last executing test programs:

6.650568132s ago: executing program 2 (id=2584):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
syslog(0x3, &(0x7f0000000480)=""/254, 0xfe)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4000000)
r4 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4)
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000180)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f00000008c0))
ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x1)

6.219997734s ago: executing program 2 (id=2585):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
openat$vnet(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
recvmmsg(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)=""/173, 0xad}], 0x1}, 0x6}, {{&(0x7f0000000380)=@sco, 0x80, &(0x7f0000000640)=[{&(0x7f0000000400)=""/113, 0x71}, {&(0x7f0000000480)=""/132, 0x84}, {&(0x7f0000000540)=""/122, 0x7a}, {&(0x7f00000005c0)=""/93, 0x5d}], 0x4, &(0x7f0000000680)=""/151, 0x97}, 0x7}], 0x2, 0x10000, &(0x7f0000000780)={0x77359400})
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xc, &(0x7f0000000500)=@assoc_value={<r5=>0x0}, &(0x7f00000004c0)=0x8)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000080)={r5, 0x7}, &(0x7f0000000140)=0x8)
socket$rxrpc(0x21, 0x2, 0x2)
syz_io_uring_setup(0x6d8a, &(0x7f0000000300)={0x0, 0x37b2, 0x10100}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f00000008c0)={0x2, 0x0, @pic={0x26, 0x7, 0x0, 0x2, 0x2, 0x8, 0x4, 0x8, 0xe7, 0x1, 0x1, 0x7, 0x2, 0x8, 0xa, 0x1}})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x87f}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8080}, 0x40020)
sendmsg$nl_route_sched(r9, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001300)=@newtfilter={0x894, 0x2c, 0xd27, 0x70bd25, 0x5, {0x0, 0x0, 0x0, r11, {0x0, 0xfffc}, {}, {0x4, 0x3}}, [@filter_kind_options=@f_bpf={{0x8}, {0x860, 0x2, [@TCA_BPF_POLICE={0x850, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0xe, 0x7, 0x4, 0xc, 0x9, {0xd, 0x2, 0x4, 0x4, 0x7, 0x401}, {0x4, 0x1, 0x5, 0x10, 0xfff7, 0x4b2}, 0x6, 0x14ff, 0x3ff}}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x3}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x38, 0x1, 0x1, 0x8, 0x7f, 0x6, 0x3, 0x6, 0x1, 0x86, 0x9, 0x6, 0x5, 0x9, 0x5f, 0x0, 0x0, 0x13f, 0xfffffffe, 0x0, 0xd31, 0xf54, 0x9, 0x4, 0x4, 0x6, 0x9, 0x7fffffff, 0xfffffffd, 0x7fffffff, 0x8, 0x0, 0xfffffffe, 0x5, 0x5dbd0fd8, 0x8, 0x1887, 0x2, 0x95f, 0x7, 0x6, 0xa, 0x7f, 0xfffffffe, 0x8, 0x2, 0x6, 0x4, 0x6, 0x402f, 0xd, 0x5, 0x6f9d, 0x0, 0x800, 0x3ff, 0x8, 0xa, 0x9, 0x4, 0xd, 0x3, 0xb8f, 0x6, 0x0, 0xffffffff, 0x8000, 0xffffffff, 0x8, 0x90, 0xee, 0x4, 0x9, 0x2, 0x54eef174, 0xc, 0x9, 0x5, 0xe2, 0x20004, 0x1, 0xffff, 0x5, 0x5, 0x7, 0x5, 0x7, 0x4, 0x4, 0x7, 0x100, 0x8, 0x2, 0x9, 0x0, 0x0, 0xe32, 0x6, 0x8, 0x6, 0x66, 0x7, 0x7, 0x8, 0x5b, 0x7625, 0x51, 0x6, 0xfffffffe, 0x0, 0xa4d, 0x2, 0x10001, 0x7, 0x8, 0x3, 0x8, 0x3, 0x6, 0x6, 0xffffffff, 0x3, 0x0, 0x400000, 0xc55b, 0x8000, 0xf943, 0x4, 0x3000000, 0x2, 0x10000, 0xd, 0xffffffff, 0x9, 0xd3, 0xfffffffb, 0x4, 0x9, 0x401, 0x82baa23, 0xd, 0x0, 0x6, 0x21a, 0xe, 0x1, 0x1430, 0x8, 0x4, 0x7, 0xe, 0x7dab, 0x4, 0x5, 0x4, 0x3, 0xfffffffe, 0x7, 0x6, 0x8ef6, 0x7239, 0x80000001, 0x0, 0xd41, 0x6, 0x2, 0x4, 0x200, 0x8, 0x5, 0xc14, 0x7324, 0x4, 0x50f6, 0x5, 0x4, 0x3, 0x2, 0x7, 0x4, 0x6, 0x5, 0x3, 0x7767, 0x8, 0xe0ba, 0x4f, 0x3, 0x4, 0x7, 0x7fffffff, 0x3, 0x3, 0x5, 0x8, 0x4, 0x80, 0x401, 0x7, 0x1, 0x0, 0x8, 0x7c4, 0x3, 0x6, 0x6, 0xe8, 0x0, 0x6, 0x6, 0x3, 0x8a4, 0x1, 0x9, 0x9, 0x9, 0x200, 0x7, 0xd235, 0x9, 0x7fffffff, 0xf7d, 0x8001, 0x2, 0x7fff, 0x9f7c, 0x7, 0x4, 0xf, 0x2, 0x2, 0x6, 0x400, 0x5, 0x80, 0x400, 0x5, 0xc, 0xff, 0xffff7002, 0x63c, 0x9, 0x1ff, 0xfff, 0x8, 0x8c, 0x40, 0x8, 0xed6, 0xf6, 0x0, 0x7, 0x9, 0x10, 0x9, 0x6]}, @TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x6, 0x6, 0x8000, 0x8, 0x2, 0x9, 0x5, 0xfff, 0x3, 0x101, 0xbf7, 0x8, 0xff, 0x6, 0x113, 0xffff, 0x1, 0x8, 0x7fffffff, 0x6, 0x9, 0x33, 0x5, 0x2f7, 0x100, 0x21, 0x4, 0x7, 0xff, 0x6, 0xfffffffe, 0x7, 0x8, 0x1, 0x8, 0xf33c, 0x3, 0x1, 0x80000000, 0x62e, 0x3, 0xdb2, 0x0, 0xe00, 0x4, 0x2, 0x3, 0x2, 0xfffffff6, 0x5, 0x3, 0x7, 0x8, 0x1, 0x7f, 0x8, 0x6, 0x4, 0x3, 0x0, 0x3, 0x1, 0x5, 0x0, 0x8000, 0xfffffffa, 0xb7, 0xc8b6f5a2, 0x6, 0x2f, 0x7ff, 0x9, 0x8, 0x6, 0x0, 0x8, 0x9, 0x0, 0x5, 0x8b34, 0x2, 0x7e, 0x4, 0x4, 0xffffffff, 0x1, 0xa, 0xfffffffb, 0x3, 0xffffffff, 0x0, 0x4, 0xd6, 0x7, 0x4, 0x3, 0x8, 0x9, 0x8, 0x2de0, 0x5191, 0x6, 0x401, 0x7, 0x9, 0x7, 0x3, 0x6, 0x1, 0xfffffffb, 0xb839, 0xfffffffa, 0x4, 0x768, 0x7, 0x7f, 0x6, 0x7, 0x4, 0x8b, 0x4, 0x0, 0x5, 0xf0, 0x42490, 0xd, 0x3, 0x5c, 0x80, 0x2, 0x800, 0x8, 0x6, 0xff, 0xffff0000, 0x3, 0x10000, 0x80000001, 0x5, 0xffffffff, 0x4be24694, 0x2, 0x2, 0x100, 0x5, 0x1, 0x7, 0x4, 0xffffff95, 0x5, 0x0, 0xc, 0x6, 0x1000, 0xa, 0x7, 0x4, 0x340, 0x0, 0x0, 0x7, 0x101, 0x2, 0x7ce2352, 0x7fffffff, 0x5e, 0x8e5b, 0x3, 0x8, 0x9, 0x1, 0x80000000, 0x7, 0x301, 0x91, 0x3, 0x80000001, 0x9, 0x1, 0x3e79, 0xffffffff, 0x8, 0x525, 0x7, 0x6, 0x2470a614, 0xe, 0x8, 0x5, 0x7, 0x0, 0x5, 0x4, 0x1, 0x1, 0xfffffc1f, 0x6, 0x2, 0x1, 0x9, 0x7fff, 0xffffffff, 0x4, 0xffff2b7d, 0x4, 0xcdff, 0x9, 0x0, 0x49, 0x6, 0x0, 0x5, 0x9, 0x7, 0x8, 0x7, 0xea, 0x7, 0x7, 0x2, 0x5, 0xff, 0x6, 0xffff, 0x4cd, 0x7, 0x3, 0x3, 0x10001, 0x0, 0x6, 0x7, 0xffffffff, 0xe000000, 0x1, 0x4, 0x7, 0x8, 0xb, 0x7, 0x0, 0xcb65, 0x6, 0xe, 0x240000, 0x9, 0x8, 0x8, 0xfffffff8, 0x9, 0xf, 0x8, 0x5, 0x9, 0x100]}]}, @TCA_BPF_OPS={{0x6}, {0x4}}]}}, @TCA_RATE={0x6, 0x5, {0x2, 0x10}}]}, 0x894}, 0x1, 0x0, 0x0, 0xc004884}, 0x0)
userfaultfd(0x80801)
syz_open_dev$sg(&(0x7f0000000000), 0xf9ba, 0x80500)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x4, 0x3, 0xfffffffffffffffd, 0x1, 0xfffffffffffffffc}, 0x0, &(0x7f00000002c0)={0x403, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r9, 0x0, 0x10, &(0x7f00000007c0)={{{@in6=@empty, @in6=@ipv4={""/10, ""/2, @empty}}}, {{@in=@empty}, 0x0, @in6=@private0}}, &(0x7f00000000c0)=0xe4)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x1f, &(0x7f0000000000)=[{&(0x7f0000000b00)=ANY=[@ANYBLOB="140100002e00010000000000fcdbdf250401f2800c00180008ac0f00000000001400010000000000000000000000ffffac14141650bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd17bac113b31c352c6c82f264c47b85b3a682567c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061d3220819745bbcfadc553cc8a7102c3d8ad4e042cd12f044f651b0705ab16fc23df14811b992931e4140e1e09070fa2e57db44e59dc623e8c0871c463cc5d73270782c0003928d75b2be3dbef7b7892dfa46c8e7085c305246c447086909fc10faf1dd39b62d7961352f7b26e99ad38fbfba4149f8940ad7e0d37d5877f0647da6109d672da2295ff9dabbbbbd199cc34e2b2abb390e645331c28"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)

