last executing test programs:

1m22.756156549s ago: executing program 0 (id=1949):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r4=>0x0)
io_submit(r4, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x4e}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x4, 0x6, r3, &(0x7f00000001c0)='m', 0x1, 0x1}])
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000083c0)={{0x2}})
ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)

1m21.785214631s ago: executing program 0 (id=1958):
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x1a, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x2000000)

1m21.727500096s ago: executing program 0 (id=1959):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x3, 0xfd, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000180)={0x0, 0xf1ff, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x34, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x7, 0xfff3}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40800}, 0x0)
r8 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x3080, 0x8003, 0x25f}, 0x0, &(0x7f0000000200)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, r9, &(0x7f0000000400)=@IORING_OP_ASYNC_CANCEL={0xe, 0x4})
io_uring_enter(r8, 0x6e2, 0x620, 0x1, 0x0, 0x0)
timer_create(0x0, 0x0, &(0x7f00000004c0))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
sendmsg$unix(r11, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="10000000010001000000", @ANYRES32=r10], 0x10}, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)

1m20.465845265s ago: executing program 0 (id=1961):
syz_open_procfs$namespace(0x0, &(0x7f0000000380)='ns/cgroup\x00') (async)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/user\x00')
flistxattr(r0, &(0x7f0000000080)=""/139, 0x8b) (async)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000140)={{{@in=@initdev, @in=@multicast2}}, {{@in6=@private1}, 0x0, @in6=@private1}}, &(0x7f0000000240)=0xe4) (async)
socket$netlink(0x10, 0x3, 0x8000000004) (async)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)=@newtaction={0x270, 0x30, 0x2, 0xfffffffe, 0x25dfdbfc, {}, [{0x25c, 0x1, [@m_ct={0xb8, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x77, 0x6, "4d911274dd0571c3e8fffc38995e46f56b8598f066634809000000000000001e538ab5291eacd82e6015c970d52502126ae7ec37737c25a0e3b2b27e270190d7f9cfa637ee894c20db16e520c3b2d0af9642c259241c120a6ae60000e839fa5ed0b593d74b0c00"/115}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_bpf={0x1a0, 0x20, 0x0, 0x0, {{0x8}, {0xc8, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x8000, 0xfff1, 0x4, 0xe8, 0xa94}}, @TCA_ACT_BPF_OPS={0x2c, 0x4, [{0x7f, 0xe, 0x6, 0x3c2c3f3e}, {0x3, 0x1a, 0x6}, {0x5, 0x3e, 0x9, 0xe}, {0x1, 0xfa, 0x3, 0x2}, {0x9, 0xff, 0x5a, 0x2}]}, @TCA_ACT_BPF_OPS={0x4c, 0x4, [{0x6, 0x4, 0x3, 0x8}, {0xffff, 0x7, 0x40, 0xa2}, {0x2, 0x3, 0xc, 0x100}, {0x8, 0x7, 0xfb, 0xa4}, {0x69, 0x9, 0x9, 0x3}, {0xfc01, 0x2, 0x52}, {0x5, 0x0, 0x0, 0x9}, {0x7, 0x0, 0x8, 0x7ff}, {0x6, 0x3, 0x44, 0x7}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x6, 0xd8, 0x7, 0x1000, 0x961}}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x3}, @TCA_ACT_BPF_FD={0x8, 0x5, r2}]}, {0xb1, 0x6, "32d54a8b093c3a32a082d08da433fc5679dba9e8ccb9d27bd228e76fb3f0902da4593f0649539d9af74ea1e7044225857da528e17350df0164a956c395f3ce099374d81d86fcaede0a7e19254eff8eb66f70f39195f03aec13352dbd48cd5fdd67bb874c309ab5fe073d2deb730ba50e70cb01e0319a3fffb4455741a702716fe47213a03d7db9b8eb78f940f91c8fe811d2be12698b5bd52d565f2d0d25bc82286a2040b44e8a1d09ef8571c1"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}, 0x270}, 0x1, 0x0, 0x0, 0x804}, 0x4040001) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
r3 = getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000fec000/0x14000)=nil, 0x14000, &(0x7f00000001c0)='-^\x00')
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0) (async)
recvmsg(r6, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x2062) (async)
socket$nl_route(0x10, 0x3, 0x0)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES32=r7, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES8=r3, @ANYRESOCT=r6, @ANYBLOB], 0x50) (async)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00f7ffffff1e00ff130012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0)

1m20.113445589s ago: executing program 0 (id=1963):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x200a})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f00000006c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x18, 0x18, &(0x7f00000005c0)={@flat=@binder={0x73622a85, 0x1, 0x1}, @flat=@binder={0x73622a85, 0x190b, 0x3}, @fd}, &(0x7f0000000140)={0x0, 0x18, 0x30}}, 0x40}], 0x0, 0x1000000000000, 0x0})

1m20.112834396s ago: executing program 0 (id=1964):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x100000, 0x4, &(0x7f00000004c0))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0)
unshare(0x400)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mount$fuse(0x0, 0x0, 0x0, 0x102090, &(0x7f0000000400)=ANY=[])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="40000000190001090000000020000000021800000002fd010000000008000100ac14140008000500640101000c001680080001000600000089a3a11190f0ced786e9778a52400600150004000000bcd828131285d6838757bfb483c61d79ce08c28deea874243c5edcae139da5fa7d8ff6a680bbbf6d30652a7cfaa367b8896fa995ffce74e2d8825beaf84eef2bc97530da0e6687c34014127192cfb7210fb3e85136c7d9e3e3728d44b22d00043fffaf2c82fc2d51da253542a42af1e3e89c02ff9ba3c5969937aad01161cae29a75e7a7684a983884324317f709f2b0a0576ef482776adda0d5b04da945a536eedf68ed1aa821d6f472e0"], 0x40}}, 0x0)
chdir(0x0)
open(&(0x7f00000000c0)='.\x00', 0x2e00, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfffffffd, 0x0, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
fadvise64(r2, 0x18, 0x0, 0x4)
symlinkat(&(0x7f0000000300)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000100)='./file0\x00')
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cuse(0xffffff9c, &(0x7f0000000280), 0x2, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)={0x1c, 0x1, 0x4, 0x401, 0x0, 0x0, {0x7, 0x0, 0x404}}, 0xfffffffffffffd86}, 0x1, 0x0, 0x0, 0x20000440}, 0x40040)
socket$nl_route(0x10, 0x3, 0x0)
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x9, 0x0, &(0x7f0000000180))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000440)=@abs, 0x6e)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)='exfat\x00', 0x8080, &(0x7f00000001c0)='discard')
msgctl$MSG_STAT(0x0, 0xb, 0x0)
msgget$private(0x0, 0x200)

1m17.145413138s ago: executing program 2 (id=1976):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000000)={0xfffff2d4, 0x200ffffe, 0x8, 0xffffffff, 0x0, "6d6b5ccb0000000000000000001700", 0x9})
readv(r0, &(0x7f0000003a00)=[{&(0x7f0000003840)=""/166, 0xa6}], 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000a40))
sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d4", 0x3, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x8, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
r4 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r4, 0x29, 0x41, &(0x7f0000000200)={'nat\x00', 0x2, [{}, {}]}, 0x44)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x7, 0x8, 0x0, 0x0, 0x3, 0x0, 0x8, 0x6}, {0xffff1000, 0x10000, 0xc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff}, {0x0, 0x8080000, 0xc, 0x0, 0x7, 0xc4, 0x0, 0x0, 0x8, 0x3, 0x0, 0xfc}, {0xeeef0000, 0x33331000, 0x18592cbc7c573fc6, 0x9, 0x1, 0x0, 0x9, 0x0, 0x8, 0x0, 0x4}, {0x80a0000, 0xeeee8000, 0xe, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x100000, 0x0, 0x0, 0x78, 0x5, 0x1, 0x2, 0x0, 0x0, 0xff, 0x1}, {0x0, 0xeeee0000, 0xa, 0x4, 0x0, 0x0, 0xa1, 0x1d, 0x0, 0x0, 0x8}, {0x2, 0x6000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x40, 0x6, 0x0, 0x0, 0x2}, {0x80a0000, 0x8cc}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x110, 0x0, 0xf801, 0x0, [0x80000001, 0x0, 0x1, 0x1]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3) (async)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000000)={0xfffff2d4, 0x200ffffe, 0x8, 0xffffffff, 0x0, "6d6b5ccb0000000000000000001700", 0x9}) (async)
readv(r0, &(0x7f0000003a00)=[{&(0x7f0000003840)=""/166, 0xa6}], 0x1) (async)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000a40)) (async)
sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d4", 0x3, 0x0, 0x0, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x8, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) (async)
socket$inet6(0xa, 0x2, 0x3a) (async)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r4, 0x29, 0x41, &(0x7f0000000200)={'nat\x00', 0x2, [{}, {}]}, 0x44) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x7, 0x8, 0x0, 0x0, 0x3, 0x0, 0x8, 0x6}, {0xffff1000, 0x10000, 0xc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff}, {0x0, 0x8080000, 0xc, 0x0, 0x7, 0xc4, 0x0, 0x0, 0x8, 0x3, 0x0, 0xfc}, {0xeeef0000, 0x33331000, 0x18592cbc7c573fc6, 0x9, 0x1, 0x0, 0x9, 0x0, 0x8, 0x0, 0x4}, {0x80a0000, 0xeeee8000, 0xe, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x100000, 0x0, 0x0, 0x78, 0x5, 0x1, 0x2, 0x0, 0x0, 0xff, 0x1}, {0x0, 0xeeee0000, 0xa, 0x4, 0x0, 0x0, 0xa1, 0x1d, 0x0, 0x0, 0x8}, {0x2, 0x6000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x40, 0x6, 0x0, 0x0, 0x2}, {0x80a0000, 0x8cc}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x110, 0x0, 0xf801, 0x0, [0x80000001, 0x0, 0x1, 0x1]}) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)

1m16.775377s ago: executing program 2 (id=1977):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x880}, 0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, 0x0, 0x44000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="39000000140081ae50003c00fbff008311001f9f660fcf0e5a05acb612f691f3bd3508abca1be6eeb89c44ebb37358582bb8b7d553b4e92155", 0x39}], 0x1}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff})
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000240)={'wpan0\x00'})
syz_genetlink_get_family_id$netlbl_calipso(0x0, r8)
sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000001e92eee3917d10ac097d1c6607eaba23bcb8f1f09cb46d80876b3db1cf0bc8121c0560b02dd39af2f35326dd457fac21fc1489ca7cc39c9173940689c8c9e9e2f58c64de904b005f8ec709261a2c3d6c8096846e05cd67d7633ee8ae61e9c2b8c5a5124a67fb0575b3f3b0367b49e8e44d197ea28b38734a7c0277bc83d812dd8d7585026db5d10d5db018db4b0600000000000000f12cbe31c173c8711e987be4ea839c4bab0579083023f6f1d00f70a01921cc8caa0c7535c32fa4c05c1ab2e4", @ANYRES16=r6, @ANYBLOB="0100ffffffff0000000001000000100007800c00018008000100", @ANYRES32=r7, @ANYBLOB="08000100000000000c000200fb7f000000000000"], 0x38}}, 0x20000000)
ioctl$EXT4_IOC_SWAP_BOOT(r7, 0x6611)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x40000}, 0x1c)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000180)="af4fd73a", 0xffffffffffffff19, 0x840, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x12, &(0x7f0000000340)=0x20000000, 0x4)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x408a}], 0x1, &(0x7f0000000100), 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, r4, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040090}, 0xc0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r5)

1m16.705958758s ago: executing program 2 (id=1978):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r2 = syz_usbip_server_init(0x2)
write$usbip_server(r2, &(0x7f000000c300)=ANY=[], 0x3f36)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=@ipv6_getaddr={0x58, 0x16, 0x200, 0x70bd2b, 0x25dfdbff, {0xa, 0x40, 0x60}, [@IFA_TARGET_NETNSID={0x8, 0xa, 0x2}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x4}, @IFA_CACHEINFO={0x14, 0x6, {0x1, 0x31, 0x7, 0xb}}, @IFA_CACHEINFO={0x14, 0x6, {0x8, 0x4, 0x7, 0x9}}, @IFA_RT_PRIORITY={0x8, 0x9, 0xe18}]}, 0x58}}, 0x0)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x9, 0x0, 0x1, 0x3bf889cc, '\x00', 0x0, r4, 0x2, 0x2, 0x5}, 0x50)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000f7c000/0x3000)=nil, 0x3000, 0x14)
r5 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r7, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffe}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd26, 0x0, {0x60, 0x0, 0x0, r7, {}, {0xffe0, 0xa}, {0x1, 0x53e7e5a6a3739329}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x7ff, 0x80, 0x3, 0xb5}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x80015}, 0x4000)
setsockopt$MRT6_DEL_MIF(r5, 0x29, 0xcb, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0xe, 0x0, 0x6}, 0xc)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000280)={0x18, 0x0, &(0x7f0000000240)=[@clear_death, @increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)

1m15.165526133s ago: executing program 2 (id=1983):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8000000, 0x3, 0x2f8, 0x110, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x228, 0xffffffff, 0xffffffff, 0x228, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @private1, [0xff000000, 0xffffff00, 0x6dc8f3d6512d1aed, 0xffffffff], [0xff, 0xff000000, 0xff000000], 'bond_slave_0\x00', 'batadv0\x00', {}, {}, 0x2f, 0x2, 0x3, 0xe}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x17}, @mcast1, [], [], 'veth1\x00', 'wlan1\x00'}, 0x0, 0xa8, 0x118}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x7fffffff, 0x9, 0xb3, 0x1, 0x0, "86d6b549c4bf723e1f33da7c11e5cee0b1adedc05fbfc6af15c3f8b75adf8819ec9d8cd0614114f5f1d3b7ba1d33f3750c2e3b8acf37107767e107dac4688212"}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x358)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000140000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0)=r2, 0x4)
sendmsg$unix(r4, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/185)
r5 = socket$kcm(0x2, 0x2, 0x73)
lstat(&(0x7f0000000700)='./cgroup\x00', &(0x7f00000009c0))
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000b80)={{{@in=@loopback, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@empty}, 0x0, @in6=@private2}}, &(0x7f0000000a40)=0xe4)
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000e00)={{{@in=@multicast2, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in6=@remote}, 0x0, @in6=@initdev}}, &(0x7f0000000d80)=0xe4)
ioctl$NS_GET_OWNER_UID(r1, 0xb704, &(0x7f0000000dc0))
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x202)
setresuid(r6, r7, 0x0)
syz_usb_connect$cdc_ecm(0x4, 0x89, &(0x7f00000007c0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x77, 0x1, 0x1, 0xf4, 0x10, 0xc, [{{0x9, 0x4, 0x0, 0xf8, 0x2, 0x2, 0x6, 0x0, 0x7f, {{0x5}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x3}, [@mdlm={0x15, 0x24, 0x12, 0x80}, @network_terminal={0x7, 0x24, 0xa, 0xff, 0x2, 0x1, 0x81}, @obex={0x5, 0x24, 0x15, 0x8000}, @ncm={0x6, 0x24, 0x1a, 0x2, 0x31}, @mbim={0xc, 0x24, 0x1b, 0x2, 0x0, 0x0, 0x81, 0x4, 0x8}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0x2, 0x0, 0x6}}], {{0x9, 0x5, 0x82, 0x2, 0x400, 0x8, 0x5, 0xf8}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x0, 0x1, 0x3}}}}}]}}]}}, &(0x7f0000000680)={0xa, &(0x7f0000000640)={0xa, 0x6, 0x10, 0xaf, 0x10, 0x10, 0x40, 0x8}, 0x111, &(0x7f0000000880)={0x5, 0xf, 0x111, 0x6, [@ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0xc, 0xa, 0x5, 0x80, 0x8, 0x6}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xd, 0xe, 0x1, 0x7}, @ptm_cap={0x3}, @generic={0xea, 0x10, 0x0, "95b9fdc1ed0c61752d51e4842103f3b8d9e1dde39e89d0c1adcd01f543542d70b27ffc734982f97b14441e8d54466bb5eefc31aa0761272553a56ccc422378dc1a3b6a0a7fe5918ea62c8fc87100a94585b60bafc608c7127174cebf0c33a516052a9fd636c4c56ec3c380abf95f13685fd1875286a14d128c05aa557ef0e73ad315e416887bf91fd0356a50e347d33c7875b4fcf36b73c4100659df76cb892f7e11d12231a599222dc2aad328018157a4cba13699c56ff191f92f16c1fe7b3219bcca96c71552cf8d3c3e768e79bf2f40202aa866b120391812e581c72c0bfb0420bafb06d5e8"}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x8, 0x3, 0x8000}]}, 0x1, [{0xc4, &(0x7f0000000a80)=@string={0xc4, 0x3, "a1db0f35af61251f4e98465509f17374d11fa62d55fbfa64e2d60167495ea25b13f8203856203f5efc726ed03ebcc15330d4f4ab034e7292212dad63ca93939756d7d51a5d37cc0a295dc675da78ce5c5d2c6b373d2c035c78736f927000000000000000063142c73c2fe916179c9207c7ec18d7ed3d6b49b28c574fbfe44881a958f252d9881680e5b0e145b28915ab076bd1c392f4ead367019b600d71b9645b1efa7a9e5f47628e00a6f72f146fb11315c29aea4ec1c94ffa9ba0a4ead0dde266"}}]})
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r10=>0x0})
r11 = gettid()
tkill(r11, 0xb)
syz_clone3(&(0x7f00000005c0)={0x48000000, &(0x7f0000000340), &(0x7f0000000380), &(0x7f0000000440), {0x3}, &(0x7f0000000480)=""/172, 0xac, &(0x7f0000000540)=""/17, &(0x7f0000000580)=[r11], 0x1, {r5}}, 0x58)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x28, r8, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}]}, 0x28}}, 0x0)
r12 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$get_persistent(0x16, 0x0, r12)
bind$inet(r5, &(0x7f00000000c0)={0x2, 0xfffe, @local}, 0x5b)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='minix\x00', 0x208000, 0x0)

1m13.222722391s ago: executing program 2 (id=1993):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x32c180)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.current\x00', 0x275a, 0x0)
write$binfmt_misc(r5, &(0x7f0000000040), 0xe09)
r6 = syz_open_dev$loop(&(0x7f0000000140), 0x9, 0x40000)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0xfe, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd00000080190000000000000800", [0x0, 0x2000000000001]}})
write$P9_RLERROR(r5, &(0x7f0000000040)={0xa, 0x7, 0x1, {0x1, '-'}}, 0xa)
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$kcm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a00100000000280", 0x2a}, {&(0x7f0000000400)="6a6f8e5e", 0x4}], 0x2}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

1m12.343980035s ago: executing program 2 (id=1999):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_HANDLE(r2, 0x113, 0x3, 0x0, 0x0)
getsockopt$PNPIPE_HANDLE(r2, 0x113, 0x3, &(0x7f0000000440), &(0x7f0000000480)=0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4, 0x0, 0xffffffffffffffff}, 0x18)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000440)='ext4_sync_fs\x00', r5, 0x0, 0xc}, 0x18)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000000)='ext4_sync_fs\x00', r6}, 0x18)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000", @ANYRES16=r1, @ANYBLOB="010024bd7000fcdbdf250100000000000000014100000018001700000011000000076574683a6772653000000000"], 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x800)

1m5.048832146s ago: executing program 32 (id=1964):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x100000, 0x4, &(0x7f00000004c0))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0)
unshare(0x400)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mount$fuse(0x0, 0x0, 0x0, 0x102090, &(0x7f0000000400)=ANY=[])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="40000000190001090000000020000000021800000002fd010000000008000100ac14140008000500640101000c001680080001000600000089a3a11190f0ced786e9778a52400600150004000000bcd828131285d6838757bfb483c61d79ce08c28deea874243c5edcae139da5fa7d8ff6a680bbbf6d30652a7cfaa367b8896fa995ffce74e2d8825beaf84eef2bc97530da0e6687c34014127192cfb7210fb3e85136c7d9e3e3728d44b22d00043fffaf2c82fc2d51da253542a42af1e3e89c02ff9ba3c5969937aad01161cae29a75e7a7684a983884324317f709f2b0a0576ef482776adda0d5b04da945a536eedf68ed1aa821d6f472e0"], 0x40}}, 0x0)
chdir(0x0)
open(&(0x7f00000000c0)='.\x00', 0x2e00, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfffffffd, 0x0, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
fadvise64(r2, 0x18, 0x0, 0x4)
symlinkat(&(0x7f0000000300)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000100)='./file0\x00')
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cuse(0xffffff9c, &(0x7f0000000280), 0x2, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)={0x1c, 0x1, 0x4, 0x401, 0x0, 0x0, {0x7, 0x0, 0x404}}, 0xfffffffffffffd86}, 0x1, 0x0, 0x0, 0x20000440}, 0x40040)
socket$nl_route(0x10, 0x3, 0x0)
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x9, 0x0, &(0x7f0000000180))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000440)=@abs, 0x6e)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)='exfat\x00', 0x8080, &(0x7f00000001c0)='discard')
msgctl$MSG_STAT(0x0, 0xb, 0x0)
msgget$private(0x0, 0x200)

57.293389786s ago: executing program 33 (id=1999):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_HANDLE(r2, 0x113, 0x3, 0x0, 0x0)
getsockopt$PNPIPE_HANDLE(r2, 0x113, 0x3, &(0x7f0000000440), &(0x7f0000000480)=0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4, 0x0, 0xffffffffffffffff}, 0x18)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000440)='ext4_sync_fs\x00', r5, 0x0, 0xc}, 0x18)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000000)='ext4_sync_fs\x00', r6}, 0x18)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000", @ANYRES16=r1, @ANYBLOB="010024bd7000fcdbdf250100000000000000014100000018001700000011000000076574683a6772653000000000"], 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x800)

