+0x1cd/0x390
[  581.700648][T18594]  evdev_write+0x2e1/0x440
[  581.700670][T18594]  ? __pfx_evdev_write+0x10/0x10
[  581.700691][T18594]  ? bpf_lsm_file_permission+0x9/0x10
[  581.700709][T18594]  ? security_file_permission+0x71/0x210
[  581.700728][T18594]  ? rw_verify_area+0xcf/0x680
[  581.700747][T18594]  ? __pfx_evdev_write+0x10/0x10
[  581.700768][T18594]  vfs_write+0x2a0/0x1150
[  581.700791][T18594]  ? __pfx_vfs_write+0x10/0x10
[  581.700811][T18594]  ? find_held_lock+0x2b/0x80
[  581.700826][T18594]  ? __fget_files+0x204/0x3c0
[  581.700845][T18594]  ? __fget_files+0x20e/0x3c0
[  581.700868][T18594]  ksys_write+0x1f8/0x250
[  581.700889][T18594]  ? __pfx_ksys_write+0x10/0x10
[  581.700911][T18594]  ? rcu_is_watching+0x12/0xc0
[  581.700926][T18594]  __do_fast_syscall_32+0x7c/0x3a0
[  581.700940][T18594]  do_fast_syscall_32+0x32/0x80
[  581.700955][T18594]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  581.700974][T18594] RIP: 0023:0xf7ff5579
[  581.700987][T18594] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  581.701003][T18594] RSP: 002b:00000000f511655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  581.701018][T18594] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000040
[  581.701026][T18594] RDX: 0000000000002250 RSI: 0000000000000000 RDI: 0000000000000000
[  581.701034][T18594] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  581.701044][T18594] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  581.701054][T18594] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  581.701070][T18594]  </TASK>
[  582.057563][T18188] hsr_slave_0: left promiscuous mode
[  582.059504][T18188] hsr_slave_1: left promiscuous mode
[  582.074087][T18188] veth1_macvtap: left promiscuous mode
[  582.076470][T18188] veth0_macvtap: left promiscuous mode
[  582.078443][T18188] veth1_vlan: left promiscuous mode
[  582.080105][T18188] veth0_vlan: left promiscuous mode
[  582.812417][ T5951] Bluetooth: hci4: command tx timeout
[  583.195835][T18188] IPVS: stop unused estimator thread 0...
[  583.245278][T18188] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.334949][T18188] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.383610][T18188] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.444765][T18188] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.520769][T18188] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.596819][T18188] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.674810][T18188] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.745007][T18188] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.825601][T18188] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.916071][T18188] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.986733][T18188] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  584.065060][T18188] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  584.163079][T18188] bridge_slave_1: left allmulticast mode
[  584.165489][T18188] bridge_slave_1: left promiscuous mode
[  584.167882][T18188] bridge0: port 2(bridge_slave_1) entered disabled state
[  584.172366][T18188] bridge_slave_0: left allmulticast mode
[  584.174713][T18188] bridge_slave_0: left promiscuous mode
[  584.177090][T18188] bridge0: port 1(bridge_slave_0) entered disabled state
[  584.183693][T18188] bridge_slave_1: left allmulticast mode
[  584.186044][T18188] bridge_slave_1: left promiscuous mode
[  584.188408][T18188] bridge0: port 2(bridge_slave_1) entered disabled state
[  584.192262][T18188] bridge_slave_0: left allmulticast mode
[  584.194608][T18188] bridge_slave_0: left promiscuous mode
[  584.196977][T18188] bridge0: port 1(bridge_slave_0) entered disabled state
[  584.364487][T18188] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  584.368767][T18188] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  584.373062][T18188] bond0 (unregistering): Released all slaves
[  584.727382][T18188] bond0 (unregistering): Released all slaves
[  584.732679][T18188] bond1 (unregistering): Released all slaves
[  584.816263][T18188] bond2 (unregistering): Released all slaves
[  584.892732][T18188] bond3 (unregistering): Released all slaves
[  584.898393][T18188] bond4 (unregistering): (slave veth0_to_bond): Releasing backup interface
[  584.901710][T18188] bond4 (unregistering): Released all slaves
[  584.905688][T18188] bond5 (unregistering): Released all slaves
[  585.055731][T18188] team0: Port device bond0 removed
[  585.058195][T18188] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  585.061591][T18188] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  585.065240][T18188] bond0 (unregistering): Released all slaves
[  585.068915][T18188] bond1 (unregistering): Released all slaves
[  585.152176][T18188] bond2 (unregistering): Released all slaves
[  585.227834][T18188] bond3 (unregistering): Released all slaves
[  585.313494][T18188] bond4 (unregistering): Released all slaves
[  585.321144][T18188] bond5 (unregistering): (slave veth0_to_bond): Releasing backup interface
[  585.325135][T18188] bond5 (unregistering): Released all slaves
[  585.556554][T18188] bond0 (unregistering): Released all slaves
[  585.636681][T18188] bond1 (unregistering): Released all slaves
[  585.720629][T18188] bond2 (unregistering): Released all slaves
[  585.725663][T18188] bond3 (unregistering): (slave veth0_to_bond): Releasing backup interface
[  585.729650][T18188] bond3 (unregistering): Released all slaves
[  585.812444][T18188] : left promiscuous mode
[  585.906717][T18188] IPVS: stopping backup sync thread 18358 ...
