last executing test programs:

10.170102873s ago: executing program 3 (id=3189):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={<r2=>0x0, 0x10, &(0x7f0000000400)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000200)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6c, &(0x7f0000000340)={r2, @in={{0x2, 0x0, @loopback}}}, &(0x7f0000000d00)=0x84)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x7a, &(0x7f00000001c0), &(0x7f0000000040)=0x8)
unshare(0xc040400)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r3, 0x29, 0x40, 0x0, 0x60)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f00000001c0), 0x0, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000005100000008000300", @ANYRES32=r9], 0x24}}, 0x0)
splice(r4, 0x0, r6, 0x0, 0x39000, 0x0)
r10 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r10}, &(0x7f00000000c0)=<r11=>0x0)
timer_gettime(r11, &(0x7f0000000180))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r12 = socket$tipc(0x1e, 0x5, 0x0)
r13 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r13, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r13, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$bt_hci(r12, 0x84, 0x1, &(0x7f0000002280)=""/4091, &(0x7f0000001200)=0x87d)
setsockopt$TIPC_GROUP_JOIN(r12, 0x10f, 0x87, &(0x7f0000000400)={0x42, 0x1, 0x3, 0x3}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0)
mmap(&(0x7f000049e000/0x4000)=nil, 0x4000, 0xa, 0x30, r12, 0x1000)

9.325327598s ago: executing program 3 (id=3196):
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e4001020303090224002af623"], &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$char_usb(0xffffffffffffffff, &(0x7f0000000000), 0x0)
syz_emit_vhci(&(0x7f0000000600)=ANY=[@ANYBLOB="040e04005b0c07134fde7697cd908150e83ed0474c9278c29c716c2d7867c54ad6ecc42f4b2ee76cf4bc095f0b80cb226cf8b0d46ef323d57d633bc309eb56c2c6ace3ae34c0c067c8aab4f509b16fdc60ddb6648cc6eac6b041467d49904234b7b70799ae2f96d32e65018d7825f39c0248463be11db76edc9ce7ba2cd9650e281c641ceb7427298f55f90ec8a8bb4831119168f476e1d5923da6cc92d2ea"], 0x7)

7.827856611s ago: executing program 1 (id=3202):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000006840)={0x2020}, 0xff23)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
timer_create(0x4, &(0x7f0000000040)={0x0, 0x1e, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067000000050000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f0000000000)={{}, 0x80000000, 0x6, 0x100})
openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newtaction={0x98, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x84, 0x1, [@m_tunnel_key={0x80, 0x1, 0x0, 0x0, {{0xf}, {0x50, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xe, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @empty}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @empty}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r4, 0x402, 0x80000007)
fcntl$setsig(r4, 0xa, 0x21)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
readv(r5, &(0x7f00000004c0)=[{&(0x7f00000000c0)=""/44, 0x2c}], 0x11)

6.800490953s ago: executing program 1 (id=3204):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={<r2=>0x0, 0x10, &(0x7f0000000400)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000200)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6c, &(0x7f0000000340)={r2, @in={{0x2, 0x0, @loopback}}}, &(0x7f0000000d00)=0x84)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x7a, &(0x7f00000001c0), &(0x7f0000000040)=0x8)
unshare(0xc040400)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r3, 0x29, 0x40, 0x0, 0x60)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f00000001c0), 0x0, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000005100000008000300", @ANYRES32=r9], 0x24}}, 0x0)
splice(r4, 0x0, r6, 0x0, 0x39000, 0x0)
r10 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r10}, &(0x7f00000000c0)=<r11=>0x0)
timer_gettime(r11, &(0x7f0000000180))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r12 = socket$tipc(0x1e, 0x5, 0x0)
r13 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r13, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r13, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$bt_hci(r12, 0x84, 0x1, &(0x7f0000002280)=""/4091, &(0x7f0000001200)=0x87d)
setsockopt$TIPC_GROUP_JOIN(r12, 0x10f, 0x87, &(0x7f0000000400)={0x42, 0x1, 0x3, 0x3}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0)
mmap(&(0x7f000049e000/0x4000)=nil, 0x4000, 0xa, 0x30, r12, 0x1000)

6.237949056s ago: executing program 3 (id=3206):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={r3, <r4=>0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r4, r5, 0x0, 0x0, 0x0, 0x7fc, {0x4, 0x1, 0x3, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fe1dff010000000000000000000caa000000091600000000000004b427180010"}})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
syz_usb_connect(0x0, 0xdf0, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000bb9d3140a8171300a68e010203010902de0d040000000009044c080dd890490008240600014c352105240008000d240f01ed000000000009000706241a00001004240202152412ff03a317a88b045e4f01a607c0ffcb7e392a09050c101000040945ca23c564da1719759a29a61dbc150dee67401978c3d487fadb01e86bb960b9abdae885655d1f0a3987e8ab80844c898af48ae4a1dc734c6f1ac92197166706200f3f846794a14529d411aa643ebc2c178af7e658687ed74319c9ecd18b138716e2d5d315f539c0e02bc70a1c6c20f9cf086112931185ffbc9f694e80aa88e3b2cfb6fe7e74eec71f7499f504b45a4865a95033669c07087facaf8ac4f31b04b77f719c05b32879ae5d0d2345cd230249d2a81931d5b2cd4926d14e453f00930c1f6eab4a52d70a168db209050b08080006050509050e03200074077f6f012eb6f6fa6e8097158a29b2b59f66885d24de987395bcfe57c098f9f152403879d2184522b55a1ffa66c66472b9db75b365340b7ca77e19d136ee9b6d4f8582a50176d416ba0bc77e01f89eecdb032b7f918c7686d52a8a352bf3ee9327907d7bd508bd917fb205cf679b2040bf09050a1020000104080905010140008f038007250182080400090580080002f9800209050210ff030f09ff072501800205009f040c3a28fce72749ce8348f09ddc83df10d064eecdfb654f6cce460f6a1c8e713c4990e55522dc79b96fda18bd6d7f17308d8cbebc90a4fd42cb4e8de2db10b862752cd19c4ea184753c6aa3aeeec7758d029165e68f69773d599b8a34c4bb2a79469c5d08b9d77887278c4c82cdca59a07ad1cdc4abd75071e40ddaefc87f85ad235feb18b2c0e946135b774035d84e7f070ab6f04b1ae80bbfc9c8892c0905011020000c00050905031008000cff8107250100040900072501000805000905080108007f0703d207b78b979985980c55387603537e47dd2f2e8edf4a9531f79606d639345059e4a0f89675999bfa05df87ba75b38a137ddae0d9b69591af1eebd350b034c1374173942b3ba8df1ab6c67c637e2cb11ed25c53015099377406eff9019213367ef7a0f9c33b1e3a1ade2220d24498c1925c39630ed38db55a89d8a2f1778f399513d149866a2fc9ffdefc82dfbeaedd999a118e3064a96c39126ffe33da17e7573cb5e24c6d4aa6e976b8c75dbdc8d4b6e4b902d50016f603bee417b0e1b87c6a088ca806c8489ab97a4453b99789f580b51b9523a13e5f827e5fa667c39e956b4fb4371ceb844c15377d79294b1703d9bdeb28bc84cdc4e78f3c2751fcc9595bdd7e44148917ea122786a88e8dfb6d1245bd4b44516cb9ad6dc5d954fa5894ea1d5b0b9d344da7342d25037686dfbbef579b7c55785bbc96b59c5a9cb11b36069092bc5913cf38d77e90ba89643107bf87f0ea1ab4495fe37b1eed186bbe1dde0a73be96d44e2309050c031000720509ad31d27e74f77531a457026f62696f28251af2359bc3f51fd3e680aecc06edb18f6f7fc901651a38a3476348868b089518469bf194f19e7f9ca4261ed03062a2a2c37e6303e83ca09619c184fa4304b17100407ee3fb262ff391cc28efca2884bccb60027e00141eda5c4fff696a072d2b9bf81b4c218ab749604e6499801aa68b8bfd61c0cd27249458b23da4b2178ed44d856b0186f37807a0540ba0926d2059d1df13e5f6574dc33a48b692ff09b718b7742b28b2920454e0d4cc2e6231dbfe2d009fb7c8bb68893f2d352a7215fccb8c5794462391b89dde2a584e1ba64b08b310010ac56d0e8273c77190e6672f50ccb63b4a2f26558fedfc14de3d837ddb7b936403a3075a740050552266a9b09f544c5b1d7ed3e0952146f8764637ec5c2c94dad57aaf5f1a23308610798c3d8355528169831aca24ca27747ffeff677e54da257cc90f47c09b37b694c7e96d1706a075164464b8f1e14b0c12ceaf48a593690600cb5bcae110dbf980424eeb4bbb075114175c2733dce31054faf14c3881bb084566147b3996119318a6688815c1de0f9c05f63b3b0c0f8a68f866b61bc7cd323ff64a0014eb7fff09050908400008860009050501080001050909043f000657a707fa0a240102000502010209240302000306040808240802020002a9052405040607240502feaadc1124060404050600070007000100020081052406000005240005000d240f0103000000090003005908241cfffe06db0c072414d5f60b0009050202000410060450074efd4c41c53e61fa16b19fae792afc6bbfdc8217923fcb88fa6157d23257e68e05e2b4e89ccededb94d390e523c7dec3c011b8b8e36b57e883"], 0x0)
syz_usb_connect$cdc_ecm(0x1, 0x143, &(0x7f0000000700)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x131, 0x1, 0x1, 0x6, 0x20, 0x3, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x2, 0x6, 0x0, 0xf9, {{0x9, 0x24, 0x6, 0x0, 0x0, "a875d650"}, {0x5, 0x24, 0x0, 0xe47e}, {0xd, 0x24, 0xf, 0x1, 0xdd, 0x4, 0x4, 0x16}, [@call_mgmt={0x5, 0x24, 0x1, 0x0, 0x3}, @acm={0x4, 0x24, 0x2, 0x9}, @mdlm={0x15, 0x24, 0x12, 0x7}, @country_functional={0xc, 0x24, 0x7, 0xc1, 0x5, [0x1000, 0x64, 0xff]}, @mdlm_detail={0xbb, 0x24, 0x13, 0xf9, "d3b0ea68b477e3a96692126f57cef22674e41d4eeee54db697fd13d628627367d4197c366a400f443e042b931f0b64e8029fe317a232096b654a67e930c74f403975392c9ba79e19e652b7e1979560c3d3acd8b8a8563aa74679c98ba9b930d494e6c06a8594ca279257c5ff889e4e84802419b80a053c06f84ac5c1bb39d2d5794c48cf3df2425d55b178a4b70bed91d3adadc568272a17dc461a3b762b3c56fc793df24f3d5d239fbafdcaa1fdf9740fdccf3144fc7b"}, @acm={0x4}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0x2, 0x5, 0x2}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x0, 0x9, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x6, 0x9, 0x2}}}}}]}}]}}, &(0x7f0000000d40)={0xa, &(0x7f0000000880)={0xa, 0x6, 0x300, 0x4, 0x9, 0x0, 0x8, 0xd}, 0x194, &(0x7f00000008c0)={0x5, 0xf, 0x194, 0x6, [@generic={0xe7, 0x10, 0x2, "6b15bf01a9d13400e32d17ea61ff3c908c7e131de15417a70ca95c169da7dd0403b370af88e4f989e8028357c8bb22c108bc9ac96bffe908c00aa0e5422c2bbf31634db3a657241fb4083cb5d343e0bfe15a611d6a304992282e559320d1774eca89f60213b2a5fdb60cee5273edb4c68b27c36f88cc8d09a52de18060be0f059cf51949da3b2bfc0554822fc9a14f6517d3cc62d50b058078d8f03f078c140a6bf99cc99298144e39d1c5235aab7daba5ae11c6bc5117b44621d66da3723b0509c3ec0814158c1c35cc68daaa508b03ceafe85ae6d2a8cd5e3b01e7227e7f3d85f4f0ee"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x2, 0xe, 0x2}, @ssp_cap={0xc, 0x10, 0xa, 0x7f, 0x0, 0x3, 0xf00, 0x3}, @generic={0x77, 0x10, 0xb, "bcd26de9cd33abdf3dcc5c6600999f69973df173516da390351abbb26ec07c32056a6f4fac39c3cedb2f34efbe3330127876c9616189ceba97878921b9eb3e84f0041f5f8cb0893cad7a2ace39aac30481ba30d35eeb4379f53eef82287e0f9553e0717a7a511f62edcd79daba38091449ace36e"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "42994e351a8caa2a91615ea95304f9fc"}, @ext_cap={0x7, 0x10, 0x2, 0x1c, 0x1, 0x6, 0x5}]}, 0x6, [{0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x4001}}, {0x4, &(0x7f0000000ac0)=@lang_id={0x4, 0x3, 0x814}}, {0x30, &(0x7f0000000b00)=@string={0x30, 0x3, "8de8266d69e52588d0a1426d17d118667bfb521135e186a115c3eaf553e1bf6d359e3755a2603369699a5af21340"}}, {0xfe, &(0x7f0000000b40)=@string={0xfe, 0x3, "22d917202931d45a55cd19eeb873a45129efe899738ead92637dd0f1980ac75d1b330c0e31d50ce67f2519e34f94184417cd035fe04f7368c5e3970aea038c3fa58cce292dcf4513097d4d0c54967e8e35cb0b32bdcf9dc59f7383b928ce116f173c41e1c7314957d7416be088c807352ae05b43e5cd62f7c1474ae3a0d09d107a3be67a3a2822f86d5e1ce763c946adfa96143af9a3aa650e4e0f867a0e1775edc795c2abf0d1825a8d1ddb6f605dda07665614304b88f3130590fba85e29e8cc6ae856f87d0233279930414210365b362fe4426f88461ef6610f461c5ea5bcf2d03ff12a08497932ac1f5e2c70e6f4efdbc7799af04f94b019ae8d"}}, {0x1c, &(0x7f0000000c40)=@string={0x1c, 0x3, "1c5eb14b1eb0bc315fb7b275efab88ac2aee2dad4667a0c33077"}}, {0x91, &(0x7f0000000c80)=@string={0x91, 0x3, "3a83d5ba4141ede8944b9f4f71d590bc4d0a35449ee283c9a5798cc35327a272723433c57d3105bb058bd9d2ea1273ee6688eca281ed90bb22110781aa333bd7da4842b2513aee4ba5526615f1e5a17e58e570edc105fea5bed8da0a4a1f05f9a97b4dffd41be81ea92f07c716a63b0d5f2675a949165757e82c924df9dc3f0f0e5b20e3f4902a3386c83a4d0a6b12"}}]})
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x94, 0x7e, 0xac, 0x0, 0x8ca, 0x111, 0x6dc8, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x89, 0x26, 0x3c}}]}}]}}, 0x0)
syz_open_dev$dmmidi(&(0x7f0000002e40), 0x48000, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(0xffffffffffffffff, 0xc0245720, &(0x7f0000000080)={0x1})

3.878587518s ago: executing program 1 (id=3207):
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000000440)=[{&(0x7f0000000340)=""/96, 0x7ffff000}, {&(0x7f0000000280)}, {&(0x7f0000000600)=""/252}, {&(0x7f0000000400)=""/34}], 0x50, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
io_setup(0x4, &(0x7f0000000140)=<r2=>0x0)
io_pgetevents(r2, 0x1, 0x0, &(0x7f0000001080), 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r3}, 0x38)
r4 = socket$packet(0x11, 0x3, 0x300)
epoll_create1(0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xffe4, 0xfffffffffffffda0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x4)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0x8, 0x1}, 0x48)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_RENAME(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={0x34, 0x5, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}]}, 0x34}}, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000003c0)={r5, &(0x7f0000000580), &(0x7f0000001740)=""/248}, 0x20)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r9=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001200)=ANY=[@ANYBLOB="9803eb19c9e4e1fefd54a72189da49b895800000", @ANYRES16=r8, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r9, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
socket$key(0xf, 0x3, 0x2)
io_submit(r2, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}])

3.878156303s ago: executing program 2 (id=3208):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
munmap(&(0x7f0000000000/0x2000)=nil, 0x2000)
write$P9_RGETLOCK(r0, &(0x7f0000000540)=ANY=[], 0x25)

3.78880803s ago: executing program 2 (id=3210):
iopl(0x3)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000006800010000000000000000000a0000000000000008000500", @ANYRES32=0x0, @ANYBLOB="b8658007eaec589e282f7562fb56b687926204db6f9720bae5f0421b349dbce7b1d175bd1bf100000000504b08c8b92fbedd5ce93a15a8a5381bb83ff096e696fda0445664b72c54c83cb52e168f4d19ac401bb10f7ba0a710330724bc23db49c8324112c62ab272b7fcadf226fc9209338b970684ef8859aebf6c8354b75c4ae2cef9eb64352a34e014cab0ac00000000af4517eead09863d45cd89b11fb15d6d68656d7f3343fb678900"/186], 0x20}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x48001)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000280), &(0x7f00000013c0)=0xc)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000040000000000000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffcdd}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r5}, 0x10)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r6, 0xc00464c9, &(0x7f00000004c0))
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCADDRT(r7, 0x890b, &(0x7f0000000000)={0x0, {0x2, 0x0, @local}, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}}, {0x2, 0x0, @private}, 0x7e})
fcntl$F_GET_FILE_RW_HINT(r3, 0x40d, &(0x7f0000000140))
syz_open_dev$ptys(0xc, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r8=>0x0})
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, 0x0, 0x0, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000044}, 0x844)
ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000140))
ioctl$PTP_SYS_OFFSET_PRECISE(0xffffffffffffffff, 0xc0403d08, &(0x7f0000000500))
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f00000000c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r9}, 0x10)
socketpair(0x23, 0x5, 0x0, &(0x7f0000000040))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x0)
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0)

3.639135693s ago: executing program 2 (id=3211):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
syz_io_uring_setup(0x6291, &(0x7f0000000340)={0x0, 0x722f, 0x0, 0x0, 0x2ac}, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x11c, &(0x7f00000002c0)=0x4, 0x0, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
syz_emit_ethernet(0xfdef, &(0x7f00000003c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x168, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, [{}, {0x0, 0x1, "000000050000000026000400"}, {0x0, 0x9, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a"}, {0x21, 0x7, "b8a3e100908f61640000006f00fec0ffff00000000000000ff0bc0fe000000000000000002000002d9a0274500040000000013eaf40000"}, {0x0, 0x13, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf"}, {0x0, 0x4, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bc"}]}}}}}}, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r3, 0x11, 0x68, &(0x7f0000003a80)=0x2, 0x4)
setsockopt$inet6_udp_encap(r3, 0x11, 0x64, &(0x7f00000000c0)=0x4, 0x4)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'netdevsim0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x2}}}}]}, 0x78}}, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
write$binfmt_elf64(r2, &(0x7f00000000c0)=ANY=[], 0xc63b9e35)
r7 = socket(0x0, 0x80002, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newtaction={0x14, 0x13, 0x53b}, 0x14}}, 0x0)
bind$netrom(r7, 0x0, 0x0)
r8 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f00000000c0)={0x0, 0x1, 0x1})

3.178226574s ago: executing program 3 (id=3212):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="200000000a140309000000000000000008000100000000000800030001"], 0x20}}, 0x0) (fail_nth: 3)

3.099870401s ago: executing program 1 (id=3213):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0xfffffffd, 0x2}, 0x48)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c8000c0008000500070800227cca1eb327c95af1d1bccd21c35f16000700"], 0x11)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ff"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x44d02)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0x0, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_NON_HH_WEIGHT={0x8, 0x7, 0x5}]}}]}, 0x38}}, 0x0)
bind$unix(r2, 0x0, 0x0)
r6 = socket$unix(0x1, 0x2, 0x0)
sendmmsg(r6, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'bridge0\x00'})
sendmsg$nl_route(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000003e00f14500007000fedbdf210a000000342801"], 0x14}, 0x1, 0x0, 0x0, 0x8800}, 0x80)
r9 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r9, 0x8933, &(0x7f00000001c0)={'wg1\x00', <r10=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000010000100"/20, @ANYRES32=r10, @ANYBLOB="1619020000000000"], 0x20}}, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000140), 0x1)
process_vm_readv(0x0, &(0x7f0000008400)=[{0x0}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)

3.03999662s ago: executing program 3 (id=3214):
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e4001020303090224002af623"], &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$char_usb(0xffffffffffffffff, &(0x7f0000000000)='9', 0x1)
syz_emit_vhci(0x0, 0x7)