4.730880124s ago: executing program 1 (id=2337):
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, 0x0)
r0 = socket$inet(0x2, 0x1, 0x100)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shutdown(r0, 0x1)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x401, 0x4000, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve0\x00'}]}]}]}, @NFT_MSG_DELFLOWTABLE={0x48, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'virt_wifi0\x00'}]}]}]}], {0x14, 0x10}}, 0xe8}}, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x55fdb4595c3d8036)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

3.321114764s ago: executing program 5 (id=2341):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="b800000010000104000000000300000000000000", @ANYRES32=0x0, @ANYBLOB="fab0817dbcb5f31a84001280110001006264696467655f736c617665000000006c00058005001900030000000500490000000000080025000000000306001f00d5000000050007000000000005000a0000000000050008000000000105000a00000000000500060001000000060002000100000005001e000000000006001f00060000000500010000000000140003006272696467655f736c6176655f30"], 0xb8}, 0x1, 0x0, 0x0, 0x20044010}, 0x40042)

3.316607302s ago: executing program 1 (id=2342):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r0, 0x2285, 0x0)
writev(r0, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484ea0000009f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067afc89fff2a41cfbf0e9d85e", 0x2a}], 0x2)

3.199701565s ago: executing program 1 (id=2343):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x20, 0x2e, 0x1, 0xf0bd26, 0x25dfdbfc, {0x4}, [@typed={0xc, 0xc, 0x0, 0x0, @u64=0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x4c0d9}, 0x20000028)

3.199026228s ago: executing program 5 (id=2344):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000141200006c07010033d43afffe80000000ff8d000000000000000010ff02000000000000000000000000000189"], 0x340a)

3.153289018s ago: executing program 1 (id=2347):
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f00000000c0)=0xa0000)
io_setup(0x8, &(0x7f0000004200)=<r0=>0x0)
io_submit(r0, 0x1, &(0x7f0000000540)=[0x0])
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000005c0))
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x2)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$zero(0xffffff9c, &(0x7f0000000040), 0x20400, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x16, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000fcffffff1801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000100000085000000060000009500000000000000d58b8b42df4e4ca6c8da65fd"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x300, 0x10, 0x38, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x60ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

3.067609686s ago: executing program 5 (id=2348):
r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x1, 0x8402) (async, rerun: 32)
r1 = epoll_create1(0x0) (rerun: 32)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x2004}) (async, rerun: 32)
ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) (async, rerun: 32)
r2 = socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000100)={'syztnl0\x00', <r3=>0x0, 0x2f, 0x7f, 0x90, 0x1194, 0x10, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x7800, 0x2eb3, 0x7}})
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@bridge_newvlan={0x30, 0x70, 0x400, 0x70bd29, 0x25dfdbfb, {0x7, 0x0, 0x0, r3}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x4c}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x2c, 0x3}}}]}, 0x30}, 0x1, 0xd, 0x0, 0x480c5}, 0x1)

3.06701661s ago: executing program 5 (id=2349):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$hid(0x0, 0x3f, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r0 = socket(0x1, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r1], 0x50}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00030000180002800c0002000e0000000a000000060001000001000008000500", @ANYRES32=r5], 0x50}}, 0x2)

2.789265559s ago: executing program 3 (id=2350):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x4, 0x79, 0x11, 0xb8}, [@ldst={0x4}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x9, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000500), r0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000540)=[@in6={0xa, 0x4e24, 0x3ff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4}, @in6={0xa, 0x4e24, 0xfa5, @private0, 0x1}, @in={0x2, 0x4e21, @multicast1}, @in6={0xa, 0x4e23, 0x5d, @remote, 0x7}, @in={0x2, 0x4e21, @rand_addr=0x64010102}, @in6={0xa, 0x4e20, 0x7f, @mcast1, 0x4}, @in6={0xa, 0x4e20, 0x5408b586, @loopback, 0x6}, @in6={0xa, 0x4e22, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}, 0xb}], 0xc8) (async, rerun: 32)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r3=>0x0}) (rerun: 32)
sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x3c, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x48801}, 0x0) (async)
pipe(&(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f00000000c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
tee(r4, r7, 0x3, 0x5)
read$FUSE(r6, &(0x7f0000000e40)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f00000006c0)={0x50, 0x0, r8, {0x7, 0x29, 0x9, 0x22911c0, 0x1, 0xc36, 0x4, 0xffffbe9e, 0x0, 0x0, 0x2, 0xe}}, 0x50) (async)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'syztnl1\x00', &(0x7f00000001c0)={'syztnl2\x00', <r9=>0x0, 0x20, 0x8000, 0x1, 0xe, {{0x27, 0x4, 0x0, 0xa, 0x9c, 0x66, 0x0, 0x8d, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x34}, @private=0xa010102, {[@timestamp={0x44, 0x10, 0x59, 0x0, 0x9, [0x80, 0xba7a, 0xb9]}, @generic={0x82, 0xa, "002e6fdc4aa0b710"}, @timestamp={0x44, 0x28, 0xf1, 0x0, 0x0, [0x2, 0x8, 0x1, 0x9, 0x1, 0xc4, 0x2, 0x3ff, 0x9]}, @lsrr={0x83, 0x1b, 0x18, [@loopback, @multicast2, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @multicast2]}, @rr={0x7, 0x23, 0xb4, [@dev={0xac, 0x14, 0x14, 0xd}, @empty, @private=0xa010101, @rand_addr=0x64010102, @multicast1, @empty, @private=0xa010101, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @ra={0x94, 0x4}, @end]}}}}}) (async)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r10, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r11=>0x0}) (async, rerun: 32)
r12 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r10) (async, rerun: 32)
r13 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r14 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r14) (async)
syz_usb_disconnect(0xffffffffffffffff)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) (async)
r15 = syz_open_procfs(r13, &(0x7f0000000240)='oom_score\x00')
readv(r15, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/85, 0x55}], 0x1) (async)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x1c, r12, 0x48212b8952c3aff5, 0x70bd24, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r11}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200000d0}, 0x0) (async)
sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000440)={&(0x7f00000002c0)={0x168, r1, 0x1, 0x1, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}, @ETHTOOL_A_RINGS_RX={0x8, 0x6, 0xff}, @ETHTOOL_A_RINGS_RX={0x8, 0x6, 0x6d450169}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x8, 0x9c2}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x4b17c8d8}, @ETHTOOL_A_RINGS_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}]}, @ETHTOOL_A_RINGS_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @ETHTOOL_A_RINGS_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}]}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x26d}]}, 0x168}, 0x1, 0x0, 0x0, 0x84}, 0x4000090)

2.269441434s ago: executing program 3 (id=2351):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={{0x14, 0x10, 0x1, 0x0, 0x12000000}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1b2fd2c5}]}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0xb0}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)

2.269177011s ago: executing program 4 (id=2352):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000f82818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000480)='percpu_alloc_percpu\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=@newtaction={0x68, 0x30, 0xb, 0x0, 0x0, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8}, @TCA_SKBEDIT_PARMS={0x18}]}, {0x4}, {0xc, 0xa, {0x2000000}}, {0xc, 0x9, {0x60}}}}]}]}, 0x68}}, 0x0)

2.264367292s ago: executing program 3 (id=2353):
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@bloom_filter={0x1e, 0x2, 0x6, 0x1, 0x5c4c, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x3, 0x4}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x8, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r3, 0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x0, &(0x7f0000000140)})
munlock(&(0x7f00002de000/0x8000)=nil, 0x8000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000c80)=@newtaction={0x228, 0x30, 0x1, 0x0, 0x0, {}, [{0x214, 0x1, [@m_mirred={0x184, 0x18, 0x0, 0x0, {{0xb}, {0x84, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x5, 0x9, 0x5, 0x1ff, 0x7}, 0x3}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x800, 0x8, 0x7, 0xfffff589}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xf, 0x4, 0x5, 0x6, 0x7fffffff}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x10000, 0x7fffffff, 0x8, 0x8, 0x2}}}]}, {0xd7, 0x6, "7ab28b5ee9295f3f2564addb70ed5fa4be6516ee05536720195158bfe47d8a50ee54ebe2d1dc7823de39ec2cc6b30d29bd5558254318b692c668ff39f888cbd9fea64eb4f4b0294e31e5fa6695a1ba354044c429582322f6c50850f340c3e42d550a12ed9002fe54681df76e1044017be658ef0f693450460dbba8eb1152f576e78ecabd9730b4885db7b37ec3a65ef26cdd911ea2e7f270d63b00c971a6b46fe2b7cd118658e21e99ee930afd9134ed8286d293b221b4a442fb4acd914baeb5ed9f0767aae7dc7399b6a8d9eff6e6de518cd3"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_sample={0x8c, 0x8, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x400}]}, {0x58, 0x6, "1f3969a94f5c201919163f3fcd06ad890592e8cf06c75f9f16609c6f7824d1d31e5b9f29b8ab27a3dbcbd2aae7d04f0729dcb33e48a07b49323a3d2e9c0cc9fa48f77eabfa7e9763d0a2d6a49b606bc067aa02fe"}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x228}, 0x1, 0x0, 0x0, 0x814}, 0x0)
prlimit64(0x0, 0x9, &(0x7f0000000340)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee0, 0x8031, 0xffffffffffffffff, 0xaff8c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000700)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x30, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x58}, 0x1, 0x0, 0x0, 0x24000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(r7, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)

2.19836395s ago: executing program 4 (id=2354):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
syz_emit_ethernet(0x2a, &(0x7f0000000180)=ANY=[@ANYBLOB="e625e5e1479260f9ffff44f308060401080006040001aaaaaaaaaaaae0000002bbbb0800000000"], 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000080)=0x80000003)
socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0xffe, 0x3, 0x1000, 0x3a, 0x0, 0x0, 0x7}, 0x75)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
r2 = dup2(r1, r1)
read$FUSE(r2, &(0x7f00000063c0)={0x2020}, 0x2020)
syz_usb_connect(0x1, 0x2d, 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
openat$tun(0xffffff9c, &(0x7f0000000380), 0x800, 0x0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth0_to_bond\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000010c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x3}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}}, 0x4000)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_INPUT(r5, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006)

2.054706726s ago: executing program 1 (id=2355):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x7d4165c9)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r3, 0x7d4165c9)
listen(r2, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000780)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xc}}, 0x0, 0x0, 0x20, 0x0, "9c0fe2154aa786d10084ecfbe8e86f7d312fcc8fde38d5823d22fbbb55a7837e5f2329f4d662f2185f18fae43e09d661d12a01669d6eef2e4733c2c29a3c3d16ef45c7c1c8ecfcc76b47d9ab9a573f11"}, 0xd8)
listen(r5, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000680)={@in6={{0xa, 0x4e21, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x81}}, 0x0, 0x0, 0x40, 0x0, "2b20a1a47cddc63b223be606d7303a4d4d11e10450d766feb63b382d54bab577021cad5de4fe7630a33b6deca160b1267ff02123bc27830000000000ffff40000000000000b5b29049cb65f00300"}, 0xd8)
r6 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r6, &(0x7f0000000540)=[{&(0x7f0000000180)="580000001400192340834b80040d8c560a066f0200ff000000000000000158000b4824ca945f64009400ff0325010ebc000000000000008000f0effeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)

1.930762017s ago: executing program 1 (id=2356):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1a, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='sched_switch\x00', r3, 0x0, 0x4}, 0x18)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='cramfs\x00', 0x2a00000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000012c0), 0x0, 0x0)
r5 = open(0x0, 0x60840, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
truncate(0x0, 0x0)
fcntl$setlease(r5, 0x400, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x2)
readv(r4, &(0x7f0000000000)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
close(r6)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000000)=ANY=[], 0xec}, 0x1, 0x0, 0x0, 0x4084}, 0x24000010)
write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc)
splice(r1, 0x0, r6, 0x0, 0x4ffe6, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000011c0)={0x54, 0x0, 0x8, 0x401, 0x0, 0x0, {0x5, 0x0, 0x9}, [@CTA_TIMEOUT_DATA={0x24, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x101}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x6}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x10}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x24000014)

1.575559837s ago: executing program 5 (id=2357):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000d00)={[&(0x7f0000000840)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01'], 0xf5000000})

1.375004377s ago: executing program 5 (id=2358):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd25, 0xfffffffc, {0x6}}, 0x5a}, 0x1, 0x0, 0xfffffff0, 0x448d3}, 0x0)
madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xc)
ioctl$KIOCSOUND(r0, 0x4b2f, 0x2)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000100)={0xa, 0x73, 0x5, 0x1000000, 0xb, "88bd91aa28528000000000007500000400"})
write$UHID_INPUT(r0, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b5b09094bf70e0dd038e7ff7fc6e5539b324c078b089b3438076d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b32310d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e01000000138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12d3099dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f6dc7bcbf2a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509301815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827466cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d951061ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153bdf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033095563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db87195358bfee2916580dacae008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2df086dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36ffffffff00000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817b97c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000f4ff000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffffffff, 0x0, &(0x7f0000000040))
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(0x0, r4)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x48881}, 0x810)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0xff32, &(0x7f0000000380))
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x189900, 0x0)

854.82227ms ago: executing program 3 (id=2360):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x5, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0x6}, {0x8, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x300, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x7fffc, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0x9, 0x6}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000c0a9}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
gettid()
truncate(&(0x7f0000000000)='./file0\x00', 0x96f)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2f, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x1}, 0x80}}]}, {0xfffffffffffffee1}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r8 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r8, 0x1, &(0x7f0000000280)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r8, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

506.519328ms ago: executing program 3 (id=2361):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000800)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x9, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local, {[@cipso={0x86, 0x10, 0x3, [{0x5, 0xa, "f0d416b3e886f863"}]}]}}, {{0x0, 0xfffe, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x0, 0x4, 0x0, 0x1c, {[@timestamp={0x5, 0xa, 0x7000000}]}}}}}}, 0x52)

496.951607ms ago: executing program 4 (id=2362):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r1, 0x0, 0x0)
listen(r1, 0x50)
listen(r0, 0x5)
syz_emit_ethernet(0x4f, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6c2d01000019840100000000000000000002000019010102fe8000000000000000000000000000aaa5ba94e385673ccfd3fe184ab0643975bcc85fbf438632261b"], 0x0)

400.191668ms ago: executing program 4 (id=2363):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000003c40)=@newtaction={0xac, 0x30, 0x216822a75a8bdd29, 0x0, 0x80000000, {}, [{0x98, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0xffe4, 0xffffffffffffffff}}]}, {0x4}, {0xc}, {0xc}}}, @m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x20000001}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xac}}, 0x0)

399.893628ms ago: executing program 4 (id=2364):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001d40)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, "000064640000001503fe00", '\x00', "0f00", "64bdac32", ["e86621d98c668c391f6bc506", "3549ffffff000a00", "2fc7977386afe0374831c1f9", "cf6cce2296b3f853e224c4e0"]})
ioctl$CEC_TRANSMIT(r3, 0xc0386105, &(0x7f0000000480)={0x5, 0xfffffffffffffffe, 0x7, 0x0, 0x5, 0x5, "0ff8001800000000c5c6ff0717c3a86d", 0x0, 0x2, 0x0, 0x6, 0x0, 0x4, 0xff})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xa, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9, 0x0, 0x0, 0x3}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x6, 0x0}, {0x18, 0x9, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x6, 0x1, 0x5, 0x2}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0xd, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

280.304736ms ago: executing program 3 (id=2365):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x3, 0xfd, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000180)={0x0, 0xf1ff, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x34, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x7, 0xfff3}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40800}, 0x0)
r8 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x3080, 0x8003, 0x25f}, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_ASYNC_CANCEL={0xe, 0x4})
io_uring_enter(r8, 0x6e2, 0x620, 0x1, 0x0, 0x0)
timer_create(0x0, 0x0, &(0x7f00000004c0))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmsg$unix(r10, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="10000000010001000000", @ANYRES32=r9], 0x10}, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)