4.917984716s ago: executing program 2 (id=2592):
r0 = socket$inet(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r2, r2, 0xc, 0x21, 0x0, 0x9, 0xff, 0x9, 0xffff, 0x8b, 0x1, 0x0, 'syz0\x00'})
r3 = socket$alg(0x26, 0x5, 0x0)
r4 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x24200)
ioctl$BLKRRPART(r4, 0x125f, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001600)='/sys/power/sync_on_suspend', 0x2, 0x100)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000018c0)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x13f, 0x6}}, 0x20)
bind$alg(r3, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58)
r6 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$SOCK_DESTROY(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=ANY=[@ANYRES8=r1, @ANYBLOB="7fc6036d1b48c1bdcc4d2b3f6116c5a81473937ab9ba19556ec65a43685af6f198be644b993a164c2893830c06efbd49cced6b51d643882eb0ceac22ecaab887b19785635b17de1aa05a08f82de5b55153fd5efd26790a8c5a8b146e79f3d4cc2e32acacc116c6773b752b7b704cfae904d6a1d208639032df934d1ce411822c691feaa96f01813f8a0a7c44a60fbdbb5068ef5a6829ab47153fef44a645b14b8ae393ca385d02c4e04c4f4283f5a83d72347ea62a3f0f4858a2c91c64427f1e4070b3fd07d96a4f15fab20d67f4d11ab7ea93484e2234c8c2569caada022ba78050e96a1908c445", @ANYRESDEC=r2, @ANYRESHEX=r6, @ANYBLOB="6955994cf8fb130c58683c95ce969d7bf44327ab9856a0c0a90a067cda47cb85785c9e1d9b7ace07f51a96ca8d69ad4af514c868170a6022d92666630c02839e5209f95bab7bbbbe4c6961e2f2e54e5d0bfc4079f3cef2cf22b80a92f902b739362cd126a884b3f7db3dbfdecee78011149ca8f854eef72c71175111e528315a427c55f1", @ANYRES16=r2, @ANYRESHEX=r3], 0xc0}, 0x1, 0x0, 0x0, 0x20004050}, 0x2000804)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00'})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$SNDCTL_SEQ_GETINCOUNT(0xffffffffffffffff, 0x80045105, &(0x7f0000000000))
mknod$loop(&(0x7f0000000040)='./file0\x00', 0xc000, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae01, 0x1f)
r8 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
ioctl$SIOCAX25GETINFOOLD(r8, 0x5411, &(0x7f0000000000))
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000003c000701fcffffff00000000017c0000100036800c00020008000000007000000c000180060206"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
r10 = socket(0x840000000002, 0x3, 0x100)
sendmmsg$inet(r10, &(0x7f0000000900)=[{{&(0x7f0000000100)={0x2, 0x4e24, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000280)=ANY=[], 0x34}}], 0x1, 0x24004810)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
socket(0x28, 0x1, 0x0)

4.736951385s ago: executing program 2 (id=2594):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r1 = socket$inet6(0xa, 0xa, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c66368c64ec6abfaa85ee12bc8c8d40070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25b7cec51b82b41dd020c7e112a0058c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6a", 0x118)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
move_pages(0x0, 0x1, &(0x7f00000000c0)=[&(0x7f0000ffd000/0x1000)=nil], &(0x7f0000000100)=[0x7], 0x0, 0x0)
sendmsg$OSF_MSG_ADD(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="0815000000051104000000000000000001000005540201"], 0x1508}, 0x1, 0x0, 0x0, 0x24000080}, 0x0)
set_mempolicy(0x6, &(0x7f0000001440)=0x5, 0x6)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSWINSZ(r3, 0x5414, &(0x7f0000000100)={0xf6c8, 0xcd5a, 0x8, 0xdffc})
r4 = socket$inet6_dccp(0xa, 0x6, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
fcntl$notify(r5, 0x402, 0x8000002a)
r6 = openat$procfs(0xffffff9c, &(0x7f0000000280)='/proc/crypto\x00', 0x0, 0x0)
close(r6)
getsockopt$IP6T_SO_GET_REVISION_TARGET(r4, 0x10d, 0x8e, &(0x7f0000000000)={'ah\x00'}, &(0x7f0000000040)=0x1e)
fcntl$setsig(r4, 0xa, 0x32)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYRESHEX=0x0, @ANYBLOB="f8a0d5e159764f39506d151d748a16082167e2e1de53cfb38eb2986f7ed5c8b24f9525cd3d3b8b35a698eb5fb7a8bdc8e7d59319a4bd735c61376ac8f9edad50cd5fe32fb1bb159798906566865bfdd66fbd5c7a9c13484b3e2147cd4f3b4c104b5f264879835c3c733f3329840c9654363f036ac14514", @ANYRES8=r0], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = dup(r8)
io_setup(0x19, &(0x7f00000009c0)=<r10=>0x0)
io_submit(r10, 0x1, &(0x7f0000000500)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x0, r9, 0x0}])
read$FUSE(r9, &(0x7f0000000a00)={0x2020}, 0x2020)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='ext4_es_remove_extent\x00', r11, 0x0, 0xfffffffffffffffe}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000009, 0x200000006c832, 0xffffffffffffffff, 0x0)

4.019511849s ago: executing program 2 (id=2596):
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write(r2, &(0x7f0000000000)="0a000200010078", 0x7)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f2110"], 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
read$char_usb(r3, 0x0, 0x11)
read$char_usb(r3, &(0x7f0000000100)=""/178, 0xb2)
syz_usb_ep_write(r1, 0x81, 0x1, &(0x7f00000000c0)="10")
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000880)={'bridge_slave_0\x00'})
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000000000000200000001000000000000000b000000070000b29ba2"])
r4 = socket$inet_icmp(0x2, 0x2, 0x1)
getsockopt$IP_VS_SO_GET_SERVICE(r4, 0x0, 0x483, &(0x7f0000000040), &(0x7f00000000c0)=0x60)