[  586.583791][T18188] hsr_slave_0: left promiscuous mode
[  586.586300][T18188] hsr_slave_1: left promiscuous mode
[  586.588604][T18188] batman_adv: batadv0: Removing interface: batadv_slave_0
[  586.591208][T18188] batman_adv: batadv0: Removing interface: batadv_slave_1
[  586.597351][T18188] hsr_slave_0: left promiscuous mode
[  586.601281][T18188] hsr_slave_0: left promiscuous mode
[  586.606084][T18188] hsr_slave_1: left promiscuous mode
[  586.608623][T18188] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  586.611642][T18188] batman_adv: batadv0: Removing interface: batadv_slave_0
[  586.615213][T18188] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  586.618299][T18188] batman_adv: batadv0: Removing interface: batadv_slave_1
[  586.624156][T18188] hsr_slave_0: left promiscuous mode
[  586.633246][T18188] veth1_macvtap: left promiscuous mode
[  586.635582][T18188] veth0_macvtap: left promiscuous mode
[  586.638510][T18188] veth1_macvtap: left promiscuous mode
[  586.640762][T18188] veth0_macvtap: left promiscuous mode
[  586.643125][T18188] veth1_vlan: left promiscuous mode
[  586.645365][T18188] veth0_vlan: left promiscuous mode
[  586.648257][T18188] veth1_macvtap: left promiscuous mode
[  586.650582][T18188] veth0_macvtap: left promiscuous mode
[  586.653109][T18188] veth1_vlan: left promiscuous mode
[  586.655516][T18188] veth0_vlan: left promiscuous mode
[  586.828264][T18188] team0 (unregistering): Port device team_slave_1 removed
[  586.868903][T18188] team0 (unregistering): Port device team_slave_0 removed
[  587.650241][T18188] team0 (unregistering): Port device team_slave_1 removed
[  587.696190][T18188] team0 (unregistering): Port device team_slave_0 removed
[  589.703719][T18188] IPVS: stop unused estimator thread 0...
[  589.706865][T18188] IPVS: stop unused estimator thread 0...
[  589.710086][T18188] IPVS: stop unused estimator thread 0...
[  589.786887][T18188] bridge_slave_1: left allmulticast mode
[  589.789268][T18188] bridge_slave_1: left promiscuous mode
[  589.791701][T18188] bridge0: port 2(bridge_slave_1) entered disabled state
[  589.795848][T18188] bridge_slave_0: left allmulticast mode
[  589.798123][T18188] bridge_slave_0: left promiscuous mode
[  589.799895][T18188] bridge0: port 1(bridge_slave_0) entered disabled state
[  589.830772][T18188] ip6gretap0 (unregistering): left promiscuous mode
[  589.865896][T18188] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  590.046405][T18188] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  590.049903][T18188] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  590.053359][T18188] bond0 (unregistering): Released all slaves
[  590.143446][T18188] bond1 (unregistering): Released all slaves
[  590.227235][T18188] bond2 (unregistering): Released all slaves
[  590.317501][T18188] bond3 (unregistering): (slave veth0_to_bond): Releasing backup interface
[  590.321442][T18188] bond3 (unregistering): Released all slaves
[  590.396151][T18188] : left promiscuous mode
[  590.704748][T18188] batadv_slave_0: left promiscuous mode
[  590.708674][T18188] hsr_slave_0: left promiscuous mode
[  590.710721][T18188] hsr_slave_1: left promiscuous mode
[  590.712760][T18188] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  590.715652][T18188] batman_adv: batadv0: Removing interface: batadv_slave_0
[  590.718919][T18188] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  590.721731][T18188] batman_adv: batadv0: Removing interface: batadv_slave_1
[  590.727009][T18188] veth1_macvtap: left promiscuous mode
[  590.728760][T18188] veth0_macvtap: left promiscuous mode
[  590.730534][T18188] veth1_vlan: left promiscuous mode
[  590.732468][T18188] veth0_vlan: left promiscuous mode
[  590.881024][T18188] team0 (unregistering): Port device team_slave_1 removed
[  590.886844][T18188] team0 (unregistering): Port device team_slave_0 removed

VM DIAGNOSIS:
23:36:21  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000054 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85582355 RDI=ffffffff9b06da80 RBP=ffffffff9b06da40 RSP=ffffc9000748f300
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=0000000000000054 R14=ffffffff9b06da40 R15=ffffffff855822f0
RIP=ffffffff8558237f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097561000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f747b70c CR3=0000000076eb9000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000011a42c4 RBX=0000000000000001 RCX=ffffffff8b7c4be9 RDX=ffffed1005666646
RSI=ffffffff8c156220 RDI=ffffffff81918591 RBP=ffffed1003bda488 RSP=ffffc9000046fdf8
R8 =0000000000000000 R9 =ffffed1005666645 R10=ffff88802b33322b R11=ffffffff9af6b278
R12=0000000000000001 R13=ffff88801ded2440 R14=ffffffff90a82f50 R15=0000000000000000