0s ago: executing program 4 (id=2366):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x141440, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0x10, 0x3, 0x0)
r3 = syz_usb_connect(0x6, 0xb0e, &(0x7f0000000540)={{0x12, 0x1, 0x250, 0x6d, 0xaa, 0x28, 0x40, 0x12d1, 0xb4d5, 0x166c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xafc, 0x2, 0xb, 0x6, 0x50, 0x3, [{{0x9, 0x4, 0x31, 0x40, 0xa, 0xff, 0x3, 0x36, 0x7f, [@uac_control={{0xa, 0x24, 0x1, 0xfffb, 0x5}, [@mixer_unit={0xa, 0x24, 0x4, 0x2, 0x1, "74a8cf055d"}, @feature_unit={0xd, 0x24, 0x6, 0x4, 0x1, 0x3, [0x9, 0x77648638d89c0dcc, 0x4], 0x3}, @selector_unit={0xb, 0x24, 0x5, 0x6, 0xfe, "9b4d63393b29"}]}], [{{0x9, 0x5, 0xc, 0xa, 0x20, 0x80, 0x5, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x0, 0x3}]}}, {{0x9, 0x5, 0x8, 0x4, 0x3ff, 0xff, 0x3, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x2, 0xd}]}}, {{0x9, 0x5, 0x86, 0x10, 0x40, 0x0, 0x6, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x2, 0x100}, @uac_iso={0x7, 0x25, 0x1, 0x43, 0x4, 0x4645}]}}, {{0x9, 0x5, 0x0, 0x0, 0x10, 0x1, 0x2c, 0x7f, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xd, 0x3}]}}, {{0x9, 0x5, 0xf760948a7cc4f363, 0x10, 0x10, 0x80, 0xfd, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x7f, 0x6}, @generic={0xc9, 0x9, "f010f24b2de15f246c74f4f360c0f146a5b53fd8322c4b8dc220bd6bf059cb64ad1390208c089d5da3e9075b694b67bf9bc4eafa3f751f65db3787e2819646edf92e0fd3f97e2bdf6dc6fa55c862726959c433244b35bbc0f3ca8cd080b0d93db8cae9e360ca3095bf10fd8068b5ce4c5866a4f065e89bcf6bc8a02f9075517834d0eecf9c235226f3fa3ef97a1a7e423e4f59de085111becb9edd35dd1dd1977e1f4959d07f8fbb731e6f8ca0d265ec74ed5d5c4e4df5b5b5f6705116e0001117c47fb1e1dbd3"}]}}, {{0x9, 0x5, 0x4, 0x2, 0x3ff, 0x26, 0x6, 0x5, [@generic={0x9f, 0x7, "2c3d7d3e317da3687e1f801510f3cfcc22e47a2957aed9483a7f92655d9c80b54bf3b5609c28e23b6091857f4466192c602bcd0518ad62672a07b1b561c113ab51fcfe894460d94adf58a4eac1dc25312a65160e1faaebd2f30c56f40563b84d64af7843ce65b652422fc40c270d6c8d6d7ff1f48b96a75c39b080b9c932b3420f97325cfdf89a17a00c4c570df3ab4fa2576eabf8c51f4075bb24173c"}, @generic={0xfd, 0x5, "f8511cd949f7ee26020e1e8165e071af6e8b34fa428b0805726bc14811b861501b444364dec58ef959932cdeca6a58f7b5b266294925fcaaf63fd093cd89972dc1a039ac6c0b1419c987e2949123a37fa0ef197bbde0548c004743030b8c7fa8afc9ca2b6f4f476fdabca08287a208fcfd40e6e2b8b0dd0a78decd478bd848624648a57d1cf26c9ae8c2ed0c91ac913b7d31f139a1750a620cf04d8611414b26d426e2cc8cb7ecf9bc9b02cf40edfbd5876a50faef0c29b16a9cf8d45d0975654c6170c3ff840efe52ea4f369dbf6953c0b0e434a25331801b00cd4e5ec697a9ca6eda88853e42d9869ea49cdbfcdf708e1827203d6aef40144f14"}]}}, {{0x9, 0x5, 0xe, 0x11, 0x20, 0x5, 0xf5, 0x7, [@generic={0xde, 0x22, "ec72224e712c3afea50e9574859ff6dafbe2ac17c3bf9ca6174ec41990c54a25cf46e446be681c903c5dfe93ff0e57c202fd13d362f2d97ff76b8d7cabf26a352560d5a30a9ff109994abb2bc266de665c72e87417f55a598f33d76d66d47bc9f5ae489df00de1f729815072932e001f9053b2698374846263a53fb625120b9aeabb4b568e6acef229833c2fbdc41024c7404c7e1f7979f0e96f7b041d1d8037bfdd4f8761233e949bf05665e2ab7f073642ebfe5c9136fc1075b9229797994860f91c64de450b3299e13a3a9f04ec32f0a09a64413f49d8f880c427"}]}}, {{0x9, 0x5, 0xd, 0x4, 0x40, 0xc, 0x9, 0x6, [@generic={0xdf, 0x23, "5672e75ad1dd3fcb86e96eccb287d45283a47f4c69c7519fb15aec81784a457d5350570f88dedc1cd273dc558eef254d7ca6dbc8b6b9386a8655ecba011d764468de8483d07d0e7939f696811e5e2c7e371837f426e4356e780f4a241cf90b4427dd406bcca7c083d859d4185c134b5dc337e0cbb1ad1ba3968d648b5cb6e3b4217755e924639dde20859343255a4e9ef648cbfe3e33981e99d2839e9881b0a74fe3557b1db95fd2a220580e96fb4d7f4ab597e9a76ce412b7e3c3ffca6e6c14c8ee7d39d9c32735b1ebc384a488e7ce713a678ab26cedff269926335c"}]}}, {{0x9, 0x5, 0x0, 0x0, 0x3ff, 0x8, 0x4, 0xa, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xca}]}}, {{0x9, 0x5, 0x8, 0x3, 0x3ff, 0xa, 0x3, 0x4, [@generic={0x17, 0x1, "96c75fe0866b59c7f2483e92b1f4742b1a6f9b97bc"}]}}]}}, {{0x9, 0x4, 0x3, 0x1, 0xa, 0xf9, 0x76, 0x50, 0x5, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x1, 0x3, 0x8}, {0x6, 0x24, 0x1a, 0x2, 0x8}, [@obex={0x5, 0x24, 0x15, 0x80}, @mbim_extended={0x8, 0x24, 0x1c, 0x9bc, 0xf8, 0xc0d}, @acm={0x4, 0x24, 0x2, 0xa}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x80}, @mdlm_detail={0xd0, 0x24, 0x13, 0x3, "2c8a5ff0fcc7e8a6a5cb9e9565622a76f100e9fec0c63171f2bd3c26cd756810d6903e73a31ac8c8d159a595713b5557eb4480662f4eafae0eb3b894094eeca90b59cd273c695ee549bc17b0bdcf18d2c70780859933e077e53b257e35d1d465282ab4d3e81987fa4e9d57d999028b6430348541cc0a92c0c338b27b6f3604471693db41da919ea20c23a7fcaa9f3b1ad8332cb3f6816e7ebeda3c917f327e002cc48a1d4a691f92e998a52eda619d0928f0e7b3cd421fd2f32b7fc43b9ef06e0c346073493d494e28dee48f"}]}], [{{0x9, 0x5, 0x0, 0x0, 0x8, 0x7f, 0x4, 0x2, [@generic={0xc4, 0x24, "e4dad8b6c7aa8e784f26b545f124e9b1e3884305ffcf2ec6f296fa21ec7e28e240d5bdb333a7b35752e7422cf3c7b5d3a7e49e1f371c1b96565b1a475208ab3530dfdd69ebe5c70605f1c32e44bff3ef6df428b512a32bcbc8128a3729a6fb3f06a74c72f200488cb5a02968a092179d3574944d87b11951a8635b302095580ab0128245228012adba8b56ff3229bfc0cf2387715aa0cc896ed28662fb24dddd7ff2f6185eb71c2521ef20af9bbbc393278a749511d474a72d9a54434dc30f6c9eb3"}]}}, {{0x9, 0x5, 0x80, 0x4, 0x10, 0x1, 0x7f, 0x8, [@generic={0xf9, 0x11, "1c774185f65062e725208b76371c2a2f07f21a218831c0e785519a58d707df0c1a484cd1766b31b02e78793c510ebc9dd96ab931860d04a8d97535449fcf353ab2a54213d6178b632367ffbd29ef9a9a3d60e456803b99f260c566141164de39b16485e3838f5990af8e50033d50b84ed2d49df3d9a970ee4b16b7780cee004210a63547afd3859ff7a3135b98a5142b4b068c921784188733355b7ff9a3d78dcf30d098316be94923b59c0deb526b5250fd92548a1403413652d62108ae7f4103dcd44fa52f36aba72e5f774301d83cd2acefc76e82cb13ac23a87688b9afcdaccf2617b2eb3a20719ca0c862c14e0e02ea6f0b04be19"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x7, 0x7}]}}, {{0x9, 0x5, 0x0, 0x0, 0x5ef, 0x4, 0x58, 0x9, [@generic={0x2, 0x31}]}}, {{0x9, 0x5, 0xb, 0x1, 0x400, 0x1, 0x2, 0x8, [@generic={0x3d, 0x24, "1c8ed6f2ba47af2e733b0eccf3568184b28dbb2aaf5645648702d37333696656fb91b69fde0317c6c1dc8b8cf932511587a7d3e1973c3292b37092"}]}}, {{0x9, 0x5, 0x15, 0xc, 0x20, 0x3, 0x0, 0x4b, [@generic={0xee, 0x10, "167e4151487981f769ec64794cd47692cc3a057b4ae435def71a205fbfcfb779653a4d82df0bb740a8faab598fda621329dcefbc70bd9b4ca3b6bf20da0f7cda65011c99cbc58e3c6a2c43024098f81be654844b827c7fa4d62ecd8ab57cc523081c63d24034f60e03312d756e9d2491bc04d3e8a88f53a9d145372d6aa1eaeff2bb9538cf39187870454a81a8bcbc542c026cf1c8a567d6a516d74a8ed33acb910ac91fb6be35c635befad739b906f9ac61d1b6a4fcf65245f1d95cb96cc845f8a217dbf23383a2abe2a3a70a4d547848bd494ccfe034666e6795b557dd0d933d7e4668cbfcf537c25c6801"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x2, 0x9}]}}, {{0x9, 0x5, 0xa, 0x10, 0x8, 0x2, 0x2, 0xb, [@generic={0xa, 0x9, "380181b54ecf842d"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x4}]}}, {{0x9, 0x5, 0x0, 0x3, 0x200, 0xc, 0x10, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x5, 0x8}]}}, {{0x9, 0x5, 0x7, 0x2, 0x400, 0x81, 0x8, 0xb, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x8, 0xfff}]}}, {{0x9, 0x5, 0xe, 0x3, 0x20, 0xc, 0x2, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x3, 0x5}, @generic={0xee, 0x31, "d89d64d1e68ac50a885ad5340d463ef63a06271ff0fcb5fcdadcd160b2ac722195726c4441f7744ea687b29a1e24a90c434ae552bacbb5f247622ae0d859c684a9fecf697b7945154f33f4b83fe27b1333f5991048c7d3b988c4212d4ba3c29a9ccaa3794b18489f202fc670b1f3ba9a202752a735fd37ee0eb0971f40f49565e043071ed21d7ac2dd0c4cf09cdd043790923193ad509f8c446e2f537b0592e8a96b9315eef6fb915e852586ffa5d5f8f1030b0302629f2988701e5cab120165aab3e5c3c4f57ac79ee44850020f4c268cf1c1ddcd53b9a383bd4319415a2e15650749e3bed0db5b2c93c7bd"}]}}, {{0x9, 0x5, 0xe, 0x4, 0x40, 0x5, 0x5, 0x4, [@generic={0x49, 0x21, "a3f862024b1fc208d7a82f5d7f7d4356547d6fe9ebb5018b43432fdaee2101b4da00e950dd22d0003380ee3d99ec3d405a712e33342bbb4af2d3f62dbfb744a861578bfca0303e"}, @generic={0x40, 0x22, "db829527dcf4d42cbd33435888fcd592166423e837ae8ba8b7b285be93dd192ab6ad9b39dc46870f9e8281ba70f8c2f41681019ef8c3768d2271c7e64b2c"}]}}]}}]}}]}}, &(0x7f0000001b80)={0xa, &(0x7f0000001740)={0xa, 0x6, 0x310, 0x8, 0x8, 0x4, 0xff, 0xf}, 0x16, &(0x7f0000001780)={0x5, 0xf, 0x16, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x2, 0xe, 0x7, 0x8}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xb, 0x1, 0x9, 0x8}]}, 0xa, [{0x4, &(0x7f00000017c0)=@lang_id={0x4, 0x3, 0x2c09}}, {0x4, &(0x7f0000001800)=@lang_id={0x4, 0x3, 0x861}}, {0x4, &(0x7f0000001840)=@lang_id={0x4, 0x3, 0xc0a}}, {0x3, &(0x7f0000002080)=ANY=[@ANYBLOB="eb005feade8287c21b1ccbc3a5b0e1f6b7fd322b675c0b81ef12ab91dbb71657b204b3b223"]}, {0x4, &(0x7f00000018c0)=@lang_id={0x4, 0x3, 0x1c31}}, {0x9a, &(0x7f00000010c0)=ANY=[]}, {0x3d, &(0x7f00000019c0)=@string={0x3d, 0x3, "caa55aa465add4665172d446680609008d085b181d50ae78d14e9bafbb2a77dccf31ae95580b68b07e85507024c65a571e9df72bbba03aff8a82ff"}}, {0xb6, &(0x7f0000001a00)=@string={0xb6, 0x3, "19545cd88b20105939d5669c5375f941d1729eea8a613021f237acdd78f682271bdcd127c90991e4df0fcbefe81b52d55e71a97b1db3c5834c5347f35fce5dec6ecf96e1b0454fc1d4d7f8d71c4ea0ea437024954c9e5f967b08042de57239a9bf69f1aca405e275e4210d5576b34c77bab2c059d520e1206dd37ab0d8ba7d8c12605f54c42458291dbc9a6166f08d655bdd0d205aff4dd57d88577172279eb594c2e800fff23782cab7299d2b0a9e4606542c3f"}}, {0x27, &(0x7f0000001ac0)=@string={0x27, 0x3, "6f2a0156ff34c7e1dd049a12752b811a000a76d3aadc534fcc38aec188ff2673e65adaaf92"}}, {0x69, &(0x7f0000001b00)=ANY=[@ANYBLOB="690390e02b4aed8bfb046a3df567e42c2133b87b25863c27af055220bcac6436cc4a9d4aa6256e5684629903000200000605952bcb9b861c09c045dc2014003b4f0579c48e3b31f178fcfb78d4c4e7b81d717e411592ca0e667839736e41d041f71ca491333521655b"]}]})
syz_usb_control_io$hid(r3, &(0x7f0000001d80)={0x14, &(0x7f0000001c00)={0x20, 0xf, 0x91, {0x91, 0x2, "cee4f3c612189edf462db618820ba5f95b7127669c501303c9d83ebf52609a9828559cf73e2614db432e7f20bcf611fdab8ce6f71bab240be9618a7324a309458a0835a34a71e0bc850401771ded0b16cb0a9ee2ca8e12f0e630e0dcb3ea337e6d9b837362dfb1b0964f91122be0e347b2b1996bfe8102c77998fa849aeb88d051d081a9fa4880b9e5f91cd1705f50"}}, &(0x7f0000001cc0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x81a}}, &(0x7f0000001d00)=ANY=[@ANYBLOB="00220a0000000228bea1b8551eeb69fd"], &(0x7f0000001d40)={0x0, 0x21, 0x9, {0x9, 0x21, 0x2, 0x6, 0x1, {0x22, 0x7a3}}}}, &(0x7f0000002040)={0x18, &(0x7f0000001dc0)={0x0, 0x9, 0xa9, "8f075e95eda22dd76e9d32bfe5fe8ae393072b9915ba9b52167cd065e6fbb799d939754eef1689245add38b472ccad2159ed08e38b3dcad18fe73a754351d7d467a98eb82de52a92e1cfa4316f66881170eecd9d98be5661e245a4094a59f00a5b44e38a7abaed9aa7d934f87b011da656d58e8de20452d2a2600e99f61044d47cd88b89f7049c8b35c351970c40d4e34ecfea1c9272096c70723299b45df78b6b16f710e2621b3dbd"}, &(0x7f0000001e80)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000001ec0)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000001f00)=ANY=[@ANYBLOB="2001c70000003ff969a7ede8a785e7cfe0b55ef92c39eebd9f86d961fcffb4492d558586fab8b7bbef57d6190c04745a4cdf30d505d3ad4a98de5a71a8cedc23a44d5cd27fe878cf58bc42dd35e2b109da274ee42d5a1fca3687b6138740fe0cbc2b4cc36fc8b314954c381205bb3748cad376366060c1c06c0033feea10fb083b40f7e41ae224ab77e6f9fe02bcc8feacac2f5d50cc0502815f3670bc26b4bb20c700376efabd5df0361d6be2d5c9e1b1e6e942be1832f647a01cc15847faa691df9e3a13f5ba7922779a0949"], &(0x7f0000002000)={0x20, 0x3, 0x1, 0x2}})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(0xffffffffffffffff, &(0x7f0000001280)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001240)={&(0x7f00000011c0)={0x50, 0x0, 0x300, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x2}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x3}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa1}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010200000000000000006700000008000300", @ANYRES32=r5, @ANYRES64=r1], 0x30}}, 0x0)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x2c, 0x0, 0x228, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x6}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x19e}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x2}]}, 0x2c}}, 0x20044890)
r6 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x1c})
read(r6, &(0x7f0000000200)=""/145, 0x91)
madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x8)
ioctl$DRM_IOCTL_AUTH_MAGIC(0xffffffffffffffff, 0x40046411, &(0x7f0000000480)=0xfffffff9)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r7, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r7, &(0x7f0000000200)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@broadcast, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe4)
sendmmsg(r7, &(0x7f0000007fc0), 0x800001d, 0x9000000)

kernel console output (not intermixed with test programs):