2.611966891s ago: executing program 2 (id=3216):
syz_io_uring_setup(0x7ffa, &(0x7f0000000400)={0x0, 0xf785, 0x3f, 0x2, 0x2ac}, &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$PROG_LOAD(0x6, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$clear(0x11, 0xfffffffffffffffd)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r6, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0xfe}, @raw32}], 0x1c)
r7 = dup(r4)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000012000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000300)="b9800000c00f3235000800000f300fe095a6520000b8010000000f01d9c402d53b9e0700000026f047ff4d14f30fc775ddb9c5090000b86c000000ba000000000f1d0f08450f01cb4a0fc72b", 0x4c}], 0x1, 0x0, 0x0, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="270000000104010a00000000000000000000000306000644dfff0002"], 0x1c}}, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
setsockopt$inet6_int(r2, 0x29, 0xf, &(0x7f0000000100)=0x8, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r2, 0x80, &(0x7f0000000280)=@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}}})
io_uring_enter(0xffffffffffffffff, 0x7c76, 0x0, 0x2, 0x0, 0x0)

2.127938953s ago: executing program 1 (id=3217):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000006840)={0x2020}, 0xff23)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
timer_create(0x4, &(0x7f0000000040)={0x0, 0x1e, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f0000000000)={{}, 0x80000000, 0x6, 0x100})
openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newtaction={0x98, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x84, 0x1, [@m_tunnel_key={0x80, 0x1, 0x0, 0x0, {{0xf}, {0x50, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xe, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @empty}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @empty}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r4, 0x402, 0x80000007)
fcntl$setsig(r4, 0xa, 0x21)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
readv(r5, &(0x7f00000004c0)=[{&(0x7f00000000c0)=""/44, 0x2c}], 0x11)

1.978366818s ago: executing program 0 (id=3218):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
munmap(&(0x7f0000000000/0x2000)=nil, 0x2000)
write$P9_RGETLOCK(r0, &(0x7f0000000540)=ANY=[], 0x25)

1.909033986s ago: executing program 0 (id=3219):
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000000440)=[{&(0x7f0000000340)=""/96, 0x7ffff000}, {&(0x7f0000000280)}, {&(0x7f0000000600)=""/252}, {&(0x7f0000000400)=""/34}], 0x50, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
io_setup(0x4, &(0x7f0000000140)=<r2=>0x0)
io_pgetevents(r2, 0x1, 0x0, &(0x7f0000001080), 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r3}, 0x38)
socket$packet(0x11, 0x3, 0x300)
epoll_create1(0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xffe4, 0xfffffffffffffda0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x4)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0x8, 0x1}, 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_RENAME(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={0x34, 0x5, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}]}, 0x34}}, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000003c0)={r4, &(0x7f0000000580), &(0x7f0000001740)=""/248}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
io_submit(r2, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}])

1.198018669s ago: executing program 1 (id=3220):
syz_emit_vhci(0x0, 0x22)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="04040a00000000000054679202ce9eaa48b326b038d97544c8b681bad547412afab3663029531077c8c4fa2f7501610d4eae6214096ae92430cd63486f07b04d9c519ab15a6e842e1352398f95ff35f5115a2c6c50f63336179b5e6b1f774a63506e8cb76bba42c6bee078240ec871a2bcf7dd5691833ac53a02f3614eae3afb9549df1b77ce0baebc9f6306644f6f08bbd3ca3229d272acd3483bf3ae4228f7a2b839594856918b10ca47ad4dc249d99c244aba277d101b5ac305"], 0xd)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="04090003c800000000f8ffffffffffffff000002"], 0x14)
write$binfmt_script(r0, &(0x7f00000005c0)={'#! ', '', [], 0xa, "7d7c463361f6a11cf6e5600f11c68f16539afb331bf63eafc7d3db6c273b843c92f868b7cc99fa92b898e4549d93a274a6a8221cfc2df04da760a707a57f2adeb124ab580975ab10518f9bd924533d504e2e0ec6102ec2eb8edd51e1a830a1028233bc005b9f4d13d28de3ce256afec2ff9236b1e39e3abe273604600768506123efa4b0b307444e2006626c1d3eb5135703f45052bc0001000000000000188c8512800999ad9b6593e218ecbe90ebeac4a55ec153bfddc40ed83e41f33748255a9e5b5ce9eb2d9b57fff72265af29b0df2834f3ce69dbefc2e13b86d7c512f2681270188b4bc990559ecd6731c4f49221b19637ebd2a29fc7bdad307dc31612572d1d418761927a3db07111d852a7236397c65cd77992ad68ae5a935ccc452e00f844b7e8496448f98b0b25eef918790ad22c40c1e04c8eb13c726a820000000000000000000000000000e637b17224c491e98d9ced41ebba4469fe727d8b4db8fb7c00ba25a4fd567373563584222edd922f31d1cd9e588bbc6c984cb09f0066c6a9ca5139a3d926ec1157b52f107132b4f5f1c2cb6bf3939fe42c70bb8f70d3eb86632b968606e0dc5c08fa47a48be36984c90b60071bfd600170c90ab999b9fa20aaa3c86312fdfb2abaa9d0f30c262088891ea4e0310836cf6ea1b3b5ae7c71be2aa70748ca234c44405490a741b6adcbe47d33b768bc5db83e4456fc085192da9728a81ba420b4b0c12a513463fcc5d70c80a9fa36b9acb7032d4171085f2cc6650500a9bd0814ae8552596850e2a107ca0e4b275c19f283b94533"}, 0x242)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f00000002c0)={0x0, &(0x7f0000000340)=""/121, 0x79})
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000ac0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xffffffffffffffe1, 0x0, 0x0, 0x10001, 0xfffffffffffff924]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r2 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e20, 0x100000, @loopback, 0x2}, 0x1c)
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10)
getsockopt$inet_int(r3, 0x10d, 0x3, &(0x7f0000000000), &(0x7f0000000200)=0x4)
r4 = socket(0x1, 0x2, 0x1)
syz_io_uring_setup(0x3ccf, &(0x7f0000000340)={0x0, 0x2ce8, 0x0, 0xffffffff, 0x319, 0x0, r1}, 0x0, 0x0)
syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2)
readv(r3, &(0x7f0000000100)=[{&(0x7f0000000500)=""/126, 0x7e}], 0x1)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_perm_addr={0x33}})
socket$xdp(0x2c, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000f80)={0x2c, &(0x7f0000000e80)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000440), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r5, 0x40505330, &(0x7f0000000700))

1.008010324s ago: executing program 0 (id=3221):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="540100001000130700000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=<r1=>0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac1914aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015000d00000000000000000000000000000000000000000000000000000000000000000000000002000400000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ccd700000000001c000400070000000000000000000000000000000000000000000000e7662d7b88fed7249af44effb0603567d6e23ea3c2029caaeaa6bd9d19ef13c97951b17eba9d83573373ae652af51796b8a5f4a516763f46724d6bd30f6617168522052e1426e73091bad271c5f78e474d0dd6eff879f6d14623a389e799c64b34546bb7e7966305a5e737b7f7d68640199fb29e51e9b0bc25ea676d850f82ffec51"], 0x154}}, 0x0)
r2 = syz_usbip_server_init(0x3)
r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
connect$llc(r3, &(0x7f00000000c0)={0x1a, 0x309, 0x0, 0x5, 0x0, 0x0, @remote}, 0x10)
write$usbip_server(r2, &(0x7f0000000980)=ANY=[@ANYBLOB="000000030000000300000000000000010000000100010000000000c50000010700000017000000020000000000000000d9ea674cb745f1030ee2135d07ef8da5916b1a3650a15dec672c3b254efc6809b973784cc31f4486f8331acde30b7866643ed73955b6949f82a02182fd6ce9b5b9f27eb889dfd6de034c7862365a46a75c199e680c6b32929cfb93a21f710354bd1dd8124f4660d6179a4dce7cce2c7ab7ad3451e852ac0747da2c25508c0db13eefa3d6da1f42a44bbdaaec8841151e5af587790101e3a77a9a60b0417788e765f42a8652406f6174bd9a076e9f0c973006406aff127de33767fae5ff2d4eb580847ee4fc000000040000000200000001000001ff00000007000000050000000000000000000000010000ffff0000000800000003000000c000000fff00000002000007ff000017ccffffffc1000000060000000100004dab0000000100000a3d000000490000800000000008000000070000005c0001000100000020000000bd00000100000090c900000001000052c700000fff000000090000000000000002000000200000ffff0000000100000000fffffff90000000900000fff00000009000000090000000800000009000001cf000000060000050500000004000101000001000000000fff000000d70000004000000f140000e8d7000000200000000000000009000000040000d46d0000001c0000000800000fff0000000800000000000000800000001000fffffffc000000010000036100000006fffffffd00000007000000020000000100000000000000090000000400000101000000070000089c142c220d0000000500"/613], 0x265)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000011c0)={0x18, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_init_net_socket$nfc_raw(0x27, 0x0, 0x0)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0))
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040))
setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffdfffff})
pwrite64(0xffffffffffffffff, &(0x7f00000001c0)="14", 0x1, 0xe090c3a)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_tcp_int(r5, 0x6, 0x1e, 0x0, &(0x7f0000000140))
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000600)=ANY=[@ANYRES32=r1, @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r6, &(0x7f0000002140)={0x2020, 0x0, <r7=>0x0}, 0x2020)
syz_fuse_handle_req(r6, &(0x7f0000008400)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9474a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x801}}}, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r6, &(0x7f0000000340)={0x50, 0x0, r7}, 0x50)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0)
ioctl$FIBMAP(r8, 0x5319, 0x0)
socket$netlink(0x10, 0x3, 0x0)
unshare(0x22020600)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000280)='./file1\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')

915.933588ms ago: executing program 2 (id=3222):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r2, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r3, 0x0, 0x0, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20024094, &(0x7f0000000040)={0x2, 0x0, @dev}, 0x10)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x0)
ioctl$PPPIOCSFLAGS1(r1, 0x40047459, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4004743d, 0x2000000b)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0xf, 0xa, 0x1, &(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xa)
sendmsg$nl_route_sched(r5, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000002640)=@newtaction={0x1458, 0x30, 0x1, 0x0, 0x25dfdbff, {0x0, 0x0, 0x6a00}, [{0x1444, 0x1, [@m_mirred={0x50, 0x3, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x5}, 0x3, r7}}]}, {0x4, 0xa}, {0xc}, {0xc}}}, @m_skbmod={0x104, 0x11, 0x0, 0x0, {{0xb}, {0x54, 0x2, 0x0, 0x1, [@TCA_SKBMOD_SMAC={0xa, 0x4, @multicast}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x3ff}, @TCA_SKBMOD_DMAC={0xa, 0x3, @local}, @TCA_SKBMOD_SMAC={0xa, 0x4, @local}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0xfffffff9, 0x7fff, 0x8, 0x443, 0x5}}}]}, {0x88, 0x6, "79579338f0fce072706b55e05360a3477353cbdcc664f43e8faebdee8daebd8b5c14652a7c61ae37eb7c2079b95cfab259fdf47a8a630186b305eccb462ec45a372a93afb958d319cf1ccc7f08c4b391a97f0e86ed07e1d09ef74ee347533d2b87a4e006e85ba60b7defcb8e692d30f5d12271b9692f61643bc4c4da8a8f00db89079233"}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_simple={0x104, 0x15, 0x0, 0x0, {{0xb}, {0x4c, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x9, 0x3, '({!.\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x800, 0x6, 0x7fff, 0x2}}, @TCA_DEF_DATA={0xc, 0x3, 'b\x01\xf5\xff\xff\xff0\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x7, 0x6, 0x0, 0x200, 0x125b}}]}, {0x8d, 0x6, "c00609ccbcac5024f2630ee3126fb24ab468fde89fc6e054bc9834fd848f2cc45bbf15c99c3a1b7d4adc0436cd09d3531040ecb3042bbcc7e5c06bc608f1cd4145c60490f31874b2df795519c59adbe8d15af574e46e20e4bedfe79f54bb175c321d0a201f5716b41493129088a8bd4051740a3a82c621a6c09c545a20a9668b0383d7d8ae5df87142"}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_gact={0x108c, 0xe, 0x0, 0x0, {{0x9}, {0xa0, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x7, 0xd2f, 0x4, 0x7fffffff, 0xddac}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1660, 0x3}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x2434, 0x10000000}}, @TCA_GACT_PROB={0xc, 0x3, {0xd4fa916a4ecb4084, 0x1e85, 0x7}}, @TCA_GACT_PARMS={0x18, 0x2, {0xfffffff5, 0x1, 0x8, 0x1, 0xd58}}, @TCA_GACT_PARMS={0x18, 0x2, {0x401, 0x81, 0x3, 0x0, 0x5}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x6ab, 0x1}}, @TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x10000000, 0x2, 0x1000}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e02, 0x20000000}}]}, {0xfc3, 0x6, "f62edb70361eaef0cd3970a8d667fca2f48df770b1dd18ce8b2e7e1b50caf0ad4342f8882537530d5e55352c8ad4b81cb50f161d0ae132e79efb9f2d3b93d190bf6ffd2fa9884121b7a45d9d7d050c3a19a62851cad0b7d05e7d34c9bd9d39282b6249d441081d6eb61044510aeda964ab95d66ab1f3bbfe185649a8be84f15313252250631e0cba4508402c271efa2ddfae3dd154e25ae1a8c74f3089a268baf6bbfd505a660a8dd8514705f765ddc6f08b9c2921462b4d92688aeebcd92f13eccd8c85f063f9d0713e8fd59634d529b6412dbe862f62da7376b033dd1216b0df022f1a9d8b78e9868c6a61fc2ae3dd10d6bdaed3cd49d1f83ebbfd3e8c91942b343042bfcb87e25a37a09e68f96b3c51900ac342901423d53c5a5467b64f9cf7b0a554a2cfe839ede2453230e3dd8135ecff38d999418e902477dcec2728133d5e76a1208db80b95fbf4116fc1a1a4c624282c120cec4e626aa9a228669069d0251c41a5bed2564e9d44f72737158d44e3d3e7ad824eea9a98c03fa38ef8e4b242425940510237fe32091803bbd8661ca93735045c7fd1d8ef4709211af570d8025dbb1c4e20589a20f38f0788213b340d1449bccb90419a78bdd5036982a48dfad7ae0ea9c00090768993594677253b1fce7069ced16b69b172d37d5640ac6fce3291545e50751dd474aea49bb108ef58bec83d0f433929734cff36da3ed810bd51016d39ee8ae6a1b1eb18ef29c4bf27648d32c28019210bdb7264ae9d3db7c561d1283464c4f4b45dd4361911c19f4cf170b6c1b83988d1949311d726aa6a90af8c95f78d548dc57c4303bb4a6a763fd87b2471f4d63781847428924d97d2a1945e4bc0fdba88d213800a250985f7c895cd1fbe8c5e84ccb994c218e459cf3c6bf81e0190ac40cfc54b135cabaef4c95f4c3a7339a1339e5f44abd44c97d61ad9e1bd467d3775358cc40f2d550f160053278cd31f7ed5cfe9b02d41b14d9e7ee15652d93a4751dfcac8c2adcd2d39646488a2c9a8d857da1e48174a9a8a4a5e6f328e76881773aade9af178831f5aac9f8674af3ff83c6c04fe500c56a7c4eda8182e489d1c8a7178446513a02f64ace77247998681f371906ec4480315914bad55f02b92f257b1e172a63ad7537fe583e8018a0fd83aa5e83ae64dcaf1c3cf668ffb2eaa3fc6f33391bef4b53780273f835adfc9869249c3bacf9550759ea6829747ab544f0dd81fed6e93cf9f28dc64d6ef5fe3d2f6e2277b3659c100359c1c389c07f87a41cafee978a0991946cf754592608f20d1b7acb2723c6fe90c6a6a7fdaf27fcf9d27b0cf064d7912bcfe46ebedaa94e0a21fd8b52ba09725343241f9e55e2a6d1c1ac711e742cef53072658fd8a0c4d4e0111e6d57bb91806f7cbda5d9a501a60b61f32103f0b1b6348293748e0e476106bbb4ffb4e7e85b21b868bbd59407da1830fc0c8772488ab5d93765e3bf89389448467cade7b82e293b5bf61c079a17f77c04e9b43c6d3f355fbc1623c297fca3ca845ec8e7e74722b177d84651002cacae538dd69855b9498197a49f3f67d4b213f2696bfdccc6f4d229adbc4869af274434dbaaf859109d0233b55ac8c4765ae84a849b0bd187648aae8d0b5323d88753b65e95471a614d270dd2fa5541814bd55e0fc19f4b04aaf55b0a3c1fb41de54efbaf6ebca6e529e5e68ff1cec9b650229bd86253e54bb3505c91abea641cb2b69fe2da35258eedca0060b872bcaf39d5ae8a29cc9b9e329c6b8490684d04a4a55c32c902698649cfc9f819124634456ba59ef64f8887d00d6351bb0c45bc969380c32d09f6ff5b75dff48ff413dda902e0294d38c0e608972f893e1e06da175f1009297b15f1928dc3fdc0c4e0f1f215c51c344ec6b89da4914b8dabd90aa7826476d64b0641f4c137eb8785493d98b1aca4992c4019a7f29ac6ed3c5cf2452b57587d0c2c3073dc44704742c95c20b8b2f924ad0eea5b4b5824e1edba1c273b5af1bf735e506ce872af181a2b5d7d6f8d9dab5f39de30b4b70901a59407747e661c0476d6cb2bea78b6e905a54766a808ca44be32458cab7d2d3b451dd68e700f096c32f30d2818274cf18fbd5affda31d53b9b355b2b0a039d68b0ecfe7937bf272ac3e5e16da7e2fde420881fbc5058cf6e39ec76f1b44ea3eb98e1e45cf53bacec6f62448617f851fb4fece8dc6e48ab63c52f2b329c6ec553ba6130f77113c86c1c2ef1586e26072a03f2e6ec35cc67c4bbfb856d50329ca3c16bec52e537c90de505fa3b31191f59d40ce0c65b82195dbea627fa5c7d0d808e5f626d95bd3317e2b6f6f2de577e857774f03a8ca7043f353a556ccfd26178e15ac0d925a2673592ec434918617be678ea5ee6ab9a22d8a6ba8002e3c0b8001846d80cd0fc633600198260c85956496879461b67e8d219d13dcb9e559835fe53b5cd8b9b84b3c39dcecf48c061d7f6ffbb78bfd8f5ab153db95897d7a5339f156744adb638c61d56fd838338dcfdf2aa3238d3d74780c675c78fd7c9b21e1d993d6e6db700c68b151f155bd7433f72b54e3206f8cd9d00d1bb1595e3a9a43b5f6c9f9e7b5122e089541df532fd273710699b05a5fb3d9408ba608ec4f2b76f7807968c4968966a2d42445436494baee9f6b057f8842d19966dd6089f82d42c9f91a373461faf2354bd019cd9510d01936b09654dbe0b6cd7c8bf8e2168969c8b528b4f4a95d17f5527cde32fcc922558d24dd69f42d6b6fc4b8ae8db63ef26bf8391e04a22706edee8ae423acf483e4a55df89b9749690771ac074fa8e4692a55abe7272bf65df4602b1a7e2c5df78c8b0d5853e94a960d1872a1aa0e442c5b11be3b41ac9b41e738e26400a86be4dcb73e4b43b54e32556352d373a41dea287b2a7b63af44bf69c41f37a507f9c24c3e0a31776824485be5aabc1d8057e85908cdda2160239d0f3dee32ebd2f9a34f9b96c79d0518cbe16e47f27f9cf66d7230ee2d2c4cc25007ae9280870c1d7d7f897c3e7e518d6d056a333f8a3da34e490ce52a692a4709c7bdaf3ed00f07d2418876d12bcf18274527fef9e0b9fa4c763c3637a79162a279ac8212db52993998f723ec11cb15a8d7adb941d15cb7053904525320d684fbcbbf686bb01fbbcc333a049ed63637f2f1406e20bc0474fd79eadc27446ed8b79466d0d9fcb7913bd0695954a1a76ff9b199b6e8079433ec0d2898afb27a5ca3c4d15d1427c1bcabaaf10028e4e3da15ad9f4900a01c287d694a380b5b19f8ae43fd996f590908b461ccdcd0f9f0d0e1c3467df4812857ef0d9906c3e9b2945e2538da26b22b0fb7e41094bb597c11777894b76bad4f0ceb09c3d6722b2966fe3bb9967b804f6c1100a5ce2ba1a45939bc70ac1f1bb8edf701466057be7aba4ecef6cff0a3ce34de932c2d44b7330a442579170d697a52cdc90b726e863dfd20bc97075229c32d6b430fec90875b6ab32e2fa56e51f6c990ca026ff8829b31b87cfbf2fcb67617a5a4a419c1db73a81e52992fe263dd5275c54d6138f0c1286d3ed16a3bc5ccd48e342a71210335159624205fb2f0761159f0f92e5dfe0ebf655c2e77e9d4d0c699793205f293dfe5cc687d7fdada56b428a3e40f14cb1bfab80428737cad94a01d22c732c3929482f01ffff4d9184d72330a1da403fcf05ec541ee50fc20df1fd47a0af16aad3458a176a7ea743506576ad9a24bd657f4be08b06af8c8041923d9a2381f1a27696bcc618e9d1a2fae29949c2b1121cae653c2fdcba84127157b2a251b87d7bfd2c3062469a2ed810bb69dd750f64ea4dad0098203bbf2d0531d92595fc31f63aef9ee9f048976ef1020afac213d18ed59bb6261c0b03c6a7f64491a3640de4a00083722b03b7d3a69b460a289de72fc228d7fdc01d80ff16baf940e4c2e8d0818f87d953ddb5ae5b0095aca7a5218b275e79f42b6333b1599bfaa5124e5302913a79713057059468bd60fadcb8536d918cba18bd0e92fea9622f752a872d54b030eebf862593f71129219f7feee87327b5c1766f0d9f190a989429c636255ab6cea006f08c6588064cb1d0d02baa3e509d81d72c3cc1245f1a1f25bd9cb30ca221a6ba7f96b98e43c968d13da336a341007afb9fafdf62338529b6178fc0b229bc827097bc029697f0488b32bdf719a4430e84f0e90650890c39aae7c1c5fcac64258ae397f6931dd4e27662fc1ee48ca9d3598358009c65b3121456a4cdebd369367e30defdbe55866758f8a9dff59045ec73df2a0ef3b6f38578ccfce85b5f676a2e8e30f317a542968af80aab4baf549b5049c8ff51e031b5c5aa70ae9742d2915cef8249521df2a79bcb12d67db6adc2493060236cf6e317aa3c78d60aa71372e4aabc35d0d4d1bf834b3e163a673704dcd629e1efc55a0c644692ff1cc58118037c6b3da67a2037a4bbac160645ac2463ed6e2ab2946fe344f03054e73cad6409ae29e9668fa1a45e66aee964cb4ea1e942b66193d8449b94456add60eb71027afbec40633956b5cb9157cf8fb71611a056a67e10889537e93a4968ca5e2f5a7802972d56b5ffb9d4cfa42744478def2b39701838255a6e05f7549f957a496fec4355fbfb7efffcd5c669c17c510f981338b5f06e160829b8117624dd21c0a8330d0d031eae1fd1fb8831e7350960ff8b694d5df9487e682c872a00e53b4d3d8b99e137f154eb2c77d97bff8432f8f8ae67f248f14961844bffd9f7777e3a20ed4ce733c9083ced3f4723a798327e1132012abb4b8ace11a346340e98c9ee1057b98bd73cef5a07b409681e267a3e754367af1c964275c54af20faea740bf1d54baf203926ff469bffd439de674f7c52118412893c9be16cfe593029995ba0d270ed5ae73bcf9e31b832ddd0415ace771879a054afbcd807c01b6b1855e581c012dbb2f855c39660714e587b968e00686b4c3bc8c71d524767183b0ca65ee476ec2f3ff5c018e2caca92df7e196f4450e9b22b72e80a8b51365861beb39d38030d03b4b885e5e945b75088fc9202f44981d145e8c2ae8cab8bd4d2d94992eeae32360e17acd2bf4ca29a50e8d8e0fa7c1e49a7e9da566ff831ca767d3ed6976298c64b19e77b1ba7df4dfce87bd6aadff185bdbeabd8db5ba3c307f07009dad9f62f441608e215809adf180beec643f5a20b9ddb86ea420b125b80060f80c9b64c5b0023988e911905cc98c655402084db4de5efa76879fa537d34e45fae7db70dd4d11fd648842620dfcce69d09a96e451efc473cec95d2aae824aa2852db063dcc441806a33723c2818bcf73182bb0970576ec4f43f7e563769cdc466cceab5b09e2a4b2d16338a255be87c1807d789252486d7a09d237116868de352986f40fbdb86f0843673466b3416d3014a74d6d64f4bd31e9548cfa5ded3eef87aa847304a6b138be4bd9a5de4927521895923533b9806d53c30ec1fc93b88d7fefbeb16df95fd9ca23cc6ecdd23b8e3867dafde7dd3c7a6a069cbf318bcf047659ebb0c1b79890a8e893deb23658868ff2917edc0ee8adff64edf34aed6bc0c29f0d93c58ab31a49a1cf92d243d3259f1ba02570ea14b9b0d34106a53400a9f75f05535e7a7663764c6e7c9df6c81c30b1add9a99999ccb752b88971c949758e1f25070292bb4cdd57e6792cca9c4e1fb711712f85a83f6307d644bd6c0fdb64fd675fb73"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_gact={0x60, 0x16, 0x0, 0x0, {{0x9}, {0x34, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1213, 0x7}}, @TCA_GACT_PARMS={0x18, 0x2, {0x5, 0x6, 0x7, 0x9}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x21f4, 0x3}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}, @m_xt={0xfc, 0x1a, 0x0, 0x0, {{0x7}, {0x48, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x39, 0x6, {0x3, 'security\x00', 0x9, 0x2836, "ecf7e627bbfa00cac8e88cdbd5c581"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x4}]}, {0x8e, 0x6, "c8ff3bf21d409d2a3837b874ff61a7fafd6aec5d087194bd924c189821d662dccaa6013a8c9c37fe24c76e09a1bda772da57c8d42f053a7e33882f6fa42b1d8ed988117637870fd511f8e6c0e040c1ca1364c79f01b409b791f2d46a0a16c44ddbb11a80f9c53ad053ba66227e41ad282263140781252a9adcf47d2a0a277cd24f6c4788983dc066d91d"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}]}]}, 0x1458}}, 0x0)
write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r9, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d00000000000500240000000000050016"], 0x68}}, 0x0)