3.775863206s ago: executing program 0 (id=2597):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000100)={'syz0\x00', {0x0, 0x0, 0x80, 0xfffd}, 0x7, [0x0, 0x80000000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x3], [0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x200, 0x0, 0x0, 0x20000], [0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}, 0x45c)
r1 = syz_io_uring_setup(0x57a0, &(0x7f0000000080)={0x0, 0xd4b0, 0x40, 0x1, 0x228}, &(0x7f0000000100), &(0x7f0000000140))
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0xa, 0x0, r2)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x53, 0x101, 0x870, {0x10, 0x1}, {0x46, 0x2}, @rumble={0x7ffd, 0xd1}})
r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r5}, 0x18)
r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8)
write$cgroup_int(r7, &(0x7f00000001c0)=0x8200000000000000, 0xfffffdef)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r4, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$qrtrtun(r3, &(0x7f0000000300)="ca0e808bb35b", 0x6)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r8, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500)=[0x2], 0x0, 0x1}}, 0x3c)
write$char_usb(r3, &(0x7f0000000240)="c1c13aa682a8d64b9ca994849813bcfbe086ad0fa0f3eb2ee3e8012ce26d4016a9886a50d6ebd37e", 0x28)
r9 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01)
write$char_usb(r9, &(0x7f0000000040)="e2", 0x12d8)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
readv(r0, &(0x7f0000000080)=[{&(0x7f0000001340)=""/104, 0x68}], 0x1)
write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)

3.754145267s ago: executing program 3 (id=2599):
openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
syz_emit_vhci(&(0x7f0000000580)=ANY=[], 0xf2)
r1 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYRESHEX=r1], &(0x7f0000000140)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x67a0}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffa3, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f00000016c0)=""/4126, 0x101e}], 0x1)
move_pages(0x0, 0x3, &(0x7f0000001080)=[&(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ff7000/0x3000)=nil, &(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001100)=[0x1, 0x6, 0x7], 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x4, 0x1000085}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
mmap(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x0, 0x80010, 0xffffffffffffffff, 0x11b68000)
sched_setaffinity(0x0, 0x8, &(0x7f0000000f80)=0x2)
read$msr(r2, &(0x7f0000019680)=""/102384, 0x18ff0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x71ba, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001a000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f030000000000002e100200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r3 = socket(0x10, 0x803, 0x8)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000)
socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r4, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000010c0)=ANY=[@ANYRES16=r3, @ANYRESHEX=r0, @ANYRESOCT=r3, @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x7898ce4a39f7b1b}, 0x40000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(0x0, 0x0)

3.427778001s ago: executing program 0 (id=2601):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000100)=@broute={'broute\x00', 0x20, 0x1, 0x1c8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000580], 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="000000000000000000000000000000000000000f38bb23dd23f44100000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff010000001d000000000000ac000065727370616e3000000000000000000062726964676530000000000000000000b43b24af61af8e2f000000000000000065716c00000000000000000000000000ffffffffffff000000000000aaaaaaaaaa000000000000000000a000000010010000380100006d61726b5f6d00000000000000000000000000000000000000000000000000000c0000000400000001000000000100006e666c6f670000000000000000000000000000000000000000000000000000004c0000006d8000000900090000000000b80eba8ec4468a0538ee0eed5dd9119d918668afa6c019b085be3837595dc113ccf27499f7202a2b59394b2619bcf57ec99b9abb99943198532b0b7bdd0f61e5726564697265637400000000000000000000000000000000000000000000000004000000fdffffff"]}, 0x218)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x8)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x1}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x4)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x4)
recvmmsg(r5, 0x0, 0x0, 0x2, 0x0)
r7 = inotify_init()
inotify_add_watch(r7, &(0x7f0000000340)='.\x00', 0xa50003d1)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x103)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="38000000031401000000000000000800090002007379"], 0x38}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
inotify_init()
r9 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})

2.560784165s ago: executing program 3 (id=2604):
socket$inet_sctp(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0))
getpgid(0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, 0x0, 0x88081)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="140002001000010004000000000000000000000a20000000060a0104000000000000000002000000090001007300000000000000000a567502074412127d6baa4ae400699384b5099983d66f33b0f67df231d70000020000000000a87be14325f65f9d697ff9cc9ebfd532a43dfbfffa9eefab0c0fb3df6357a750ce7ad460f42650e8ae083794c782466abcf04be9801b89026eb103c087d97bb4c7ec3e8c0c2b97f0496597f21d09f7237032357d94e5be3e5fc1d6c6a308162a9e84a951032c38160a789c00"/208], 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_DELCHAIN={0x1c, 0x5, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x6}]}], {0x14}}, 0x44}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x6, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x800, 0x7, 0x8, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x2400c005)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
dup(0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
setpgid(0x0, 0x0)
sendmsg$802154_dgram(r1, &(0x7f0000000000)={&(0x7f0000000040)={0x24, @none={0x0, 0x3}}, 0x14, &(0x7f0000000100)={0x0}, 0x7, 0x0, 0x0, 0x41}, 0x0)
close_range(r0, r1, 0x0)

2.481096765s ago: executing program 2 (id=2605):
r0 = socket$netlink(0x10, 0x3, 0x0)
syz_emit_vhci(&(0x7f0000000580)=ANY=[], 0xf2)
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000140)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x67a0}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f00000016c0)=""/4126, 0x101e}], 0x1)
move_pages(0x0, 0x3, &(0x7f0000001080)=[&(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ff7000/0x3000)=nil, &(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001100)=[0x1, 0x6, 0x7], &(0x7f0000000000), 0x0)
syz_init_net_socket$ax25(0x3, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x4, 0x1000085}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
mmap(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x0, 0x80010, 0xffffffffffffffff, 0x11b68000)
sched_setaffinity(0x0, 0x8, &(0x7f0000000f80)=0x2)
read$msr(r1, &(0x7f0000019680)=""/102384, 0x18ff0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x71ba, @void, @value}, 0x94)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001a000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f030000000000002e100200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket(0x10, 0x803, 0x8)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r3, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000010c0)=ANY=[@ANYRES16=r2, @ANYRESHEX=r0, @ANYRESOCT=r2, @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x7898ce4a39f7b1b}, 0x40000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x10000, &(0x7f0000000040)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}], [], 0x2c})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)

2.310890523s ago: executing program 0 (id=2606):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x3b, 0x0, &(0x7f0000000240), &(0x7f0000000100))
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0xe2, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000280)={{0x5}, 'syz1\x00', 0x10})
ioctl$UI_DEV_DESTROY(r4, 0x5502)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0xf5, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x8, 0x1c, 0x0, 0x0, 0x0, 0x21, 0x0, @multicast2, @multicast1}, @info_reply={0x10, 0x0, 0x0, 0x56c, 0x1}}}}}, 0x0)

1.928182533s ago: executing program 1 (id=2607):
r0 = syz_open_dev$video4linux(0x0, 0x20000000000003, 0x2)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000000000)={0x1, 0x0, 0x1012, 0x81, 0x0, 0x4, 0xfff, 0x1})

1.779285798s ago: executing program 1 (id=2608):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000002480)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000630000009500000000000000442487a974b38a128181d93636dd05fb88ac3f985da6ea004373a5d92fcd06fa7c8d262c047144f139239fad770aef0284e41a9667591da6cf393ee33823fcf0ab3e27c67f6a7bca5b843e30b960188864fdfebec1122014ec9914b5eb7522e2ad851f43dd2714877d8ab51335c9be09e379b57ef98de50b6e74ee832326de999d4785f927da0517e7ec534b3922"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_INTERFACE(r2, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x14, r3, 0x200, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @void}}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4050}, 0x20000000)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x80, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x6c, 0x1, [@m_tunnel_key={0x68, 0x1, 0x0, 0x0, {{0xf}, {0x38, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xc, @local}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @loopback}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x80}}, 0x0)
socket$packet(0x11, 0x3, 0x300)
r4 = socket$netlink(0x10, 0x3, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240))
r5 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000140)=@chain)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, r5)
write(r4, &(0x7f0000000100)="29000000140005b7ff000000040860eb0101b6ff021596db2d6d6974b5d728", 0x1f)
read$FUSE(r4, &(0x7f0000000440)={0x2020}, 0x2020)
socket$packet(0x11, 0xa, 0x300)
syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c20000000180c200000008004500001c00000000001190780800001ce0000001000017c100089078bfd213cf592c8f496a96eb936dac2e938d"], 0x0)
r6 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCPKT(r6, 0x5420, &(0x7f0000000380)=0x9)
ioctl$TIOCPKT(r6, 0x5420, &(0x7f0000000ec0)=0x100)
openat$bsg(0xffffff9c, &(0x7f0000000080), 0x40, 0x0)
sendto$netrom(r1, &(0x7f0000000400)="b36441eb67e4ea94952928350fc060a74b5b0aeb4b94fcb91c", 0x19, 0x4000, &(0x7f0000002540)={{0x3, @bcast}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null]}, 0x48)
socket$kcm(0x29, 0x5, 0x0)
mkdir(&(0x7f0000000440)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x216821, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000001c0)={0x9})
arch_prctl$ARCH_SET_GS(0x1001, &(0x7f00000003c0))