attached
[  361.434203][T12468] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  361.439458][T12468] vhci_hcd vhci_hcd.0: pdev(1) rhport(4) sockfd(18)
[  361.441545][T12468] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  361.444098][T12468] vhci_hcd vhci_hcd.0: Device attached
[  361.448109][T12468] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(20)
[  361.450195][T12468] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  361.452820][T12468] vhci_hcd vhci_hcd.0: Device attached
[  361.455293][T12468] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  361.455372][   T10] usb usb38-port1: attempt power cycle
[  361.458373][T12468] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  361.463435][T12468] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  361.467363][T12468] vhci_hcd vhci_hcd.0: port 0 already used
[  361.477210][T12477] vhci_hcd: connection closed
[  361.477247][T12475] vhci_hcd: connection closed
[  361.477309][ T8709] vhci_hcd: stop threads
[  361.480476][T12473] vhci_hcd: connection closed
[  361.481164][T12469] vhci_hcd: connection closed
[  361.482027][ T8709] vhci_hcd: release socket
[  361.483464][T12471] vhci_hcd: connection closed
[  361.486250][ T8709] vhci_hcd: disconnect device
[  361.489342][ T8709] vhci_hcd: stop threads
[  361.490767][ T8709] vhci_hcd: release socket
[  361.492171][ T8709] vhci_hcd: disconnect device
[  361.493763][ T8709] vhci_hcd: stop threads
[  361.495099][ T8709] vhci_hcd: release socket
[  361.496553][ T8709] vhci_hcd: disconnect device
[  361.498110][ T8709] vhci_hcd: stop threads
[  361.499422][ T8709] vhci_hcd: release socket
[  361.501477][ T8709] vhci_hcd: disconnect device
[  361.504232][ T8709] vhci_hcd: stop threads
[  361.505574][ T8709] vhci_hcd: release socket
[  361.507005][ T8709] vhci_hcd: disconnect device
[  361.964009][T12485] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1590'.
[  361.968435][T12485] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1590'.
[  362.100621][   T10] usb usb38-port1: unable to enumerate USB device
[  362.277214][T12497] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1595'.
[  362.288246][T12497] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1595'.
[  362.335243][T12493] ptrace attach of "/syz-executor exec"[5941] was attempted by "/syz-executor exec"[12493]
[  362.436081][T12502] binder_alloc: 12501: binder_alloc_buf, no vma
[  362.469847][T12504] FAULT_INJECTION: forcing a failure.
[  362.469847][T12504] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  362.473959][T12504] CPU: 1 UID: 0 PID: 12504 Comm: syz.1.1598 Not tainted syzkaller #0 PREEMPT(full) 
[  362.473974][T12504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  362.473980][T12504] Call Trace:
[  362.473984][T12504]  <TASK>
[  362.473988][T12504]  dump_stack_lvl+0x16c/0x1f0
[  362.474005][T12504]  should_fail_ex+0x512/0x640
[  362.474025][T12504]  _copy_from_iter+0x29f/0x1720
[  362.474044][T12504]  ? __lock_acquire+0x622/0x1c90
[  362.474061][T12504]  ? __pfx__copy_from_iter+0x10/0x10
[  362.474079][T12504]  ? _parse_integer_limit+0x17f/0x1d0
[  362.474098][T12504]  tun_get_user+0x3c7/0x3cc0
[  362.474117][T12504]  ? __pfx_tun_get_user+0x10/0x10
[  362.474130][T12504]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  362.474145][T12504]  ? find_held_lock+0x2b/0x80
[  362.474157][T12504]  ? tun_get+0x191/0x370
[  362.474170][T12504]  tun_chr_write_iter+0xdc/0x210
[  362.474183][T12504]  vfs_write+0x7d3/0x11d0
[  362.474197][T12504]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  362.474210][T12504]  ? __pfx_vfs_write+0x10/0x10
[  362.474221][T12504]  ? find_held_lock+0x2b/0x80
[  362.474241][T12504]  ksys_write+0x12a/0x250
[  362.474252][T12504]  ? __pfx_ksys_write+0x10/0x10
[  362.474266][T12504]  ? rcu_is_watching+0x12/0xc0
[  362.474280][T12504]  __do_fast_syscall_32+0x7c/0x300
[  362.474296][T12504]  do_fast_syscall_32+0x32/0x80
[  362.474311][T12504]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  362.474325][T12504] RIP: 0023:0xf7f17579
[  362.474333][T12504] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  362.474344][T12504] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  362.474354][T12504] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800003c0
[  362.474361][T12504] RDX: 0000000000000fce RSI: 0000000000000000 RDI: 0000000000000000
[  362.474367][T12504] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  362.474373][T12504] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  362.474379][T12504] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  362.474393][T12504]  </TASK>
[  362.547767][    C1] vkms_vblank_simulate: vblank timer overrun
[  362.662570][T12506] syz.3.1599 (12506): drop_caches: 2
[  362.868353][T12516] sp0: Synchronizing with TNC
[  362.871181][T12516] sp0: Found TNC
[  362.874298][T12515] [U] è`
[  362.958333][T12519] bridge0: port 4(erspan0) entered blocking state
[  362.962072][T12519] bridge0: port 4(erspan0) entered disabled state
[  362.965630][T12519] erspan0: entered allmulticast mode
[  362.973840][T12519] erspan0: entered promiscuous mode
[  362.992848][T12519] erspan0: left allmulticast mode
[  362.995061][T12519] erspan0: left promiscuous mode
[  362.999088][T12519] bridge0: port 4(erspan0) entered disabled state
[  363.069451][T12525] binder: BINDER_SET_CONTEXT_MGR already set
[  363.079813][T12525] binder: 12523:12525 ioctl 4018620d 800002c0 returned -16
[  363.181444][T12533] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1608'.
[  363.184676][T12533] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1608'.
[  363.602931][T12551] netlink: 'syz.1.1612': attribute type 10 has an invalid length.
[  363.616075][T12553] netlink: 'syz.3.1614': attribute type 29 has an invalid length.
[  363.618759][T12553] netlink: 'syz.3.1614': attribute type 3 has an invalid length.
[  363.631092][T12555] binder_alloc: 12554: binder_alloc_buf, no vma
[  364.603835][T12589] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1627'.
[  365.237839][T12600] FAULT_INJECTION: forcing a failure.
[  365.237839][T12600] name failslab, interval 1, probability 0, space 0, times 0
[  365.237860][T12600] CPU: 1 UID: 0 PID: 12600 Comm: syz.1.1629 Not tainted syzkaller #0 PREEMPT(full) 
[  365.237873][T12600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  365.237879][T12600] Call Trace:
[  365.237883][T12600]  <TASK>
[  365.237887][T12600]  dump_stack_lvl+0x16c/0x1f0
[  365.237905][T12600]  should_fail_ex+0x512/0x640
[  365.237922][T12600]  ? __kmalloc_noprof+0xca/0x880
[  365.237943][T12600]  should_failslab+0xc2/0x120
[  365.237959][T12600]  __kmalloc_noprof+0xdd/0x880
[  365.237975][T12600]  ? __pfx___mutex_trylock_common+0x10/0x10
[  365.237992][T12600]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  365.238012][T12600]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  365.238026][T12600]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  365.238042][T12600]  ? __mutex_lock+0x1c5/0x1060
[  365.238058][T12600]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  365.238073][T12600]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  365.238088][T12600]  ? genl_get_cmd+0x194/0x580
[  365.238104][T12600]  ? ____sys_sendmsg+0xa98/0xc70
[  365.238118][T12600]  ? ___sys_sendmsg+0x134/0x1d0
[  365.238128][T12600]  ? __radix_tree_lookup+0x21f/0x2c0
[  365.238142][T12600]  genl_rcv_msg+0x55c/0x800
[  365.238158][T12600]  ? __pfx_genl_rcv_msg+0x10/0x10
[  365.238172][T12600]  ? __pfx_nbd_genl_disconnect+0x10/0x10
[  365.238192][T12600]  ? __lock_acquire+0x622/0x1c90
[  365.238210][T12600]  netlink_rcv_skb+0x158/0x420
[  365.238222][T12600]  ? __pfx_genl_rcv_msg+0x10/0x10
[  365.238236][T12600]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  365.238255][T12600]  ? netlink_deliver_tap+0x1ae/0xd30
[  365.238268][T12600]  genl_rcv+0x28/0x40
[  365.238280][T12600]  netlink_unicast+0x5aa/0x870
[  365.238294][T12600]  ? __pfx_netlink_unicast+0x10/0x10
[  365.238311][T12600]  netlink_sendmsg+0x8c8/0xdd0
[  365.238326][T12600]  ? __pfx_netlink_sendmsg+0x10/0x10
[  365.238340][T12600]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  365.238360][T12600]  ____sys_sendmsg+0xa98/0xc70
[  365.238375][T12600]  ? __pfx_____sys_sendmsg+0x10/0x10
[  365.238389][T12600]  ? get_compat_msghdr+0x11a/0x170
[  365.238406][T12600]  ___sys_sendmsg+0x134/0x1d0
[  365.238418][T12600]  ? __pfx____sys_sendmsg+0x10/0x10
[  365.238436][T12600]  ? find_held_lock+0x2b/0x80
[  365.238456][T12600]  __sys_sendmsg+0x16d/0x220
[  365.238467][T12600]  ? __pfx___sys_sendmsg+0x10/0x10
[  365.238485][T12600]  ? rcu_is_watching+0x12/0xc0
[  365.238499][T12600]  __do_fast_syscall_32+0x7c/0x300
[  365.238515][T12600]  do_fast_syscall_32+0x32/0x80
[  365.238529][T12600]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  365.238543][T12600] RIP: 0023:0xf7f17579
[  365.238552][T12600] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  365.238564][T12600] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  365.238574][T12600] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000280
[  365.238581][T12600] RDX: 00000000000000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  365.238587][T12600] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  365.238593][T12600] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  365.238599][T12600] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  365.238613][T12600]  </TASK>
[  365.419528][T12604] 
: renamed from bond_slave_0
[  365.667443][T12610] random: crng reseeded on system resumption
[  366.652957][T12628] loop9: detected capacity change from 0 to 7
[  366.657086][T12628] Dev loop9: unable to read RDB block 7
[  366.659278][T12628]  loop9: unable to read partition table
[  366.661526][T12628] loop9: partition table beyond EOD, truncated
[  366.664068][T12628] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  366.667683][T12628] netlink: 'syz.2.1639': attribute type 10 has an invalid length.
[  367.182116][T12637] ieee802154 phy0 wpan0: encryption failed: -22
[  367.186349][T12637] overlayfs: failed to resolve './file0': -2
[  367.442164][T12643] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  367.444275][T12643] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  367.447333][T12643] vhci_hcd vhci_hcd.0: Device attached
[  367.707773][   T40] kauditd_printk_skb: 13 callbacks suppressed
[  367.708284][   T40] audit: type=1326 audit(1762941705.477:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12647 comm="syz.1.1646" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x0
[  367.749824][ T7705] usb 37-1: new low-speed USB device number 6 using vhci_hcd
[  367.910579][T12660] overlayfs: conflicting lowerdir path
[  367.980227][   T60] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  367.996023][T12666] vlan3: entered promiscuous mode
[  367.997944][T12666] bridge0: entered promiscuous mode
[  368.000301][T12666] vlan3: entered allmulticast mode
[  368.002042][T12666] bridge0: entered allmulticast mode
[  368.054060][T12644] vhci_hcd: connection reset by peer
[  368.056849][ T8715] vhci_hcd: stop threads
[  368.058495][ T8715] vhci_hcd: release socket
[  368.066178][ T8715] vhci_hcd: disconnect device
[  368.860196][T12695] bridge_slave_0: left allmulticast mode
[  368.864302][T12695] bridge_slave_0: left promiscuous mode
[  368.866296][T12695] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.871591][T12695] bridge_slave_1: left allmulticast mode
[  368.873400][T12695] bridge_slave_1: left promiscuous mode
[  368.875247][T12695] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.883279][T12699] FAULT_INJECTION: forcing a failure.
[  368.883279][T12699] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  368.887813][T12699] CPU: 0 UID: 0 PID: 12699 Comm: syz.2.1653 Not tainted syzkaller #0 PREEMPT(full) 
[  368.887834][T12699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  368.887845][T12699] Call Trace:
[  368.887850][T12699]  <TASK>
[  368.887857][T12699]  dump_stack_lvl+0x16c/0x1f0
[  368.887880][T12699]  should_fail_ex+0x512/0x640
[  368.887909][T12699]  _copy_from_user+0x2e/0xd0
[  368.887935][T12699]  generic_map_update_batch+0x3f3/0x610
[  368.887961][T12699]  ? __pfx_generic_map_update_batch+0x10/0x10
[  368.887982][T12699]  ? __pfx_generic_map_update_batch+0x10/0x10
[  368.887999][T12699]  bpf_map_do_batch+0x5be/0x680
[  368.888020][T12695] team0: Port device team_slave_0 removed
[  368.888024][T12699]  __sys_bpf+0x482c/0x4980
[  368.888045][T12699]  ? __pfx___sys_bpf+0x10/0x10
[  368.888064][T12699]  ? find_held_lock+0x2b/0x80
[  368.888087][T12699]  ? find_held_lock+0x2b/0x80
[  368.888109][T12699]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  368.888137][T12699]  ? fput+0x9b/0xd0
[  368.888153][T12699]  ? ksys_write+0x1ac/0x250
[  368.888165][T12699]  ? __pfx_ksys_write+0x10/0x10
[  368.888180][T12699]  __ia32_sys_bpf+0x76/0xe0
[  368.888192][T12699]  __do_fast_syscall_32+0x7c/0x300
[  368.888209][T12699]  do_fast_syscall_32+0x32/0x80
[  368.888223][T12699]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  368.888238][T12699] RIP: 0023:0xf70dd579
[  368.888246][T12699] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  368.888258][T12699] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  368.888268][T12699] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000080000200
[  368.888275][T12699] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000
[  368.888281][T12699] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  368.888287][T12699] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  368.888293][T12699] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  368.888308][T12699]  </TASK>
[  368.960690][T12695] team0: Port device team_slave_1 removed
[  368.963873][T12695] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  368.966989][T12695] batman_adv: batadv0: Removing interface: batadv_slave_0
[  368.972027][T12695] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  368.975118][T12695] batman_adv: batadv0: Removing interface: batadv_slave_1
[  368.979721][T12695] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  369.086712][T12696] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  370.320150][   T35] block nbd0: Possible stuck request ffff888025bf4280: control (read@0,1024B). Runtime 150 seconds
[  370.327423][   T35] block nbd0: Possible stuck request ffff888025bf4440: control (read@1024,1024B). Runtime 150 seconds
[  370.332117][   T35] block nbd0: Possible stuck request ffff888025bf4600: control (read@2048,1024B). Runtime 150 seconds
[  370.338183][   T35] block nbd0: Possible stuck request ffff888025bf47c0: control (read@3072,1024B). Runtime 150 seconds
[  372.869935][ T7705] vhci_hcd: vhci_device speed not set
[  374.691184][T12721] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1658'.
[  374.694080][T12721] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1658'.
[  374.869106][T12736] comedi comedi3: rti802: I/O port conflict (0x10000,4)
[  375.976171][T12775] sp0: Synchronizing with TNC
[  375.984834][T12774] [U] è``
[  375.985053][T12777] netlink: 'syz.1.1670': attribute type 1 has an invalid length.
[  376.012021][T12777] bond6: (slave bridge4): making interface the new active one
[  376.015859][T12777] bond6: (slave bridge4): Enslaving as an active interface with an up link
[  376.027779][T12777] bond6: (slave gretap1): Enslaving as an active interface with an up link
[  376.414533][T12790] ubi: mtd0 is already attached to ubi31
[  376.500537][T12789] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  376.502673][T12789] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  376.671015][T12789] vhci_hcd vhci_hcd.0: Device attached
[  376.680203][T12789] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1674'.
[  376.910095][ T7705] usb 44-1: SetAddress Request (11) to port 0
[  376.912767][ T7705] usb 44-1: new SuperSpeed USB device number 11 using vhci_hcd
[  377.152396][T12791] vhci_hcd: connection reset by peer
[  377.156162][   T61] vhci_hcd: stop threads
[  377.157707][   T61] vhci_hcd: release socket
[  377.159635][   T61] vhci_hcd: disconnect device
[  377.321615][   T40] audit: type=1326 audit(1762941715.097:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.2.1677" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  377.334332][   T40] audit: type=1326 audit(1762941715.107:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.2.1677" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  377.341467][   T40] audit: type=1326 audit(1762941715.107:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.2.1677" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  377.348379][   T40] audit: type=1326 audit(1762941715.107:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.2.1677" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  377.355552][   T40] audit: type=1326 audit(1762941715.107:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.2.1677" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  377.362277][   T40] audit: type=1326 audit(1762941715.107:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.2.1677" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  377.370948][   T40] audit: type=1326 audit(1762941715.107:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.2.1677" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  377.377863][   T40] audit: type=1326 audit(1762941715.107:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.2.1677" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  377.384754][   T40] audit: type=1326 audit(1762941715.107:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.2.1677" exe="/syz-executor" sig=0 arch=40000003 syscall=219 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  377.393655][T12803] efs: device does not support 512 byte blocks
[  377.396687][T12803] device does not support 512 byte blocks
[  377.396687][T12803] 
[  377.408476][   T40] audit: type=1326 audit(1762941715.107:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.2.1677" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  378.061734][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  378.332606][T12807] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1679'.
[  379.914155][T12851] bond4: entered promiscuous mode
[  379.919686][T12851] netlink: 'syz.3.1694': attribute type 10 has an invalid length.
[  380.843348][T12867] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1698'.
[  380.846619][T12867] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1698'.
[  382.000545][ T7705] usb 44-1: device descriptor read/8, error -110
[  382.390634][ T7705] usb usb44-port1: attempt power cycle
[  382.409813][ T6008] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  382.879806][ T6008] usb 5-1: Using ep0 maxpacket: 32
[  382.950537][ T7705] usb usb44-port1: unable to enumerate USB device
[  382.951203][ T6008] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  382.962133][ T6008] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  382.965391][ T6008] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  382.968583][ T6008] usb 5-1: Product: syz
[  382.970450][ T6008] usb 5-1: Manufacturer: syz
[  382.972301][ T6008] usb 5-1: SerialNumber: syz
[  382.976013][ T6008] usb 5-1: config 0 descriptor??
[  382.978713][T12872] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  383.185850][T12872] random: crng reseeded on system resumption
[  383.193000][T12872] Restarting kernel threads ...
[  383.195541][T12872] Done restarting kernel threads.
[  383.440427][T12908] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1708'.
[  384.139842][T12922] netlink: 'syz.1.1711': attribute type 10 has an invalid length.
[  384.143069][T12922] team0: Cannot enslave team device to itself
[  384.336834][   T40] kauditd_printk_skb: 196 callbacks suppressed
[  384.336848][   T40] audit: type=1326 audit(1762941722.107:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12923 comm="syz.2.1713" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  384.345884][   T40] audit: type=1326 audit(1762941722.107:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12923 comm="syz.2.1713" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  384.352834][   T40] audit: type=1326 audit(1762941722.107:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12923 comm="syz.2.1713" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  384.361827][   T40] audit: type=1326 audit(1762941722.107:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12923 comm="syz.2.1713" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  384.370702][   T40] audit: type=1326 audit(1762941722.117:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12923 comm="syz.2.1713" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70dd598 code=0x7ffc0000
[  384.377841][   T40] audit: type=1326 audit(1762941722.117:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12923 comm="syz.2.1713" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70dd598 code=0x7ffc0000
[  384.384795][   T40] audit: type=1326 audit(1762941722.117:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12923 comm="syz.2.1713" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70dd598 code=0x7ffc0000
[  384.391685][   T40] audit: type=1326 audit(1762941722.117:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12923 comm="syz.2.1713" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70dd598 code=0x7ffc0000
[  384.398371][   T40] audit: type=1326 audit(1762941722.117:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12923 comm="syz.2.1713" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70dd598 code=0x7ffc0000
[  384.405611][   T40] audit: type=1326 audit(1762941722.117:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12923 comm="syz.2.1713" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70dd598 code=0x7ffc0000
[  384.917642][ T4240] usb 5-1: USB disconnect, device number 14
[  384.951130][T12951] x_tables: duplicate underflow at hook 1
[  385.900708][T12981] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1727'.
[  386.489922][ T7702] usb 7-1: new full-speed USB device number 14 using dummy_hcd
[  386.598493][T13012] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1737'.
[  386.640992][ T7702] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  386.644142][ T7702] usb 7-1: config 0 has no interfaces?
[  386.645866][ T7702] usb 7-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  386.648643][ T7702] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.652108][T13014] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1738'.
[  386.655108][ T7702] usb 7-1: config 0 descriptor??
[  386.655618][T13014] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1738'.
[  387.120945][T13020] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1740'.
[  387.143800][T13020] fuse: Bad value for 'rootmode'
[  387.434410][T13022] ip6_vti0 speed is unknown, defaulting to 1000
[  387.513616][T13022] lo speed is unknown, defaulting to 1000
[  387.715597][T13028] ptrace attach of "/syz-executor exec"[5952] was attempted by "/syz-executor exec"[13028]
[  388.045073][T13042] sp0: Synchronizing with TNC
[  388.048375][T13042] sp0: Found TNC
[  388.055228][T13040] [U] è`
[  388.566975][T13063] netlink: 'syz.0.1756': attribute type 10 has an invalid length.
[  388.598178][T13066] netlink: 'syz.0.1758': attribute type 1 has an invalid length.
[  388.603726][T13066] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  388.974238][T13074] netlink: 'syz.0.1759': attribute type 10 has an invalid length.
[  388.992960][T13074] netlink: 'syz.0.1759': attribute type 10 has an invalid length.
[  388.995484][T13074] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1759'.
[  388.998365][T13074] team0: entered promiscuous mode
[  389.000734][T13074] 8021q: adding VLAN 0 to HW filter on device team0
[  389.003017][T13074] bridge0: port 1(team0) entered blocking state
[  389.005054][T13074] bridge0: port 1(team0) entered disabled state
[  389.007115][T13074] team0: entered allmulticast mode
[  389.008715][T13074] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  389.155695][T13083] FAULT_INJECTION: forcing a failure.
[  389.155695][T13083] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  389.160126][T13083] CPU: 0 UID: 0 PID: 13083 Comm: syz.3.1764 Not tainted syzkaller #0 PREEMPT(full) 
[  389.160141][T13083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  389.160147][T13083] Call Trace:
[  389.160152][T13083]  <TASK>
[  389.160156][T13083]  dump_stack_lvl+0x16c/0x1f0
[  389.160173][T13083]  should_fail_ex+0x512/0x640
[  389.160193][T13083]  _copy_to_user+0x32/0xd0
[  389.160213][T13083]  simple_read_from_buffer+0xcb/0x170
[  389.160232][T13083]  proc_fail_nth_read+0x197/0x240
[  389.160245][T13083]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  389.160259][T13083]  ? rw_verify_area+0xcf/0x6c0
[  389.160269][T13083]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  389.160281][T13083]  vfs_read+0x1e4/0xcf0
[  389.160296][T13083]  ? __pfx_vfs_read+0x10/0x10
[  389.160307][T13083]  ? find_held_lock+0x2b/0x80
[  389.160323][T13083]  ? __fget_files+0x20e/0x3c0
[  389.160339][T13083]  ksys_read+0x12a/0x250
[  389.160350][T13083]  ? __pfx_ksys_read+0x10/0x10
[  389.160363][T13083]  ? rcu_is_watching+0x12/0xc0
[  389.160378][T13083]  __do_fast_syscall_32+0x7c/0x300
[  389.160394][T13083]  do_fast_syscall_32+0x32/0x80
[  389.160409][T13083]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  389.160424][T13083] RIP: 0023:0xf7f74579
[  389.160433][T13083] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  389.160443][T13083] RSP: 002b:00000000f5466590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  389.160454][T13083] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f5466620
[  389.160461][T13083] RDX: 000000000000000f RSI: 00000000f7406ff4 RDI: 0000000000000000
[  389.160467][T13083] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  389.160473][T13083] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  389.160479][T13083] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  389.160498][T13083]  </TASK>
[  389.259833][ T7702] usb 7-1: USB disconnect, device number 14
[  389.344866][T13090] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1766'.
[  391.706355][T13141] mkiss: ax0: crc mode is auto.
[  392.163236][T13147] input: syz1 as /devices/virtual/input/input16
[  392.204770][T13150] Cannot find del_set index 17152 as target
[  392.715069][T13177] ubi: mtd0 is already attached to ubi31
[  394.031846][T13208] mkiss: ax0: crc mode is auto.
[  395.039478][T13232] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  395.299876][    T9] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  395.480635][    T9] usb 5-1: config 27 has 1 interface, different from the descriptor's value: 3
[  395.480758][    T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  395.480825][    T9] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  395.481009][    T9] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  395.481045][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.499711][T13232] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  395.517657][    T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  396.029855][    T9] usb 5-1: USB disconnect, device number 15
[  396.165664][T13260] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  396.170002][T13260] cramfs: wrong magic
[  396.271571][T13265] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1811'.
[  396.760833][T13281] loop9: detected capacity change from 0 to 7
[  396.772488][T13281] Dev loop9: unable to read RDB block 7
[  396.774886][T13281]  loop9: unable to read partition table
[  396.777157][T13281] loop9: partition table beyond EOD, truncated
[  396.779483][T13281] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  396.793673][T13281] netlink: 'syz.2.1815': attribute type 10 has an invalid length.
[  396.819513][T13282] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  396.821634][T13282] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  396.825686][T13282] vhci_hcd vhci_hcd.0: Device attached
[  397.200539][ T7702] usb 38-1: SetAddress Request (26) to port 0
[  397.203035][ T7702] usb 38-1: new SuperSpeed USB device number 26 using vhci_hcd
[  397.479914][T13283] vhci_hcd: connection reset by peer
[  397.483542][ T8702] vhci_hcd: stop threads
[  397.485163][ T8702] vhci_hcd: release socket
[  397.486898][ T8702] vhci_hcd: disconnect device
[  397.681879][T13301] netlink: 'syz.3.1822': attribute type 1 has an invalid length.
[  397.720473][T13301] 8021q: adding VLAN 0 to HW filter on device bond5
[  397.761179][T13305] tmpfs: Bad value for 'mpol'
[  398.090874][T13317] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1827'.
[  398.093872][T13317] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1827'.
[  398.116315][T13319] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1828'.
[  398.119368][T13319] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1828'.
[  398.893323][T13342] loop9: detected capacity change from 0 to 7
[  398.895786][T13342] Dev loop9: unable to read RDB block 7
[  398.897520][T13342]  loop9: unable to read partition table
[  398.899453][T13342] loop9: partition table beyond EOD, truncated
[  398.901488][T13342] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  399.065923][T13349] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1838'.
[  399.308066][   T40] kauditd_printk_skb: 253 callbacks suppressed
[  399.308078][   T40] audit: type=1326 audit(1762941737.057:1136): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=13358 comm="syz.2.1843" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x0
[  400.402160][   T35] block nbd0: Possible stuck request ffff888025bf4280: control (read@0,1024B). Runtime 180 seconds
[  400.405690][   T35] block nbd0: Possible stuck request ffff888025bf4440: control (read@1024,1024B). Runtime 180 seconds
[  400.409153][   T35] block nbd0: Possible stuck request ffff888025bf4600: control (read@2048,1024B). Runtime 180 seconds
[  400.412616][   T35] block nbd0: Possible stuck request ffff888025bf47c0: control (read@3072,1024B). Runtime 180 seconds
[  401.249555][T13384] comedi comedi3: comedi_config --init_data is deprecated
[  402.240445][ T7702] usb 38-1: device descriptor read/8, error -110
[  402.630393][ T7702] usb usb38-port1: attempt power cycle
[  403.170064][T13423] loop9: detected capacity change from 0 to 7
[  403.174362][ T5958] Dev loop9: unable to read RDB block 7
[  403.177893][ T5958]  loop9: unable to read partition table
[  403.180929][ T5958] loop9: partition table beyond EOD, truncated
[  403.186209][T13423] Dev loop9: unable to read RDB block 7
[  403.188055][T13423]  loop9: unable to read partition table
[  403.191212][T13423] loop9: partition table beyond EOD, truncated