288.696068ms ago: executing program 0 (id=3223):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001a80)=[{{0x0, 0x0, &(0x7f00000018c0)=[{&(0x7f0000000680)="2e1ee21c43ebceb21f85fca5a5f1ba4ecb1ebd23dec5d75d5ce39b3a7b894143d9c950ac060763b4addf09d9b6661c0dfc3ea08cb5714d38a2278f5a9c1364469d52d7855251cebed099a4f173531de78315c71dd74c20da84c17b180814739133301f191ab9c5aa9c78148756224c0a827142ba15d03d4f5caa33e0e8185e65da7387f200bfdee3af3b00d16e3dfca490961aeac0c137d17dfdbbaee48fd979a97f9e3b0ea46bc923a0dc93fc0b805ffda352c619e438bddfc7429d3d5d0a4437c5c21dc8dde0b836bb7f5aaebce28ff74293f389f79aadf88a486dac5e4baaefa34868913faa60f5581992d0ce32f38b4f234f206e363b811a6227f500bd3b685e6f983b16118c26d8d5849ac3c18915e4adef3851212db2800257a1feae2e7051e5a974c6a068f9d5e4375884791766d38ce9a6fc268fb741bfa57fd62aede6505bff77b28e6c1ffb244b0d6588589fa6812266ce97e5e3e1f85dba00d71c87d2f34cc670936a3aa2e0acaf71e8dae8ad737625080a9ce06c2bf1b02bcc11d5", 0x181}], 0x1, 0x0, 0x120}}], 0x1, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f00000006c0)=ANY=[@ANYBLOB="44010000100001000000000000000000ac1414aa000000000000000000000000ac141400"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff020000000000000000000000000001000000006c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000c001c00", @ANYRES32=0x0, @ANYBLOB="0000000048000300"], 0x144}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x8000)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_RANGE_SREG={0x8}, @NFTA_RANGE_OP={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
pread64(r5, &(0x7f0000000580)=""/232, 0xe8, 0x8)
getsockopt$packet_int(r2, 0x107, 0x11, 0x0, &(0x7f0000000080))
read$FUSE(r2, &(0x7f0000002780)={0x2020, 0x0, 0x0, <r6=>0x0}, 0x2020)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x1cc, 0x27, 0x9, 0xfffffffc, 0x0, {0x3}, [@nested={0x12b, 0xf2, 0x0, 0x1, [@typed={0x8, 0xde, 0x0, 0x0, @fd=r1}, @typed={0x8, 0x4e, 0x0, 0x0, @u32=0x2}, @typed={0xc, 0x13c, 0x0, 0x0, @u64=0x5}, @typed={0x6, 0xf8, 0x0, 0x0, @str='\xa3\x00'}, @generic="925fcf966594f2d633735e0f50af882e440eb013cd8a7cfd3dc0011ecf4d4dd692f232374e555c1cdb6c74e7f0d5bbf794d485534d87ef78d273faf0fc369219f3b9560e7d3c5dfa41cddcd6ae8ca37411706dce7387486c74675485f3b8d95b78", @generic="810bc6acfd9a1e7716ba344fcdb807f7f85a2b82b1f88a1990e6a5ce2ddc924e41208eea9042ca141b1ce847b1c08a1f2639e228b3ad494da2befbc1c7eab62aea4cc21d6ba16b23098ce081750c1e36c04e286a", @generic="e75008c4e03601ae5e73004be47266b297a841ae14fdac7d407db85222a5f93b76105a1f28daa8aa1fb55f075db7a13aff214e91d5c2", @typed={0x8, 0x107, 0x0, 0x0, @uid=r6}, @typed={0x8, 0xb8, 0x0, 0x0, @u32=0x800}, @typed={0x8, 0x136, 0x0, 0x0, @ipv4=@private=0xa010100}]}, @generic="0686ab6832a91d351580fe5affa4cc48d6505170f61ccb0e12465799d7592942961c8c0ccb18fcd1570e6371871da578b6b50a47aab94b86b935defff046ca0628851ff7957a64bccabcbfdc05c4050d2a6e94d807c03b16edbf3c7c77abb028d5b576473f15b13222dd5a56a982bf23f80274bc76e9dfcaf12db280435e26271ad378f2ce20f0d5b7"]}, 0x1cc}}, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='cpuset.memory_pressure\x00', 0x275a, 0x0)
r8 = socket$igmp(0x2, 0x3, 0x2)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
getsockname$packet(r2, &(0x7f00000009c0)={0x11, 0x0, <r9=>0x0}, &(0x7f0000000a00)=0x14)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000a40)={'team0\x00', <r10=>0x0})
getsockopt$PNPIPE_IFINDEX(r7, 0x113, 0x2, &(0x7f0000000a80)=<r11=>0x0, &(0x7f0000000ac0)=0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000b00)={'vxcan1\x00', <r12=>0x0})
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f0000000d00)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000b40)={0x160, 0x0, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}]}]}, 0x160}, 0x1, 0x0, 0x0, 0x941d0b021cd4abb}, 0x40814)
setsockopt$MRT_ADD_MFC(r8, 0x0, 0xcc, &(0x7f0000000080)={@empty, @empty, 0x0, "662a47efb7108dc9ff50afa8d9fa55bb9d354c74fd391b1d786a74f1aef2669e", 0x0, 0x0, 0x9}, 0x3c)
setsockopt$MRT_ADD_MFC(r8, 0x0, 0xcc, &(0x7f0000000280)={@private, @multicast1, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23bd0f4eb500"}, 0x3c)
setsockopt$MRT_ADD_MFC_PROXY(r8, 0x0, 0xd2, &(0x7f0000000040)={@remote, @empty, 0x0, "005c2beeb0801bd73c676461644cf36dfc15ea56886fff778a41757aa3ae714d"}, 0x3c)
setsockopt$MRT_ADD_MFC_PROXY(r8, 0x0, 0xd2, &(0x7f0000000200)={@dev, @multicast1, 0x0, "05888ee9654ce5db9229e6a1f0a3c9505e2ebbbc3d341ad6ad352965b867e20b"}, 0x3c)
setsockopt$MRT_FLUSH(r8, 0x0, 0xd4, &(0x7f0000000240)=0x2, 0x4)
r13 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmmsg$inet_sctp(r13, &(0x7f0000002740)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000002640)=[@sndrcv={0x2c}, @prinfo={0x14}, @sndinfo={0x1c}], 0x5c}], 0x1, 0x0)

219.679691ms ago: executing program 0 (id=3224):
r0 = io_uring_setup(0x177f, &(0x7f0000000140))
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x0)
r3 = epoll_create1(0x0)
recvmmsg(r2, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000001c0)=""/163, 0xa3}], 0x1}}], 0x1, 0x0, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x4, @any, 0x1, 0x1}, 0xe)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000001080))
sendmsg$inet6(r2, &(0x7f00000025c0)={0x0, 0x0, &(0x7f0000002540)=[{&(0x7f0000002300)="e5", 0x1}], 0x1}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x14}, 0x14}}, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000002540))
fdatasync(r4)
close_range(r0, 0xffffffffffffffff, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="50000000120005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012"], 0x50}}, 0x0)

80.811489ms ago: executing program 2 (id=3225):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0xfffffffd, 0x2}, 0x48)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c8000c0008000500070800227cca1eb327c95af1d1bccd21c35f16000700"], 0x11)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ff"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x44d02)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_NON_HH_WEIGHT={0x8, 0x7, 0x5}]}}]}, 0x38}}, 0x0)
bind$unix(r2, 0x0, 0x0)
r5 = socket$unix(0x1, 0x2, 0x0)
sendmmsg(r5, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'bridge0\x00'})
sendmsg$nl_route(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000003e00f14500007000fedbdf210a000000342801"], 0x14}, 0x1, 0x0, 0x0, 0x8800}, 0x80)
r8 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r8, 0x8933, &(0x7f00000001c0)={'wg1\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000010000100"/20, @ANYRES32=r9, @ANYBLOB="1619020000000000"], 0x20}}, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000140), 0x1)
process_vm_readv(0x0, &(0x7f0000008400)=[{0x0}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)

48.754763ms ago: executing program 0 (id=3226):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={<r2=>0x0, 0x10, &(0x7f0000000400)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000200)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6c, &(0x7f0000000340)={r2, @in={{0x2, 0x0, @loopback}}}, &(0x7f0000000d00)=0x84)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x7a, &(0x7f00000001c0)={0x0, 0x2, "a293"}, &(0x7f0000000040)=0xa)
unshare(0xc040400)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r3, 0x29, 0x40, 0x0, 0x60)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f00000001c0), 0x0, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000005100000008000300", @ANYRES32=r9], 0x24}}, 0x0)
splice(r4, 0x0, r6, 0x0, 0x39000, 0x0)
r10 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r10}, &(0x7f00000000c0)=<r11=>0x0)
timer_gettime(r11, &(0x7f0000000180))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r12 = socket$tipc(0x1e, 0x5, 0x0)
r13 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r13, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r13, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$bt_hci(r12, 0x84, 0x1, &(0x7f0000002280)=""/4091, &(0x7f0000001200)=0x87d)
setsockopt$TIPC_GROUP_JOIN(r12, 0x10f, 0x87, &(0x7f0000000400)={0x42, 0x1, 0x3, 0x3}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0)
mmap(&(0x7f000049e000/0x4000)=nil, 0x4000, 0xa, 0x30, r12, 0x1000)

0s ago: executing program 3 (id=3227):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = syz_io_uring_setup(0x6905, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000240))
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xa, 0x0, 0x0)
syz_emit_ethernet(0x3b6, &(0x7f00000003c0)=ANY=[], 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r4, &(0x7f0000000240), 0x0, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000800)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc941948"], &(0x7f0000000340)='syzkaller\x00'}, 0x90)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r1, 0x184c, 0x0, 0x0, 0x0, 0x0)
ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffff, 0x0, "7e12105588e633bbb1df022dace17a32d211ee"})
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000006c0)=0x2)
r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
dup(r5)
r6 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x200000a, 0x11012, r6, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r8}, 0x10)

kernel console output (not intermixed with test programs):

usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  464.244357][   T57] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[  464.249591][   T57] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  464.253446][   T57] usb 5-1: config 246 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  464.264447][   T57] usb 5-1: string descriptor 0 read error: -22
[  464.267036][   T57] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  464.270961][   T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.279894][   T57] adutux 5-1:246.0: interrupt endpoints not found
[  464.314267][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  464.337988][T13110] bridge0: port 1(bridge_slave_0) entered blocking state
[  464.341192][T13110] bridge0: port 1(bridge_slave_0) entered disabled state
[  464.344836][T13110] bridge_slave_0: entered allmulticast mode
[  464.351183][T13110] bridge_slave_0: entered promiscuous mode
[  464.361138][T13110] bridge0: port 2(bridge_slave_1) entered blocking state
[  464.368176][T13110] bridge0: port 2(bridge_slave_1) entered disabled state
[  464.371338][T13110] bridge_slave_1: entered allmulticast mode
[  464.376607][T13110] bridge_slave_1: entered promiscuous mode
[  464.407327][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  464.559468][ T5258] usb 5-1: USB disconnect, device number 41
[  464.564502][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  464.586699][T13110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  464.595049][T13110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  464.674926][T13110] team0: Port device team_slave_0 added
[  464.681343][T13110] team0: Port device team_slave_1 added
[  464.799880][T13110] batman_adv: batadv0: Adding interface: batadv_slave_0
[  464.803075][T13110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  464.819232][T13110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  464.830938][T13110] batman_adv: batadv0: Adding interface: batadv_slave_1
[  464.833965][T13110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  464.845198][T13110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  465.190934][   T13] bridge_slave_1: left allmulticast mode
[  465.193555][   T13] bridge_slave_1: left promiscuous mode
[  465.219133][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  465.264368][   T13] bridge_slave_0: left allmulticast mode
[  465.266771][   T13] bridge_slave_0: left promiscuous mode
[  465.278155][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  465.859173][ T5228] Bluetooth: hci0: command tx timeout
[  466.339129][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  466.354130][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  466.390192][   T13] bond0 (unregistering): Released all slaves
[  466.574452][T13110] hsr_slave_0: entered promiscuous mode
[  466.603658][T13110] hsr_slave_1: entered promiscuous mode
[  466.610099][T13110] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  466.616333][T13110] Cannot create hsr debugfs directory
[  467.153918][   T13] hsr_slave_0: left promiscuous mode
[  467.158148][   T13] hsr_slave_1: left promiscuous mode
[  467.163629][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  467.166883][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  467.173763][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  467.179292][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  467.234113][   T13] veth1_macvtap: left promiscuous mode
[  467.236601][   T13] veth0_macvtap: left promiscuous mode
[  467.238889][   T13] veth1_vlan: left promiscuous mode
[  467.241165][   T13] veth0_vlan: left promiscuous mode
[  467.886027][T13159] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2682'.
[  467.918009][ T5228] Bluetooth: hci0: command tx timeout
[  468.795012][   T13] team0 (unregistering): Port device team_slave_1 removed
[  468.915609][   T13] team0 (unregistering): Port device team_slave_0 removed
[  469.998648][ T5228] Bluetooth: hci0: command tx timeout
[  470.267983][   T57] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  470.388496][T13110] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  470.402346][T13110] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  470.409412][T13110] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  470.415854][T13110] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  470.478039][   T57] usb 5-1: Using ep0 maxpacket: 8
[  470.482834][   T57] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  470.486678][   T57] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[  470.491167][   T57] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  470.494977][   T57] usb 5-1: config 246 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  470.505277][   T57] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  470.509005][T13110] 8021q: adding VLAN 0 to HW filter on device bond0
[  470.509581][   T57] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[  470.516474][   T57] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  470.520821][   T57] usb 5-1: config 246 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  470.527630][T13110] 8021q: adding VLAN 0 to HW filter on device team0
[  470.527926][   T57] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  470.535208][   T57] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[  470.541385][   T57] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  470.545351][   T57] usb 5-1: config 246 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  470.554241][   T57] usb 5-1: string descriptor 0 read error: -22
[  470.557204][   T57] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  470.561398][   T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.570055][   T57] adutux 5-1:246.0: interrupt endpoints not found
[  470.595085][ T6600] bridge0: port 1(bridge_slave_0) entered blocking state
[  470.598670][ T6600] bridge0: port 1(bridge_slave_0) entered forwarding state
[  470.604760][ T6600] bridge0: port 2(bridge_slave_1) entered blocking state
[  470.608363][ T6600] bridge0: port 2(bridge_slave_1) entered forwarding state
[  470.664943][T13110] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  470.805461][   T57] usb 5-1: USB disconnect, device number 42
[  470.861213][T13110] 8021q: adding VLAN 0 to HW filter on device batadv0
[  470.947661][T13110] veth0_vlan: entered promiscuous mode
[  470.957722][T13110] veth1_vlan: entered promiscuous mode
[  471.017990][T13110] veth0_macvtap: entered promiscuous mode
[  471.027104][T13110] veth1_macvtap: entered promiscuous mode
[  471.053880][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  471.058823][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  471.063716][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  471.068676][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  471.086492][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  471.098070][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  471.111298][T13110] batman_adv: batadv0: Interface activated: batadv_slave_0
[  471.122175][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  471.127455][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  471.137944][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  471.144179][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  471.149398][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  471.154210][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  471.160490][T13110] batman_adv: batadv0: Interface activated: batadv_slave_1
[  471.167614][T13110] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  471.174930][T13110] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  471.179606][T13110] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  471.183413][T13110] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  471.284372][  T104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  471.287490][  T104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  471.324394][  T104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  471.331351][  T104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  471.638027][   T10] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  471.834636][   T10] usb 5-1: Using ep0 maxpacket: 8
[  471.852693][   T10] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[  471.869296][   T10] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[  471.873003][   T10] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[  471.877049][   T10] usb 5-1: config 250 has no interface number 0
[  471.887873][   T10] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  471.923257][   T10] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  471.932677][   T10] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  471.940688][   T10] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  471.946419][   T10] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  471.958176][   T10] usb 5-1: config 250 interface 228 has no altsetting 0
[  471.983450][   T10] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  471.987361][   T10] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  471.990995][   T10] usb 5-1: Product: syz
[  471.992810][   T10] usb 5-1: SerialNumber: syz
[  472.010007][   T10] hub 5-1:250.228: bad descriptor, ignoring hub
[  472.012508][   T10] hub 5-1:250.228: probe with driver hub failed with error -5
[  472.078074][ T5224] Bluetooth: hci0: command tx timeout
[  472.238321][   T10] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 43 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  472.608789][ T6600] usb 5-1: USB disconnect, device number 43
[  472.640048][ T6600] usblp0: removed
[  472.756131][T13198] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  473.608206][ T5228] Bluetooth: hci0: Opcode 0x206a failed: -110
[  474.158218][ T5228] Bluetooth: hci0: command 0x206a tx timeout
[  474.562825][T13221] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  475.644479][T13228] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2700'.
[  476.750212][T13240] wg1: entered promiscuous mode
[  477.100951][T13242] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2705'.
[  478.254219][T13256] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2709'.
[  478.296364][T13261] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  478.328775][T13262] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  479.135201][T13266] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2712'.
[  480.079999][T13277] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2716'.
[  480.125403][T13279] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2717'.
[  480.697872][T13289] netlink: 'syz.2.2719': attribute type 1 has an invalid length.
[  480.997723][T13292] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2720'.
[  481.066430][T13296] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  481.281805][ T5228] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3
[  481.889506][T13310] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2726'.
[  482.966577][T13322] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2729'.
[  483.377629][T13332] netlink: 'syz.3.2731': attribute type 1 has an invalid length.
[  484.139181][T13344] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  484.144526][T13343] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2735'.
[  484.242856][T13346] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2736'.
[  485.007383][T13349] netlink: 'syz.1.2737': attribute type 1 has an invalid length.
[  485.066586][T13352] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2738'.
[  485.108333][T13354] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2740'.
[  485.178999][T13358] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2741'.
[  485.353162][T13363] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2742'.
[  486.053869][T13368] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2743'.
[  486.135405][T13372] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2745'.
[  486.419624][T13378] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2746'.
[  486.976662][T13381] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2747'.
[  487.055090][T13386] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2749'.
[  487.110472][T13389] netlink: 'syz.1.2750': attribute type 1 has an invalid length.
[  487.347334][T13397] netlink: 4848 bytes leftover after parsing attributes in process `syz.3.2753'.
[  487.369373][T13397] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2753'.
[  487.478406][ T5259] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  487.667909][ T5259] usb 6-1: Using ep0 maxpacket: 8
[  487.672779][ T5259] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  487.686640][ T5259] usb 6-1: config 246 descriptor has 1 excess byte, ignoring
[  487.692085][ T5259] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42
[  487.696098][ T5259] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  487.727066][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  487.732695][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  487.744755][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  487.753004][ T5259] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  487.762590][ T5259] usb 6-1: config 246 descriptor has 1 excess byte, ignoring
[  487.766550][ T5259] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42
[  487.771821][ T5259] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  487.776764][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  487.786650][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  487.794602][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  487.801923][ T5259] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  487.807259][ T5259] usb 6-1: config 246 descriptor has 1 excess byte, ignoring
[  487.827955][ T5259] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42
[  487.847624][ T5259] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  487.855707][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  487.864856][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  487.872892][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  487.882975][ T5259] usb 6-1: string descriptor 0 read error: -22
[  487.888157][ T5259] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  487.893426][ T5259] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.904058][ T5259] adutux 6-1:246.0: ADU100  now attached to /dev/usb/adutux0
[  487.979437][T13407] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2756'.
[  488.120124][   T57] usb 6-1: USB disconnect, device number 29
[  488.379720][T13415] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2759'.
[  488.388573][T13413] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2758'.
[  489.997896][   T57] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  490.178812][   T57] usb 5-1: Using ep0 maxpacket: 8
[  490.184618][   T57] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  490.188886][   T57] usb 5-1: config 246 descriptor has 1 excess byte, ignoring
[  490.194381][   T57] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  490.201403][   T57] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  490.207403][   T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  490.228021][   T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  490.232512][   T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  490.243336][   T57] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  490.247477][   T57] usb 5-1: config 246 descriptor has 1 excess byte, ignoring
[  490.253797][ T5228] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3
[  490.254532][   T57] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  490.267211][   T57] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  490.273546][   T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  490.279287][   T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  490.284479][   T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  490.299982][   T57] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  490.305521][   T57] usb 5-1: config 246 descriptor has 1 excess byte, ignoring
[  490.311329][   T57] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  490.315096][   T57] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  490.321902][   T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  490.327733][   T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  490.347572][   T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  490.368084][   T57] usb 5-1: string descriptor 0 read error: -22
[  490.383326][   T57] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  490.387592][   T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  490.416993][   T57] adutux 5-1:246.0: ADU100  now attached to /dev/usb/adutux0
[  490.655290][   T57] usb 5-1: USB disconnect, device number 44
[  491.265053][T13455] __nla_validate_parse: 6 callbacks suppressed
[  491.265071][T13455] netlink: 4848 bytes leftover after parsing attributes in process `syz.0.2772'.
[  491.275788][T13455] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2772'.
[  491.402000][T13460] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2774'.
[  491.662159][T13464] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2776'.
[  491.765918][T13468] netdevsim netdevsim1: Direct firmware load for ng failed with error -2
[  491.770771][T13468] netdevsim netdevsim1: Falling back to sysfs fallback for: ng
[  492.581086][T13475] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2778'.
[  493.134325][T13479] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2779'.
[  493.688109][  T825] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  493.902464][  T825] usb 7-1: Using ep0 maxpacket: 8
[  493.906393][  T825] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  493.910582][  T825] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  493.913620][  T825] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  493.917414][  T825] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  493.923127][  T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  493.927750][  T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  493.933709][  T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  493.944288][  T825] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  493.948388][  T825] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  493.951500][  T825] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  493.955814][  T825] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  493.961267][  T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  493.965762][  T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  493.975465][  T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  493.982951][  T825] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  493.986772][  T825] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  493.995244][  T825] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  493.999861][  T825] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  494.005915][  T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  494.017853][  T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  494.022879][  T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  494.036895][  T825] usb 7-1: string descriptor 0 read error: -22
[  494.040135][  T825] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  494.044250][  T825] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.062205][  T825] adutux 7-1:246.0: ADU100  now attached to /dev/usb/adutux0
[  494.167960][T13491] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2783'.
[  494.176341][T13492] netlink: 4848 bytes leftover after parsing attributes in process `syz.3.2782'.
[  494.180579][T13492] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2782'.
[  494.275561][  T825] usb 7-1: USB disconnect, device number 25
[  494.305964][T13494] netlink: 'syz.1.2784': attribute type 1 has an invalid length.
[  494.359519][T13502] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2786'.
[  496.279751][T13527] __nla_validate_parse: 1 callbacks suppressed
[  496.279768][T13527] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2793'.
[  496.914739][T13538] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2797'.
[  497.024444][T13541] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  497.271330][T13544] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  497.689947][T13546] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2799'.
[  498.078156][ T5259] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  498.227034][T13558] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2803'.
[  498.287856][ T5259] usb 6-1: Using ep0 maxpacket: 8
[  498.292372][ T5259] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  498.295917][ T5259] usb 6-1: config 246 descriptor has 1 excess byte, ignoring
[  498.299126][ T5259] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42
[  498.303632][ T5259] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  498.309599][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  498.315037][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  498.320431][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  498.327036][ T5259] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  498.331802][ T5259] usb 6-1: config 246 descriptor has 1 excess byte, ignoring
[  498.334801][ T5259] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42
[  498.339468][ T5259] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  498.344875][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  498.351545][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  498.356279][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  498.364575][ T5259] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  498.371316][ T5259] usb 6-1: config 246 descriptor has 1 excess byte, ignoring
[  498.374234][ T5259] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42
[  498.379038][ T5259] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  498.386151][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  498.391996][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  498.396398][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  498.405951][ T5259] usb 6-1: string descriptor 0 read error: -22
[  498.408688][ T5259] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  498.412073][ T5259] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  498.442432][ T5259] adutux 6-1:246.0: ADU100  now attached to /dev/usb/adutux0
[  498.543578][ T5228] Bluetooth: hci0: ACL packet for unknown connection handle 0
[  498.672269][ T5288] usb 6-1: USB disconnect, device number 30
[  499.155685][T13575] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2808'.
[  499.304476][T13582] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2810'.
[  500.083301][T13591] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2812'.
[  500.207400][T13594] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2813'.
[  500.562121][T13606] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2816'.
[  501.002649][T13616] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2818'.
[  501.438521][T13623] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2820'.
[  501.480038][T13628] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  501.493211][T13627] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2822'.
[  501.865133][T13634] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2824'.
[  502.376898][T13642] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2826'.
[  502.407455][   T39] audit: type=1400 audit(1721629163.024:439): avc:  denied  { bind } for  pid=13643 comm="syz.0.2827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  502.422186][T13645] Bluetooth: MGMT ver 1.23
[  502.505769][T13648] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2828'.
[  502.877062][T13654] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2830'.
[  503.266438][T13659] netdevsim netdevsim1: Direct firmware load for ng failed with error -2
[  503.269863][T13659] netdevsim netdevsim1: Falling back to sysfs fallback for: ng
[  503.343831][T13664] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2833'.
[  503.890534][T13671] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  504.478048][ T5228] Bluetooth: hci0: command 0x206a tx timeout
[  504.581712][T13680] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2838'.
[  504.618317][  T825] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  504.808174][  T825] usb 5-1: Using ep0 maxpacket: 8
[  504.825794][  T825] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  504.830096][  T825] usb 5-1: config 246 descriptor has 1 excess byte, ignoring
[  504.833782][  T825] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  504.844376][  T825] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  504.852481][  T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  504.857726][  T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  504.863206][  T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  504.870328][  T825] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  504.874429][  T825] usb 5-1: config 246 descriptor has 1 excess byte, ignoring
[  504.877765][  T825] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  504.882024][  T825] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  504.887373][  T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  504.893116][  T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  504.898510][  T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  504.904844][  T825] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  504.910177][  T825] usb 5-1: config 246 descriptor has 1 excess byte, ignoring
[  504.913309][  T825] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  504.916860][  T825] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  504.921897][  T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  504.926174][  T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  504.930652][  T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  504.941248][  T825] usb 5-1: string descriptor 0 read error: -22
[  504.945008][  T825] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  504.952459][  T825] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.953111][T13683] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2839'.
[  504.974763][  T825] adutux 5-1:246.0: ADU100  now attached to /dev/usb/adutux0
[  505.204327][  T824] usb 5-1: USB disconnect, device number 45
[  505.784174][T13692] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2841'.
[  507.211919][ T1359] ieee802154 phy0 wpan0: encryption failed: -22
[  507.216351][ T1359] ieee802154 phy1 wpan1: encryption failed: -22
[  507.314196][T13715] netlink: 'syz.1.2848': attribute type 1 has an invalid length.
[  507.687896][  T824] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  507.798080][   T35] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  507.837879][  T824] usb 6-1: device descriptor read/64, error -71
[  507.982776][   T35] usb 5-1: Using ep0 maxpacket: 8
[  507.986799][   T35] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  507.990671][   T35] usb 5-1: config 246 descriptor has 1 excess byte, ignoring
[  507.993875][   T35] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  507.998187][   T35] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  508.004272][   T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  508.009423][   T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  508.012751][   T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  508.017624][   T35] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  508.021640][   T35] usb 5-1: config 246 descriptor has 1 excess byte, ignoring
[  508.025073][   T35] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  508.029584][   T35] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  508.034737][   T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  508.040032][   T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  508.045239][   T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  508.051381][   T35] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  508.055422][   T35] usb 5-1: config 246 descriptor has 1 excess byte, ignoring
[  508.059077][   T35] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  508.063202][   T35] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  508.068590][   T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  508.073285][   T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  508.080647][   T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  508.093377][   T35] usb 5-1: string descriptor 0 read error: -22
[  508.096342][   T35] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  508.100304][   T35] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  508.110579][  T824] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  508.118103][   T35] adutux 5-1:246.0: ADU100  now attached to /dev/usb/adutux0
[  508.135235][T13721] __nla_validate_parse: 2 callbacks suppressed
[  508.135248][T13721] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2850'.
[  508.225809][T13723] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  508.258054][  T824] usb 6-1: device descriptor read/64, error -71
[  508.319623][ T5279] usb 5-1: USB disconnect, device number 46
[  508.378337][  T824] usb usb6-port1: attempt power cycle
[  508.802012][  T824] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  508.830500][  T824] usb 6-1: device descriptor read/8, error -71
[  508.870796][T13727] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2853'.
[  509.119892][  T824] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  509.168840][  T824] usb 6-1: device descriptor read/8, error -71
[  509.288269][  T824] usb usb6-port1: unable to enumerate USB device
[  509.347259][ T5228] Bluetooth: hci0: ACL packet for unknown connection handle 0
[  510.028995][   T39] audit: type=1400 audit(1721629170.654:440): avc:  denied  { setattr } for  pid=13749 comm="syz.2.2860" name="bus" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  510.315067][T13754] capability: warning: `syz.1.2862' uses 32-bit capabilities (legacy support in use)
[  510.378363][   T35] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  510.395346][T13754] FAULT_INJECTION: forcing a failure.
[  510.395346][T13754] name failslab, interval 1, probability 0, space 0, times 1
[  510.400407][T13754] CPU: 0 PID: 13754 Comm: syz.1.2862 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  510.404287][T13754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  510.408484][T13754] Call Trace:
[  510.409904][T13754]  <TASK>
[  510.411172][T13754]  dump_stack_lvl+0x16c/0x1f0
[  510.413207][T13754]  should_fail_ex+0x497/0x5b0
[  510.415262][T13754]  should_failslab+0x9/0x20
[  510.417194][T13754]  __kmalloc_noprof+0xcb/0x400
[  510.419257][T13754]  ? __pfx_lock_acquire+0x10/0x10
[  510.421366][T13754]  tomoyo_realpath_from_path+0xb9/0x720
[  510.423742][T13754]  ? tomoyo_profile+0x47/0x60
[  510.425745][T13754]  tomoyo_path_number_perm+0x245/0x590
[  510.428047][T13754]  ? tomoyo_path_number_perm+0x232/0x590
[  510.430439][T13754]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  510.432896][T13754]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  510.435187][T13754]  ? __fget_files+0x256/0x400
[  510.437148][T13754]  security_file_ioctl+0x75/0xc0
[  510.439272][T13754]  __x64_sys_ioctl+0xbb/0x220
[  510.441145][T13754]  do_syscall_64+0xcd/0x250
[  510.443086][T13754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.445551][T13754] RIP: 0033:0x7f908e375b59
[  510.447450][T13754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  510.455053][T13754] RSP: 002b:00007f908ddff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  510.457980][T13754] RAX: ffffffffffffffda RBX: 00007f908e505f60 RCX: 00007f908e375b59
[  510.461335][T13754] RDX: 0000000000000000 RSI: 0000000000003305 RDI: 0000000000000003
[  510.464570][T13754] RBP: 00007f908ddff0a0 R08: 0000000000000000 R09: 0000000000000000
[  510.467682][T13754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  510.470592][T13754] R13: 000000000000000b R14: 00007f908e505f60 R15: 00007ffd353a6898
[  510.473489][T13754]  </TASK>
[  510.475997][T13754] ERROR: Out of memory at tomoyo_realpath_from_path.
[  510.483110][   T39] audit: type=1400 audit(1721629171.104:441): avc:  denied  { ioctl } for  pid=13753 comm="syz.1.2862" path="/dev/snapshot" dev="devtmpfs" ino=98 ioctlcmd=0x3305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  510.568859][   T35] usb 7-1: Using ep0 maxpacket: 8
[  510.576124][   T35] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  510.581178][   T35] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  510.584758][   T35] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  510.589836][   T35] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  510.596115][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  510.601458][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  510.606711][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  510.613058][   T35] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  510.621563][   T35] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  510.624961][   T35] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  510.631612][   T35] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  510.636692][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  510.642228][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  510.647587][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  510.653758][   T35] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  510.664610][   T35] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  510.664631][   T35] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  510.664683][   T35] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  510.677673][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  510.685112][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  510.690985][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  510.701136][   T35] usb 7-1: string descriptor 0 read error: -22
[  510.703768][   T35] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  510.707242][   T35] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.722615][   T35] adutux 7-1:246.0: ADU100  now attached to /dev/usb/adutux0
[  510.846250][T13766] netdevsim netdevsim0: Direct firmware load for ng failed with error -2
[  510.851307][T13766] netdevsim netdevsim0: Falling back to sysfs fallback for: ng
[  510.929514][  T824] usb 7-1: USB disconnect, device number 26
[  511.671862][   T39] audit: type=1400 audit(1721629172.284:442): avc:  denied  { connect } for  pid=13777 comm="syz.3.2869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  511.681265][   T39] audit: type=1400 audit(1721629172.284:443): avc:  denied  { write } for  pid=13777 comm="syz.3.2869" laddr=fe80::a lport=1 faddr=fe80::bb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  511.733752][T13782] FAULT_INJECTION: forcing a failure.
[  511.733752][T13782] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  511.747701][T13782] CPU: 0 PID: 13782 Comm: syz.3.2871 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  511.749177][T13780] netlink: 'syz.1.2870': attribute type 1 has an invalid length.
[  511.751741][T13782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  511.759543][T13782] Call Trace:
[  511.760965][T13782]  <TASK>
[  511.762232][T13782]  dump_stack_lvl+0x16c/0x1f0
[  511.764206][T13782]  should_fail_ex+0x497/0x5b0
[  511.766027][T13782]  ? fs_reclaim_acquire+0xae/0x160
[  511.768178][T13782]  __should_fail_alloc_page+0xe7/0x130
[  511.770456][T13782]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  511.772996][T13782]  ? __pfx_mark_lock+0x10/0x10
[  511.774810][T13782]  __alloc_pages_noprof+0x194/0x2460
[  511.776787][T13782]  ? hlock_class+0x4e/0x130
[  511.778585][T13782]  ? mark_lock+0xb5/0xc60
[  511.780459][T13782]  ? __pfx___lock_acquire+0x10/0x10
[  511.782662][T13782]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  511.785020][T13782]  ? __lock_acquire+0xbdd/0x3cb0
[  511.787081][T13782]  ? __module_address+0x55/0x3c0
[  511.789191][T13782]  ? __pfx___lock_acquire+0x10/0x10
[  511.791402][T13782]  ? mark_lock+0xb5/0xc60
[  511.793157][T13782]  ? hlock_class+0x4e/0x130
[  511.795088][T13782]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  511.797543][T13782]  ? policy_nodemask+0xea/0x4e0
[  511.799612][T13782]  alloc_pages_mpol_noprof+0x275/0x610
[  511.801886][T13782]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  511.804374][T13782]  ? __pfx_lock_release+0x10/0x10
[  511.806552][T13782]  shmem_alloc_folio+0x114/0x150
[  511.808526][T13782]  shmem_alloc_and_add_folio+0x14f/0x790
[  511.810628][T13782]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  511.812923][T13782]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  511.815108][T13782]  ? __shmem_is_huge+0x213/0x300
[  511.816982][T13782]  shmem_get_folio_gfp+0x687/0x13d0
[  511.819081][T13782]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  511.821485][T13782]  ? __pfx_down_write+0x10/0x10
[  511.823380][T13782]  shmem_fallocate+0x7c5/0xfb0
[  511.825186][T13782]  ? __pfx_shmem_fallocate+0x10/0x10
[  511.827587][T13782]  ? ksys_write+0x21c/0x260
[  511.829431][T13782]  ? __pfx___lock_acquire+0x10/0x10
[  511.831649][T13782]  ? __pfx_lock_acquire+0x10/0x10
[  511.833758][T13782]  ? avc_policy_seqno+0x9/0x20
[  511.835787][T13782]  ? selinux_file_permission+0x125/0x590
[  511.838163][T13782]  ? __pfx_shmem_fallocate+0x10/0x10
[  511.840407][T13782]  vfs_fallocate+0x4ca/0xfc0
[  511.842384][T13782]  __x64_sys_fallocate+0xd5/0x140
[  511.844275][T13782]  do_syscall_64+0xcd/0x250
[  511.846071][T13782]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  511.848616][T13782] RIP: 0033:0x7f2754975b59
[  511.850537][T13782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  511.857946][T13782] RSP: 002b:00007f2755704048 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[  511.861459][T13782] RAX: ffffffffffffffda RBX: 00007f2754b05f60 RCX: 00007f2754975b59
[  511.864789][T13782] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  511.867863][T13782] RBP: 00007f27557040a0 R08: 0000000000000000 R09: 0000000000000000
[  511.870913][T13782] R10: 000000000010fff9 R11: 0000000000000246 R12: 0000000000000001
[  511.873910][T13782] R13: 000000000000000b R14: 00007f2754b05f60 R15: 00007ffd7d591dc8
[  511.876977][T13782]  </TASK>
[  511.879592][   T39] audit: type=1326 audit(1721629172.504:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13784 comm="syz.2.2872" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc91bf75b59 code=0x7ffc0000
[  511.891990][   T39] audit: type=1326 audit(1721629172.504:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13784 comm="syz.2.2872" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc91bf75b59 code=0x7ffc0000
[  511.904038][   T39] audit: type=1326 audit(1721629172.504:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13784 comm="syz.2.2872" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc91bf75b59 code=0x7ffc0000
[  511.918078][   T39] audit: type=1326 audit(1721629172.514:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13784 comm="syz.2.2872" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc91bf75b59 code=0x7ffc0000
[  511.936063][   T39] audit: type=1326 audit(1721629172.514:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13784 comm="syz.2.2872" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc91bf75b59 code=0x7ffc0000
[  511.947369][   T39] audit: type=1326 audit(1721629172.514:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13784 comm="syz.2.2872" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc91bf75b59 code=0x7ffc0000
[  512.534720][T13804] FAULT_INJECTION: forcing a failure.
[  512.534720][T13804] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  512.588191][T13804] CPU: 1 PID: 13804 Comm: syz.1.2878 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  512.593179][T13804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  512.597988][T13804] Call Trace:
[  512.599455][T13804]  <TASK>
[  512.600700][T13804]  dump_stack_lvl+0x16c/0x1f0
[  512.602763][T13804]  should_fail_ex+0x497/0x5b0
[  512.604844][T13804]  _copy_from_user+0x30/0xf0
[  512.606904][T13804]  bpf_prog_load+0x1bc1/0x2660
[  512.608765][T13804]  ? __pfx_bpf_prog_load+0x10/0x10
[  512.611150][T13804]  ? avc_has_perm+0x11b/0x1c0
[  512.613239][T13804]  ? selinux_bpf+0xde/0x130
[  512.615173][T13804]  ? security_bpf+0x8c/0xc0
[  512.617197][T13804]  __sys_bpf+0x8e9/0x4a20
[  512.619227][T13804]  ? ksys_write+0x21c/0x260
[  512.621479][T13804]  ? reacquire_held_locks+0x3e0/0x4c0
[  512.624040][T13804]  ? __pfx___sys_bpf+0x10/0x10
[  512.626247][T13804]  ? vfs_write+0x14d/0x1140
[  512.628223][T13804]  ? __mutex_unlock_slowpath+0x164/0x650
[  512.630598][T13804]  ? fput+0x32/0x390
[  512.632255][T13804]  ? ksys_write+0x1ab/0x260
[  512.634240][T13804]  ? __pfx_ksys_write+0x10/0x10
[  512.636250][T13804]  __x64_sys_bpf+0x78/0xc0
[  512.637924][T13804]  ? lockdep_hardirqs_on+0x7c/0x110
[  512.640298][T13804]  do_syscall_64+0xcd/0x250
[  512.642356][T13804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  512.644475][T13804] RIP: 0033:0x7f908e375b59
[  512.646198][T13804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  512.654474][T13804] RSP: 002b:00007f908ddff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  512.662901][T13804] RAX: ffffffffffffffda RBX: 00007f908e505f60 RCX: 00007f908e375b59
[  512.667595][T13804] RDX: 0000000000000048 RSI: 0000000020000100 RDI: 0000000000000005
[  512.671593][T13804] RBP: 00007f908ddff0a0 R08: 0000000000000000 R09: 0000000000000000
[  512.675323][T13804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  512.678996][T13804] R13: 000000000000000b R14: 00007f908e505f60 R15: 00007ffd353a6898
[  512.682853][T13804]  </TASK>
[  513.060520][T13814] overlayfs: failed to resolve './file1': -2
[  513.067299][T13814] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2882'.
[  513.240428][T13818] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2884'.
[  513.782899][T13828] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2887'.
[  513.800734][T13826] netlink: 'syz.1.2886': attribute type 1 has an invalid length.
[  514.088427][   T56] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  514.125128][T13833] FAULT_INJECTION: forcing a failure.
[  514.125128][T13833] name failslab, interval 1, probability 0, space 0, times 0
[  514.131197][T13833] CPU: 1 PID: 13833 Comm: syz.3.2888 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  514.135691][T13833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  514.140688][T13833] Call Trace:
[  514.142287][T13833]  <TASK>
[  514.143676][T13833]  dump_stack_lvl+0x16c/0x1f0
[  514.145837][T13833]  should_fail_ex+0x497/0x5b0
[  514.148009][T13833]  should_failslab+0x9/0x20
[  514.150039][T13833]  __kmalloc_cache_noprof+0x6b/0x300
[  514.152510][T13833]  ? rcu_is_watching+0x12/0xc0
[  514.154756][T13833]  ? call_usermodehelper_setup+0x9a/0x340
[  514.157364][T13833]  ? __pfx_free_modprobe_argv+0x10/0x10
[  514.159902][T13833]  call_usermodehelper_setup+0x9a/0x340
[  514.162176][T13833]  __request_module+0x3d6/0x6c0
[  514.164090][T13833]  ? dev_load+0x221/0x240
[  514.165910][T13833]  ? __pfx___request_module+0x10/0x10
[  514.168187][T13833]  ? find_held_lock+0x2d/0x110
[  514.170277][T13833]  ? __pfx_lock_release+0x10/0x10
[  514.172540][T13833]  ? cap_capable+0x1cf/0x240
[  514.174518][T13833]  ? dev_load+0x1c0/0x240
[  514.176322][T13833]  dev_load+0x221/0x240
[  514.177819][T13833]  dev_ioctl+0x19c/0x10c0
[  514.179548][T13833]  sock_ioctl+0x5bf/0x6c0
[  514.181413][T13833]  ? __pfx_sock_ioctl+0x10/0x10
[  514.183533][T13833]  ? selinux_file_ioctl+0x180/0x270
[  514.185665][T13833]  ? selinux_file_ioctl+0xb4/0x270
[  514.187885][T13833]  ? __pfx_sock_ioctl+0x10/0x10
[  514.189659][T13833]  __x64_sys_ioctl+0x193/0x220
[  514.191744][T13833]  do_syscall_64+0xcd/0x250
[  514.193737][T13833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  514.196245][T13833] RIP: 0033:0x7f2754975b59
[  514.198143][T13833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  514.206097][T13833] RSP: 002b:00007f2755704048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  514.209466][T13833] RAX: ffffffffffffffda RBX: 00007f2754b05f60 RCX: 00007f2754975b59
[  514.212102][T13833] RDX: 0000000020000100 RSI: 00000000000089f2 RDI: 0000000000000004
[  514.214787][T13833] RBP: 00007f27557040a0 R08: 0000000000000000 R09: 0000000000000000
[  514.217629][T13833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  514.221435][T13833] R13: 000000000000000b R14: 00007f2754b05f60 R15: 00007ffd7d591dc8
[  514.225213][T13833]  </TASK>
[  514.303307][T13836] warning: `syz.3.2889' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  514.328145][   T56] usb 6-1: Using ep0 maxpacket: 8
[  514.332823][   T56] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  514.341473][   T56] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  514.356217][   T56] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  514.580259][   T56] usb 6-1: USB disconnect, device number 36
[  514.634492][T13844] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  514.747401][T13847] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  515.127175][   T39] kauditd_printk_skb: 143 callbacks suppressed
[  515.127192][   T39] audit: type=1400 audit(1721629175.744:593): avc:  denied  { getopt } for  pid=13848 comm="syz.1.2893" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  515.448892][T13856] FAULT_INJECTION: forcing a failure.
[  515.448892][T13856] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  515.454920][T13856] CPU: 3 PID: 13856 Comm: syz.2.2896 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  515.459134][T13856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  515.463476][T13856] Call Trace:
[  515.464971][T13856]  <TASK>
[  515.466108][T13856]  dump_stack_lvl+0x16c/0x1f0
[  515.467939][T13856]  should_fail_ex+0x497/0x5b0
[  515.469892][T13856]  _copy_from_user+0x30/0xf0
[  515.472042][T13856]  con_set_cmap+0x9a/0x840
[  515.474126][T13856]  ? __pfx_con_set_cmap+0x10/0x10
[  515.476342][T13856]  ? security_capable+0x98/0xd0
[  515.478266][T13856]  vt_ioctl+0x8f3/0x2f80
[  515.479883][T13856]  ? __pfx_vt_ioctl+0x10/0x10
[  515.481854][T13856]  ? kfree+0x12a/0x3b0
[  515.483704][T13856]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  515.486333][T13856]  ? do_vfs_ioctl+0x515/0x1ad0
[  515.488542][T13856]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  515.490931][T13856]  ? tty_jobctrl_ioctl+0x152/0xe00
[  515.493215][T13856]  ? __pfx_vt_ioctl+0x10/0x10
[  515.495342][T13856]  tty_ioctl+0x65d/0x15f0
[  515.497068][T13856]  ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x470
[  515.499710][T13856]  ? __pfx_tty_ioctl+0x10/0x10
[  515.501688][T13856]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  515.504686][T13856]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  515.507326][T13856]  ? selinux_file_ioctl+0x180/0x270
[  515.509205][T13856]  ? selinux_file_ioctl+0xb4/0x270
[  515.511390][T13856]  ? __pfx_tty_ioctl+0x10/0x10
[  515.513477][T13856]  __x64_sys_ioctl+0x193/0x220
[  515.515574][T13856]  do_syscall_64+0xcd/0x250
[  515.518067][T13856]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.520772][T13856] RIP: 0033:0x7fc91bf75b59
[  515.523052][T13856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  515.532586][T13856] RSP: 002b:00007fc91cd63048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  515.537033][T13856] RAX: ffffffffffffffda RBX: 00007fc91c105f60 RCX: 00007fc91bf75b59
[  515.541394][T13856] RDX: 0000000020000440 RSI: 0000000000004b71 RDI: 0000000000000003
[  515.544911][T13856] RBP: 00007fc91cd630a0 R08: 0000000000000000 R09: 0000000000000000
[  515.548637][T13856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  515.551932][T13856] R13: 000000000000000b R14: 00007fc91c105f60 R15: 00007ffe901a7938
[  515.555704][T13856]  </TASK>
[  515.624411][T13861] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2898'.
[  515.706906][T13867] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2901'.
[  515.953913][   T35] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  516.148321][   T35] usb 7-1: Using ep0 maxpacket: 8
[  516.152076][   T35] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  516.166048][   T35] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  516.187016][   T35] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  516.196623][   T35] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  516.213770][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  516.247345][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  516.253135][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  516.259522][   T35] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  516.265539][   T35] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  516.271280][   T35] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  516.275386][   T35] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  516.280833][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  516.285324][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  516.294341][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  516.305067][   T35] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  516.314962][   T35] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  516.319696][   T35] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  516.323782][   T35] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  516.348001][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  516.355978][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  516.374582][   T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  516.382396][   T35] usb 7-1: string descriptor 0 read error: -22
[  516.385273][   T35] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  516.389296][   T35] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  516.403041][   T35] adutux 7-1:246.0: ADU100  now attached to /dev/usb/adutux0
[  516.610441][T12921] usb 7-1: USB disconnect, device number 27
[  517.109695][T13879] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  518.039503][T13893] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  518.286261][T13898] input: syz0 as /devices/virtual/input/input17
[  519.009641][   T39] audit: type=1400 audit(1721629179.614:594): avc:  denied  { read } for  pid=13905 comm="syz.0.2912" path="socket:[50351]" dev="sockfs" ino=50351 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  519.029124][   T39] audit: type=1400 audit(1721629179.634:595): avc:  denied  { create } for  pid=13904 comm="syz.1.2914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  519.056382][T13911] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2915'.
[  519.534703][T13939] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2918'.
[  520.068670][T13955] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.408125][T13959] evm: overlay not supported
[  520.428261][   T39] audit: type=1800 audit(1721629181.044:596): pid=13959 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.2921" name="file1" dev="overlay" ino=2182 res=0 errno=0
[  520.904331][T13976] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2927'.
[  521.436579][T13984] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2930'.
[  521.622149][T13988] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2931'.
[  521.842410][T13991] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2932'.
[  522.004754][T13997] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  522.567980][   T56] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  522.759078][   T56] usb 5-1: Using ep0 maxpacket: 8
[  522.763753][   T56] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  522.768850][   T56] usb 5-1: config 0 has no interfaces?
[  522.773327][   T56] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  522.777605][   T56] usb 5-1: config 0 has no interfaces?
[  522.781601][   T56] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  522.786571][   T56] usb 5-1: config 0 has no interfaces?
[  522.792795][   T56] usb 5-1: string descriptor 0 read error: -22
[  522.796137][   T56] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  522.800661][   T56] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  522.809684][   T56] usb 5-1: config 0 descriptor??
[  522.849903][T14012] FAULT_INJECTION: forcing a failure.
[  522.849903][T14012] name failslab, interval 1, probability 0, space 0, times 0
[  522.858889][T14012] CPU: 0 PID: 14012 Comm: syz.2.2939 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  522.863046][T14012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  522.867794][T14012] Call Trace:
[  522.869298][T14012]  <TASK>
[  522.870634][T14012]  dump_stack_lvl+0x16c/0x1f0
[  522.872752][T14012]  should_fail_ex+0x497/0x5b0
[  522.874804][T14012]  should_failslab+0x9/0x20
[  522.876803][T14012]  __kmalloc_cache_noprof+0x6b/0x300
[  522.879066][T14012]  ? cma_alloc_port+0x9a/0x5b0
[  522.881069][T14012]  cma_alloc_port+0x9a/0x5b0
[  522.883086][T14012]  rdma_bind_addr_dst+0x1efd/0x2d50
[  522.885385][T14012]  ? __pfx_mark_lock+0x10/0x10
[  522.887493][T14012]  cma_bind_addr+0x2b7/0x300
[  522.889461][T14012]  ? __pfx_cma_bind_addr+0x10/0x10
[  522.891666][T14012]  ? mark_held_locks+0x9f/0xe0
[  522.893771][T14012]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  522.896376][T14012]  rdma_resolve_addr+0x132/0x1fd0
[  522.898566][T14012]  ? trace_contention_end+0xea/0x140
[  522.900812][T14012]  ? __mutex_lock+0x1a6/0x9c0
[  522.902885][T14012]  ? __pfx_rdma_resolve_addr+0x10/0x10
[  522.905267][T14012]  ? do_raw_spin_unlock+0x172/0x230
[  522.907520][T14012]  ? __pfx_ucma_get_ctx+0x10/0x10
[  522.909651][T14012]  ? ucma_resolve_addr+0x1ab/0x270
[  522.911887][T14012]  ucma_resolve_addr+0x1ab/0x270
[  522.914069][T14012]  ? __might_fault+0x13b/0x190
[  522.916351][T14012]  ? __pfx_ucma_resolve_addr+0x10/0x10
[  522.918758][T14012]  ? __might_fault+0xe3/0x190
[  522.920859][T14012]  ? __pfx_ucma_resolve_addr+0x10/0x10
[  522.923113][T14012]  ucma_write+0x205/0x340
[  522.924934][T14012]  ? __pfx_ucma_write+0x10/0x10
[  522.926990][T14012]  ? security_file_permission+0x98/0xc0
[  522.929366][T14012]  ? __pfx_ucma_write+0x10/0x10
[  522.931484][T14012]  vfs_write+0x29a/0x1140
[  522.933363][T14012]  ? __pfx_vfs_write+0x10/0x10
[  522.935466][T14012]  ? __fget_files+0x256/0x400
[  522.937487][T14012]  ? __fget_light+0x173/0x210
[  522.939411][T14012]  ksys_write+0x1f8/0x260
[  522.941285][T14012]  ? __pfx_ksys_write+0x10/0x10
[  522.943482][T14012]  do_syscall_64+0xcd/0x250
[  522.945540][T14012]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  522.948193][T14012] RIP: 0033:0x7fc91bf75b59
[  522.950040][T14012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  522.958405][T14012] RSP: 002b:00007fc91cd63048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  522.961662][T14012] RAX: ffffffffffffffda RBX: 00007fc91c105f60 RCX: 00007fc91bf75b59
[  522.965264][T14012] RDX: 0000000000000118 RSI: 0000000020000b00 RDI: 0000000000000003
[  522.968640][T14012] RBP: 00007fc91cd630a0 R08: 0000000000000000 R09: 0000000000000000
[  522.972017][T14012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  522.975366][T14012] R13: 000000000000000b R14: 00007fc91c105f60 R15: 00007ffe901a7938
[  522.978729][T14012]  </TASK>
[  523.021127][   T56] usb 5-1: USB disconnect, device number 47
[  523.055598][T14016] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2941'.
[  524.341237][   T39] audit: type=1400 audit(1721629184.964:597): avc:  denied  { getopt } for  pid=14025 comm="syz.1.2944" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  524.417405][T14028] kvm: emulating exchange as write
[  524.634682][T14031] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2945'.
[  525.437955][   T10] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  525.637908][   T10] usb 6-1: Using ep0 maxpacket: 8
[  525.642227][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  525.647283][   T10] usb 6-1: config 0 has no interfaces?
[  525.654471][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  525.658990][   T10] usb 6-1: config 0 has no interfaces?
[  525.662829][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  525.667539][   T10] usb 6-1: config 0 has no interfaces?
[  525.675588][   T10] usb 6-1: string descriptor 0 read error: -22
[  525.678713][   T10] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  525.682626][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  525.693915][   T10] usb 6-1: config 0 descriptor??
[  525.905809][   T35] usb 6-1: USB disconnect, device number 37
[  526.464391][T14065] capability: warning: `syz.0.2958' uses deprecated v2 capabilities in a way that may be insecure
[  526.673456][T14069] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2960'.
[  526.758401][   T39] audit: type=1400 audit(1721629187.364:598): avc:  denied  { bind } for  pid=14064 comm="syz.0.2958" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  527.570346][T14081] netlink: 'syz.1.2963': attribute type 1 has an invalid length.
[  527.856722][ T6600] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  528.057881][ T6600] usb 6-1: Using ep0 maxpacket: 8
[  528.062429][ T6600] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  528.066751][ T6600] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  528.072641][ T6600] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  528.076608][ T6600] usb 6-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  528.085343][ T6600] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  528.091487][ T6600] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  528.122700][ T6600] usbtmc 6-1:16.0: bulk endpoints not found
[  528.198200][ T5288] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  528.326984][ T5279] usb 6-1: USB disconnect, device number 38
[  528.401939][ T5288] usb 5-1: Using ep0 maxpacket: 8
[  528.419003][ T5288] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  528.423918][ T5288] usb 5-1: config 0 has no interfaces?
[  528.428294][ T5288] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  528.432884][ T5288] usb 5-1: config 0 has no interfaces?
[  528.437478][ T5288] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  528.442272][ T5288] usb 5-1: config 0 has no interfaces?
[  528.449771][ T5288] usb 5-1: string descriptor 0 read error: -22
[  528.453012][ T5288] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  528.456605][ T5288] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  528.460922][ T5288] usb 5-1: config 0 descriptor??
[  528.677583][  T824] usb 5-1: USB disconnect, device number 48
[  528.798087][ T5228] Bluetooth: hci0: command 0x206a tx timeout
[  528.821198][ T5224] Bluetooth: hci0: Opcode 0x206a failed: -110
[  528.924323][   T39] audit: type=1400 audit(1721629189.544:599): avc:  denied  { ioctl } for  pid=14106 comm="syz.3.2974" path="socket:[52229]" dev="sockfs" ino=52229 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  529.059643][T14115] cgroup: No subsys list or none specified
[  529.493823][T14125] FAULT_INJECTION: forcing a failure.
[  529.493823][T14125] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  529.514888][T14125] CPU: 3 PID: 14125 Comm: syz.2.2979 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  529.519595][T14125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  529.524457][T14125] Call Trace:
[  529.525968][T14125]  <TASK>
[  529.527276][T14125]  dump_stack_lvl+0x16c/0x1f0
[  529.529488][T14125]  should_fail_ex+0x497/0x5b0
[  529.531709][T14125]  _copy_from_user+0x30/0xf0
[  529.533818][T14125]  bpf_prog_load+0x1bc1/0x2660
[  529.535971][T14125]  ? __pfx_bpf_prog_load+0x10/0x10
[  529.538055][T14125]  ? avc_has_perm+0x11b/0x1c0
[  529.540141][T14125]  ? selinux_bpf+0xde/0x130
[  529.542166][T14125]  ? security_bpf+0x8c/0xc0
[  529.544164][T14125]  __sys_bpf+0x8e9/0x4a20
[  529.546089][T14125]  ? ksys_write+0x21c/0x260
[  529.548189][T14125]  ? reacquire_held_locks+0x3e0/0x4c0
[  529.551061][T14125]  ? __pfx___sys_bpf+0x10/0x10
[  529.553623][T14125]  ? vfs_write+0x14d/0x1140
[  529.555655][T14125]  ? __mutex_unlock_slowpath+0x164/0x650
[  529.558174][T14125]  ? fput+0x32/0x390
[  529.559936][T14125]  ? ksys_write+0x1ab/0x260
[  529.562018][T14125]  ? __pfx_ksys_write+0x10/0x10
[  529.564182][T14125]  __x64_sys_bpf+0x78/0xc0
[  529.566158][T14125]  ? lockdep_hardirqs_on+0x7c/0x110
[  529.568528][T14125]  do_syscall_64+0xcd/0x250
[  529.570643][T14125]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  529.573288][T14125] RIP: 0033:0x7fc91bf75b59
[  529.575274][T14125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  529.583595][T14125] RSP: 002b:00007fc91cd63048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  529.587248][T14125] RAX: ffffffffffffffda RBX: 00007fc91c105f60 RCX: 00007fc91bf75b59
[  529.590488][T14125] RDX: 0000000000000048 RSI: 0000000020000100 RDI: 0000000000000005