1.495077766s ago: executing program 3 (id=2609):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000210000000000040000000000aa82783fe89502b611dd6a147fc51bdd09c771d36829fdcf924bf12c4ada83ece932275b22b57634d45b58a88007681e48b058e4e1017792befd0609da2571256db0b742e64ea10fd34a8324cc6879b11c77941a8067f97f6302585ce05210d5057d1239e9ddb790c0a8d8a3fc72cb0c59089178cf9c55f7a04977cff67fc9d12d78705407a51f7f6173b19afddd40019ff681fc74f6a84744c8e54339d8b7ba8b2c46dbdabd00e7ced596cce21441635a60994319440fbe4733676f8051057d314ab1e779d63f750348717cc666015c9fbb4272421a58ed6644bdd622cc94937b0152e6dcae836648dfe4f5991ae45209286d93b62c795e44703f06b8836874493a261950b4a096586f249466d742f72cfbb29180bec97c1db547a4aee1d04040234366e5eb3cef5b4e3166e279b305b26a3b4bbee755e474debda9ee1f5c270bf449d76e731e19e3be757aab9f5af0ccf3fca56111535832a0f95edb0563273a2f732e6371d2a307e11d3dd0f03b9bf0ff9d09b8fcf920a01ba4b3127260da69be26b5ca2536838a6c04c478264acc95535e26ced8b55af04af4984758dcc27ffc88c5f90d9e6d5c60e14cfade06f02abe811025befd60bb6ab2877cc8f3622d72fd51fe5c721c4ab5094007f545096d88c2709d49", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) (async)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_add_memb(r3, 0x107, 0x1, 0x0, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'geneve1\x00', <r5=>0x0})
syz_open_dev$sndctrl(&(0x7f0000000080), 0x62e, 0x12d000) (async)
sendto$packet(r2, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb1000000080086dd4803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r5}, 0x14) (async)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r1}, 0x8) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @cgroup_skb=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x20, 0x44, 0x107, 0xfffffffc, 0x0, {0x1, 0x7c}, [@nested={0xc, 0x4, 0x0, 0x1, [@nested={0x8, 0x12, 0x0, 0x1, [@nested={0x4, 0xde}]}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

1.426741481s ago: executing program 3 (id=2610):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000100)={'syz0\x00', {0x0, 0x0, 0x80, 0xfffd}, 0x7, [0x0, 0x80000000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x3], [0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x200, 0x0, 0x0, 0x20000], [0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}, 0x45c)
r1 = syz_io_uring_setup(0x57a0, &(0x7f0000000080)={0x0, 0xd4b0, 0x40, 0x1, 0x228}, &(0x7f0000000100), &(0x7f0000000140))
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0xa, 0x0, r2)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x53, 0x101, 0x870, {0x10, 0x1}, {0x46, 0x2}, @rumble={0x7ffd, 0xd1}})
r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r5}, 0x18)
r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8)
write$cgroup_int(r7, &(0x7f00000001c0)=0x8200000000000000, 0xfffffdef)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r4, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$qrtrtun(r3, &(0x7f0000000300)="ca0e808bb35b", 0x6)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r8, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500)=[0x2], 0x0, 0x1}}, 0x3c)
write$char_usb(r3, &(0x7f0000000240)="c1c13aa682a8d64b9ca994849813bcfbe086ad0fa0f3eb2ee3e8012ce26d4016a9886a50d6ebd37e", 0x28)
syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)

1.370467629s ago: executing program 0 (id=2611):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
close(r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$FS_IOC_ENABLE_VERITY(r2, 0x40806685, &(0x7f0000000240)={0x1, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
setsockopt$MRT_INIT(r2, 0x0, 0xc8, 0x0, 0x0)
r3 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r3, &(0x7f0000000b40)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x14, 0x14, 0x501, 0xffffffff, 0x0, {0x10, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044814}, 0x240000d0)
ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, 0x0)
r4 = syz_io_uring_setup(0x4e3, &(0x7f0000000480)={0x0, 0x938c, 0x10100, 0x0, 0x20000, 0x0, r2}, 0x0, &(0x7f00000001c0)=<r5=>0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_BIND_MAP(0x23, 0x0, 0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan1\x00'})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r6, 0x0, 0x0, 0xc000a102, 0x0)
io_uring_enter(r4, 0x708, 0x41e3, 0x0, 0x0, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, 0x0, 0x1)
syz_emit_ethernet(0x38, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaa070000000000bb080602050600060e0001bbbbbb20bbbb1e02bba554b2f598f1294285f13cb5c157e503da930cf7bbbbbbbbbb1e7b"], 0x0)

950.271949ms ago: executing program 3 (id=2612):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2)
write(r2, &(0x7f0000000280), 0x0)
ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000000)={0x7, @sliced={0x7, [0x6, 0x0, 0x3, 0x8, 0x7, 0x9, 0x8001, 0x2, 0x6, 0xf, 0x7ff, 0x5, 0x813, 0x7, 0x6, 0xd, 0x9, 0x3, 0x200, 0xfffd, 0x5, 0x52af, 0x9, 0x5, 0x9, 0x7, 0x0, 0x80, 0x5, 0x6, 0x0, 0xf25b, 0x5, 0x39, 0x7, 0x2, 0x0, 0x400, 0x4, 0x9, 0x100, 0xfff8, 0x7, 0x0, 0x38e, 0x1, 0x2], 0x8}})
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$AUTOFS_IOC_ASKUMOUNT(r4, 0x80049370, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f00000001c0)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_dev$usbmon(&(0x7f0000000140), 0x1, 0x0)
r6 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000040), 0x900, 0x0)
ioctl$DVD_READ_STRUCT(r6, 0x2202, 0x0)
ioctl$MON_IOCQ_RING_SIZE(r5, 0x9205)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x3, 0xd, &(0x7f0000000a40)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000850000002a0000001801000020756c25"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
add_key$user(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x1}, &(0x7f00000004c0)="183a", 0x2, 0xfffffffffffffffd)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x2)
syz_init_net_socket$ax25(0x3, 0x3, 0xc4)

870.783022ms ago: executing program 1 (id=2613):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0xb, &(0x7f0000000100)=0x5, 0x4)

870.537492ms ago: executing program 1 (id=2614):
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) (async)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r0, &(0x7f00000004c0)={0x293, 0x7d, 0x0, {{0x500, 0xf1, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x05\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x232) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x14, 0x5, 0xd})

499.852194ms ago: executing program 0 (id=2615):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x9013, 0x100, 0x4, 0x165}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000140)={&(0x7f0000001000)={[{0x0, 0x5, 0x3, 0x700}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r0, 0x0, 0x0, 0x0, 0x60, 0x1, {0x1}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r4, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000940)=""/4096, 0x1000}], 0x1}, 0x80000000}], 0x2, 0x2020, 0x0)
io_uring_enter(r1, 0x3517, 0x173d, 0x42, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r7=>0x0})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={0x0, 0x10}}, 0x0)
sendmsg$key(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)={0x2, 0x7, 0x40, 0x8, 0x2, 0x0, 0x70bd2c, 0x25dfdbfb}, 0x10}}, 0x800)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
r10 = socket$key(0xf, 0x3, 0x2)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r10, 0x6612)
sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[], 0xb0}, 0x1, 0x0, 0x0, 0x4000}, 0x884)
socket$key(0xf, 0x3, 0x2)
r11 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r11, &(0x7f0000000040)={0xa, 0x0, 0xfffffffd, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}}, 0x20)
setsockopt$inet6_IPV6_XFRM_POLICY(r11, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in=@remote, 0x4e22, 0xeb, 0x4e20, 0x1, 0xa, 0x80, 0x120, 0x73}, {0x5, 0x9, 0x0, 0xeb, 0x70000, 0x5, 0x4, 0x3}, {0x8, 0x7, 0x80000001, 0x400}, 0x6, 0x0, 0x0, 0x1, 0x2, 0x3}, {{@in=@rand_addr=0x64010101, 0x4d5, 0x33}, 0x2, @in=@private=0xa010102, 0x3502, 0x4, 0x2, 0x1, 0x201, 0x9, 0xb03}}, 0xe8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0)