[  403.193663][T13423] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  403.205072][T13423] netlink: 'syz.2.1857': attribute type 10 has an invalid length.
[  403.212709][ T7702] usb usb38-port1: unable to enumerate USB device
[  403.635542][T13428] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  403.863300][T13436] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1862'.
[  403.982096][T13446] netlink: 'syz.1.1864': attribute type 21 has an invalid length.
[  403.985452][T13446] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1864'.
[  403.989307][T13446] netlink: 'syz.1.1864': attribute type 4 has an invalid length.
[  403.992706][T13446] netlink: 'syz.1.1864': attribute type 3 has an invalid length.
[  403.995987][T13446] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1864'.
[  404.113005][T13453] binder: 13452:13453 ioctl c0306201 0 returned -14
[  404.283728][T13466] FAULT_INJECTION: forcing a failure.
[  404.283728][T13466] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  404.287727][T13466] CPU: 2 UID: 0 PID: 13466 Comm: syz.1.1874 Not tainted syzkaller #0 PREEMPT(full) 
[  404.287747][T13466] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  404.287756][T13466] Call Trace:
[  404.287773][T13466]  <TASK>
[  404.287780][T13466]  dump_stack_lvl+0x16c/0x1f0
[  404.287817][T13466]  should_fail_ex+0x512/0x640
[  404.287843][T13466]  _copy_to_user+0x32/0xd0
[  404.287863][T13466]  simple_read_from_buffer+0xcb/0x170
[  404.287883][T13466]  proc_fail_nth_read+0x197/0x240
[  404.287896][T13466]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  404.287909][T13466]  ? rw_verify_area+0xcf/0x6c0
[  404.287920][T13466]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  404.287932][T13466]  vfs_read+0x1e4/0xcf0
[  404.287947][T13466]  ? __pfx_vfs_read+0x10/0x10
[  404.287958][T13466]  ? find_held_lock+0x2b/0x80
[  404.287974][T13466]  ? __fget_files+0x20e/0x3c0
[  404.287989][T13466]  ksys_read+0x12a/0x250
[  404.288001][T13466]  ? __pfx_ksys_read+0x10/0x10
[  404.288014][T13466]  ? rcu_is_watching+0x12/0xc0
[  404.288028][T13466]  __do_fast_syscall_32+0x7c/0x300
[  404.288045][T13466]  do_fast_syscall_32+0x32/0x80
[  404.288059][T13466]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  404.288073][T13466] RIP: 0023:0xf7f17579
[  404.288082][T13466] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  404.288092][T13466] RSP: 002b:00000000f5406590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  404.288102][T13466] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5406620
[  404.288109][T13466] RDX: 000000000000000f RSI: 00000000f73a6ff4 RDI: 0000000000000000
[  404.288115][T13466] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  404.288121][T13466] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  404.288127][T13466] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  404.288145][T13466]  </TASK>
[  404.472623][T13470] syz_tun: left allmulticast mode
[  404.474323][T13470] syz_tun: left promiscuous mode
[  404.476003][T13470] bridge0: port 3(syz_tun) entered disabled state
[  404.492308][T13470] bridge_slave_1: left allmulticast mode
[  404.494295][T13470] bridge_slave_1: left promiscuous mode
[  404.496113][T13470] bridge0: port 2(bridge_slave_1) entered disabled state
[  404.502472][T13470] bridge_slave_0: left allmulticast mode
[  404.504304][T13470] bridge_slave_0: left promiscuous mode
[  404.506624][T13470] bridge0: port 1(bridge_slave_0) entered disabled state
[  404.528321][T13475] netlink: 'syz.2.1872': attribute type 4 has an invalid length.
[  404.799188][T13484] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1878'.
[  405.160613][T13491] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  405.162735][T13491] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  405.165552][T13491] vhci_hcd vhci_hcd.0: Device attached
[  405.430129][ T7705] usb 38-1: SetAddress Request (30) to port 0
[  405.432518][ T7705] usb 38-1: new SuperSpeed USB device number 30 using vhci_hcd
[  405.448328][T13499] binder: 13497:13499 ioctl c0306201 0 returned -14
[  405.534136][T13496] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1881'.
[  405.540610][ T8702] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  405.548423][ T8702] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  405.691608][T13492] vhci_hcd: connection reset by peer
[  405.691798][ T8715] vhci_hcd: stop threads
[  405.691864][ T8715] vhci_hcd: release socket
[  405.691942][ T8715] vhci_hcd: disconnect device
[  405.780907][   T10] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x4
[  405.783526][   T10] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x2
[  405.785992][   T10] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  405.788384][   T10] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  405.791246][   T10] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  405.793666][   T10] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  405.796040][   T10] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  405.798424][   T10] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  405.801570][   T10] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  405.804103][   T10] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  405.810884][   T10] hid-generic 0000:3000000:0000.0002: hidraw1: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  405.902851][T13505] fido_id[13505]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  405.938524][T13515] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1886'.
[  405.942184][T13515] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1886'.
[  406.283843][T13522] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1889'.
[  406.287305][T13522] openvswitch: netlink: Invalid MD length 60718 for MD type 0
[  406.289713][T13522] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  406.320961][T13525] netlink: 'syz.1.1890': attribute type 1 has an invalid length.
[  406.321295][T13524] MINIX-fs: unable to read superblock
[  406.323544][T13525] netlink: 'syz.1.1890': attribute type 2 has an invalid length.
[  406.372254][T13529] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  406.393239][T13527] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  406.693027][   T40] audit: type=1326 audit(1762941744.467:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13535 comm="syz.2.1895" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  406.702357][   T40] audit: type=1326 audit(1762941744.477:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13535 comm="syz.2.1895" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  406.711339][   T40] audit: type=1326 audit(1762941744.477:1139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13535 comm="syz.2.1895" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70dd598 code=0x7ffc0000
[  406.720208][   T40] audit: type=1326 audit(1762941744.477:1140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13535 comm="syz.2.1895" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70dd598 code=0x7ffc0000
[  406.738183][   T40] audit: type=1326 audit(1762941744.477:1141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13535 comm="syz.2.1895" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70dd598 code=0x7ffc0000
[  406.755375][   T40] audit: type=1326 audit(1762941744.477:1142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13535 comm="syz.2.1895" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70dd598 code=0x7ffc0000
[  406.769817][   T40] audit: type=1326 audit(1762941744.477:1143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13535 comm="syz.2.1895" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70dd598 code=0x7ffc0000
[  406.776416][   T40] audit: type=1326 audit(1762941744.477:1144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13535 comm="syz.2.1895" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70dd598 code=0x7ffc0000
[  406.789781][   T40] audit: type=1326 audit(1762941744.477:1145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13535 comm="syz.2.1895" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  406.810090][   T40] audit: type=1326 audit(1762941744.477:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13535 comm="syz.2.1895" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70dd598 code=0x7ffc0000
[  406.909544][   T60] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  407.005270][ T5947] Bluetooth: hci0: unexpected event for opcode 0x0008
[  407.006586][T13547] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1898'.
[  407.071067][   T60] usb 5-1: config index 0 descriptor too short (expected 64804, got 36)
[  407.073745][   T60] usb 5-1: config 27 has too many interfaces: 251, using maximum allowed: 32
[  407.076616][   T60] usb 5-1: config 27 has 1 interface, different from the descriptor's value: 251
[  407.079501][   T60] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  407.083042][   T60] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  407.086206][   T60] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  407.089009][   T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.095557][T13527] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  407.101915][   T60] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  407.306086][   T60] usb 5-1: USB disconnect, device number 16
[  407.356144][T13557] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1901'.
[  407.359007][T13557] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[  407.394155][T13559] mmap: syz.2.1902 (13559) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  409.121387][T13606] __nla_validate_parse: 2 callbacks suppressed
[  409.121399][T13606] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1919'.
[  409.295694][T13608] netlink: 'syz.2.1920': attribute type 1 has an invalid length.
[  409.407054][T13599] ip6_vti0 speed is unknown, defaulting to 1000
[  409.538730][T13615] FAULT_INJECTION: forcing a failure.
[  409.538730][T13615] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  409.543335][T13615] CPU: 1 UID: 0 PID: 13615 Comm: syz.1.1922 Not tainted syzkaller #0 PREEMPT(full) 
[  409.543350][T13615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  409.543356][T13615] Call Trace:
[  409.543360][T13615]  <TASK>
[  409.543364][T13615]  dump_stack_lvl+0x16c/0x1f0
[  409.543381][T13615]  should_fail_ex+0x512/0x640
[  409.543400][T13615]  should_fail_alloc_page+0xe7/0x130
[  409.543417][T13615]  prepare_alloc_pages+0x3c2/0x610
[  409.543434][T13615]  __alloc_frozen_pages_noprof+0x18b/0x2470
[  409.543454][T13615]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  409.543471][T13615]  ? rcu_is_watching+0x12/0xc0
[  409.543484][T13615]  ? trace_kmem_cache_alloc+0x28/0xc0
[  409.543499][T13615]  ? kmem_cache_alloc_node_noprof+0x2d8/0x770
[  409.543511][T13615]  ? kmalloc_reserve+0x18b/0x2c0
[  409.543526][T13615]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  409.543546][T13615]  ? policy_nodemask+0xea/0x4e0
[  409.543563][T13615]  alloc_pages_mpol+0x1fb/0x550
[  409.543578][T13615]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  409.543592][T13615]  ? __pfx___alloc_skb+0x10/0x10
[  409.543613][T13615]  alloc_pages_noprof+0x131/0x390
[  409.543629][T13615]  alloc_skb_with_frags+0x24a/0x860
[  409.543641][T13615]  ? __might_fault+0xe3/0x190
[  409.543651][T13615]  ? __might_fault+0x13b/0x190
[  409.543664][T13615]  sock_alloc_send_pskb+0x7f9/0x980
[  409.543682][T13615]  ? _copy_from_iter+0x15d/0x1720
[  409.543703][T13615]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  409.543720][T13615]  ? _parse_integer_limit+0x17f/0x1d0
[  409.543736][T13615]  ? iov_iter_advance+0x7d/0x6c0
[  409.543755][T13615]  tun_get_user+0x7e2/0x3cc0
[  409.543774][T13615]  ? __pfx_tun_get_user+0x10/0x10
[  409.543786][T13615]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  409.543801][T13615]  ? find_held_lock+0x2b/0x80
[  409.543814][T13615]  ? tun_get+0x191/0x370
[  409.543827][T13615]  tun_chr_write_iter+0xdc/0x210
[  409.543839][T13615]  vfs_write+0x7d3/0x11d0
[  409.543853][T13615]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  409.543866][T13615]  ? __pfx_vfs_write+0x10/0x10
[  409.543877][T13615]  ? find_held_lock+0x2b/0x80
[  409.543896][T13615]  ksys_write+0x12a/0x250
[  409.543908][T13615]  ? __pfx_ksys_write+0x10/0x10
[  409.543922][T13615]  ? rcu_is_watching+0x12/0xc0
[  409.543935][T13615]  __do_fast_syscall_32+0x7c/0x300
[  409.543951][T13615]  do_fast_syscall_32+0x32/0x80
[  409.543966][T13615]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  409.543979][T13615] RIP: 0023:0xf7f17579
[  409.543988][T13615] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  409.543998][T13615] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  409.544009][T13615] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800003c0
[  409.544016][T13615] RDX: 0000000000000fce RSI: 0000000000000000 RDI: 0000000000000000
[  409.544022][T13615] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  409.544028][T13615] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  409.544034][T13615] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  409.544048][T13615]  </TASK>
[  409.652822][    C1] vkms_vblank_simulate: vblank timer overrun
[  409.707175][T13599] lo speed is unknown, defaulting to 1000
[  410.481565][ T7705] usb 38-1: device descriptor read/8, error -110
[  410.499607][T13630] ubi: mtd0 is already attached to ubi31
[  410.939405][ T7705] usb usb38-port1: attempt power cycle
[  411.500571][ T7705] usb usb38-port1: unable to enumerate USB device
[  411.722990][T13661] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1933'.
[  411.775205][T13659] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1932'.
[  411.775226][T13659] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1932'.
[  411.898721][T13670] binder: BINDER_SET_CONTEXT_MGR already set
[  411.898774][T13670] binder: 13667:13670 ioctl 4018620d 80000040 returned -16
[  412.015685][T13673] vlan3: entered promiscuous mode
[  412.017450][T13673] bridge0: entered promiscuous mode
[  412.019234][T13673] vlan3: entered allmulticast mode
[  412.021678][T13673] bridge0: entered allmulticast mode
[  412.111191][T13669] comedi comedi3: comedi_config --init_data is deprecated
[  413.429379][T13702] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  413.431481][T13702] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  413.447229][T13702] vhci_hcd vhci_hcd.0: Device attached
[  413.949928][ T6892] usb 38-1: SetAddress Request (34) to port 0
[  413.952081][ T6892] usb 38-1: new SuperSpeed USB device number 34 using vhci_hcd
[  413.978992][T13714] ip6_vti0 speed is unknown, defaulting to 1000
[  414.007959][T13704] vhci_hcd: connection reset by peer
[  414.010868][   T61] vhci_hcd: stop threads
[  414.012589][   T61] vhci_hcd: release socket
[  414.014685][   T61] vhci_hcd: disconnect device
[  414.103480][T13714] lo speed is unknown, defaulting to 1000
[  415.209367][T13740] bond6: entered promiscuous mode
[  415.215955][T13740] netlink: 'syz.3.1951': attribute type 10 has an invalid length.
[  415.295046][T13750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1955'.
[  415.771477][T13761] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1958'.
[  417.403211][T13776] binder: 13775:13776 ioctl 4018620d 0 returned -22
[  417.432930][T13780] No control pipe specified
[  417.434701][T13780] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1964'.
[  417.534690][ T5355] udevd[5355]: worker [5948] /devices/virtual/block/nbd0 timeout; kill it
[  417.540902][ T5355] udevd[5355]: seq 15917 '/devices/virtual/block/nbd0' killed
[  418.708697][T13788] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  418.711385][T13788] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  418.716144][T13788] vhci_hcd vhci_hcd.0: Device attached
[  418.840941][T13789] vhci_hcd: connection closed
[  418.842264][ T8706] vhci_hcd: stop threads
[  418.846037][ T8706] vhci_hcd: release socket
[  418.848029][ T8706] vhci_hcd: disconnect device
[  418.889869][ T7705] vhci_hcd: vhci_device speed not set
[  419.040006][ T6892] usb 38-1: device descriptor read/8, error -110
[  419.446061][ T6892] usb usb38-port1: attempt power cycle
[  419.450945][T13801] sp0: Synchronizing with TNC
[  419.453775][T13801] sp0: Found TNC
[  419.456144][T13800] [U] è`
[  419.643623][T13808] binder: 13807:13808 ioctl c0306201 0 returned -14
[  419.969538][T13814] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  420.076693][T13812] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  420.078277][ T6892] usb usb38-port1: unable to enumerate USB device
[  420.600330][T13817] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  421.181023][T13831] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  421.183574][T13831] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  421.186483][T13831] vhci_hcd vhci_hcd.0: Device attached
[  421.191111][T13832] usbip_core: unknown command
[  421.193166][T13832] vhci_hcd: unknown pdu 0
[  421.194972][T13832] usbip_core: unknown command
[  421.197179][ T8715] vhci_hcd: stop threads
[  421.198559][ T8715] vhci_hcd: release socket
[  421.201515][ T8715] vhci_hcd: disconnect device
[  421.672879][T13839] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  421.675730][T13839] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  421.690264][T13839] vhci_hcd vhci_hcd.0: Device attached
[  421.999854][ T1475] usb 40-1: SetAddress Request (18) to port 0
[  422.002369][ T1475] usb 40-1: new SuperSpeed USB device number 18 using vhci_hcd
[  422.020466][T13842] vhci_hcd: connection reset by peer
[  422.023505][ T8713] vhci_hcd: stop threads
[  422.025314][ T8713] vhci_hcd: release socket
[  422.027152][ T8713] vhci_hcd: disconnect device
[  422.787818][ T6892] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  422.874582][T13852] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1985'.
[  422.953372][ T6892] usb 7-1: config index 0 descriptor too short (expected 23569, got 27)
[  422.957106][ T6892] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 33022, setting to 64
[  422.961545][ T6892] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  422.964463][ T6892] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  422.966996][ T6892] usb 7-1: Manufacturer: syz
[  422.973244][ T6892] usb 7-1: config 0 descriptor??
[  423.021432][ T6892] rc_core: IR keymap rc-hauppauge not found
[  423.023618][ T6892] Registered IR keymap rc-empty
[  423.028444][ T6892] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[  423.034771][ T6892] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input17
[  423.060796][T13866] netlink: 'syz.1.1989': attribute type 5 has an invalid length.
[  423.245073][T13867] /dev/nullb0: Can't open blockdev
[  423.353563][T13846] ip6_vti0 speed is unknown, defaulting to 1000
[  423.558117][T13846] lo speed is unknown, defaulting to 1000
[  423.693681][ T6892] usb 7-1: USB disconnect, device number 15
[  423.821225][T13870] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1990'.
[  424.229356][T13876] gfs2: Unknown parameter 'norecovery™Û;fçÓáöšOŠŸ¹`¦A›u4Þþ墅JÛŒŠ$«fhÑYo’‹Ýn1ylJ8(áK1'
[  424.327711][T13879] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  424.422212][T13885] loop9: detected capacity change from 0 to 7
[  424.427287][T13885] Dev loop9: unable to read RDB block 7
[  424.431662][T13885]  loop9: unable to read partition table
[  424.435084][T13885] loop9: partition table beyond EOD, truncated
[  424.437358][T13885] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  424.443967][T13885] netlink: 'syz.2.1993': attribute type 10 has an invalid length.
[  425.902455][T13910] 9pnet_fd: Insufficient options for proto=fd
[  426.316906][T13903] Process accounting resumed
[  426.505741][T13920] binder: Binderfs stats mode cannot be changed during a remount
[  427.047439][ T1475] usb 40-1: device descriptor read/8, error -110
[  427.475506][ T1475] usb usb40-port1: attempt power cycle
[  427.917981][T13934] Cannot find del_set index 2 as target
[  428.046406][ T1475] usb usb40-port1: unable to enumerate USB device
[  429.578009][T13957] trusted_key: encrypted_key: insufficient parameters specified
[  430.488055][   T35] block nbd0: Possible stuck request ffff888025bf4280: control (read@0,1024B). Runtime 210 seconds
[  430.491803][   T35] block nbd0: Possible stuck request ffff888025bf4440: control (read@1024,1024B). Runtime 210 seconds
[  430.495197][   T35] block nbd0: Possible stuck request ffff888025bf4600: control (read@2048,1024B). Runtime 210 seconds
[  430.498652][   T35] block nbd0: Possible stuck request ffff888025bf47c0: control (read@3072,1024B). Runtime 210 seconds
[  432.397998][T13977] netlink: 'syz.1.2020': attribute type 1 has an invalid length.
[  432.421928][T13977] 8021q: adding VLAN 0 to HW filter on device bond7
[  432.444770][T13977] ip6erspan0: entered promiscuous mode
[  432.450249][T13977] bond7: (slave ip6erspan0): making interface the new active one
[  432.454332][T13977] bond7: (slave ip6erspan0): Enslaving as an active interface with an up link
[  432.672715][ T5955] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  432.677384][ T5955] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  432.681506][ T5955] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  432.685270][ T5955] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  432.688708][ T5955] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  432.816095][T13983] ip6_vti0 speed is unknown, defaulting to 1000
[  432.958740][T13983] lo speed is unknown, defaulting to 1000
[  433.089947][T13983] chnl_net:caif_netlink_parms(): no params data found
[  433.176002][T13983] bridge0: port 1(bridge_slave_0) entered blocking state
[  433.178291][T13983] bridge0: port 1(bridge_slave_0) entered disabled state
[  433.182131][T13983] bridge_slave_0: entered allmulticast mode
[  433.184799][T13983] bridge_slave_0: entered promiscuous mode
[  433.187957][T13983] bridge0: port 2(bridge_slave_1) entered blocking state
[  433.190208][T13983] bridge0: port 2(bridge_slave_1) entered disabled state
[  433.193455][T13983] bridge_slave_1: entered allmulticast mode
[  433.196075][T13983] bridge_slave_1: entered promiscuous mode
[  433.229389][T13983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  433.234081][T13983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  433.264649][T13983] team0: Port device team_slave_0 added
[  433.267822][T13983] team0: Port device team_slave_1 added
[  433.298063][T13983] batman_adv: batadv0: Adding interface: batadv_slave_0
[  433.300293][T13983] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  433.309657][T13983] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  433.315064][T13983] batman_adv: batadv0: Adding interface: batadv_slave_1
[  433.317247][T13983] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  433.325272][T13983] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  433.362428][T13983] hsr_slave_0: entered promiscuous mode
[  433.364700][T13983] hsr_slave_1: entered promiscuous mode
[  433.366806][T13983] debugfs: 'hsr0' already exists in 'hsr'
[  433.368626][T13983] Cannot create hsr debugfs directory
[  433.499051][T13983] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  433.504744][T13983] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  433.508905][T13983] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  433.514354][T13983] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  433.566110][T13983] 8021q: adding VLAN 0 to HW filter on device bond0
[  433.581138][T13983] 8021q: adding VLAN 0 to HW filter on device team0
[  433.589338][ T8706] bridge0: port 1(bridge_slave_0) entered blocking state
[  433.592442][ T8706] bridge0: port 1(bridge_slave_0) entered forwarding state
[  433.601116][ T8715] bridge0: port 2(bridge_slave_1) entered blocking state
[  433.604162][ T8715] bridge0: port 2(bridge_slave_1) entered forwarding state
[  433.748235][T13983] 8021q: adding VLAN 0 to HW filter on device batadv0
[  433.905697][T13983] veth0_vlan: entered promiscuous mode
[  433.911061][T13983] veth1_vlan: entered promiscuous mode
[  433.929951][T13983] veth0_macvtap: entered promiscuous mode
[  433.934542][T13983] veth1_macvtap: entered promiscuous mode
[  433.944932][T13983] batman_adv: batadv0: Interface activated: batadv_slave_0
[  433.960346][T13983] batman_adv: batadv0: Interface activated: batadv_slave_1
[  433.972180][ T8706] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  433.975192][ T8706] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  433.979946][ T8706] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  433.986076][ T8706] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  434.031837][ T8709] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  434.034500][ T8709] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  434.058854][ T8713] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  434.062722][ T8713] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  434.342688][ T7705] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  434.542042][ T7705] usb 9-1: Using ep0 maxpacket: 16
[  434.551362][ T7705] usb 9-1: config 0 has an invalid interface number: 132 but max is 0
[  434.554809][ T7705] usb 9-1: config 0 has no interface number 0
[  434.571936][ T7705] usb 9-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  434.575454][ T7705] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.578460][ T7705] usb 9-1: Product: syz
[  434.581299][ T7705] usb 9-1: Manufacturer: syz
[  434.584912][ T7705] usb 9-1: SerialNumber: syz
[  434.609108][ T7705] usb 9-1: config 0 descriptor??
[  434.633991][ T7705] hub 9-1:0.132: bad descriptor, ignoring hub
[  434.634677][T14029] ptrace attach of "/syz-executor exec"[5949] was attempted by ""[14029]
[  434.636388][ T7705] hub 9-1:0.132: probe with driver hub failed with error -5
[  434.657084][ T7705] input: bcm5974 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.132/input/input18
[  434.732367][ T5947] Bluetooth: hci4: command tx timeout
[  434.847058][T14025] veth0: entered promiscuous mode
[  434.850355][T14024] veth0: left promiscuous mode
[  436.814005][ T5947] Bluetooth: hci4: command tx timeout
[  437.439582][T14086] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[  437.442380][T14086] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  437.446512][T14086] vhci_hcd vhci_hcd.0: Device attached
[  437.667565][T14093] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2038'.
[  437.795272][ T6892] usb 46-1: SetAddress Request (2) to port 0
[  437.798622][ T6892] usb 46-1: new SuperSpeed USB device number 2 using vhci_hcd
[  438.200759][ T7705] usb 9-1: USB disconnect, device number 2
[  438.218716][T14087] vhci_hcd: connection reset by peer
[  438.221289][ T8711] vhci_hcd: stop threads
[  438.223042][ T8711] vhci_hcd: release socket
[  438.224977][ T8711] vhci_hcd: disconnect device
[  438.546880][T14102] syz_tun: left allmulticast mode
[  438.548596][T14102] syz_tun: left promiscuous mode
[  438.550383][T14102] bridge0: port 3(syz_tun) entered disabled state
[  438.555309][T14102] bridge_slave_0: left allmulticast mode
[  438.557406][T14102] bridge0: port 1(bridge_slave_0) entered disabled state
[  438.561442][T14102] bridge_slave_1: left allmulticast mode
[  438.563332][T14102] bridge_slave_1: left promiscuous mode
[  438.565244][T14102] bridge0: port 2(bridge_slave_1) entered disabled state
[  438.572015][T14102] team0: Port device C removed
[  438.575814][T14102] team0: Port device team_slave_1 removed
[  438.578150][T14102] batman_adv: batadv0: Removing interface: batadv_slave_0
[  438.580788][T14102] batman_adv: batadv0: Removing interface: batadv_slave_1
[  438.583466][T14102] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  438.605007][T14102] team0: Mode changed to "loadbalance"
[  438.608546][T14102] netlink: 'syz.1.2041': attribute type 10 has an invalid length.
[  438.611445][T14102] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2041'.
[  438.905883][ T5947] Bluetooth: hci4: command tx timeout
[  439.398645][ T7703] libceph: connect (1)[c::]:6789 error -101
[  439.402272][ T7703] libceph: mon0 (1)[c::]:6789 connect error
[  439.472555][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  439.662841][ T7703] libceph: connect (1)[c::]:6789 error -101
[  439.665029][ T7703] libceph: mon0 (1)[c::]:6789 connect error
[  439.965481][T14115] ceph: No mds server is up or the cluster is laggy
[  440.047825][T14128] netlink: 'syz.4.2048': attribute type 1 has an invalid length.
[  440.460659][ T5955] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  440.464129][ T5955] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  440.466954][ T5955] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  440.471966][ T5955] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  440.474771][ T5955] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  440.596117][T14145] ip6_vti0 speed is unknown, defaulting to 1000
[  440.721825][T14145] lo speed is unknown, defaulting to 1000
[  440.868397][T14145] chnl_net:caif_netlink_parms(): no params data found
[  440.939329][T14145] bridge0: port 1(bridge_slave_0) entered blocking state
[  440.941639][T14145] bridge0: port 1(bridge_slave_0) entered disabled state
[  440.943880][T14145] bridge_slave_0: entered allmulticast mode
[  440.946999][T14145] bridge_slave_0: entered promiscuous mode
[  440.950292][T14145] bridge0: port 2(bridge_slave_1) entered blocking state
[  440.952684][T14145] bridge0: port 2(bridge_slave_1) entered disabled state
[  440.954980][T14145] bridge_slave_1: entered allmulticast mode
[  440.957597][T14145] bridge_slave_1: entered promiscuous mode
[  440.977904][ T5955] Bluetooth: hci4: command tx timeout
[  440.992278][T14145] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  440.997063][T14145] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  441.030813][T14145] team0: Port device team_slave_0 added
[  441.034044][T14145] team0: Port device team_slave_1 added
[  441.071903][T14145] batman_adv: batadv0: Adding interface: batadv_slave_0
[  441.078028][T14145] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  441.091300][T14145] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  441.095969][T14145] batman_adv: batadv0: Adding interface: batadv_slave_1
[  441.099241][T14145] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  441.107302][T14145] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  441.151592][T14145] hsr_slave_0: entered promiscuous mode
[  441.154413][T14145] hsr_slave_1: entered promiscuous mode
[  441.156623][T14145] debugfs: 'hsr0' already exists in 'hsr'
[  441.159184][T14145] Cannot create hsr debugfs directory