[  529.593502][T14125] RBP: 00007fc91cd630a0 R08: 0000000000000000 R09: 0000000000000000
[  529.596990][T14125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  529.600450][T14125] R13: 000000000000000b R14: 00007fc91c105f60 R15: 00007ffe901a7938
[  529.603873][T14125]  </TASK>
[  529.605413][    C3] vkms_vblank_simulate: vblank timer overrun
[  529.833832][    C3] vkms_vblank_simulate: vblank timer overrun
[  531.576253][T14141] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2984'.
[  531.648391][T14142] netlink: 'syz.0.2983': attribute type 1 has an invalid length.
[  531.937985][  T824] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  532.127949][  T824] usb 5-1: Using ep0 maxpacket: 8
[  532.139643][  T824] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  532.144230][  T824] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  532.149716][  T824] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  532.154312][  T824] usb 5-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  532.161847][  T824] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  532.166208][  T824] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.176178][  T824] usbtmc 5-1:16.0: bulk endpoints not found
[  532.380686][ T5288] usb 5-1: USB disconnect, device number 49
[  532.504714][T14150] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  532.965748][T14152] netlink: 4848 bytes leftover after parsing attributes in process `syz.0.2987'.
[  532.979849][T14152] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2987'.
[  533.064177][T14154] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2988'.
[  533.934376][T14161] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2990'.
[  534.858135][T14172] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2994'.
[  535.228291][T14177] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2995'.
[  535.777381][T14179] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2996'.
[  535.782593][   T39] audit: type=1400 audit(1721629196.404:600): avc:  denied  { unmount } for  pid=8858 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  535.912643][T14183] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  536.397933][ T5224] Bluetooth: hci0: command 0x206a tx timeout
[  536.397983][ T5228] Bluetooth: hci0: Opcode 0x206a failed: -110
[  537.100011][ T5228] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3
[  537.760218][T14201] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3004'.
[  538.028073][   T10] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  538.219551][   T10] usb 5-1: Using ep0 maxpacket: 8
[  538.224290][   T10] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  538.232613][   T10] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[  538.237121][   T10] usb 5-1: config 246 has 0 interfaces, different from the descriptor's value: 42
[  538.245032][   T10] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  538.248840][   T10] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[  538.253993][   T10] usb 5-1: config 246 has 0 interfaces, different from the descriptor's value: 42
[  538.262540][   T10] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  538.266658][   T10] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[  538.272243][   T10] usb 5-1: config 246 has 0 interfaces, different from the descriptor's value: 42
[  538.280163][   T10] usb 5-1: string descriptor 0 read error: -22
[  538.285730][   T10] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  538.295329][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  538.512289][   T10] usb 5-1: USB disconnect, device number 50
[  539.135665][T14220] Cannot find set identified by id 498 to match
[  539.281951][   T39] audit: type=1400 audit(1721629199.904:601): avc:  denied  { mount } for  pid=14219 comm="syz.0.3009" name="/" dev="ramfs" ino=51376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  539.335473][ T5224] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  539.343350][ T5224] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  539.349420][ T5224] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  539.351850][   T39] audit: type=1400 audit(1721629199.974:602): avc:  denied  { mount } for  pid=14219 comm="syz.0.3009" name="/" dev="autofs" ino=50624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  539.373265][ T5224] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  539.374606][   T39] audit: type=1400 audit(1721629199.974:603): avc:  denied  { read } for  pid=14219 comm="syz.0.3009" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  539.390482][ T5224] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  539.394330][ T5224] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  539.418241][   T39] audit: type=1400 audit(1721629199.974:604): avc:  denied  { open } for  pid=14219 comm="syz.0.3009" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  539.441052][   T39] audit: type=1400 audit(1721629199.984:605): avc:  denied  { ioctl } for  pid=14219 comm="syz.0.3009" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x937c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  539.513780][   T39] audit: type=1400 audit(1721629200.134:606): avc:  denied  { unmount } for  pid=10927 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  539.540906][   T39] audit: type=1400 audit(1721629200.154:607): avc:  denied  { unmount } for  pid=10927 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  539.665801][   T39] audit: type=1400 audit(1721629200.284:608): avc:  denied  { module_request } for  pid=14222 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  539.706116][   T39] audit: type=1400 audit(1721629200.304:609): avc:  denied  { listen } for  pid=14225 comm="syz.0.3011" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  539.714793][T14222] chnl_net:caif_netlink_parms(): no params data found
[  539.784862][T14233] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  539.859234][T14222] bridge0: port 1(bridge_slave_0) entered blocking state
[  539.861978][T14222] bridge0: port 1(bridge_slave_0) entered disabled state
[  539.865442][T14222] bridge_slave_0: entered allmulticast mode
[  539.872357][T14222] bridge_slave_0: entered promiscuous mode
[  539.877737][T14222] bridge0: port 2(bridge_slave_1) entered blocking state
[  539.881101][T14222] bridge0: port 2(bridge_slave_1) entered disabled state
[  539.884516][T14222] bridge_slave_1: entered allmulticast mode
[  539.892574][T14222] bridge_slave_1: entered promiscuous mode
[  539.961035][T14222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  539.967927][   T35] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  539.972571][T14222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  540.040366][T14222] team0: Port device team_slave_0 added
[  540.047395][T14222] team0: Port device team_slave_1 added
[  540.107235][T14222] batman_adv: batadv0: Adding interface: batadv_slave_0
[  540.110406][T14222] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  540.122019][T14222] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  540.128455][T14222] batman_adv: batadv0: Adding interface: batadv_slave_1
[  540.131356][T14222] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  540.145290][T14222] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  540.173671][   T35] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  540.179898][   T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  540.187865][   T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  540.192710][   T35] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  540.197764][   T35] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  540.201823][   T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  540.212263][   T35] usb 5-1: config 0 descriptor??
[  540.215247][T14230] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  540.231855][T14222] hsr_slave_0: entered promiscuous mode
[  540.253235][T14222] hsr_slave_1: entered promiscuous mode
[  540.267716][T14222] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  540.273031][T14222] Cannot create hsr debugfs directory
[  540.582908][T14222] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  540.632914][   T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  540.636434][   T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  540.640127][   T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  540.643457][   T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  540.646556][   T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  540.650551][   T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  540.653827][   T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  540.657685][   T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  540.661850][   T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  540.665211][   T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  540.668640][   T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  540.673028][   T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  540.675919][   T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  540.680267][   T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  540.683519][   T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  540.687456][   T35] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving
[  540.694235][   T35] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  540.701450][T14222] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  540.810561][T14222] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  540.898995][T14222] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  540.901821][ T5288] usb 5-1: USB disconnect, device number 51
[  541.057115][T14222] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  541.064373][T14222] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  541.077030][T14222] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  541.083009][T14222] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  541.203871][T14222] 8021q: adding VLAN 0 to HW filter on device bond0
[  541.244069][T14222] 8021q: adding VLAN 0 to HW filter on device team0
[  541.274047][  T824] bridge0: port 1(bridge_slave_0) entered blocking state
[  541.278325][  T824] bridge0: port 1(bridge_slave_0) entered forwarding state
[  541.289939][  T824] bridge0: port 2(bridge_slave_1) entered blocking state
[  541.293933][  T824] bridge0: port 2(bridge_slave_1) entered forwarding state
[  541.438177][ T5224] Bluetooth: hci5: command tx timeout
[  541.538210][T14245] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3015'.
[  541.570396][T14222] 8021q: adding VLAN 0 to HW filter on device batadv0
[  541.630600][T14222] veth0_vlan: entered promiscuous mode
[  541.644016][T14222] veth1_vlan: entered promiscuous mode
[  541.685587][T14222] veth0_macvtap: entered promiscuous mode
[  541.693176][T14222] veth1_macvtap: entered promiscuous mode
[  541.709935][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  541.714385][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  541.719541][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  541.723889][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  541.727945][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  541.732468][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  541.737212][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  541.741695][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  541.747201][T14222] batman_adv: batadv0: Interface activated: batadv_slave_0
[  541.756622][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  541.762219][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  541.766459][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  541.778247][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  541.782655][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  541.787407][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  541.791825][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  541.796090][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  541.803599][T14222] batman_adv: batadv0: Interface activated: batadv_slave_1
[  541.810680][T14222] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  541.814662][T14222] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  541.818546][T14222] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  541.822383][T14222] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  541.908708][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  541.914341][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  541.940788][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  541.945034][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  542.120147][T14253] wg1: entered promiscuous mode
[  542.330672][T14256] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3017'.
[  542.368887][T14258] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3018'.
[  543.250303][ T5288] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  543.356131][   T39] kauditd_printk_skb: 2 callbacks suppressed
[  543.356146][   T39] audit: type=1400 audit(1721629203.974:612): avc:  denied  { setopt } for  pid=14269 comm="syz.2.3022" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  543.367891][T14271] lo: entered allmulticast mode
[  543.396839][T14271] xt_HMARK: proto mask must be zero with L3 mode
[  543.428318][ T5288] usb 6-1: Using ep0 maxpacket: 32
[  543.432599][ T5288] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  543.436564][ T5288] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  543.453257][ T5288] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  543.464508][ T5288] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  543.471549][ T5288] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  543.475288][ T5288] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  543.482920][ T5288] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  543.486223][ T5288] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  543.496297][ T5288] usb 6-1: config 0 descriptor??
[  543.497605][   T39] audit: type=1400 audit(1721629204.114:613): avc:  denied  { map } for  pid=14267 comm="syz.0.3021" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  543.518157][ T5224] Bluetooth: hci5: command tx timeout
[  543.567309][   T39] audit: type=1400 audit(1721629204.114:614): avc:  denied  { execute } for  pid=14267 comm="syz.0.3021" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  543.771431][ T5288] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 39 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  543.786623][ T5288] usb 6-1: USB disconnect, device number 39
[  543.797123][ T5288] usblp0: removed
[  544.377924][ T5288] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  544.588183][ T5288] usb 6-1: Using ep0 maxpacket: 32
[  544.595917][ T5288] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  544.608031][ T5288] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  544.612835][ T5288] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  544.628618][ T5288] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  544.633380][ T5288] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  544.637537][ T5288] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  544.648177][ T5288] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  544.655662][ T5288] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.669610][ T5288] usb 6-1: config 0 descriptor??
[  544.915676][ T5288] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 40 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  544.916743][T14284] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3025'.
[  545.598044][ T5224] Bluetooth: hci5: command tx timeout
[  545.695847][T14291] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3028'.
[  545.893418][T14295] raw_sendmsg: syz.2.3029 forgot to set AF_INET. Fix it!
[  546.309928][  T825] usb 6-1: USB disconnect, device number 40
[  546.316645][  T825] usblp0: removed
[  546.404090][   T39] audit: type=1400 audit(1721629206.994:615): avc:  denied  { read write } for  pid=14299 comm="syz.2.3031" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  546.434845][   T39] audit: type=1400 audit(1721629206.994:616): avc:  denied  { ioctl open } for  pid=14299 comm="syz.2.3031" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  546.536157][ T5224] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3
[  546.798565][T14312] netdevsim netdevsim2: Direct firmware load for ng failed with error -2
[  546.807131][T14312] netdevsim netdevsim2: Falling back to sysfs fallback for: ng
[  547.461210][T14319] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3037'.
[  547.690894][ T5224] Bluetooth: hci5: command tx timeout
[  548.305709][ T5224] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3
[  548.563257][ T5224] Bluetooth: hci0: command 0x206a tx timeout
[  548.699007][T14350] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  550.235999][ T5224] Bluetooth: hci5: unexpected event 0x09 length: 17 > 3
[  550.241018][T14361] netlink: 'syz.0.3050': attribute type 1 has an invalid length.
[  550.369243][T14368] netdevsim netdevsim1: Direct firmware load for ng failed with error -2
[  550.370978][T14367] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3052'.
[  550.383118][T14368] netdevsim netdevsim1: Falling back to sysfs fallback for: ng
[  550.538469][  T825] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  550.738433][  T825] usb 5-1: Using ep0 maxpacket: 8
[  550.743635][  T825] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  550.758403][  T825] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  550.763007][  T825] usb 5-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  550.767642][  T825] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  550.773524][  T825] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  550.777485][  T825] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  550.787719][  T825] usbtmc 5-1:16.0: bulk endpoints not found
[  551.019123][  T825] usb 5-1: USB disconnect, device number 52
[  551.735515][T14383] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3056'.
[  551.932755][T14389] netlink: 4848 bytes leftover after parsing attributes in process `syz.2.3057'.
[  551.946175][T14389] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3057'.
[  552.238081][ T5224] Bluetooth: hci5: command tx timeout
[  552.417572][T14391] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3058'.
[  552.676247][ T5224] Bluetooth: hci5: ACL packet for unknown connection handle 0
[  552.775066][T14401] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3062'.
[  552.865622][T14406] netlink: 'syz.2.3064': attribute type 1 has an invalid length.
[  553.161901][ T5261] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  553.348235][ T5261] usb 7-1: Using ep0 maxpacket: 8
[  553.352958][ T5261] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  553.358425][ T5261] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  553.362841][ T5261] usb 7-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  553.367680][ T5261] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  553.404647][ T5261] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  553.408888][ T5261] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  553.467122][ T5261] usbtmc 7-1:16.0: bulk endpoints not found
[  553.668942][ T5288] usb 7-1: USB disconnect, device number 28
[  553.779255][T14414] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3066'.
[  553.847531][T14416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3067'.
[  553.879810][   T39] audit: type=1400 audit(1721629214.504:617): avc:  denied  { create } for  pid=14417 comm="syz.1.3068" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  554.287295][T14429] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3070'.
[  554.311642][T14431] netlink: 4848 bytes leftover after parsing attributes in process `syz.0.3071'.
[  555.408342][T14456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.822360][T14468] netlink: 'syz.2.3080': attribute type 1 has an invalid length.
[  557.128813][   T56] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  557.327861][   T56] usb 7-1: Using ep0 maxpacket: 8
[  557.339817][   T56] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  557.346901][   T56] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  557.352979][   T56] usb 7-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  557.358942][   T56] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  557.367587][   T56] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  557.371866][   T56] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  557.390839][   T56] usbtmc 7-1:16.0: bulk endpoints not found
[  557.613791][ T1405] usb 7-1: USB disconnect, device number 29
[  557.930030][T14476] __nla_validate_parse: 2 callbacks suppressed
[  557.930047][T14476] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3083'.
[  558.144104][T14480] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3084'.
[  561.567381][T14525] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3096'.
[  561.928186][ T1405] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  562.114294][ T1405] usb 5-1: Using ep0 maxpacket: 8
[  562.143443][ T1405] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  562.147543][ T1405] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[  562.152289][ T1405] usb 5-1: config 246 has 0 interfaces, different from the descriptor's value: 42
[  562.164207][ T1405] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  562.169479][ T1405] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[  562.174113][ T1405] usb 5-1: config 246 has 0 interfaces, different from the descriptor's value: 42
[  562.188335][ T1405] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  562.192363][ T1405] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[  562.196622][ T1405] usb 5-1: config 246 has 0 interfaces, different from the descriptor's value: 42
[  562.204408][ T1405] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  562.208555][ T1405] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  562.212281][ T1405] usb 5-1: Product: syz
[  562.214175][ T1405] usb 5-1: Manufacturer: syz
[  562.216325][ T1405] usb 5-1: SerialNumber: syz
[  562.419300][T14537] netlink: 4848 bytes leftover after parsing attributes in process `syz.2.3101'.
[  562.430399][T14537] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3101'.
[  562.443925][ T1405] usb 5-1: USB disconnect, device number 53
[  562.615949][   T39] audit: type=1400 audit(1721629223.234:618): avc:  denied  { unmount } for  pid=14222 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  563.122643][T14551] netdevsim netdevsim0: Direct firmware load for ng failed with error -2
[  563.128987][T14551] netdevsim netdevsim0: Falling back to sysfs fallback for: ng
[  563.317995][   T39] audit: type=1400 audit(1721629223.944:619): avc:  denied  { getopt } for  pid=14555 comm="syz.2.3107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  563.397520][ T5224] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3
[  564.570073][ T5224] Bluetooth: hci5: command tx timeout
[  564.806591][T14571] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3111'.
[  565.324991][T14579] netlink: 4848 bytes leftover after parsing attributes in process `syz.1.3114'.
[  565.330357][T14579] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3114'.
[  565.381774][T14581] FAULT_INJECTION: forcing a failure.
[  565.381774][T14581] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  565.387272][T14581] CPU: 3 PID: 14581 Comm: syz.1.3115 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  565.391286][T14581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  565.395968][T14581] Call Trace:
[  565.397391][T14581]  <TASK>
[  565.398650][T14581]  dump_stack_lvl+0x16c/0x1f0
[  565.400535][T14581]  should_fail_ex+0x497/0x5b0
[  565.402521][T14581]  _copy_from_user+0x30/0xf0
[  565.404471][T14581]  __do_sys_landlock_create_ruleset+0x1b3/0x410
[  565.407172][T14581]  ? ksys_write+0x1ab/0x260
[  565.409148][T14581]  ? __pfx___do_sys_landlock_create_ruleset+0x10/0x10
[  565.412186][T14581]  do_syscall_64+0xcd/0x250
[  565.414217][T14581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  565.416714][T14581] RIP: 0033:0x7fe7a6b75b59
[  565.418674][T14581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  565.426599][T14581] RSP: 002b:00007fe7a79d4048 EFLAGS: 00000246 ORIG_RAX: 00000000000001bc
[  565.430288][T14581] RAX: ffffffffffffffda RBX: 00007fe7a6d05f60 RCX: 00007fe7a6b75b59
[  565.433737][T14581] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000020000700
[  565.437168][T14581] RBP: 00007fe7a79d40a0 R08: 0000000000000000 R09: 0000000000000000
[  565.440604][T14581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  565.443607][T14581] R13: 000000000000000b R14: 00007fe7a6d05f60 R15: 00007ffce1802c48
[  565.446951][T14581]  </TASK>
[  565.510591][ T5224] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[  565.515024][ T5224] CPU: 2 PID: 5224 Comm: kworker/u33:3 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  565.519120][ T5224] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  565.530791][ T5224] Workqueue: hci5 hci_rx_work
[  565.532654][ T5224] Call Trace:
[  565.534009][ T5224]  <TASK>
[  565.535314][ T5224]  dump_stack_lvl+0x16c/0x1f0
[  565.537392][ T5224]  sysfs_warn_dup+0x7f/0xa0
[  565.539287][ T5224]  sysfs_create_dir_ns+0x24d/0x2b0
[  565.541359][ T5224]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  565.543710][ T5224]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  565.545973][ T5224]  ? do_raw_spin_unlock+0x172/0x230
[  565.548122][ T5224]  kobject_add_internal+0x2c8/0x990
[  565.550361][ T5224]  kobject_add+0x16f/0x240
[  565.552283][ T5224]  ? __pfx_kobject_add+0x10/0x10
[  565.554412][ T5224]  ? do_raw_spin_unlock+0x172/0x230
[  565.556600][ T5224]  ? kobject_put+0xbe/0x5b0
[  565.558597][ T5224]  device_add+0x289/0x1a70
[  565.560407][ T5224]  ? __pfx_dev_set_name+0x10/0x10
[  565.562533][ T5224]  ? __pfx_device_add+0x10/0x10
[  565.564516][ T5224]  hci_conn_add_sysfs+0x17e/0x230
[  565.566584][ T5224]  hci_conn_complete_evt+0x50e/0x1580
[  565.568747][ T5224]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  565.571402][ T5224]  ? __pfx_hci_conn_complete_evt+0x10/0x10
[  565.573963][ T5224]  ? __asan_memcpy+0x3c/0x60
[  565.575965][ T5224]  ? skb_pull_data+0x166/0x210
[  565.578092][ T5224]  hci_event_packet+0x9eb/0x1180
[  565.580190][ T5224]  ? __pfx_hci_conn_complete_evt+0x10/0x10
[  565.582675][ T5224]  ? __pfx_hci_event_packet+0x10/0x10
[  565.584986][ T5224]  ? mark_held_locks+0x9f/0xe0
[  565.587089][ T5224]  ? kcov_remote_start+0x3d1/0x6e0
[  565.589267][ T5224]  ? lockdep_hardirqs_on+0x7c/0x110
[  565.591606][ T5224]  hci_rx_work+0x2c6/0x1610
[  565.593552][ T5224]  process_one_work+0x9c5/0x1b40
[  565.595460][ T5224]  ? __pfx_lock_acquire+0x10/0x10
[  565.597384][ T5224]  ? __pfx_process_one_work+0x10/0x10
[  565.599376][ T5224]  ? assign_work+0x1a0/0x250
[  565.601098][ T5224]  worker_thread+0x6c8/0xf20
[  565.602832][ T5224]  ? __pfx_worker_thread+0x10/0x10
[  565.604758][ T5224]  kthread+0x2c1/0x3a0
[  565.606818][ T5224]  ? _raw_spin_unlock_irq+0x23/0x50
[  565.609282][ T5224]  ? __pfx_kthread+0x10/0x10
[  565.611195][ T5224]  ret_from_fork+0x45/0x80
[  565.613037][ T5224]  ? __pfx_kthread+0x10/0x10
[  565.615042][ T5224]  ret_from_fork_asm+0x1a/0x30
[  565.617313][ T5224]  </TASK>
[  565.628864][ T5224] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  565.638016][ T5224] Bluetooth: hci5: failed to register connection device
[  565.906692][T14589] overlayfs: failed to resolve './file1': -2
[  566.034365][T14592] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3120'.
[  566.308119][ T5261] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[  566.410854][T14597] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3121'.
[  566.497855][ T5261] usb 7-1: Using ep0 maxpacket: 8
[  566.501773][ T5261] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  566.505668][ T5261] usb 7-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[  566.510592][ T5261] usb 7-1: config 246 has 0 interfaces, different from the descriptor's value: 42
[  566.516090][ T5261] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  566.519863][ T5261] usb 7-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[  566.524148][ T5261] usb 7-1: config 246 has 0 interfaces, different from the descriptor's value: 42
[  566.535037][ T5261] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  566.538884][ T5261] usb 7-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[  566.542691][ T5261] usb 7-1: config 246 has 0 interfaces, different from the descriptor's value: 42
[  566.555294][ T5261] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  566.559441][ T5261] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  566.563353][ T5261] usb 7-1: Product: syz
[  566.565264][ T5261] usb 7-1: Manufacturer: syz
[  566.567462][ T5261] usb 7-1: SerialNumber: syz
[  566.798472][ T5224] Bluetooth: hci0: unexpected event for opcode 0x0c5b
[  566.798770][ T5261] usb 7-1: USB disconnect, device number 30
[  567.302439][T14604] netlink: 4848 bytes leftover after parsing attributes in process `syz.1.3123'.
[  567.307310][T14604] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3123'.
[  567.688388][ T5224] Bluetooth: hci5: command tx timeout
[  568.090389][T14619] overlayfs: failed to resolve './file1': -2
[  568.296194][ T5224] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3
[  568.307244][T14611] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  568.451001][T14626] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3131'.
[  568.644972][ T1359] ieee802154 phy0 wpan0: encryption failed: -22
[  568.649022][ T1359] ieee802154 phy1 wpan1: encryption failed: -22
[  569.517937][ T5224] Bluetooth: hci0: command 0x206a tx timeout
[  570.045726][T14649] overlayfs: failed to resolve './file1': -2
[  570.297918][T14652] netdevsim netdevsim3: Direct firmware load for ng failed with error -2
[  570.305200][T14652] netdevsim netdevsim3: Falling back to sysfs fallback for: ng
[  570.685775][T14656] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  570.759107][ T5224] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  570.764968][ T5224] CPU: 3 PID: 5224 Comm: kworker/u33:3 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  570.769205][ T5224] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  570.773757][ T5224] Workqueue: hci0 hci_rx_work