310.489107ms ago: executing program 0 (id=2616):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x0, 0x3}}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = open$dir(0x0, 0x141000, 0x80)
open_tree(r2, 0x0, 0x89901)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10)
close(r0)

309.94412ms ago: executing program 1 (id=2617):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000100)={'syz0\x00', {0x0, 0x0, 0x80, 0xfffd}, 0x7, [0x0, 0x80000000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x3], [0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x200, 0x0, 0x0, 0x20000], [0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}, 0x45c)
r1 = syz_io_uring_setup(0x57a0, &(0x7f0000000080)={0x0, 0xd4b0, 0x40, 0x1, 0x228}, &(0x7f0000000100), &(0x7f0000000140))
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0xa, 0x0, r2)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x53, 0x101, 0x870, {0x10, 0x1}, {0x46, 0x2}, @rumble={0x7ffd, 0xd1}})
r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r5}, 0x18)
r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8)
write$cgroup_int(r7, &(0x7f00000001c0)=0x8200000000000000, 0xfffffdef)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r4, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$qrtrtun(r3, &(0x7f0000000300)="ca0e808bb35b", 0x6)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r8, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500)=[0x2], 0x0, 0x1}}, 0x3c)
write$char_usb(r3, &(0x7f0000000240)="c1c13aa682a8d64b9ca994849813bcfbe086ad0fa0f3eb2ee3e8012ce26d4016a9886a50d6ebd37e", 0x28)
r9 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01)
write$char_usb(r9, &(0x7f0000000040)="e2", 0x12d8)
readv(r0, &(0x7f0000000080)=[{&(0x7f0000001340)=""/104, 0x68}], 0x1)
write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)

654.693µs ago: executing program 1 (id=2618):
r0 = syz_open_procfs(0x0, &(0x7f0000002040)='net/tcp\x00')
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
madvise(&(0x7f0000000000/0x600000)=nil, 0xffffffffffffffff, 0x14)
connect$inet(r1, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2}}, 0x10)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x10, &(0x7f0000000ac0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3, 0x8b}, 0x0)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
ioctl$MEDIA_IOC_G_TOPOLOGY(r0, 0xc0487c04, &(0x7f0000000480)={0x0, 0x1, 0x0, &(0x7f00000002c0)=[{}], 0x1, 0x0, &(0x7f0000000340)=[{}], 0x0, 0x0, &(0x7f00000003c0), 0x8, 0x0, &(0x7f00000009c0)=[{}, {}, {}, {}, {}, {}, {}, {}]})
ioctl$MEDIA_IOC_ENUM_LINKS(r4, 0xc01c7c02, &(0x7f0000000540)={0x80000000, &(0x7f0000000500), &(0x7f0000000700)})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x2)
set_mempolicy(0x2, 0x0, 0xfffffbff)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000000)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x6, 0x0, 0x0, 0x5}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x1, 0xa, 0x9, 0x9}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