[  441.305154][T14145] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  441.310055][T14145] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  441.316769][T14145] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  441.322562][T14145] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  441.339990][T14145] bridge0: port 2(bridge_slave_1) entered blocking state
[  441.342276][T14145] bridge0: port 2(bridge_slave_1) entered forwarding state
[  441.344758][T14145] bridge0: port 1(bridge_slave_0) entered blocking state
[  441.346977][T14145] bridge0: port 1(bridge_slave_0) entered forwarding state
[  441.379567][T14145] 8021q: adding VLAN 0 to HW filter on device bond0
[  441.390286][ T8709] bridge0: port 1(bridge_slave_0) entered disabled state
[  441.399190][ T8709] bridge0: port 2(bridge_slave_1) entered disabled state
[  441.423999][T14145] 8021q: adding VLAN 0 to HW filter on device team0
[  441.432190][ T8706] bridge0: port 1(bridge_slave_0) entered blocking state
[  441.434473][ T8706] bridge0: port 1(bridge_slave_0) entered forwarding state
[  441.445808][ T8709] bridge0: port 2(bridge_slave_1) entered blocking state
[  441.448059][ T8709] bridge0: port 2(bridge_slave_1) entered forwarding state
[  441.567790][T14185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2064'.
[  441.571116][T14185] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  441.767733][T14145] 8021q: adding VLAN 0 to HW filter on device batadv0
[  441.897870][T14145] veth0_vlan: entered promiscuous mode
[  441.910129][T14145] veth1_vlan: entered promiscuous mode
[  441.928060][T14145] veth0_macvtap: entered promiscuous mode
[  441.933680][T14145] veth1_macvtap: entered promiscuous mode
[  441.944182][T14145] batman_adv: batadv0: Interface activated: batadv_slave_0
[  441.955162][T14145] batman_adv: batadv0: Interface activated: batadv_slave_1
[  441.966879][ T8713] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  441.970789][ T8713] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  441.975154][ T8713] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  441.978468][ T8713] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  442.045300][ T8715] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  442.049665][ T8715] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  442.070935][ T8713] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  442.074375][ T8713] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  442.226212][T14201] No source specified
[  442.260676][T14203] Cannot find del_set index 1 as target
[  442.499539][ T5955] Bluetooth: hci5: command tx timeout
[  442.595579][T14219] FAULT_INJECTION: forcing a failure.
[  442.595579][T14219] name failslab, interval 1, probability 0, space 0, times 0
[  442.599754][T14219] CPU: 3 UID: 0 PID: 14219 Comm: syz.5.2071 Not tainted syzkaller #0 PREEMPT(full) 
[  442.599771][T14219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  442.599777][T14219] Call Trace:
[  442.599826][T14219]  <TASK>
[  442.599831][T14219]  dump_stack_lvl+0x16c/0x1f0
[  442.599887][T14219]  should_fail_ex+0x512/0x640
[  442.599930][T14219]  should_failslab+0xc2/0x120
[  442.599946][T14219]  kmem_cache_alloc_noprof+0x75/0x6e0
[  442.599958][T14219]  ? dst_alloc+0x99/0x1a0
[  442.599977][T14219]  ? __pfx_ip6_dst_gc+0x10/0x10
[  442.600000][T14219]  ? dst_alloc+0x99/0x1a0
[  442.600015][T14219]  dst_alloc+0x99/0x1a0
[  442.600034][T14219]  ip6_pol_route+0x96b/0x1230
[  442.600053][T14219]  ? __pfx_ip6_pol_route+0x10/0x10
[  442.600075][T14219]  ? __local_bh_enable_ip+0xa4/0x120
[  442.600091][T14219]  ? __pfx_ip6_pol_route_input+0x10/0x10
[  442.600107][T14219]  fib6_rule_lookup+0x536/0x720
[  442.600124][T14219]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  442.600140][T14219]  ? nf_nat_ipv6_fn+0xff/0x2e0
[  442.600157][T14219]  ? __pfx_nf_nat_ipv6_fn+0x10/0x10
[  442.600174][T14219]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  442.600196][T14219]  ip6_route_input+0x662/0xc70
[  442.600215][T14219]  ? __pfx_ip6_route_input+0x10/0x10
[  442.600231][T14219]  ? lock_acquire+0x179/0x350
[  442.600256][T14219]  ? sock_wfree+0x11c/0x880
[  442.600266][T14219]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  442.600286][T14219]  ip6_rcv_finish_core.constprop.0+0x1a0/0x5d0
[  442.600306][T14219]  ipv6_rcv+0x1e8/0x650
[  442.600324][T14219]  ? __pfx_ipv6_rcv+0x10/0x10
[  442.600340][T14219]  __netif_receive_skb_one_core+0x12d/0x1e0
[  442.600358][T14219]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  442.600376][T14219]  ? lock_acquire+0x179/0x350
[  442.600395][T14219]  __netif_receive_skb+0x1d/0x160
[  442.600412][T14219]  netif_receive_skb+0x137/0x7b0
[  442.600428][T14219]  ? __pfx_netif_receive_skb+0x10/0x10
[  442.600446][T14219]  ? __pfx__copy_from_iter+0x10/0x10
[  442.600467][T14219]  tun_rx_batched.isra.0+0x3ee/0x740
[  442.600488][T14219]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  442.600510][T14219]  ? tun_get_user+0x1ded/0x3cc0
[  442.600520][T14219]  ? rcu_is_watching+0x12/0xc0
[  442.600535][T14219]  tun_get_user+0x28b2/0x3cc0
[  442.600542][T14220] gfs2: error -5 reading superblock
[  442.600553][T14219]  ? __pfx_tun_get_user+0x10/0x10
[  442.600565][T14219]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  442.600581][T14219]  ? find_held_lock+0x2b/0x80
[  442.600593][T14219]  ? tun_get+0x191/0x370
[  442.600606][T14219]  tun_chr_write_iter+0xdc/0x210
[  442.600619][T14219]  vfs_write+0x7d3/0x11d0
[  442.600632][T14219]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  442.600646][T14219]  ? __pfx_vfs_write+0x10/0x10
[  442.600657][T14219]  ? find_held_lock+0x2b/0x80
[  442.600676][T14219]  ksys_write+0x12a/0x250
[  442.600693][T14219]  ? __pfx_ksys_write+0x10/0x10
[  442.600706][T14219]  ? rcu_is_watching+0x12/0xc0
[  442.600720][T14219]  __do_fast_syscall_32+0x7c/0x300
[  442.600736][T14219]  do_fast_syscall_32+0x32/0x80
[  442.600751][T14219]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  442.600765][T14219] RIP: 0023:0xf700d579
[  442.600774][T14219] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  442.600785][T14219] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  442.600813][T14219] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800003c0
[  442.600819][T14219] RDX: 0000000000000fce RSI: 0000000000000000 RDI: 0000000000000000
[  442.600825][T14219] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  442.600831][T14219] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  442.600838][T14219] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  442.600852][T14219]  </TASK>
[  442.908284][ T6892] usb 46-1: device descriptor read/8, error -110
[  443.241424][T14226] /dev/nullb0: Can't open blockdev
[  443.551091][ T6892] usb usb46-port1: attempt power cycle
[  443.653862][T14232] openvswitch: netlink: EtherType 0 is less than min 600
[  444.191335][ T6892] usb usb46-port1: unable to enumerate USB device
[  444.365126][T14257] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2082'.
[  444.581246][ T5955] Bluetooth: hci5: command tx timeout
[  444.651110][T14268] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2087'.
[  444.703845][T14272] netlink: 'syz.1.2089': attribute type 11 has an invalid length.
[  444.707073][T14272] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2089'.
[  444.756877][T14278] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2086'.
[  444.766579][T14278] overlayfs: failed to resolve './file1': -2
[  444.960045][T14284] ptrace attach of "/syz-executor exec"[5949] was attempted by ""[14284]
[  445.165931][T14293] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  445.504174][T14307] ubi: mtd0 is already attached to ubi31
[  445.747455][T14317] FAULT_INJECTION: forcing a failure.
[  445.747455][T14317] name failslab, interval 1, probability 0, space 0, times 0
[  445.753080][T14317] CPU: 0 UID: 0 PID: 14317 Comm: syz.5.2103 Not tainted syzkaller #0 PREEMPT(full) 
[  445.753102][T14317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  445.753113][T14317] Call Trace:
[  445.753118][T14317]  <TASK>
[  445.753125][T14317]  dump_stack_lvl+0x16c/0x1f0
[  445.753150][T14317]  should_fail_ex+0x512/0x640
[  445.753192][T14317]  ? fs_reclaim_acquire+0xae/0x150
[  445.753218][T14317]  should_failslab+0xc2/0x120
[  445.753242][T14317]  __kmalloc_noprof+0xdd/0x880
[  445.753271][T14317]  ? tomoyo_encode2+0x100/0x3e0
[  445.753295][T14317]  ? tomoyo_encode2+0x100/0x3e0
[  445.753314][T14317]  tomoyo_encode2+0x100/0x3e0
[  445.753338][T14317]  tomoyo_encode+0x29/0x50
[  445.753357][T14317]  tomoyo_realpath_from_path+0x18f/0x6e0
[  445.753381][T14317]  ? tomoyo_profile+0x47/0x60
[  445.753407][T14317]  tomoyo_path_number_perm+0x245/0x580
[  445.753432][T14317]  ? tomoyo_path_number_perm+0x237/0x580
[  445.753462][T14317]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  445.753518][T14317]  ? find_held_lock+0x2b/0x80
[  445.753536][T14317]  ? hook_file_ioctl_common+0x145/0x410
[  445.753560][T14317]  ? __fget_files+0x20e/0x3c0
[  445.753583][T14317]  security_file_ioctl_compat+0x9b/0x240
[  445.753604][T14317]  __ia32_compat_sys_ioctl+0xc3/0x370
[  445.753634][T14317]  __do_fast_syscall_32+0x7c/0x300
[  445.753660][T14317]  do_fast_syscall_32+0x32/0x80
[  445.753682][T14317]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  445.753704][T14317] RIP: 0023:0xf700d579
[  445.753718][T14317] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  445.753734][T14317] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  445.753750][T14317] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ae80
[  445.753761][T14317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  445.753771][T14317] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  445.753781][T14317] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  445.753791][T14317] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  445.753818][T14317]  </TASK>
[  445.753854][T14317] ERROR: Out of memory at tomoyo_realpath_from_path.
[  446.021762][T14320] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2104'.
[  446.029819][T14320] team_slave_0: entered promiscuous mode
[  446.031989][T14320] team_slave_1: entered promiscuous mode
[  446.034386][T14320] macsec1: entered promiscuous mode
[  446.036193][T14320] team0: entered promiscuous mode
[  446.038220][T14320] macsec1: entered allmulticast mode
[  446.039990][T14320] team0: entered allmulticast mode
[  446.041960][T14320] team_slave_0: entered allmulticast mode
[  446.044154][T14320] team_slave_1: entered allmulticast mode
[  446.046877][T14320] team0: Device macsec1 is already an upper device of the team interface
[  446.050504][T14320] team0: left allmulticast mode
[  446.052183][T14320] team_slave_0: left allmulticast mode
[  446.055545][T14320] team_slave_1: left allmulticast mode
[  446.057409][T14320] team0: left promiscuous mode
[  446.059303][T14320] team_slave_0: left promiscuous mode
[  446.061164][T14320] team_slave_1: left promiscuous mode
[  446.662628][T14349] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2114'.
[  446.665780][ T5955] Bluetooth: hci5: command tx timeout
[  446.895754][T14351] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  446.898760][T14351] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  446.902408][T14352] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  446.906306][T14352] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  446.909225][T14352] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  446.911693][T14352] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  446.914379][T14352] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  446.922679][T14352] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  446.924173][T14351] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  446.927485][T14351] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  446.932449][T14351] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  446.932583][T14352] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  446.934522][T14351] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  446.936430][T14352] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  446.943262][T14351] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  446.945786][T14351] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  446.946436][T14352] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  446.950439][T14351] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  446.950451][T14351] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  446.957019][T14351] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  446.958961][T14351] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  447.216538][T14366] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  447.858828][T14378] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2120'.
[  447.863470][T14378] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2120'.
[  448.336683][T14388] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  448.336762][T14388] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  448.337622][T14388] vhci_hcd vhci_hcd.0: Device attached
[  448.625092][ T6892] usb 46-1: SetAddress Request (6) to port 0
[  448.625171][ T6892] usb 46-1: new SuperSpeed USB device number 6 using vhci_hcd
[  448.908476][T14389] vhci_hcd: connection reset by peer
[  448.910888][ T8709] vhci_hcd: stop threads
[  448.912261][ T8709] vhci_hcd: release socket
[  448.915540][ T8709] vhci_hcd: disconnect device
[  448.963319][   T40] kauditd_printk_skb: 3398 callbacks suppressed
[  448.963330][   T40] audit: type=1326 audit(1762942042.714:4545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14406 comm="syz.1.2131" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  448.972902][   T40] audit: type=1326 audit(1762942042.714:4546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14406 comm="syz.1.2131" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  448.981808][   T40] audit: type=1326 audit(1762942042.724:4547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14406 comm="syz.1.2131" exe="/syz-executor" sig=0 arch=40000003 syscall=26 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  448.991221][   T40] audit: type=1326 audit(1762942042.724:4548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14406 comm="syz.1.2131" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  448.998039][   T40] audit: type=1326 audit(1762942042.724:4549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14406 comm="syz.1.2131" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  449.005759][   T40] audit: type=1326 audit(1762942042.724:4550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14406 comm="syz.1.2131" exe="/syz-executor" sig=0 arch=40000003 syscall=394 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  449.013987][   T40] audit: type=1326 audit(1762942042.724:4551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14406 comm="syz.1.2131" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  449.024074][   T40] audit: type=1326 audit(1762942042.724:4552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14406 comm="syz.1.2131" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  449.031041][   T40] audit: type=1326 audit(1762942042.734:4553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14406 comm="syz.1.2131" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  449.037817][   T40] audit: type=1326 audit(1762942042.734:4554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14406 comm="syz.1.2131" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  449.183779][T14416] ptrace attach of "/syz-executor exec"[5941] was attempted by "/syz-executor exec"[14416]
[  449.189081][T14416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2133'.
[  449.192035][T14416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2133'.
[  449.670774][T14431] loop9: detected capacity change from 0 to 7
[  449.675765][ T5958] Dev loop9: unable to read RDB block 7
[  449.677972][ T5958]  loop9: unable to read partition table
[  449.679840][ T5958] loop9: partition table beyond EOD, truncated
[  449.709940][T14431] Dev loop9: unable to read RDB block 7
[  449.712521][T14431]  loop9: unable to read partition table
[  449.714484][T14431] loop9: partition table beyond EOD, truncated
[  449.717206][T14431] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  449.787850][T14438] netlink: 'syz.1.2139': attribute type 1 has an invalid length.
[  449.790382][T14438] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2139'.
[  450.565860][T14451] netlink: 888 bytes leftover after parsing attributes in process `syz.3.2142'.
[  450.604575][T14454] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  450.607998][T14454] /dev/nullb0: Can't open blockdev
[  450.617742][T14454] serio: Serial port ptm0
[  450.626632][T14455] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2145'.
[  450.732330][T14456] evm: overlay not supported
[  451.370567][T14480] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2154'.
[  451.412401][T14484] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2156'.
[  451.739726][T14490] /dev/nullb0: Can't open blockdev
[  452.580338][T14499] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2160'.
[  452.595355][T14499] lo: entered promiscuous mode
[  452.603391][T14499] lo: entered allmulticast mode
[  452.617179][T14499] tunl0: entered promiscuous mode
[  452.627594][T14499] tunl0: entered allmulticast mode
[  452.630653][T14499] gre0: entered promiscuous mode
[  452.632914][T14499] gre0: entered allmulticast mode
[  452.635683][T14499] gretap0: entered promiscuous mode
[  452.637916][T14499] gretap0: entered allmulticast mode
[  452.643379][T14499] erspan0: entered promiscuous mode
[  452.645663][T14499] erspan0: entered allmulticast mode
[  452.649415][T14499] ip_vti0: entered promiscuous mode
[  452.651575][T14499] ip_vti0: entered allmulticast mode
[  452.654643][T14499] ip6_vti0: entered promiscuous mode
[  452.657104][T14499] ip6_vti0: entered allmulticast mode
[  452.660381][T14499] sit0: entered promiscuous mode
[  452.662523][T14499] sit0: entered allmulticast mode
[  452.665397][T14499] ip6tnl0: entered promiscuous mode
[  452.667652][T14499] ip6tnl0: entered allmulticast mode
[  452.670873][T14499] ip6gre0: entered promiscuous mode
[  452.673118][T14499] ip6gre0: entered allmulticast mode
[  452.676050][T14499] syz_tun: entered promiscuous mode
[  452.678279][T14499] syz_tun: entered allmulticast mode
[  452.682160][T14499] ip6gretap0: entered promiscuous mode
[  452.684679][T14499] ip6gretap0: entered allmulticast mode
[  452.688369][T14499] bridge0: entered promiscuous mode
[  452.691467][T14499] bridge0: entered allmulticast mode
[  452.694938][T14499] vcan0: entered promiscuous mode
[  452.697132][T14499] vcan0: entered allmulticast mode
[  452.701289][T14499] bond0: entered promiscuous mode
[  452.703581][T14499] bond_slave_0: entered promiscuous mode
[  452.706188][T14499] bond_slave_1: entered promiscuous mode
[  452.709341][T14499] bond0: entered allmulticast mode
[  452.711901][T14499] bond_slave_0: entered allmulticast mode
[  452.714465][T14499] bond_slave_1: entered allmulticast mode
[  452.718262][T14499] team0: entered promiscuous mode
[  452.721482][T14499] team_slave_0: entered promiscuous mode
[  452.724177][T14499] team_slave_1: entered promiscuous mode
[  452.726773][T14499] team0: entered allmulticast mode
[  452.729215][T14499] team_slave_0: entered allmulticast mode
[  452.731622][T14499] team_slave_1: entered allmulticast mode
[  452.735551][T14499] nlmon0: entered promiscuous mode
[  452.737930][T14499] nlmon0: entered allmulticast mode
[  452.742097][T14499] caif0: entered promiscuous mode
[  452.744386][T14499] caif0: entered allmulticast mode
[  452.747745][T14499] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  453.710843][ T6892] usb 46-1: device descriptor read/8, error -110
[  454.101048][ T6892] usb usb46-port1: attempt power cycle
[  454.681588][ T6892] usb usb46-port1: unable to enumerate USB device
[  454.802145][T14522] FAULT_INJECTION: forcing a failure.
[  454.802145][T14522] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  454.806002][T14522] CPU: 1 UID: 0 PID: 14522 Comm: syz.1.2168 Not tainted syzkaller #0 PREEMPT(full) 
[  454.806017][T14522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  454.806024][T14522] Call Trace:
[  454.806028][T14522]  <TASK>
[  454.806033][T14522]  dump_stack_lvl+0x16c/0x1f0
[  454.806050][T14522]  should_fail_ex+0x512/0x640
[  454.806071][T14522]  _copy_to_user+0x32/0xd0
[  454.806090][T14522]  simple_read_from_buffer+0xcb/0x170
[  454.806110][T14522]  proc_fail_nth_read+0x197/0x240
[  454.806123][T14522]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  454.806136][T14522]  ? rw_verify_area+0xcf/0x6c0
[  454.806147][T14522]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  454.806159][T14522]  vfs_read+0x1e4/0xcf0
[  454.806174][T14522]  ? __pfx_vfs_read+0x10/0x10
[  454.806184][T14522]  ? find_held_lock+0x2b/0x80
[  454.806201][T14522]  ? __fget_files+0x20e/0x3c0
[  454.806216][T14522]  ksys_read+0x12a/0x250
[  454.806228][T14522]  ? __pfx_ksys_read+0x10/0x10
[  454.806240][T14522]  ? fput+0x9b/0xd0
[  454.806255][T14522]  ? rcu_is_watching+0x12/0xc0
[  454.806269][T14522]  __do_fast_syscall_32+0x7c/0x300
[  454.806286][T14522]  do_fast_syscall_32+0x32/0x80
[  454.806300][T14522]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  454.806314][T14522] RIP: 0023:0xf7f17579
[  454.806323][T14522] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  454.806334][T14522] RSP: 002b:00000000f5406590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  454.806345][T14522] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f5406620
[  454.806352][T14522] RDX: 000000000000000f RSI: 00000000f73a6ff4 RDI: 0000000000000000
[  454.806358][T14522] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  454.806364][T14522] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  454.806370][T14522] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  454.806385][T14522]  </TASK>
[  454.873266][T14524] 9pnet_virtio: no channels available for device syz
[  455.093376][T14533] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2171'.
[  455.233809][T14541] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2173'.
[  455.453720][T14551] mkiss: ax0: crc mode is auto.
[  455.911159][T14560] bridge0: port 1(bridge_slave_0) entered disabled state
[  455.916816][T14560] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  456.217818][T14576] netlink: 'syz.4.2183': attribute type 10 has an invalid length.
[  456.221815][T14576] syz_tun: left allmulticast mode
[  456.231119][T14576] syz_tun: entered allmulticast mode
[  456.235215][T14576] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  456.378698][T14584] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2184'.
[  456.383531][T14584] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2184'.
[  456.464500][T14588] fuse: blksize only supported for fuseblk
[  456.475696][T14590] xt_TCPMSS: Only works on TCP SYN packets
[  456.535881][T14595] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  456.837869][T14599] ptrace attach of "/syz-executor exec"[13983] was attempted by "/syz-executor exec"[14599]
[  456.934819][T14603] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2191'.
[  456.938076][T14603] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2191'.
[  457.642488][T14613] ip6_vti0 speed is unknown, defaulting to 1000
[  457.745882][T14613] lo speed is unknown, defaulting to 1000
[  457.950371][T14623] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  457.952836][T14623] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  457.957471][T14623] vhci_hcd vhci_hcd.0: Device attached
[  458.233856][ T7703] usb 48-1: SetAddress Request (2) to port 0
[  458.235871][ T7703] usb 48-1: new SuperSpeed USB device number 2 using vhci_hcd
[  458.558596][T14624] vhci_hcd: connection reset by peer
[  458.561204][ T8706] vhci_hcd: stop threads
[  458.562730][ T8706] vhci_hcd: release socket
[  458.564320][ T8706] vhci_hcd: disconnect device
[  458.873609][T14633] --map-set only usable from mangle table
[  459.442308][T14639] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2203'.
[  459.603810][T14649] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2206'.
[  459.729711][T14653] FAULT_INJECTION: forcing a failure.
[  459.729711][T14653] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  459.735179][T14653] CPU: 2 UID: 0 PID: 14653 Comm: syz.4.2208 Not tainted syzkaller #0 PREEMPT(full) 
[  459.735201][T14653] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  459.735212][T14653] Call Trace:
[  459.735218][T14653]  <TASK>
[  459.735224][T14653]  dump_stack_lvl+0x16c/0x1f0
[  459.735248][T14653]  should_fail_ex+0x512/0x640
[  459.735277][T14653]  _copy_to_user+0x32/0xd0
[  459.735305][T14653]  simple_read_from_buffer+0xcb/0x170
[  459.735335][T14653]  proc_fail_nth_read+0x197/0x240
[  459.735356][T14653]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  459.735377][T14653]  ? rw_verify_area+0xcf/0x6c0
[  459.735395][T14653]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  459.735414][T14653]  vfs_read+0x1e4/0xcf0
[  459.735438][T14653]  ? __pfx_vfs_read+0x10/0x10
[  459.735454][T14653]  ? find_held_lock+0x2b/0x80
[  459.735480][T14653]  ? __fget_files+0x20e/0x3c0
[  459.735507][T14653]  ksys_read+0x12a/0x250
[  459.735525][T14653]  ? __pfx_ksys_read+0x10/0x10
[  459.735547][T14653]  ? rcu_is_watching+0x12/0xc0
[  459.735570][T14653]  __do_fast_syscall_32+0x7c/0x300
[  459.735595][T14653]  do_fast_syscall_32+0x32/0x80
[  459.735623][T14653]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  459.735644][T14653] RIP: 0023:0xf705d579
[  459.735658][T14653] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  459.735675][T14653] RSP: 002b:00000000f544d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  459.735691][T14653] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f544d620
[  459.735703][T14653] RDX: 000000000000000f RSI: 00000000f73f6ff4 RDI: 0000000000000000
[  459.735713][T14653] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  459.735723][T14653] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  459.735734][T14653] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  459.735760][T14653]  </TASK>
[  460.636189][   T35] block nbd0: Possible stuck request ffff888025bf4280: control (read@0,1024B). Runtime 240 seconds
[  460.640850][   T35] block nbd0: Possible stuck request ffff888025bf4440: control (read@1024,1024B). Runtime 240 seconds
[  460.647355][   T35] block nbd0: Possible stuck request ffff888025bf4600: control (read@2048,1024B). Runtime 240 seconds
[  460.655340][   T35] block nbd0: Possible stuck request ffff888025bf47c0: control (read@3072,1024B). Runtime 240 seconds
[  461.042084][T14691] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2216'.
[  461.071739][T14691] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2216'.
[  461.079403][T14691] bond8 (unregistering): Released all slaves
[  462.892680][T14739] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  462.892706][T14739] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  462.893085][T14739] vhci_hcd vhci_hcd.0: Device attached
[  463.529973][T14740] vhci_hcd: connection reset by peer
[  463.530306][ T8709] vhci_hcd: stop threads
[  463.530317][ T8709] vhci_hcd: release socket
[  463.531533][ T7703] usb 48-1: device descriptor read/8, error -110
[  463.532908][ T8709] vhci_hcd: disconnect device
[  463.594761][T14751] ubi: mtd0 is already attached to ubi31
[  464.182062][ T7703] usb usb48-port1: attempt power cycle
[  464.874222][ T7703] usb usb48-port1: unable to enumerate USB device
[  464.912607][T14778] bridge0: port 1(bridge_slave_0) entered disabled state
[  465.014264][T14778] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  466.741824][T14789] syz.5.2241 (14789) used greatest stack depth: 19288 bytes left
[  466.974886][T14809] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2248'.
[  467.995669][T14825] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2252'.
[  467.999126][T14825] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2252'.
[  468.202856][ T6026] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  468.302639][ T7705] libceph: connect (1)[c::]:6789 error -101
[  468.307290][ T7705] libceph: mon0 (1)[c::]:6789 connect error
[  468.394159][ T6026] usb 10-1: config 0 has no interfaces?
[  468.396104][ T6026] usb 10-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  468.398950][ T6026] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.402579][ T6026] usb 10-1: config 0 descriptor??
[  468.563289][ T7705] libceph: connect (1)[c::]:6789 error -101
[  468.565490][ T7705] libceph: mon0 (1)[c::]:6789 connect error
[  468.632068][ T8711] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  468.635681][ T8711] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  468.638771][ T8711] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  468.642334][ T8711] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  468.898505][T14837] ceph: No mds server is up or the cluster is laggy
[  469.074618][ T7705] libceph: connect (1)[c::]:6789 error -101
[  469.077274][ T7705] libceph: mon0 (1)[c::]:6789 connect error
[  470.286410][ T7705] libceph: connect (1)[c::]:6789 error -101
[  470.288671][ T7705] libceph: mon0 (1)[c::]:6789 connect error
[  470.485235][ T7705] usb 10-1: USB disconnect, device number 2
[  471.119242][   T40] kauditd_printk_skb: 44 callbacks suppressed
[  471.119254][   T40] audit: type=1326 audit(1762942064.854:4599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14851 comm="syz.4.2260" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[  471.128994][   T40] audit: type=1326 audit(1762942064.854:4600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14851 comm="syz.4.2260" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[  471.135870][   T40] audit: type=1326 audit(1762942064.854:4601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14851 comm="syz.4.2260" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf705d579 code=0x7ffc0000
[  471.143181][   T40] audit: type=1326 audit(1762942064.854:4602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14851 comm="syz.4.2260" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[  471.151490][   T40] audit: type=1326 audit(1762942064.854:4603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14851 comm="syz.4.2260" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[  471.160311][   T40] audit: type=1326 audit(1762942064.854:4604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14851 comm="syz.4.2260" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf705d579 code=0x7ffc0000
[  471.164897][T14847] overlay: Unknown parameter 'appraise'
[  471.169270][   T40] audit: type=1326 audit(1762942064.854:4605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14851 comm="syz.4.2260" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000