[  570.775868][ T5224] Call Trace:
[  570.777367][ T5224]  <TASK>
[  570.778825][ T5224]  dump_stack_lvl+0x16c/0x1f0
[  570.781269][ T5224]  sysfs_warn_dup+0x7f/0xa0
[  570.783421][ T5224]  sysfs_create_dir_ns+0x24d/0x2b0
[  570.785752][ T5224]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  570.788409][ T5224]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  570.791056][ T5224]  ? do_raw_spin_unlock+0x172/0x230
[  570.793872][ T5224]  kobject_add_internal+0x2c8/0x990
[  570.796662][ T5224]  kobject_add+0x16f/0x240
[  570.799642][ T5224]  ? __pfx_kobject_add+0x10/0x10
[  570.802185][ T5224]  ? do_raw_spin_unlock+0x172/0x230
[  570.805417][ T5224]  ? kobject_put+0xbe/0x5b0
[  570.807362][ T5224]  device_add+0x289/0x1a70
[  570.809379][ T5224]  ? __pfx_dev_set_name+0x10/0x10
[  570.811593][ T5224]  ? __pfx_device_add+0x10/0x10
[  570.813814][ T5224]  hci_conn_add_sysfs+0x17e/0x230
[  570.815930][ T5224]  hci_conn_complete_evt+0x50e/0x1580
[  570.818610][ T5224]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  570.821282][ T5224]  ? __pfx_hci_conn_complete_evt+0x10/0x10
[  570.824516][ T5224]  ? __asan_memcpy+0x3c/0x60
[  570.826730][ T5224]  ? skb_pull_data+0x166/0x210
[  570.828799][ T5224]  hci_event_packet+0x9eb/0x1180
[  570.831392][ T5224]  ? __pfx_hci_conn_complete_evt+0x10/0x10
[  570.834579][ T5224]  ? __pfx_hci_event_packet+0x10/0x10
[  570.837580][ T5224]  ? mark_held_locks+0x9f/0xe0
[  570.840553][ T5224]  ? kcov_remote_start+0x3d1/0x6e0
[  570.843908][ T5224]  ? lockdep_hardirqs_on+0x7c/0x110
[  570.847487][ T5224]  hci_rx_work+0x2c6/0x1610
[  570.850126][ T5224]  process_one_work+0x9c5/0x1b40
[  570.853090][ T5224]  ? __pfx_lock_acquire+0x10/0x10
[  570.855454][ T5224]  ? __pfx_process_one_work+0x10/0x10
[  570.858183][ T5224]  ? assign_work+0x1a0/0x250
[  570.860625][ T5224]  worker_thread+0x6c8/0xf20
[  570.863057][ T5224]  ? __pfx_worker_thread+0x10/0x10
[  570.865489][ T5224]  kthread+0x2c1/0x3a0
[  570.867477][ T5224]  ? _raw_spin_unlock_irq+0x23/0x50
[  570.869814][ T5224]  ? __pfx_kthread+0x10/0x10
[  570.871880][ T5224]  ret_from_fork+0x45/0x80
[  570.874065][ T5224]  ? __pfx_kthread+0x10/0x10
[  570.876629][ T5224]  ret_from_fork_asm+0x1a/0x30
[  570.879017][ T5224]  </TASK>
[  570.883747][ T5224] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  570.893367][ T5224] Bluetooth: hci0: failed to register connection device
[  570.897415][ T5224] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  570.902456][ T5224] Bluetooth: hci0: Injecting HCI hardware error event
[  570.907262][ T5224] Bluetooth: hci0: hardware error 0x00
[  571.689868][T14662] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3141'.
[  572.579077][ T5228] Bluetooth: hci5: unexpected event 0x09 length: 17 > 3
[  572.957965][ T5288] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  573.042074][ T5224] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  573.158770][ T5288] usb 5-1: config 0 has an invalid interface number: 76 but max is 3
[  573.162668][ T5288] usb 5-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  573.166549][ T5288] usb 5-1: config 0 has an invalid interface number: 12 but max is 3
[  573.176462][ T5288] usb 5-1: config 0 has an invalid interface number: 63 but max is 3
[  573.181932][ T5288] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  573.190420][ T5288] usb 5-1: config 0 has 3 interfaces, different from the descriptor's value: 4
[  573.196968][ T5288] usb 5-1: config 0 has no interface number 0
[  573.206442][ T5288] usb 5-1: config 0 has no interface number 1
[  573.211225][ T5288] usb 5-1: config 0 has no interface number 2
[  573.215139][ T5288] usb 5-1: config 0 interface 76 altsetting 8 endpoint 0xE has an invalid bInterval 116, changing to 10
[  573.222783][ T5288] usb 5-1: config 0 interface 76 altsetting 8 endpoint 0x1 has an invalid bInterval 143, changing to 7
[  573.234082][ T5288] usb 5-1: config 0 interface 76 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  573.239995][ T5288] usb 5-1: config 0 interface 76 altsetting 8 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  573.244594][ T5288] usb 5-1: config 0 interface 76 altsetting 8 has 7 endpoint descriptors, different from the interface descriptor's value: 13
[  573.258093][ T5288] usb 5-1: too many endpoints for config 0 interface 12 altsetting 58: 40, using maximum allowed: 30
[  573.262603][ T5288] usb 5-1: config 0 interface 12 altsetting 58 has a duplicate endpoint with address 0x1, skipping
[  573.270953][ T5288] usb 5-1: config 0 interface 12 altsetting 58 endpoint 0x8 has an invalid bInterval 127, changing to 7
[  573.286186][ T5288] usb 5-1: config 0 interface 12 altsetting 58 has a duplicate endpoint with address 0xC, skipping
[  573.292857][ T5288] usb 5-1: config 0 interface 12 altsetting 58 has 6 endpoint descriptors, different from the interface descriptor's value: 40
[  573.307835][ T5288] usb 5-1: config 0 interface 63 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 6
[  573.346434][ T5288] usb 5-1: config 0 interface 76 has no altsetting 0
[  573.365900][ T5288] usb 5-1: config 0 interface 12 has no altsetting 0
[  573.372715][ T5288] usb 5-1: Dual-Role OTG device on HNP port
[  573.376434][ T5288] usb 5-1: New USB device found, idVendor=17a8, idProduct=0013, bcdDevice=8e.a6
[  573.382232][ T5288] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  573.386449][ T5288] usb 5-1: Product: syz
[  573.389316][ T5288] usb 5-1: Manufacturer: syz
[  573.392866][ T5288] usb 5-1: SerialNumber: syz
[  573.449575][ T5288] usb 5-1: config 0 descriptor??
[  573.460784][ T5288] cp210x 5-1:0.76: cp210x converter detected
[  573.695177][T14682] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  573.701165][T14682] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  573.710809][T14682] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  573.717048][T14682] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  573.827940][ T5288] cp210x 5-1:0.76: failed to get vendor val 0x370b size 1: -71
[  573.831263][ T5288] cp210x 5-1:0.76: querying part number failed
[  573.841760][ T5288] usb 5-1: cp210x converter now attached to ttyUSB0
[  573.883035][ T5288] cp210x 5-1:0.12: cp210x converter detected
[  573.892967][ T5288] cp210x 5-1:0.12: failed to get vendor val 0x370b size 1: -71
[  573.915816][ T5288] cp210x 5-1:0.12: querying part number failed
[  573.937934][ T5288] usb 5-1: cp210x converter now attached to ttyUSB1
[  573.962293][ T5288] cp210x 5-1:0.63: cp210x converter detected
[  573.970780][ T5288] cp210x 5-1:0.63: failed to get vendor val 0x370b size 1: -71
[  573.987841][ T5288] cp210x 5-1:0.63: querying part number failed
[  573.992843][ T5288] usb 5-1: cp210x converter now attached to ttyUSB2
[  574.008743][ T5288] usb 5-1: USB disconnect, device number 54
[  574.018460][ T5288] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  574.022575][ T5288] cp210x 5-1:0.76: device disconnected
[  574.044862][ T5288] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1
[  574.051508][ T5288] cp210x 5-1:0.12: device disconnected
[  574.059684][ T5288] cp210x ttyUSB2: cp210x converter now disconnected from ttyUSB2
[  574.065290][ T5288] cp210x 5-1:0.63: device disconnected
[  574.189187][ T5224] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection
[  574.569166][ T5224] Bluetooth: hci5: ACL packet for unknown connection handle 0
[  574.972939][   T39] audit: type=1400 audit(1721629235.594:620): avc:  denied  { unmount } for  pid=10927 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  575.091793][T14705] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3155'.
[  575.947572][T14715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3159'.
[  577.118059][T14724] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  578.305712][T14733] netdevsim netdevsim0: Direct firmware load for ng failed with error -2
[  578.310270][T14733] netdevsim netdevsim0: Falling back to sysfs fallback for: ng
[  578.867342][T14743] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3167'.
[  579.536406][T14747] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3168'.
[  580.393716][T14762] overlayfs: failed to resolve './file0': -2
[  580.768650][T14767] FAULT_INJECTION: forcing a failure.
[  580.768650][T14767] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  580.776400][T14767] CPU: 0 PID: 14767 Comm: syz.1.3174 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  580.781083][T14767] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  580.785642][T14767] Call Trace:
[  580.787136][T14767]  <TASK>
[  580.788488][T14767]  dump_stack_lvl+0x16c/0x1f0
[  580.790892][T14767]  should_fail_ex+0x497/0x5b0
[  580.793324][T14767]  _copy_from_user+0x30/0xf0
[  580.795739][T14767]  kstrtouint_from_user+0xd7/0x1c0
[  580.798449][T14767]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  580.801188][T14767]  ? __pfx_lock_acquire+0x10/0x10
[  580.803476][T14767]  proc_fail_nth_write+0x84/0x270
[  580.805764][T14767]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  580.808114][T14767]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  580.810756][T14767]  vfs_write+0x29a/0x1140
[  580.812629][T14767]  ? __fdget_pos+0xeb/0x180
[  580.814579][T14767]  ? __pfx_vfs_write+0x10/0x10
[  580.816665][T14767]  ? __pfx___mutex_lock+0x10/0x10
[  580.819073][T14767]  ? __fget_files+0x256/0x400
[  580.821177][T14767]  ksys_write+0x12f/0x260
[  580.823267][T14767]  ? __pfx_ksys_write+0x10/0x10
[  580.825470][T14767]  do_syscall_64+0xcd/0x250
[  580.827621][T14767]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.830503][T14767] RIP: 0033:0x7fe7a6b746df
[  580.832655][T14767] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48
[  580.842209][T14767] RSP: 002b:00007fe7a7892040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  580.846188][T14767] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe7a6b746df
[  580.849437][T14767] RDX: 0000000000000001 RSI: 00007fe7a78920b0 RDI: 0000000000000007
[  580.852679][T14767] RBP: 00007fe7a78920a0 R08: 0000000000000000 R09: 0000000000000000
[  580.855718][T14767] R10: 000000000000019e R11: 0000000000000293 R12: 0000000000000001
[  580.859232][T14767] R13: 000000000000006e R14: 00007fe7a6d06038 R15: 00007ffce1802c48
[  580.862999][T14767]  </TASK>
[  580.939262][T14769] syz.2.3175 uses obsolete (PF_INET,SOCK_PACKET)
[  581.298893][T14773] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3178'.
[  581.532938][T14784] netdevsim netdevsim2: Direct firmware load for ng failed with error -2
[  581.556944][T14784] netdevsim netdevsim2: Falling back to sysfs fallback for: ng
[  581.626664][   T39] audit: type=1400 audit(1721629242.244:621): avc:  denied  { setopt } for  pid=14778 comm="syz.3.3180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  581.642569][   T39] audit: type=1400 audit(1721629242.244:622): avc:  denied  { bind } for  pid=14778 comm="syz.3.3180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  582.213640][T14788] overlayfs: failed to resolve './file0': -2
[  582.662269][T14793] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3180'.
[  582.668980][T14793] netlink: 332 bytes leftover after parsing attributes in process `syz.3.3180'.
[  582.673644][T14793] netlink: 652 bytes leftover after parsing attributes in process `syz.3.3180'.
[  582.679577][T14793] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3180'.
[  582.735237][T14795] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3184'.
[  582.848760][T14798] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3185'.
[  583.564602][T14811] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3189'.
[  583.624884][T14813] overlayfs: failed to resolve './file0': -2
[  583.713364][ T5224] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection
[  583.974044][T14820] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3192'.
[  584.052490][T14824] Bluetooth: MGMT ver 1.23
[  584.131932][T14824] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3193'.
[  584.157979][   T39] audit: type=1400 audit(1721629244.784:623): avc:  denied  { connect } for  pid=14822 comm="syz.1.3193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  584.268320][T14826] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3194'.
[  584.411965][ T5224] Bluetooth: hci5: unexpected event 0x09 length: 17 > 3
[  584.755047][T14833] netdevsim netdevsim1: Direct firmware load for ng failed with error -2
[  584.791988][T14833] netdevsim netdevsim1: Falling back to sysfs fallback for: ng
[  584.857316][T14837] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3198'.
[  584.934360][ T1093] bridge_slave_1: left allmulticast mode
[  584.939064][ T1093] bridge_slave_1: left promiscuous mode
[  584.944086][ T1093] bridge0: port 2(bridge_slave_1) entered disabled state
[  584.961422][ T1093] bridge_slave_0: left allmulticast mode
[  584.964209][ T1093] bridge_slave_0: left promiscuous mode
[  584.966979][ T1093] bridge0: port 1(bridge_slave_0) entered disabled state
[  585.506451][T14844] overlayfs: failed to resolve './file1': -2
[  585.596746][ T1093] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  585.604754][ T1093] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  585.640222][ T1093] bond0 (unregistering): Released all slaves
[  586.388512][ T1093] hsr_slave_0: left promiscuous mode
[  586.394417][ T1093] hsr_slave_1: left promiscuous mode
[  586.447557][ T1093] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  586.452104][ T1093] batman_adv: batadv0: Removing interface: batadv_slave_0
[  586.476456][ T1093] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  586.481860][ T1093] batman_adv: batadv0: Removing interface: batadv_slave_1
[  586.488463][ T5224] Bluetooth: hci5: command tx timeout
[  586.563142][ T1093] veth1_macvtap: left promiscuous mode
[  586.565757][ T1093] veth0_macvtap: left promiscuous mode
[  586.568413][ T1093] veth1_vlan: left promiscuous mode
[  586.570504][ T1093] veth0_vlan: left promiscuous mode
[  586.996924][T14860] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3204'.
[  588.636430][ T1093] team0 (unregistering): Port device team_slave_1 removed
[  588.764554][ T1093] team0 (unregistering): Port device team_slave_0 removed
[  589.851985][T14877] overlayfs: failed to resolve './file1': -2
[  589.925220][T14881] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3209'.
[  589.952263][T14882] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14882 comm=syz.2.3210
[  590.862128][T14900] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3215'.
[  591.281049][   T39] audit: type=1400 audit(1721629251.904:624): avc:  denied  { view } for  pid=14903 comm="syz.2.3216" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  591.781539][T14911] overlayfs: failed to resolve './file1': -2
[  592.543368][ T5224] Bluetooth: hci5: unexpected event 0x09 length: 17 > 3
[  592.646953][T14917] netdevsim netdevsim1: Direct firmware load for ng failed with error -2
[  592.656582][T14917] netdevsim netdevsim1: Falling back to sysfs fallback for: ng
[  592.793400][T14922] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  592.796440][T14922] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  592.803419][T14922] vhci_hcd vhci_hcd.0: Device attached
[  592.811417][   T39] audit: type=1400 audit(1721629253.434:625): avc:  denied  { connect } for  pid=14919 comm="syz.0.3221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  592.821723][T14923] vhci_hcd: cannot find a urb of seqnum 3 max seqnum 0
[  592.840030][   T45] vhci_hcd: stop threads
[  592.842182][   T45] vhci_hcd: release socket
[  592.844292][   T45] vhci_hcd: disconnect device
[  592.854545][T14922] tmpfs: Unknown parameter 'usrquotae'
[  592.901315][T14932] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3222'.
[  593.067829][    C2] vkms_vblank_simulate: vblank timer overrun
[  593.643219][T14936] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3224'.
[  593.647542][T14936] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3224'.
[  593.771816][T14943] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3226'.
[  593.824815][T14941] 
[  593.825938][T14941] ======================================================
[  593.829010][T14941] WARNING: possible circular locking dependency detected
[  593.832165][T14941] 6.10.0-syzkaller-11323-g7846b618e0a4 #0 Not tainted
[  593.836165][T14941] ------------------------------------------------------
[  593.840186][T14941] syz.3.3227/14941 is trying to acquire lock:
[  593.842823][T14941] ffff88806b038aa0 (lock#11){+.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x7f/0x790
[  593.847328][T14941] 
[  593.847328][T14941] but task is already holding lock:
[  593.850429][T14941] ffff88806b03ec98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  593.854386][T14941] 
[  593.854386][T14941] which lock already depends on the new lock.
[  593.854386][T14941] 
[  593.858705][T14941] 
[  593.858705][T14941] the existing dependency chain (in reverse order) is:
[  593.862260][T14941] 
[  593.862260][T14941] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  593.865225][T14941]        _raw_spin_lock_nested+0x31/0x40
[  593.866986][T14941]        raw_spin_rq_lock_nested+0x29/0x130
[  593.869228][T14941]        task_fork_fair+0x73/0x250
[  593.871337][T14941]        sched_cgroup_fork+0x3cf/0x510
[  593.873617][T14941]        copy_process+0x43a1/0x8de0
[  593.875843][T14941]        kernel_clone+0xfd/0x980
[  593.877757][T14941]        user_mode_thread+0xb4/0xf0
[  593.879757][T14941]        rest_init+0x23/0x2b0
[  593.881580][T14941]        start_kernel+0x3df/0x4c0
[  593.883503][T14941]        x86_64_start_reservations+0x18/0x30
[  593.886055][T14941]        x86_64_start_kernel+0xb2/0xc0
[  593.888440][T14941]        common_startup_64+0x13e/0x148
[  593.890770][T14941] 
[  593.890770][T14941] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  593.893902][T14941]        _raw_spin_lock_irqsave+0x3a/0x60
[  593.896329][T14941]        try_to_wake_up+0x9a/0x13e0
[  593.898646][T14941]        __rcu_read_unlock+0x24c/0x580
[  593.900981][T14941]        __mmap_lock_do_trace_acquire_returned+0x262/0x790
[  593.904011][T14941]        lock_mm_and_find_vma+0xeb/0x6a0
[  593.906368][T14941]        do_user_addr_fault+0x2b5/0x13f0
[  593.908624][T14941]        exc_page_fault+0x5c/0xc0
[  593.910764][T14941]        asm_exc_page_fault+0x26/0x30
[  593.912938][T14941]        _copy_to_iter+0x4cd/0x1140
[  593.915155][T14941]        copy_page_to_iter+0xf1/0x180
[  593.917901][T14941]        process_vm_rw_core.constprop.0+0x5c9/0xa10
[  593.921015][T14941]        process_vm_rw+0x301/0x360
[  593.923273][T14941]        __x64_sys_process_vm_readv+0xe2/0x1c0
[  593.925956][T14941]        do_syscall_64+0xcd/0x250
[  593.928108][T14941]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  593.930837][T14941] 
[  593.930837][T14941] -> #0 (lock#11){+.+.}-{2:2}:
[  593.933739][T14941]        __lock_acquire+0x24ed/0x3cb0
[  593.936048][T14941]        lock_acquire+0x1b1/0x560
[  593.938210][T14941]        __mmap_lock_do_trace_acquire_returned+0x97/0x790
[  593.941205][T14941]        stack_map_get_build_id_offset+0x5d9/0x7c0
[  593.943962][T14941]        __bpf_get_stack+0x6bf/0x700
[  593.946235][T14941]        bpf_get_stack_raw_tp+0x124/0x160
[  593.948660][T14941]        ___bpf_prog_run+0x3e51/0xabd0
[  593.951042][T14941]        __bpf_prog_run32+0xc1/0x100
[  593.953392][T14941]        bpf_trace_run2+0x231/0x590
[  593.955626][T14941]        __bpf_trace_tlb_flush+0xd2/0x110
[  593.957812][T14941]        trace_tlb_flush+0xf3/0x170
[  593.959824][T14941]        switch_mm_irqs_off+0x697/0xbb0
[  593.961959][T14941]        __schedule+0xc4d/0x5490
[  593.963822][T14941]        schedule+0xe7/0x350
[  593.965642][T14941]        futex_wait_queue+0xfc/0x1f0
[  593.967851][T14941]        __futex_wait+0x291/0x3c0
[  593.970131][T14941]        futex_wait+0xe9/0x380
[  593.972835][T14941]        do_futex+0x22b/0x350
[  593.975023][T14941]        __x64_sys_futex+0x1e1/0x4c0
[  593.977331][T14941]        do_syscall_64+0xcd/0x250
[  593.979503][T14941]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  593.982170][T14941] 
[  593.982170][T14941] other info that might help us debug this:
[  593.982170][T14941] 
[  593.986502][T14941] Chain exists of:
[  593.986502][T14941]   lock#11 --> &p->pi_lock --> &rq->__lock
[  593.986502][T14941] 
[  593.991441][T14941]  Possible unsafe locking scenario:
[  593.991441][T14941] 
[  593.994690][T14941]        CPU0                    CPU1
[  593.997161][T14941]        ----                    ----
[  593.999512][T14941]   lock(&rq->__lock);
[  594.001455][T14941]                                lock(&p->pi_lock);
[  594.004296][T14941]                                lock(&rq->__lock);
[  594.007138][T14941]   lock(lock#11);
[  594.008756][T14941] 
[  594.008756][T14941]  *** DEADLOCK ***
[  594.008756][T14941] 
[  594.012031][T14941] 3 locks held by syz.3.3227/14941:
[  594.014057][T14941]  #0: ffff88806b03ec98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  594.017956][T14941]  #1: ffffffff8dbb49e0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1c2/0x590
[  594.022114][T14941]  #2: ffff88802f667398 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x1e8/0x7c0
[  594.026974][T14941] 
[  594.026974][T14941] stack backtrace:
[  594.029649][T14941] CPU: 0 PID: 14941 Comm: syz.3.3227 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
[  594.034194][T14941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  594.038916][T14941] Call Trace:
[  594.040389][T14941]  <TASK>
[  594.041706][T14941]  dump_stack_lvl+0x116/0x1f0
[  594.043771][T14941]  check_noncircular+0x31a/0x400
[  594.045980][T14941]  ? __pfx_check_noncircular+0x10/0x10
[  594.048485][T14941]  ? lockdep_lock+0xc6/0x200
[  594.050639][T14941]  ? __pfx_lockdep_lock+0x10/0x10
[  594.052932][T14941]  __lock_acquire+0x24ed/0x3cb0
[  594.055140][T14941]  ? __pfx___lock_acquire+0x10/0x10
[  594.057513][T14941]  ? lock_acquire+0x1b1/0x560
[  594.059439][T14941]  lock_acquire+0x1b1/0x560
[  594.061222][T14941]  ? __mmap_lock_do_trace_acquire_returned+0x7f/0x790
[  594.063834][T14941]  ? __pfx_lock_acquire+0x10/0x10
[  594.065808][T14941]  ? kvm_guest_state+0xfa/0x160
[  594.067700][T14941]  ? perf_callchain_user+0x21c/0xa20
[  594.070125][T14941]  ? down_read_trylock+0x1ed/0x3f0
[  594.072545][T14941]  ? stack_map_get_build_id_offset+0x1e8/0x7c0
[  594.075248][T14941]  __mmap_lock_do_trace_acquire_returned+0x97/0x790
[  594.078196][T14941]  ? __mmap_lock_do_trace_acquire_returned+0x7f/0x790
[  594.081254][T14941]  ? __pfx_get_perf_callchain+0x10/0x10
[  594.083650][T14941]  stack_map_get_build_id_offset+0x5d9/0x7c0
[  594.086153][T14941]  ? hlock_class+0x4e/0x130
[  594.088271][T14941]  __bpf_get_stack+0x6bf/0x700
[  594.090507][T14941]  ? __pfx___bpf_get_stack+0x10/0x10
[  594.092820][T14941]  bpf_get_stack_raw_tp+0x124/0x160
[  594.095178][T14941]  ? __pfx_bpf_get_stack_raw_tp+0x10/0x10
[  594.097790][T14941]  ___bpf_prog_run+0x3e51/0xabd0
[  594.100046][T14941]  ? __lock_acquire+0x1620/0x3cb0
[  594.102287][T14941]  __bpf_prog_run32+0xc1/0x100
[  594.104414][T14941]  ? __pfx___bpf_prog_run32+0x10/0x10
[  594.106696][T14941]  ? __pfx_lock_acquire+0x10/0x10
[  594.108665][T14941]  ? __pfx___cant_migrate+0x10/0x10
[  594.110682][T14941]  bpf_trace_run2+0x231/0x590
[  594.112497][T14941]  ? __pfx_bpf_trace_run2+0x10/0x10
[  594.114501][T14941]  ? find_held_lock+0x2d/0x110
[  594.116378][T14941]  ? psi_task_switch+0x2d9/0x900
[  594.118648][T14941]  __bpf_trace_tlb_flush+0xd2/0x110
[  594.121027][T14941]  ? __pfx___bpf_trace_tlb_flush+0x10/0x10
[  594.123623][T14941]  ? __phys_addr+0xc6/0x150
[  594.125724][T14941]  trace_tlb_flush+0xf3/0x170
[  594.127813][T14941]  switch_mm_irqs_off+0x697/0xbb0
[  594.130036][T14941]  __schedule+0xc4d/0x5490
[  594.132087][T14941]  ? __pfx___lock_acquire+0x10/0x10
[  594.134601][T14941]  ? __pfx___schedule+0x10/0x10
[  594.136759][T14941]  ? schedule+0x298/0x350
[  594.138693][T14941]  ? __pfx_lock_release+0x10/0x10
[  594.140868][T14941]  ? plist_check_prev_next+0x12a/0x1a0
[  594.143253][T14941]  ? futex_wait_queue+0x41/0x1f0
[  594.145376][T14941]  schedule+0xe7/0x350
[  594.147144][T14941]  futex_wait_queue+0xfc/0x1f0
[  594.149314][T14941]  __futex_wait+0x291/0x3c0
[  594.151766][T14941]  ? __pfx___futex_wait+0x10/0x10
[  594.153967][T14941]  ? try_to_wake_up+0x14b/0x13e0
[  594.156134][T14941]  ? __pfx_futex_wake_mark+0x10/0x10
[  594.158491][T14941]  futex_wait+0xe9/0x380
[  594.160434][T14941]  ? __pfx_futex_wait+0x10/0x10
[  594.162614][T14941]  ? __schedule+0xe3f/0x5490
[  594.164666][T14941]  do_futex+0x22b/0x350
[  594.166528][T14941]  ? __pfx_do_futex+0x10/0x10
[  594.168643][T14941]  __x64_sys_futex+0x1e1/0x4c0
[  594.170680][T14941]  ? __pfx___x64_sys_futex+0x10/0x10
[  594.172720][T14941]  do_syscall_64+0xcd/0x250
[  594.174583][T14941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  594.177316][T14941] RIP: 0033:0x7f2754975b59
[  594.180265][T14941] Code: Unable to access opcode bytes at 0x7f2754975b2f.
[  594.184227][T14941] RSP: 002b:00007f27557040f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  594.188053][T14941] RAX: ffffffffffffffda RBX: 00007f2754b05f68 RCX: 00007f2754975b59
[  594.191411][T14941] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2754b05f68
[  594.194710][T14941] RBP: 00007f2754b05f60 R08: 00007f27557046c0 R09: 00007f27557046c0
[  594.197893][T14941] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2754b05f6c
[  594.201392][T14941] R13: 000000000000000b R14: 00007ffd7d591ce0 R15: 00007ffd7d591dc8
[  594.204837][T14941]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  594.558345][ T5224] Bluetooth: hci5: command tx timeout
[  594.845527][  T104] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.964290][  T104] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  595.015579][  T104] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  595.101538][  T104] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  595.209234][  T104] bridge_slave_1: left allmulticast mode
[  595.211542][  T104] bridge_slave_1: left promiscuous mode
[  595.214217][  T104] bridge0: port 2(bridge_slave_1) entered disabled state
[  595.219264][  T104] bridge_slave_0: left allmulticast mode
[  595.221808][  T104] bridge_slave_0: left promiscuous mode
[  595.224370][  T104] bridge0: port 1(bridge_slave_0) entered disabled state
[  595.397457][  T104] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  595.403685][  T104] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  595.408859][  T104] bond0 (unregistering): Released all slaves
[  595.820161][  T104] hsr_slave_0: left promiscuous mode
[  595.823301][  T104] hsr_slave_1: left promiscuous mode
[  595.826633][  T104] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  595.834739][  T104] batman_adv: batadv0: Removing interface: batadv_slave_0
[  595.840507][  T104] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  595.843748][  T104] batman_adv: batadv0: Removing interface: batadv_slave_1
[  595.849862][  T104] veth1_macvtap: left promiscuous mode
[  595.852261][  T104] veth0_macvtap: left promiscuous mode
[  595.854799][  T104] veth1_vlan: left promiscuous mode
[  595.857609][  T104] veth0_vlan: left promiscuous mode
[  596.105591][  T104] team0 (unregistering): Port device team_slave_1 removed
[  596.185567][  T104] team0 (unregistering): Port device team_slave_0 removed
[  597.004732][  T104] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.116769][  T104] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.205919][  T104] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.330848][  T104] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.464598][  T104] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.553220][  T104] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.637584][  T104] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.716038][  T104] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.823279][  T104] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.890567][  T104] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  597.995905][  T104] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  598.114408][  T104] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  598.222925][  T104] bridge_slave_1: left allmulticast mode
[  598.225616][  T104] bridge_slave_1: left promiscuous mode
[  598.229283][  T104] bridge0: port 2(bridge_slave_1) entered disabled state
[  598.234071][  T104] bridge_slave_0: left allmulticast mode
[  598.236039][  T104] bridge_slave_0: left promiscuous mode
[  598.238287][  T104] bridge0: port 1(bridge_slave_0) entered disabled state
[  598.935749][  T104] bond0 (unregistering): Released all slaves
[  598.953009][  T104] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  598.959532][  T104] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  598.967032][  T104] bond0 (unregistering): Released all slaves
[  599.091960][  T104] bond0 (unregistering): Released all slaves
[  599.202826][  T104] : left promiscuous mode
[  599.985257][  T104] hsr_slave_0: left promiscuous mode
[  599.988492][  T104] hsr_slave_1: left promiscuous mode
[  599.994370][  T104] hsr_slave_0: left promiscuous mode
[  599.997004][  T104] hsr_slave_1: left promiscuous mode
[  599.999944][  T104] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  600.003299][  T104] batman_adv: batadv0: Removing interface: batadv_slave_0
[  600.010795][  T104] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  600.014098][  T104] batman_adv: batadv0: Removing interface: batadv_slave_1
[  600.023184][  T104] hsr_slave_0: left promiscuous mode
[  600.026134][  T104] hsr_slave_1: left promiscuous mode
[  600.033318][  T104] veth1_macvtap: left promiscuous mode
[  600.035803][  T104] veth0_macvtap: left promiscuous mode
[  600.040062][  T104] veth1_vlan: left promiscuous mode
[  600.042469][  T104] veth0_vlan: left promiscuous mode
[  600.050239][  T104] veth1_macvtap: left promiscuous mode
[  600.052585][  T104] veth0_macvtap: left promiscuous mode
[  600.054904][  T104] veth1_vlan: left promiscuous mode
[  600.057439][  T104] veth0_vlan: left promiscuous mode
[  600.061645][  T104] veth1_macvtap: left promiscuous mode
[  600.064043][  T104] veth0_macvtap: left promiscuous mode
[  600.066586][  T104] veth1_vlan: left promiscuous mode
[  600.069006][  T104] veth0_vlan: left promiscuous mode
[  601.406868][  T104] team0 (unregistering): Port device team_slave_1 removed
[  601.461531][  T104] team0 (unregistering): Port device team_slave_0 removed