0s ago: executing program 3 (id=2619):
ftruncate(0xffffffffffffffff, 0x8800000)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x441, 0x0)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCXONC(r2, 0x540a, 0x2)
r3 = socket$igmp(0x2, 0x3, 0x2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000040000000800000014100000", @ANYRES32, @ANYBLOB="00000000050000ffffff7f000700000000080000", @ANYRES32=0x0, @ANYRES32, @ANYRES64=0x0], 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0c001a00"/20, @ANYRES32=r4, @ANYBLOB='\x00'/20, @ANYRES32=<r6=>0x0, @ANYRES32, @ANYBLOB="000040000400"/28], 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000180)={&(0x7f0000000080)="aa88", 0x0, 0x0, 0x0, 0xd352, r5}, 0x38)
setsockopt$inet_mreq(r3, 0x0, 0x24, &(0x7f0000000000)={@local, @broadcast}, 0x8)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000c40)={'vxcan1\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001600)=@newtaction={0x1ebc, 0x30, 0x401, 0x0, 0x1, {}, [{0x1ac8, 0x1, [@m_csum={0x10a0, 0x11, 0x0, 0x0, {{0x9}, {0x74, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xfffffffc, 0x1000, 0x4, 0x8, 0x7}, 0x5}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7, 0xc3, 0x7, 0x7, 0xdbb}, 0x1c}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x400, 0x2, 0x5, 0x3, 0x6}, 0x7d}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0x10, 0x1b2c3f1895c1660d, 0x4, 0x1a35}, 0x1e}}]}, {0x1004, 0x6, "85b11ff9f06e1f54a872c0078ca28c8ebe6ecacc9246152fd7271cbc10714df0a1b86879ca3401d75c36c839532d06b92505f925de98ddcfb372daaed7b7bdf1b922eaf77ee4e5ea458a70f25cab4fd5f0a11540f758502759e7b2eb86f85d37ddfa290ef8b9949bd6813550fb7e5a6068d15a6fb1f6c18eb990131f9af67d410115b5e915cb8fa151b9ade93748b1d5e040bbb579d3237c2ba834faf8a1fd2225e0207c74655e2401761347ec9f3f544778d48397fec33654204ad958291400f581d8c3d01cce00d71927d5195147934bc8a5729e08b6d72505e7514c497f4ae8f75ec193dd471c2aa0e8351a011f9f22ee139a089ad7fed2a035649d56c6f17a3101b662d60bc4c55e122b09ef4a058e913ec9e9a4c655401233eea331bb2684968baf77ae576952f9489565bf643b0fc4cd46781ff62a5dc405e903d001e9974a50ba25a586c6569bf862cf070382ab821f1c8f69eb440ae393e6c455fe6e5e8c028a4c834af3b3c4e2a9da7997dac78a066ee0914b2a99080105f28a696f98141cb16f205375688f0bf5ab68d42615350f2749af454518815b3dc00a928443865514dca3a7d92fdf6a883b390fc9c11e17bde10c792025261a4bc40932d17bc7ce52c2da99f9c854b9d4c68ea79637f565fe322bf41112761546948841939f254b474db36fcec4a3a6f39c7a0115a1ef2b454c854fba7baccf1fa99ab2614980b1c1a43ade7a9b87a6e6788d16837678992a2f97709504d069530bf6433677865704106a550da74d3f3e0fc015e639a7a8a686effe75c7c7aeba91a84cf06f09ede61fefdf9061d4f6930442f33cb753a6fbe94de831695984af9335bd8833ca7c0f8baebe94b7cbeb208951e3bcdc285995d162b2221ad081f21a276a38933003d1a3e268a86062415432f9448e74913afa494def07e7433ee3ad685a8e48ff2d8d0c2e998bd08973b7e90fdf832659c64d6c2ccb00c1e2caf0809870ecc3ea2c107776a750a25b7716ca1e6a9ba3d53780498469538adc7353cb43d0a8acecdf7bc9c2cd46cabf604c8e465d21d45adbc51b712f9a76f89d9e949a9d27f5c26c9fababa951308ff3bcbfe9eef9d91e0449c06771339ae661ff0f8d8d0c054e3c6a47fe9747af2ba683a452898eff1cf9f50cc7427a138f9e8b888f0bfddd97693c84ce0b2916b0fdc8bcb0476fdf83a4f680f6eeb130973993eaca346d6eb80a09d2f512ae907b848e9ede3a4b1a729465b45104ffa6eab98e514477685368d8d14328cc041b6365e7b17f637afd61767cf0990cc66c664b452534e3dcd9c54c60a0d01346a2e0a60deab0eb0511671cbcf7f873a46f6370380de77e3e0f28e313d0b71f7fc5a38ba56917733777ca590da1c2a14159a3616aa0338d02afbf87a6a09df9d2e395d21fbca069e6debb14282a0f07e5c726fd205621caa1a8296eb768c24a5f7ae180d9d8a4635e450d804dab25cbcf784bdab8c5f1bb6ac1a871c72459613a8754bb278db724c5016b4c6e963b0fa9bec4723a0be5e629b44b6346a97c95061db9823a0689a4aced08ddb6c1d48886d6e5cfa6636e1191ef914448305f718939d77db221004eaae607e339a0428a167efacf9084e115b1d27176a4cf095fac4ce529c94f662ab010fc0e5ec0419e93ccc91df68ffe70d283ea47956bcf2a6e9b62f94f8818719a3080c036ad88027c9f278f3942a8391ecf8d77a86bb58c2a6f5a83f989f1a35b6769beb47682d93a4f4695a6cdd35007687b9bfdef0a6a02a39af89363e5c20294eabad1f490a4e11521787f88162eb1e50b492057c49bd86e3bdee63036a4f0fa6f76dbe434c30b4145d1007148912749721df7c353766d2bf061a5d7308c5e40f828ba4b8eadeb16fba8876a5e5fd1b1e0e616316381da691e1100816907ba838f107eb7d9160cffbb5817d5a3b09a6f59a888616b25b815c9a18f8f5267eaaff4db04b0a2920c709bd68c40af0d54f822722b3737893a42247d73e30e6f15cdcb67836b1184723beb71b1585a6407487938932dcb6bb443c992daa7d76e4f5528e0c78c5a805b05d4f6e31abc86df533a89932bc03692f824b52d187df4539163f22cf96fb4321528e9d43d0059f7c33f3a01dd4387f49eb52d4725304e4e68def78b96fcd0d668eee01dc846c19cc7e04a5aa107d646c1bb2f6330731c3f1902c74018cb690a3bdf73ebcdae75b419dd83479203b388afcdea3b18e58009f1a37fbfb96494cf118c5a02d864333c1dc79fc95745609081e91b6527d4443e8cc509112539484900673e68224c0aafe4f2467941023891ed7f9431bb3901f6a8f0a754ae2c3b9e04f08267804abc299320bbff5e12dc1a602cc2644465740fbf4590086747e148feb45f8859c9372460311110ff0118a12cbe26773bfd07510f252ffa67b55241991370f648b8685ee09a701126fde4ba32838717e468666ce6367429d5b6d6b58cc7b4390f2d2ec6c50708c135581b00183ff2383b67b169f3d29efa437bd654bebcacbd469503d139af74635ac16b6b39613e683639e1f11c8816f8e3a384756d51f5720c6992eccc91ab32f5a4f6d865bfd8fddd7109dc1ed792fac96c3e02cf4474b70f69ece8848ca06fc92466386a0920bee79b67c727d7999359fb2675b1fa68a37b55862a49d5e661d6c111b784de4d6f9fc73c041f5bce2aad040e7ad6bf8006794c604b69c5e76aa7249a678e669559970ca8fd21bbdb068d0bfdf31509b32dc2a33626f0a65bc26be9214b6610b5e0f16084bbb371b0c9ea160d175d85d5fb1aec9877abb8ae90668d6e680b3ba20048b0a31852bb9f21b4b90a54550910c8c7f1bd5f8f5962ac615ff018d9093b97477f43fc912c8a73d3b9cb57ec8af14b939f6ff9e32c65cbc6ae2f1a1e51965394b4e559fa197700bddb1c70402f455824bd18342ba61b42b81a367d9a237e0def00bc2350bfbda4a2a9d70c014e9415fe3769cd1c58d96f3d5161dcb7fc8c9ae85db755c77c18376b9afacf264a27e805a9372ea871323a9b2f42e831e15e981698959f2c1115fe2c3fcb4d96f8ca1b1d147c56e2a2a2602e608dbd48c1fb99ebf95552eee985a0cf3cf3abf3e8696ebecb49c6c4c184324cee9b7fdc306eda0106e2c3ecf9b881fbb43222b2a578d72cfc0f68adf9eaf1cc23a7fb97f1b691341ce34067520c5cbca22b72588da2234b05d936380dbafd3390d36b80186d542d3b007ca41f61c9f342a7efcd399294617fa3a32ea33d8975ec5bf71512012d489af17f1e1227cc8118efc92e8e47de0cfd12c5f36a2b9efea1954ff4c84629c18b2aff6b9fd0f1f88fcfc3444e5c8e3b1ec6812a5881f3fdbeaaf04cf387cf7dafa05c9fbb531ceb13a51f9963bad330eb2ff0053be072f8d606333065b35e22e69a54b7bf6a16de20a5b03927536a01a8846231d7440aa32318300c6ff5a78d27f09a2e759c6ccd6d625c02bd780b02d8e2dadf8e584fc536745eb414a7500a2592709d5e55de2e73634d7944d4ea3088302b98d25b8e420c6bb6010014179e69012fc47b2497f6db9d7dbb18f82fde95674c064ebdb3805709b9d9eee63a30f402fbf2141448093184e97433452ff76462f123ffe1ccb2158e0eff821984f4e53a5614de6c27a08204b87ceb0d1c1ae1129c37cda38d5aef80fa04d18f908faf156580928cdf5708f6eb5804910d1b7eeab958cd4c3151e9a8a9cd80e6a40d7e1a57aeb4cc54adc815967b3d3e1b6feda98488048719ca1a2ec3712fb74f881544290a7d3c9e4d1547476276bed71b3a1ac6fad3022330159d3fd3b834426abecbd421ee7ce6b47b2f197fa185f3def6f50df307e5d9bd2e4a1a598f576169ba2ea957f7c5c4eabf059ba8dcfdacf941543be2d098f00d705b952ed7ddea82c6285d3caed188ce0e5902afcc1b322c1ac0e4d167dc53f78398e63eb7b1e42934e756368bef8def7402fca2425ca40579bac7bc77466036a5b0601ae30e4735da274feadb81dc80e43840b378594681044ee750fecf394a477e9baa327c4139fe2179ee43295f2f8562d988a7f5da9569e64e723b90bf702b737703c558be491cfb8ed9ba963f74f8d975e25f144723b12248faeb3e414108c02aa97d6b87b5606cc896b0d10831bae45d52b80ec34c9bda3894351b3a40e3643b0fa99f7f62463a8666cac4fbb200d8e28e304670603040f62da2e27aa45f6c7b0c077102a37f5394c84623d0ed634ee37e1362874c98ab34e4376abe9af0f336005b3a1f9294960bfb4ce67711b32195bc8242df930728593580b975abe63e6671a474a9591cb4ee596ed3a9c05adf9ba3b7c2b4bc0c0fc7e48edbb4c464d2b711499366ca98e95825115575d39af22aa5eecd3ecf6605c022466ac4e9ec9b3a40c790f7b0823312637596c614e8c53ab3a2625bd7a14b27c8acf6a9b7383f3bc86fe225ce9864d862878499f0f415e8ab48f55023ac0d1f8eba8748550207d8f7fce4092d5e0737266713dec445c13c16b69a8668c7fca3953a3d2cf7b2b5e82ee1489d7362005bcb2115734336cebd3fa0b7bbfe4dff9354b2fc15e45aaaa56274d454ef7b88eeabfaf78f43b9f5e7b94b22e0f04c03dc994f5feeeb1c26bf123562ea9c91c2b5b120d5b8d4e23756acbe33565aad5a90defd70178caef2f44ef1c4ac9e5fdc4a48b2676df0dbffbe07f69852a04f2aa7f63e4891d80a74392bfa182b6eebb566beaa53c574caff7b930ef68ca81ed4cb29be0263e62f30210283d95004f7c3426ef4ce38d242ee4a065cf9bc117066057a40c88d49adcf04f165868c8fbef781b3b739e61eb935e27d2514e89e895f214fa9e8ba3ea1552fcbb9902b2a4afbf8fa0f97072d8e42ba515043650e7c465835f6a05d2643e16c6f92f8d3848941ebe6be996db2598c3d9023bbde0659b072965be0869fb7aed183975f01d8fadbd84deaf2710ebdcf8d0577bcf80511c483dae93b399803e49e6425d2d8405c149a8c6b5891a8cf79797820f9af8577ca57ebcd5b169b391d47004c3e969c9534c05ba3f9221865918124956225ddde5509ed2a2c0ccc5c560cc578f93bd2f3e3f3ed190f35f427edf34c8d8265c41a1f9a9d2969edb6680000d7ce2e88213e29d0180f35131607c5eca444626c572d51f9c327697a1f10a960ef7a0553d9c65ec0734de988e7294872bcb31943989e85db108e6cfd4af070472b108cde8188e18433a51fbb5531cbfb1e99f760912f0a1d3e64d381f4c8c88382e148f3e7418fa9cdcbbcb446eb7d950fd1edcf74cfb10997dd6851a6f19454ad72498a766b3113fa1bf5d17ab4a0591a78e783ade5196a93d43347731596c78ae981ea570d48ebeaedc8007e5a40fa55feab3ba03d00aad4ca974f435eb8a85ac0be6c1186d2957801409f4c6af65de8b7083ce39b28887358b8dd7dc20af4f6f9e951a065cd0004e5ba6fc6c2441057e858e988d6d07d434d08fa521be6ff28af781ef787cfd0bb73e13dd0edbeadbe0a2489367ccf08cd8827c2c209fc13de68f100cb33789aab2a9459551ecfb05787cda6a2036e54febbdec2935c62736dd5df882f4d0444866353e0c74a6b0456219d34fc55540a43350805eb8553ce7ef7e9fc58557279120d9da6c4e313cfdf7c9d5a634e4709e99659066115f06efa955e7d8e6b5064c1d1c4860adbd31279c15ae713d58c81bce2d63373d0e36b12aba311cea9de137a2bdc61d6b6d0e817cd4f8f669d667ee28b4bee435fc6af8d4ed22fc5e129e7686e3749a9d09c48cb169ec5c5c1f969"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_bpf={0xac, 