[  471.179563][   T40] audit: type=1326 audit(1762942064.854:4606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14851 comm="syz.4.2260" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705d598 code=0x7ffc0000
[  471.188217][T14847] virtiofs: Unknown parameter 'fuse'
[  471.191960][   T40] audit: type=1326 audit(1762942064.854:4607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14851 comm="syz.4.2260" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[  471.200488][   T40] audit: type=1326 audit(1762942064.854:4608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14851 comm="syz.4.2260" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[  471.344667][T14859] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2262'.
[  471.405276][T14861] netlink: 'syz.5.2261': attribute type 4 has an invalid length.
[  471.417719][T14861] loop6: detected capacity change from 0 to 63
[  471.427777][ T5958] buffer_io_error: 138 callbacks suppressed
[  471.427789][ T5958] Buffer I/O error on dev loop6, logical block 0, async page read
[  471.433792][T14861] Buffer I/O error on dev loop6, logical block 0, async page read
[  471.437017][ T5958] Buffer I/O error on dev loop6, logical block 0, async page read
[  471.439948][ T5958] Buffer I/O error on dev loop6, logical block 0, async page read
[  471.442759][T14861] Buffer I/O error on dev loop6, logical block 0, async page read
[  471.447863][T14861] Buffer I/O error on dev loop6, logical block 0, async page read
[  471.451353][ T5958] Buffer I/O error on dev loop6, logical block 0, async page read
[  471.454017][T14861] Buffer I/O error on dev loop6, logical block 0, async page read
[  471.457583][ T5958] Buffer I/O error on dev loop6, logical block 0, async page read
[  471.472118][T14861] Buffer I/O error on dev loop6, logical block 0, async page read
[  471.640749][T14866] sp0: Synchronizing with TNC
[  471.678667][T14865] sp0: Found TNC
[  471.734652][T14864] [U] è`
[  471.786401][T14868] netlink: 240 bytes leftover after parsing attributes in process `syz.3.2265'.
[  471.796279][T14869] netlink: 188 bytes leftover after parsing attributes in process `syz.3.2265'.
[  471.830254][T14873] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2266'.
[  471.833148][T14873] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2266'.
[  471.999878][ T9313] syz_tun (unregistering): left allmulticast mode
[  472.003553][ T9313] syz_tun (unregistering): left promiscuous mode
[  472.006700][ T9313] bridge0: port 3(syz_tun) entered disabled state
[  472.037181][ T5947] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  472.046303][ T5947] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  472.049207][ T5947] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  472.052401][ T5947] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  472.054892][ T5947] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  472.061576][ T5955] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  472.065635][ T5955] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  472.068039][ T5955] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  472.071982][ T5955] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  472.075136][ T5955] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  472.216779][T14880] ip6_vti0 speed is unknown, defaulting to 1000
[  472.359255][T14880] lo speed is unknown, defaulting to 1000
[  472.442657][ T8715] team0: Port device netdevsim0 removed
[  472.473697][T14880] chnl_net:caif_netlink_parms(): no params data found
[  472.570884][T14880] bridge0: port 1(bridge_slave_0) entered blocking state
[  472.575602][T14880] bridge0: port 1(bridge_slave_0) entered disabled state
[  472.577944][T14880] bridge_slave_0: entered allmulticast mode
[  472.580723][T14880] bridge_slave_0: entered promiscuous mode
[  472.584682][T14880] bridge0: port 2(bridge_slave_1) entered blocking state
[  472.587297][T14880] bridge0: port 2(bridge_slave_1) entered disabled state
[  472.589739][T14880] bridge_slave_1: entered allmulticast mode
[  472.592604][T14880] bridge_slave_1: entered promiscuous mode
[  472.640833][T14880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  472.647323][T14880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  472.713829][T14880] team0: Port device team_slave_0 added
[  472.719307][T14880] team0: Port device team_slave_1 added
[  472.868321][ T8715] bridge_slave_1: left allmulticast mode
[  472.871895][ T8715] bridge_slave_1: left promiscuous mode
[  472.876765][ T8715] bridge0: port 2(bridge_slave_1) entered disabled state
[  472.885916][ T8715] bridge_slave_0: left allmulticast mode
[  472.888102][ T8715] bridge0: port 1(bridge_slave_0) entered disabled state
[  473.679955][ T8715] bond0 (unregistering): Released all slaves
[  473.785978][ T8715] bond1 (unregistering): Released all slaves
[  473.792232][ T8715] bond2 (unregistering): Released all slaves
[  473.799719][ T8715] bond3 (unregistering): Released all slaves
[  473.805899][ T8715] bond4 (unregistering): Released all slaves
[  473.903282][ T8715] bond5 (unregistering): Released all slaves
[  473.914129][ T8715] bond6 (unregistering): Released all slaves
[  473.929495][T14880] batman_adv: batadv0: Adding interface: batadv_slave_0
[  473.931842][T14880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  473.940572][T14880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  474.019046][T14880] batman_adv: batadv0: Adding interface: batadv_slave_1
[  474.022519][T14880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  474.033692][T14880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  474.041619][ T8715] : left promiscuous mode
[  474.125440][ T5955] Bluetooth: hci0: command tx timeout
[  474.138131][T14880] hsr_slave_0: entered promiscuous mode
[  474.140564][T14880] hsr_slave_1: entered promiscuous mode
[  474.142671][T14880] debugfs: 'hsr0' already exists in 'hsr'
[  474.144417][T14880] Cannot create hsr debugfs directory
[  474.358482][ T6891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  474.361661][ T7705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  474.413312][T14925] ubi: mtd0 is already attached to ubi31
[  474.446632][T14928] xt_TCPMSS: Only works on TCP SYN packets
[  474.487648][T14931] netlink: 'syz.5.2279': attribute type 1 has an invalid length.
[  474.533999][T14931] 8021q: adding VLAN 0 to HW filter on device bond1
[  474.591123][T14931] bond1: (slave gretap1): making interface the new active one
[  474.597250][T14931] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  474.650713][T14941] vivid-000: disconnect
[  475.245495][   T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  475.348856][T14945] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  475.350912][T14945] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  475.353390][T14945] vhci_hcd vhci_hcd.0: Device attached
[  475.649542][T14946] vhci_hcd: connection closed
[  475.650496][ T1475] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  475.709805][T14940] vivid-000: reconnect
[  475.714520][ T8711] vhci_hcd: stop threads
[  475.716043][ T8711] vhci_hcd: release socket
[  475.718859][ T8711] vhci_hcd: disconnect device
[  475.735362][ T1475] vhci_hcd: vhci_device speed not set
[  475.901359][T14957] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2282'.
[  476.032075][ T8715] hsr_slave_0: left promiscuous mode
[  476.037431][ T8715] batman_adv: batadv0: Removing interface: batadv_slave_0
[  476.042254][ T8715] batman_adv: batadv0: Removing interface: batadv_slave_1
[  476.048725][ T8715] veth1_macvtap: left allmulticast mode
[  476.205197][ T5955] Bluetooth: hci0: command tx timeout
[  476.689262][ T1475] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  477.173576][ T8715] team0 (unregistering): Port device team_slave_1 removed
[  477.247841][ T8715] team0 (unregistering): Port device team_slave_0 removed
[  477.728759][ T1475] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  477.881670][T14880] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  477.926086][T14880] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  477.932409][T14880] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  477.939422][T14880] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  478.041875][T14992] bond1: entered promiscuous mode
[  478.063054][T14880] 8021q: adding VLAN 0 to HW filter on device bond0
[  478.087198][T14880] 8021q: adding VLAN 0 to HW filter on device team0
[  478.091292][T14992] netlink: 'syz.4.2288': attribute type 10 has an invalid length.
[  478.110321][ T8713] bridge0: port 1(bridge_slave_0) entered blocking state
[  478.113402][ T8713] bridge0: port 1(bridge_slave_0) entered forwarding state
[  478.130615][T14992] bridge0: port 2(bridge_slave_1) entered disabled state
[  478.136635][T14992] bridge0: left promiscuous mode
[  478.138729][T14992] bridge0: left allmulticast mode
[  478.156966][T14992] bridge0: port 2(bridge_slave_1) entered blocking state
[  478.159801][T14992] bridge0: port 2(bridge_slave_1) entered forwarding state
[  478.163334][T14992] bridge0: entered promiscuous mode
[  478.165451][T14992] bridge0: entered allmulticast mode
[  478.167673][T14992] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  478.229275][ T8706] bridge0: port 2(bridge_slave_1) entered blocking state
[  478.231922][ T8706] bridge0: port 2(bridge_slave_1) entered forwarding state
[  478.244721][ T8715] IPVS: stop unused estimator thread 0...
[  478.258289][T14880] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  478.261760][T14880] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  478.285352][ T5955] Bluetooth: hci0: command tx timeout
[  478.393045][   T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  478.427806][T14880] 8021q: adding VLAN 0 to HW filter on device batadv0
[  478.460787][T14880] veth0_vlan: entered promiscuous mode
[  478.475064][T14880] veth1_vlan: entered promiscuous mode
[  478.492209][T14880] veth0_macvtap: entered promiscuous mode
[  478.495891][T14880] veth1_macvtap: entered promiscuous mode
[  478.503699][T14880] batman_adv: batadv0: Interface activated: batadv_slave_0
[  478.507994][T14880] batman_adv: batadv0: Interface activated: batadv_slave_1
[  478.703133][ T8715] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  478.717545][ T8715] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  478.721321][ T8715] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  478.744035][ T8715] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  478.779001][ T1475] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  478.780478][ T8706] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  478.811752][ T8706] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  479.051493][ T8709] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  479.054237][ T8709] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  479.827808][ T7705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  480.365310][ T5955] Bluetooth: hci0: command tx timeout
[  480.439382][T15030] netlink: 'syz.5.2296': attribute type 12 has an invalid length.
[  480.845844][T15033] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  480.907286][ T7705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  481.055796][T15032] ip6_vti0 speed is unknown, defaulting to 1000
[  481.140186][T15045] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  481.143714][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  481.335059][T15051] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2299'.
[  481.338727][T15051] bridge_slave_1: left allmulticast mode
[  481.340732][T15051] bridge_slave_1: left promiscuous mode
[  481.342921][T15051] bridge0: port 2(bridge_slave_1) entered disabled state
[  481.367266][T15051] bridge_slave_0: left allmulticast mode
[  481.369954][T15051] bridge0: port 1(bridge_slave_0) entered disabled state
[  481.409044][ T6899] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  481.453790][T15051] bond0: (slave bridge0): Releasing backup interface
[  481.456991][T15051] bridge0 (unregistering): left promiscuous mode
[  481.459112][T15051] bridge0 (unregistering): left allmulticast mode
[  482.044144][ T7705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  483.085171][ T7705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  483.321025][T15062] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2303'.
[  483.577644][T15067] 9pnet_fd: Insufficient options for proto=fd
[  483.655201][ T6026] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  483.676884][T15077] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2307'.
[  483.680170][T15077] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2307'.
[  483.760342][T15085] FAULT_INJECTION: forcing a failure.
[  483.760342][T15085] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  483.764849][T15085] CPU: 0 UID: 0 PID: 15085 Comm: syz.4.2310 Not tainted syzkaller #0 PREEMPT(full) 
[  483.764872][T15085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  483.764882][T15085] Call Trace:
[  483.764889][T15085]  <TASK>
[  483.764897][T15085]  dump_stack_lvl+0x16c/0x1f0
[  483.764924][T15085]  should_fail_ex+0x512/0x640
[  483.764955][T15085]  _copy_from_user+0x2e/0xd0
[  483.764984][T15085]  binder_thread_write+0xa5c/0x4e70
[  483.765011][T15085]  ? __kasan_save_free_info+0x3b/0x60
[  483.765036][T15085]  ? __pfx_binder_thread_write+0x10/0x10
[  483.765059][T15085]  ? binder_debug+0xde/0x1a0
[  483.765081][T15085]  ? binder_debug+0xde/0x1a0
[  483.765096][T15085]  ? __pfx_binder_debug+0x10/0x10
[  483.765113][T15085]  ? find_held_lock+0x2b/0x80
[  483.765141][T15085]  ? __pfx_binder_ioctl+0x10/0x10
[  483.765160][T15085]  binder_ioctl+0x26db/0x73b0
[  483.765187][T15085]  ? tomoyo_path_number_perm+0x295/0x580
[  483.765221][T15085]  ? tomoyo_path_number_perm+0x18d/0x580
[  483.765250][T15085]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  483.765277][T15085]  ? __pfx_binder_ioctl+0x10/0x10
[  483.765303][T15085]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  483.765332][T15085]  ? do_vfs_ioctl+0x128/0x14f0
[  483.765358][T15085]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  483.765391][T15085]  ? find_held_lock+0x2b/0x80
[  483.765408][T15085]  ? hook_file_ioctl_common+0x145/0x410
[  483.765432][T15085]  ? __fget_files+0x20e/0x3c0
[  483.765451][T15085]  ? __pfx_binder_ioctl+0x10/0x10
[  483.765472][T15085]  compat_ptr_ioctl+0x6e/0xa0
[  483.765495][T15085]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  483.765519][T15085]  __ia32_compat_sys_ioctl+0x242/0x370
[  483.765555][T15085]  __do_fast_syscall_32+0x7c/0x300
[  483.765581][T15085]  do_fast_syscall_32+0x32/0x80
[  483.765603][T15085]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  483.765625][T15085] RIP: 0023:0xf705d579
[  483.765640][T15085] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  483.765656][T15085] RSP: 002b:00000000f544d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  483.765673][T15085] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0306201
[  483.765684][T15085] RDX: 0000000080000680 RSI: 0000000000000000 RDI: 0000000000000000
[  483.765693][T15085] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  483.765702][T15085] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  483.765712][T15085] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  483.765736][T15085]  </TASK>
[  483.765759][T15085] binder: 15084:15085 ioctl c0306201 80000680 returned -14
[  484.042094][T15095] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2313'.
[  484.155152][   T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  484.202554][ T7705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  484.235596][T15102] openvswitch: netlink: Unknown key attributes 2
[  484.865840][T15131] ubi: mtd0 is already attached to ubi31
[  485.145705][T15141] hub 8-0:1.0: USB hub found
[  485.149142][T15141] hub 8-0:1.0: 1 port detected
[  485.173630][T15141] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2321'.
[  485.176924][T15141] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2321'.
[  485.179996][T15141] netlink: 'syz.4.2321': attribute type 12 has an invalid length.
[  485.244941][ T7705] net_ratelimit: 1 callbacks suppressed
[  485.244953][ T7705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  486.285459][ T7705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  487.325217][ T7705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  487.485190][   T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  488.364890][ T7705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  489.406215][ T7705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  490.444634][ T7705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  490.526627][   T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  490.686907][ T6259] block nbd0: Possible stuck request ffff888025bf4280: control (read@0,1024B). Runtime 270 seconds
[  490.691216][ T6259] block nbd0: Possible stuck request ffff888025bf4440: control (read@1024,1024B). Runtime 270 seconds
[  490.695937][ T6259] block nbd0: Possible stuck request ffff888025bf4600: control (read@2048,1024B). Runtime 270 seconds
[  490.700507][ T6259] block nbd0: Possible stuck request ffff888025bf47c0: control (read@3072,1024B). Runtime 270 seconds
[  491.037243][T15166] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2325'.
[  491.078886][T15169] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2324'.
[  491.305704][T15171] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  491.307804][T15171] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  491.415688][T15171] vhci_hcd vhci_hcd.0: Device attached
[  491.454189][T15171] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2326'.
[  491.530956][T15178] /dev/nullb0: Can't open blockdev
[  491.755138][ T7705] usb 44-1: SetAddress Request (15) to port 0
[  491.758457][ T7705] usb 44-1: new SuperSpeed USB device number 15 using vhci_hcd
[  492.007321][T15182] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  492.063568][T15184] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[  492.065664][T15184] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  492.068424][T15184] vhci_hcd vhci_hcd.0: Device attached
[  492.072060][T15186] vhci_hcd: cannot find a urb of seqnum 9 max seqnum 0
[  492.075549][ T8702] vhci_hcd: stop threads
[  492.076840][ T8702] vhci_hcd: release socket
[  492.078384][ T8702] vhci_hcd: disconnect device
[  492.234614][T15172] vhci_hcd: connection reset by peer
[  492.251478][ T8709] vhci_hcd: stop threads
[  492.253204][ T8709] vhci_hcd: release socket
[  492.255080][ T8709] vhci_hcd: disconnect device
[  492.466269][T15192] sp0: Synchronizing with TNC
[  492.472701][T15192] sp0: Found TNC
[  492.481349][T15191] [U] è`
[  493.089837][ T6892] libceph: connect (1)[c::]:6789 error -101
[  493.097435][ T6892] libceph: mon0 (1)[c::]:6789 connect error
[  493.116824][T15211] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  493.119521][T15211] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  493.203117][T15211] vhci_hcd vhci_hcd.0: Device attached
[  493.364714][ T7703] libceph: connect (1)[c::]:6789 error -101
[  493.366819][ T7703] libceph: mon0 (1)[c::]:6789 connect error
[  493.442321][T15213] vhci_hcd: connection closed
[  493.442561][ T8709] vhci_hcd: stop threads
[  493.446938][ T8709] vhci_hcd: release socket
[  493.448895][ T8709] vhci_hcd: disconnect device
[  493.464375][ T6892] usb 48-1: enqueue for inactive port 0
[  493.676340][T15210] ceph: No mds server is up or the cluster is laggy
[  493.874770][ T7703] libceph: connect (1)[c::]:6789 error -101
[  493.876805][ T7703] libceph: mon0 (1)[c::]:6789 connect error
[  493.955455][ T6892] usb usb48-port1: attempt power cycle
[  494.033682][T15222] FAULT_INJECTION: forcing a failure.
[  494.033682][T15222] name failslab, interval 1, probability 0, space 0, times 0
[  494.037977][T15222] CPU: 0 UID: 0 PID: 15222 Comm: syz.5.2339 Not tainted syzkaller #0 PREEMPT(full) 
[  494.037998][T15222] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  494.038009][T15222] Call Trace:
[  494.038028][T15222]  <TASK>
[  494.038036][T15222]  dump_stack_lvl+0x16c/0x1f0
[  494.038079][T15222]  should_fail_ex+0x512/0x640
[  494.038106][T15222]  ? __kmalloc_cache_noprof+0x5f/0x780
[  494.038124][T15222]  should_failslab+0xc2/0x120
[  494.038143][T15222]  __kmalloc_cache_noprof+0x72/0x780
[  494.038154][T15222]  ? binder_transaction+0x6d8/0x9d10
[  494.038171][T15222]  ? binder_transaction+0x6d8/0x9d10
[  494.038184][T15222]  binder_transaction+0x6d8/0x9d10
[  494.038207][T15222]  ? __lock_acquire+0x622/0x1c90
[  494.038226][T15222]  ? __lock_acquire+0x622/0x1c90
[  494.038242][T15222]  ? __pfx_binder_transaction+0x10/0x10
[  494.038264][T15222]  ? __lock_acquire+0xb8a/0x1c90
[  494.038286][T15222]  ? find_held_lock+0x2b/0x80
[  494.038297][T15222]  ? __might_fault+0xe3/0x190
[  494.038308][T15222]  ? __might_fault+0xe3/0x190
[  494.038318][T15222]  ? __might_fault+0x13b/0x190
[  494.038334][T15222]  binder_thread_write+0xaae/0x4e70
[  494.038349][T15222]  ? __kasan_save_free_info+0x3b/0x60
[  494.038363][T15222]  ? __pfx_binder_thread_write+0x10/0x10
[  494.038378][T15222]  ? binder_debug+0xde/0x1a0
[  494.038391][T15222]  ? binder_debug+0xde/0x1a0
[  494.038401][T15222]  ? __pfx_binder_debug+0x10/0x10
[  494.038412][T15222]  ? find_held_lock+0x2b/0x80
[  494.038429][T15222]  ? __pfx_binder_ioctl+0x10/0x10
[  494.038442][T15222]  binder_ioctl+0x26db/0x73b0
[  494.038459][T15222]  ? tomoyo_path_number_perm+0x295/0x580
[  494.038480][T15222]  ? tomoyo_path_number_perm+0x18d/0x580
[  494.038504][T15222]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  494.038523][T15222]  ? __pfx_binder_ioctl+0x10/0x10
[  494.038539][T15222]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  494.038559][T15222]  ? do_vfs_ioctl+0x128/0x14f0
[  494.038576][T15222]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  494.038597][T15222]  ? find_held_lock+0x2b/0x80
[  494.038608][T15222]  ? hook_file_ioctl_common+0x145/0x410
[  494.038623][T15222]  ? __fget_files+0x20e/0x3c0
[  494.038635][T15222]  ? __pfx_binder_ioctl+0x10/0x10
[  494.038648][T15222]  compat_ptr_ioctl+0x6e/0xa0
[  494.038663][T15222]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  494.038679][T15222]  __ia32_compat_sys_ioctl+0x242/0x370
[  494.038711][T15222]  __do_fast_syscall_32+0x7c/0x300
[  494.038728][T15222]  do_fast_syscall_32+0x32/0x80
[  494.038743][T15222]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  494.038758][T15222] RIP: 0023:0xf700d579
[  494.038766][T15222] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  494.038777][T15222] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  494.038788][T15222] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0306201
[  494.038795][T15222] RDX: 0000000080000680 RSI: 0000000000000000 RDI: 0000000000000000
[  494.038801][T15222] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  494.038807][T15222] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  494.038813][T15222] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  494.038827][T15222]  </TASK>
[  494.317439][T15235] netlink: 'syz.1.2343': attribute type 12 has an invalid length.
[  494.702972][ T6892] usb usb48-port1: unable to enumerate USB device
[  494.945880][T15254] vlan2: entered promiscuous mode
[  494.955676][T15254] vlan2: entered allmulticast mode
[  494.958136][T15254] hsr_slave_1: entered allmulticast mode
[  494.966913][T15256] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2350'.
[  495.313880][T15267] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  495.316609][T15267] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  495.746309][T15278] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  495.748701][T15278] /dev/nullb0: Can't open blockdev
[  495.766707][T15278] serio: Serial port ptm0
[  496.164216][T15267] vhci_hcd vhci_hcd.0: Device attached
[  496.218767][T15269] vhci_hcd: connection closed
[  496.219382][   T61] vhci_hcd: stop threads
[  496.222278][   T61] vhci_hcd: release socket
[  496.223663][   T61] vhci_hcd: disconnect device
[  496.732114][T15289] tipc: Started in network mode
[  496.732139][T15289] tipc: Node identity ba4eee1c7ea6, cluster identity 4711
[  496.733353][T15289] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  496.736078][T15289] syzkaller0: entered promiscuous mode
[  496.736090][T15289] syzkaller0: entered allmulticast mode
[  496.740721][T15289] tipc: Resetting bearer <eth:syzkaller0>
[  496.854498][T15288] tipc: Resetting bearer <eth:syzkaller0>
[  496.893455][T15288] tipc: Disabling bearer <eth:syzkaller0>
[  496.927517][ T7705] usb 44-1: device descriptor read/8, error -110
[  496.967023][ T5947] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  496.969980][ T5947] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  496.970544][ T5947] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  496.970967][ T5947] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  496.971238][ T5947] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  497.169830][T15292] ip6_vti0 speed is unknown, defaulting to 1000
[  497.255625][ T8706] smc: removing ib device syz1
[  497.376787][ T7705] usb usb44-port1: attempt power cycle
[  497.887890][ T8706] ------------[ cut here ]------------
[  497.887916][ T8706] GID entry ref leak for dev syz1 index 2 ref=1
[  497.888259][ T8706] WARNING: CPU: 2 PID: 8706 at drivers/infiniband/core/cache.c:806 gid_table_release_one+0x387/0x4b0
[  497.888311][ T8706] Modules linked in:
[  497.888351][ T8706] CPU: 2 UID: 0 PID: 8706 Comm: kworker/u32:56 Not tainted syzkaller #0 PREEMPT(full) 
[  497.888364][ T8706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  497.888373][ T8706] Workqueue: ib-unreg-wq ib_unregister_work
[  497.888392][ T8706] RIP: 0010:gid_table_release_one+0x387/0x4b0
[  497.888406][ T8706] Code: 07 00 00 48 85 f6 74 2b 48 89 74 24 38 e8 01 fc 5f f9 48 8b 74 24 38 44 89 f1 44 89 ea 48 c7 c7 80 b9 96 8c e8 1a 7e 1e f9 90 <0f> 0b 90 90 e9 6e fe ff ff e8 db fb 5f f9 48 8d bd 78 07 00 00 48
[  497.888417][ T8706] RSP: 0018:ffffc90003bf7b40 EFLAGS: 00010282
[  497.888427][ T8706] RAX: 0000000000000000 RBX: ffff88804a80fa00 RCX: ffffffff817adc48
[  497.888434][ T8706] RDX: ffff88806bcaa480 RSI: ffffffff817adc55 RDI: 0000000000000001
[  497.888441][ T8706] RBP: ffff88806aa08000 R08: 0000000000000001 R09: 0000000000000000
[  497.888448][ T8706] R10: 0000000000000000 R11: 0000000000000001 R12: ffffed1009501f5b
[  497.888456][ T8706] R13: 0000000000000002 R14: 0000000000000001 R15: dffffc0000000000
[  497.888463][ T8706] FS:  0000000000000000(0000) GS:ffff888097a0d000(0000) knlGS:0000000000000000
[  497.888486][ T8706] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  497.888496][ T8706] CR2: 00000000f4c59000 CR3: 0000000054114000 CR4: 0000000000352ef0
[  497.888503][ T8706] Call Trace:
[  497.888508][ T8706]  <TASK>
[  497.888518][ T8706]  ib_device_release+0xef/0x1e0
[  497.888535][ T8706]  ? __pfx_ib_device_release+0x10/0x10
[  497.888552][ T8706]  device_release+0xa4/0x240
[  497.888565][ T8706]  kobject_put+0x1e7/0x5a0
[  497.888583][ T8706]  put_device+0x1f/0x30
[  497.888594][ T8706]  process_one_work+0x9cf/0x1b70
[  497.888619][ T8706]  ? __pfx_process_one_work+0x10/0x10
[  497.888641][ T8706]  ? assign_work+0x1a0/0x250
[  497.888659][ T8706]  worker_thread+0x6c8/0xf10
[  497.888675][ T8706]  ? __pfx_worker_thread+0x10/0x10
[  497.888685][ T8706]  kthread+0x3c5/0x780
[  497.888702][ T8706]  ? __pfx_kthread+0x10/0x10
[  497.888720][ T8706]  ? rcu_is_watching+0x12/0xc0
[  497.888734][ T8706]  ? __pfx_kthread+0x10/0x10
[  497.888751][ T8706]  ret_from_fork+0x675/0x7d0
[  497.888768][ T8706]  ? __pfx_kthread+0x10/0x10
[  497.888785][ T8706]  ret_from_fork_asm+0x1a/0x30
[  497.888809][ T8706]  </TASK>
[  497.888815][ T8706] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  497.888822][ T8706] CPU: 2 UID: 0 PID: 8706 Comm: kworker/u32:56 Not tainted syzkaller #0 PREEMPT(full) 
[  497.888835][ T8706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  497.888842][ T8706] Workqueue: ib-unreg-wq ib_unregister_work
[  497.888860][ T8706] Call Trace:
[  497.888864][ T8706]  <TASK>
[  497.888868][ T8706]  dump_stack_lvl+0x3d/0x1f0
[  497.888882][ T8706]  vpanic+0x640/0x6f0
[  497.888899][ T8706]  ? gid_table_release_one+0x387/0x4b0
[  497.888911][ T8706]  panic+0xca/0xd0
[  497.888927][ T8706]  ? __pfx_panic+0x10/0x10
[  497.888947][ T8706]  ? check_panic_on_warn+0x1f/0xb0
[  497.888964][ T8706]  check_panic_on_warn+0xab/0xb0
[  497.888982][ T8706]  __warn+0xf6/0x3c0
[  497.888997][ T8706]  ? __pfx_vprintk_emit+0x10/0x10
[  497.889009][ T8706]  ? gid_table_release_one+0x387/0x4b0
[  497.889023][ T8706]  report_bug+0x3c3/0x580
[  497.889035][ T8706]  ? gid_table_release_one+0x387/0x4b0
[  497.889048][ T8706]  handle_bug+0x184/0x210
[  497.889064][ T8706]  exc_invalid_op+0x17/0x50
[  497.889080][ T8706]  asm_exc_invalid_op+0x1a/0x20
[  497.889091][ T8706] RIP: 0010:gid_table_release_one+0x387/0x4b0
[  497.889104][ T8706] Code: 07 00 00 48 85 f6 74 2b 48 89 74 24 38 e8 01 fc 5f f9 48 8b 74 24 38 44 89 f1 44 89 ea 48 c7 c7 80 b9 96 8c e8 1a 7e 1e f9 90 <0f> 0b 90 90 e9 6e fe ff ff e8 db fb 5f f9 48 8d bd 78 07 00 00 48
[  497.889114][ T8706] RSP: 0018:ffffc90003bf7b40 EFLAGS: 00010282
[  497.889123][ T8706] RAX: 0000000000000000 RBX: ffff88804a80fa00 RCX: ffffffff817adc48
[  497.889130][ T8706] RDX: ffff88806bcaa480 RSI: ffffffff817adc55 RDI: 0000000000000001
[  497.889136][ T8706] RBP: ffff88806aa08000 R08: 0000000000000001 R09: 0000000000000000
[  497.889143][ T8706] R10: 0000000000000000 R11: 0000000000000001 R12: ffffed1009501f5b
[  497.889150][ T8706] R13: 0000000000000002 R14: 0000000000000001 R15: dffffc0000000000
[  497.889161][ T8706]  ? __warn_printk+0x198/0x350
[  497.889181][ T8706]  ? __warn_printk+0x1a5/0x350
[  497.889213][ T8706]  ib_device_release+0xef/0x1e0
[  497.889239][ T8706]  ? __pfx_ib_device_release+0x10/0x10
[  497.889271][ T8706]  device_release+0xa4/0x240
[  497.889288][ T8706]  kobject_put+0x1e7/0x5a0
[  497.889304][ T8706]  put_device+0x1f/0x30
[  497.889315][ T8706]  process_one_work+0x9cf/0x1b70
[  497.889338][ T8706]  ? __pfx_process_one_work+0x10/0x10
[  497.889359][ T8706]  ? assign_work+0x1a0/0x250
[  497.889377][ T8706]  worker_thread+0x6c8/0xf10
[  497.889392][ T8706]  ? __pfx_worker_thread+0x10/0x10
[  497.889403][ T8706]  kthread+0x3c5/0x780
[  497.889419][ T8706]  ? __pfx_kthread+0x10/0x10
[  497.889437][ T8706]  ? rcu_is_watching+0x12/0xc0
[  497.889449][ T8706]  ? __pfx_kthread+0x10/0x10
[  497.889466][ T8706]  ret_from_fork+0x675/0x7d0
[  497.889482][ T8706]  ? __pfx_kthread+0x10/0x10
[  497.889498][ T8706]  ret_from_fork_asm+0x1a/0x30
[  497.889520][ T8706]  </TASK>
[  497.890169][ T8706] Kernel Offset: disabled