VM DIAGNOSIS:
06:20:54  Registers:
info registers vcpu 0

CPU#0
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff84fcdba0 RDI=ffffffff94e436e0 RBP=ffffffff94e436a0 RSP=ffffc9000413eb68
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=732d302e30312e36
R12=0000000000000000 R13=0000000000000020 R14=fffffbfff29c872e R15=dffffc0000000000
RIP=ffffffff84fcdbc7 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f27557046c0 ffffffff 00c00000
GS =0000 ffff88806b000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=0000000057e2a000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fff00000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000300000016
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e4337
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e4344
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e433e
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e4352
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e43d8
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e44b6
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 2323232323232323 2323232323232323
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000003130302f 3630302f6273752f 7375622f7665642f
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000001213130c 1513130c4150560c 5056410c5546470c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000080010003 RBX=0000000000000003 RCX=ffffffff813c34fe RDX=ffff888017ebc880
RSI=ffffffff813c351b RDI=0000000000000000 RBP=ffff88806b03ec80 RSP=ffffc900008b0cb0
R8 =0000000000000000 R9 =0000000000000003 R10=0000000000000003 R11=0000000000000000
R12=0000000000000003 R13=0000000000000003 R14=ffff88806b13fb40 R15=ffffed100d607d90
RIP=ffffffff813c351c RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806b100000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c363c67 CR3=000000002fafa000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd375d28b0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3d2cfe4337
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3d2cfe4344
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3d2cfe433e
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3d2cfe4352
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3d2cfe43d8
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3d2cfe44b6
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000db2f8c RBX=0000000000000002 RCX=ffffffff8aeee249 RDX=ffffed100d646fe2
RSI=ffffffff8b909dc0 RDI=ffffffff816220cc RBP=ffffed1002fda000 RSP=ffffc90000197e08
R8 =0000000000000000 R9 =ffffed100d646fe1 R10=ffff88806b237f0b R11=0000000000000001
R12=0000000000000002 R13=ffff888017ed0000 R14=ffffffff8fe76458 R15=0000000000000000
RIP=ffffffff8aeef63f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806b200000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fac6bfc8440 CR3=000000003ac52000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe901a7c40 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc91bfe4337
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc91bfe4344
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc91bfe433e
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc91bfe4352
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc91bfe43d8
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc91bfe44b6
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000c4
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 00000000000000c4
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=00000000006a0e83 RBX=0000000000000003 RCX=ffffffff8aeee249 RDX=0000000000000000
RSI=ffffffff8b2cbac0 RDI=ffffffff8b909e40 RBP=ffffed1002fda488 RSP=ffffc900001a7e08
R8 =0000000000000001 R9 =ffffed100d666fe1 R10=ffff88806b337f0b R11=0000000000000000
R12=0000000000000003 R13=ffff888017ed2440 R14=ffffffff8fe76458 R15=0000000000000000
RIP=ffffffff8aeef63f RFL=00000242 [---Z---] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806b300000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f2754b06030 CR3=000000000d97c000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd7d5920d0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e4337
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e4344
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e433e
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e4352
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e43d8
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e44b6
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000050
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000