0x19, 0x0, 0x0, {{0x8}, {0x48, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_OPS={0xc, 0x4, [{0x0, 0x3, 0x0, 0x4}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x3, 0x8, 0x0, 0x2, 0x9}}, @TCA_ACT_BPF_OPS_LEN={0x6}]}, {0x3e, 0x6, "a4a24ee7a26def510a48c84a42d284aabe7326256d1a78491f0cb072f712e164412aa94e35a07b87bcb76d430249e5cf7620c20ebb56d31e4130"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_police={0x978, 0x20, 0x0, 0x0, {{0xb}, {0x8bc, 0x2, 0x0, 0x1, [[@TCA_POLICE_RESULT={0x8, 0x5, 0x10000}], [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x81}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0xb99}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x4}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0xfffffffffffffff7}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x80000000}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x81, 0x2, 0x4, 0x8001, 0xffff, 0x7, 0x1, 0x4, 0x8000, 0x9, 0x7fff, 0x1, 0x1ff, 0x1, 0x4, 0x9, 0x1, 0x0, 0x0, 0xe, 0x7f, 0xad4, 0x10000, 0x2, 0x2, 0xe710, 0x10, 0x10000, 0x3, 0x8, 0x7fff, 0x7, 0x1, 0xffffffff, 0x31c, 0x7, 0x6, 0x8, 0x2, 0x2, 0x1, 0x40, 0x200, 0x5, 0xafb0, 0x12c, 0x4, 0x4, 0x87, 0x5, 0x243052f1, 0x0, 0x0, 0xfffffffd, 0x4, 0x4, 0x5, 0x762, 0x3, 0x3, 0xfff, 0x4, 0x3, 0x5, 0x1, 0x2, 0x9, 0x6, 0x9, 0x101, 0x3, 0xf, 0x80000000, 0x1, 0x10002000, 0x7, 0x101, 0x7, 0x40, 0xf, 0x8, 0x3, 0x400, 0xfc, 0xe3, 0x8, 0x6, 0x8, 0x800, 0x0, 0x3, 0x6, 0x200, 0x0, 0x9f2, 0x2, 0x70aa, 0x3, 0x31, 0x3ff, 0x5, 0xf21, 0x4, 0xfffffff7, 0x8, 0x4, 0x5, 0xe, 0x8, 0x3, 0x1, 0x4, 0x5, 0x9, 0xfffffe00, 0xa4f, 0x6, 0x7, 0x5, 0x80, 0x1, 0x9, 0x9, 0x1afa6c0e, 0x6, 0x7, 0x1f1, 0x5, 0x1, 0xb, 0x9, 0x292920f, 0x9ae9d116, 0x395f, 0xfffffff3, 0x4, 0x40, 0xfffffffa, 0x25b00, 0xffff, 0x1, 0x4, 0xc000, 0x7, 0xfff, 0x2, 0x1ff, 0x1, 0x7, 0x9, 0x400, 0x4, 0xfbb, 0x0, 0x7, 0x1, 0x5, 0x8, 0xe, 0x8a89, 0x0, 0xfffffffb, 0x6, 0x3, 0x1, 0x4, 0xae2, 0x7, 0x9, 0x2, 0xffffff00, 0x40000000, 0x9, 0x101, 0xf370, 0x3, 0x5d78, 0x7, 0x0, 0x4, 0x1, 0x1, 0x7, 0x2, 0xd1cc, 0x7ff, 0x7, 0x1, 0x3, 0x6, 0x800, 0xa, 0x7f, 0x61c8, 0xb05d, 0x0, 0x1ff, 0x5, 0x1, 0xf3c, 0xb2e, 0x7, 0xffffffff, 0xd1ca, 0x0, 0x0, 0xd2, 0x1, 0x7, 0x1e, 0x0, 0x1000, 0xe, 0x3ff, 0xe11, 0x680, 0x1ff, 0x1, 0x8, 0x447625b6, 0x2, 0x8, 0x0, 0x1000, 0x6, 0x3, 0x6, 0x1, 0x2, 0x1, 0xfff80000, 0x200, 0xf, 0x7, 0x7fffffff, 0x76, 0x40000, 0x9, 0x95cd, 0x3326, 0x9c4, 0x3, 0x1ff, 0x542, 0xa6, 0x0, 0x4, 0x7, 0x6, 0x4, 0x3, 0xe, 0x9, 0x2, 0x5, 0xf89]}, @TCA_POLICE_RATE64={0x5, 0x8, 0xbe}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x4}, @TCA_POLICE_TBF={0x3c, 0x1, {0x1ff, 0x5, 0xd927, 0x3, 0x80000000, {0x7f, 0x0, 0x78fa, 0x7f, 0xd91, 0xffff}, {0xcf, 0x2, 0xff98, 0x63, 0x48bb, 0x4412}, 0x7, 0x7eb, 0x4d75}}, @TCA_POLICE_RATE64={0xc, 0x8, 0xf7}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0xe3f7, 0x3, 0x10000, 0x4, 0x9, 0x4d000000, 0x35, 0x246, 0x621c1092, 0xeb38, 0xae95, 0x2, 0x10001, 0x0, 0x1, 0xa, 0xd46, 0xd1, 0x2, 0x9, 0x9, 0xca, 0xdf, 0x1b9, 0x2, 0x1f7f451f, 0x877, 0x0, 0x2, 0x20000000, 0x9, 0x6, 0x9, 0x1, 0x5, 0x6, 0x5, 0x6, 0x6, 0x5, 0x7fffffff, 0x8, 0x0, 0x6, 0x2, 0x2, 0x690a8df0, 0x1, 0xd30, 0x4, 0xfffffffd, 0x1, 0xa, 0x5, 0x3, 0x1, 0x4, 0x8000, 0x80000000, 0x7, 0x2, 0x6, 0x252170c, 0x2, 0x1, 0x8, 0x800, 0x5, 0x6a, 0xbac78a3, 0x0, 0xffffffff, 0x48f4, 0x7fff, 0x80000000, 0x0, 0x78d, 0x9, 0x2, 0x8, 0x4c3, 0x0, 0x5, 0x7, 0x10001, 0xff, 0x1, 0x4, 0x8, 0x2, 0x0, 0x2, 0x80000000, 0x7ce, 0x5, 0x7f, 0xff, 0x401, 0x0, 0x9, 0x80, 0x7, 0x2, 0xfffffffe, 0xfffffff7, 0x2566, 0xffffff7f, 0x4, 0x1, 0x4, 0x7, 0x85c, 0x75, 0xd, 0x5, 0x8, 0x200, 0x5, 0x74a, 0xedb2, 0x3, 0xb86, 0x0, 0x6, 0x2e, 0x1, 0x9, 0xffffff7f, 0x369, 0x2, 0x101, 0x9, 0xd3, 0x0, 0xb3e9, 0x90, 0x2a81, 0x800, 0x8001, 0x0, 0x5, 0x6, 0x3, 0x7, 0x0, 0x5, 0x60000000, 0xffffff80, 0x1000, 0x6, 0x9, 0x84f, 0x3, 0x4, 0x2, 0x6, 0x7f, 0x25, 0x3c, 0x178d70b4, 0x48, 0x8, 0x800, 0x3, 0xfffffff9, 0xc9, 0x88aa, 0x8001, 0x5, 0xffffffff, 0x7, 0x9, 0x0, 0xfffffffd, 0x10001, 0x6, 0x4, 0x8000, 0xff, 0x9, 0x8, 0x4, 0xb, 0x9, 0x6, 0x6, 0x8001, 0x9, 0x200, 0xb, 0x4, 0xd1, 0x8bf7, 0xb, 0x1, 0xf, 0x1, 0xfffffffd, 0x401, 0x9, 0x6, 0xc, 0x9, 0x400, 0x2, 0xf70ed0c, 0x0, 0x0, 0x10001, 0x4, 0x4, 0x9, 0x6, 0x3, 0x10, 0xa4a, 0x9, 0x1, 0xe9, 0xfffffaf2, 0x6, 0xbf, 0x3, 0x4, 0x7ff, 0x5, 0x1ff, 0x4, 0x7fff, 0x6, 0x2, 0xa8, 0x7, 0x7, 0x7, 0x3ff, 0xe65, 0xb6, 0x3, 0x93, 0x80000000, 0xfffffff2, 0x800000, 0x5, 0x7, 0x8, 0x0, 0x4, 0x2, 0xffff86ae, 0x40, 0x5, 0x10000, 0x753f, 0xe, 0xfffffffd]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x6}]]}, {0x91, 0x6, "23860ab505ac8deb26ff8f863107c0a54c184352ed4427c1b831cba10c6c1f9f5f6176d123f66a1750e63112574917a6e8ab098c2dce387ed4e47fdd89a54322215ed0ed49a0dae0ffe3898c25cd5b09d83ae2cce40def00e31899ce098a470067cc9c8a06f46d4d4b3f1a31b2e7e8dfeede3c4d2e72b81b70e469b24f6942b01d32fd7017295e2e60ed574e3e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}]}, {0x3e0, 0x1, [@m_gact={0x178, 0xd, 0x0, 0x0, {{0x9}, {0x58, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1855, 0x20000000}}, @TCA_GACT_PARMS={0x18, 0x2, {0x9, 0x3, 0x7, 0x8, 0x379}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1605, 0x5}}, @TCA_GACT_PARMS={0x18, 0x2, {0xffffbc6f, 0x3, 0x10000000, 0x904, 0x2}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0xf71, 0x8}}]}, {0xf8, 0x6, "b72013e40313344260224bc9ed4d7b320f96f7b2237565821ee4c8709a4762837fd5bd2f9ad28ff6620b641bf0c4162d3c75008e03efc2e68985ed312718883e360c5c65618584dc7f62ca541ebd01ea2f43245aca1bf5b385477edb5973f47172a94973aa14de0d21751d697425c06ea045ce77992f04fdf139c8399e7d6fa61bf74458847b8ee9f96c1ec83afbc04c0fbaf713af5ef742aa220e30d0d27cc66d1dfe94213686856534d0ed4f59d81af8376fdf279906e13081f9dba92eedb870c2b1d316b6eb973e3502418fb43abf2c9eab3b1905ecd4538e64bda4f84388b63a7a228b468c5cc9283479c96b98d98a5fdef1"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_simple={0xd0, 0x1b, 0x0, 0x0, {{0xb}, {0x3c, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xe, 0x3, '/dev/ptmx\x00'}, @TCA_DEF_DATA={0xe, 0x3, '/dev/ptmx\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x10, 0xffff8000, 0x10000000, 0x0, 0x1207}}]}, {0x6b, 0x6, "1463e94974d8890c7852fef11546d9bdff245ee2730badba76815f820ef2db2e86f7ac5699e08b85a993c1c62cab1bf7dc36f2982a20396708369864ed1907ba2d74223d338ce0141221eecc7177c248be75f320573c8a1c617e38d65376bd6d60d07a8ff14351"}, {0xc}, {0xc}}}, @m_ife={0x194, 0x0, 0x0, 0x0, {{0x8}, {0x8c, 0x2, 0x0, 0x1, [@TCA_IFE_METALST={0x2c, 0x6, [@IFE_META_SKBMARK={0x8, 0x1, @val=0x3405}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_PRIO={0x8, 0x3, @val=0x8a}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_PRIO={0x8, 0x3, @val=0x5}]}, @TCA_IFE_METALST={0x28, 0x6, [@IFE_META_PRIO={0x8, 0x3, @val=0x7}, @IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_PRIO={0x8, 0x3, @val=0xffff}, @IFE_META_PRIO={0x8, 0x3, @val=0x815f}, @IFE_META_TCINDEX={0x6, 0x5, @val=0x8}]}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_PRIO={0x4, 0x3, @void}]}, @TCA_IFE_METALST={0x18, 0x6, [@IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x8, 0x1, @val=0x4}]}, @TCA_IFE_METALST={0x8, 0x6, [@IFE_META_SKBMARK={0x4, 0x1, @void}]}, @TCA_IFE_TYPE={0x6, 0x5, 0x1}]}, {0xe3, 0x6, "b2339bb48ef7825994fbad3cd345af86a7ff4ee9360c3b953b65b69af75414e0ee88f39463c6c03a708cc1dfc49467fb9c243cc86f05ee64eda6492e9b95cf94e3bec96faf05ee810fadf02d1a01576ba99c42fd0dfddb44e61765f3e001f4d6adccba8e6e88e08e432e6565de3baa4f2e2ef6b9fbaf05c03bb491de50a8ad4f5258172c750098e6d62f71b5a266d0d0363b4e0d6a20e2409a9aaf42e4cfc58cbfa8039cf3f7d544322eac9a97b074a1d68eb79a135c4cb5ed25d9da3f43a5e96c8e71b567813d2410d8cd967b40512ec5eb4bc4dc231e0a05219307ccfa2a"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x1ebc}, 0x1, 0x0, 0x0, 0x8804}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x7)
r8 = socket$netlink(0x10, 0x3, 0x4)
write(r8, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27)
sendmsg$NFNL_MSG_ACCT_DEL(r8, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000000307010800000000009fd80c8caaefb4", @ANYRES16=r6], 0x14}, 0x1, 0x0, 0x0, 0x20004010}, 0x4024001)
sched_setscheduler(r7, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x400000000000041, 0x0)