VM DIAGNOSIS:
10:03:55  Registers:
info registers vcpu 0

CPU#0
RAX=0000000080010002 RBX=0000000000000000 RCX=ffffffff81612353 RDX=ffff888012970000
RSI=ffffffff8161239b RDI=ffffffff93a64fe0 RBP=ffff88802b220000 RSP=ffffc90000007fd0
R8 =0000000000000001 R9 =fffffbfff274c9fc R10=ffffffff93a64fe7 R11=0000000000000001
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8161239c RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809780d000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7267938 CR3=0000000056996000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000c800000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff81612353 RDX=ffff888022a40000
RSI=ffffffff8161239b RDI=ffffffff93a64fe0 RBP=ffff88802b320000 RSP=ffffc90000590fd0
R8 =0000000000000001 R9 =fffffbfff274c9fc R10=ffffffff93a64fe7 R11=0000000000000001
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8161239c RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809790d000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000008001e000 CR3=0000000056996000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000c800000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85268e75 RDI=ffffffff9adc5de0 RBP=ffffffff9adc5da0 RSP=ffffc90003bf75b0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552032203a555043
R12=0000000000000000 R13=0000000000000065 R14=ffffffff9adc5da0 R15=ffffffff85268e10
RIP=ffffffff85268e9f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097a0d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f4c59000 CR3=0000000054114000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000080010000 RBX=0000000000000000 RCX=ffffffff81612353 RDX=ffff888020f4a480
RSI=ffffffff8161239b RDI=ffffffff93a64fe0 RBP=ffff88802b520000 RSP=ffffc900005e8fd0
R8 =0000000000000001 R9 =fffffbfff274c9fc R10=ffffffff93a64fe7 R11=0000000000000001
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8161239c RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097b0d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f22a4990e9c CR3=000000000e182000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000020000002 Opmask01=0000000000000001 Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f22a4d008f0 00007f22a4d00310
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f22a4cc1050 00007f22a4cc00c0
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f22a4cc1580 00007f22a4cc0b20
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f22a49c30c0 00007f22a4cc1ab0
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f22a4cffda0 00007f22a4cc05f0
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f22a49c36b0 00007f22a49c30c0
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f22a4cc1ab0 00007f22a4cc1580
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f22a4cc0b20 00007f22a4cc1050
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e75006465696669 63657073206e6f69 74706f20676e6f6c 207974706d65000a
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 636572696420746f 6f722065676e6168 632074276e616300 7269646863660027
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4640574c4105514a 4a570540424b444d 460551024b444600 574c414d46430002
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000