RIP=ffffffff8b7c374f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097661000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fdff6a0f286 CR3=000000005371c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000c4c0c004 Opmask01=0000000000000000 Opmask02=0000000011000303 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73752f3a6e69622f
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000002a2e 2573257325003a25
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056196a503f28
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73752f3a6e69622f 3a6e6962732f7273
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000003 00007fdff690a42d
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056196a4f5760 000056196a4f5760
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056196a500710 000056196a4f3910
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056196a00662d 000056196a503f28 000056196a503f48 665f65676e006d72
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056196a00662d 000056196a503f28 000056196a503f48 665f65676e006d72
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000561945004902 0000561945501007 0000561945501048 495f4a484100425d
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056196a5002f8 0000000000000000 000000000000000f 000056196a00873d
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056196a4fab58 0000000000000000 000000000000000f 0000000000875d81
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=ffff88804bc14f00 RCX=dffffc0000000000 RDX=ffff888024ea2440
RSI=ffffffff82072d9e RDI=0000000000000005 RBP=0000000000000000 RSP=ffffc900037d77e8
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=00000000000152f4
R12=0000000000000000 R13=ffffffffffffffff R14=dffffc0000000000 R15=0000000000000000
RIP=ffffffff81bb8878 RFL=00000296 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097761000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055c8fd609000 CR3=0000000078210000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000104080 Opmask01=0000000000000000 Opmask02=000000000fffffff Opmask03=0000000020400004
Opmask04=00000000ffdfffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055d6f374fab0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f87781f1b20
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f87781f1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffffffffffffff
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0baca853be75f4ad 737326a0dd6923f9
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737372f2 7373737373737373
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 376874652f74656e 2f346d6973766564 74656e2f73656369 7665642f7379732f
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000037687465 2f74656e2f346d69 7376656474656e2f 736563697665642f
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f6d697377685f31 3132303863616d2f 6c6175747269762f 736563697665642f
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 78dfdb20cd0687de 000055d3ae12fd65 0000000000000331 0000003077617264
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3139312c3039312c 4638312c4538312c 4238312c3938312c 3838312c3538312c
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3438312c3138312c 3937312c3737312c 3437312c4436312c 4336312c3636312c
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3336312c3136312c 3036312c30462c46 442c30442c46432c 38412c37412c4639
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000181 0000000000000030 7365752075062f36 00004e4f531a4552
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000160 0000000000000030 0000552075062f36 00004e4f531a1b31
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=ffff88802b53d000 RCX=ffffffff81af8c93 RDX=ffff88801decc880
RSI=ffffffff81af8c6d RDI=0000000000000005 RBP=ffffc9000044fd08 RSP=ffffc9000044fbc0
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=fffffbfff1cb9eb6
R12=1ffff92000089f80 R13=0000000000000002 R14=0000000000000001 R15=ffffed10056a7a01
RIP=ffffffff81af8c6f RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097861000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fa968e6237e CR3=000000000e382000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000002000000 Opmask01=0000000000000008 Opmask02=00000000fff7ffdf Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000002
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa968e92b20 00007fa968e93050
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6c6f7365722f6574 6174732d6b6f6f68 2f6463706368642f 6e75722f7261762f
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e6f635f6669006b 6e696c2e36687465 2e666e6f632e766c 6f7365722f657461
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000