kernel console output (not intermixed with test programs):

 disconnect, device number 19
[  443.543059][    T9] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[  444.520617][T14427] netlink: 'syz.0.1950': attribute type 12 has an invalid length.
[  444.610645][   T40] audit: type=1804 audit(1745588699.186:1118): pid=14429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1951" name="/newroot/475/file0" dev="tmpfs" ino=3078 res=1 errno=0
[  444.675914][   T40] audit: type=1804 audit(1745588699.256:1119): pid=14432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1951" name="/newroot/475/file0" dev="tmpfs" ino=3078 res=1 errno=0
[  444.683857][T14428] uprobe: syz.3.1951:14428 failed to unregister, leaking uprobe
[  444.762626][T14435] fuse: Unknown parameter '0x0000000000000007'
[  445.667348][T14451] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1956'.
[  446.351301][T14471] netlink: 'syz.2.1960': attribute type 12 has an invalid length.
[  446.399285][T14475] netlink: 'syz.1.1961': attribute type 12 has an invalid length.
[  447.610657][T14498] netlink: 'syz.2.1966': attribute type 12 has an invalid length.
[  448.386895][T14510] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1969'.
[  448.627143][T14540] netlink: 'syz.3.1971': attribute type 12 has an invalid length.
[  449.774066][T14567] fuse: Unknown parameter '0x0000000000000007'
[  451.464236][T14598] netlink: 'syz.1.1982': attribute type 12 has an invalid length.
[  452.487808][T14730] cgroup: fork rejected by pids controller in /syz1
[  452.737950][T14853] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1991'.
[  455.704752][T14899] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2000'.
[  457.520782][   T40] audit: type=1804 audit(1745588712.096:1120): pid=14927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2007" name="/newroot/488/file0" dev="tmpfs" ino=3161 res=1 errno=0
[  457.569052][   T40] audit: type=1804 audit(1745588712.146:1121): pid=14927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2007" name="/newroot/488/file0" dev="tmpfs" ino=3161 res=1 errno=0
[  457.575671][T14926] uprobe: syz.3.2007:14926 failed to unregister, leaking uprobe
[  457.775099][   T76] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  457.929333][   T76] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  457.934080][   T76] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  457.941631][   T76] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.951044][   T76] usb 7-1: config 0 descriptor??
[  458.163182][   T76] usbhid 7-1:0.0: can't add hid device: -71
[  458.165669][   T76] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  458.174672][   T76] usb 7-1: USB disconnect, device number 15
[  458.675093][   T76] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  458.826896][   T76] usb 7-1: Using ep0 maxpacket: 32
[  458.833171][   T76] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  458.836607][   T76] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  458.839394][   T76] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.843058][   T76] usb 7-1: config 0 descriptor??
[  458.854578][   T76] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  458.859350][   T76] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  459.229213][T14953] netlink: 'syz.1.2012': attribute type 12 has an invalid length.
[  459.421176][   T76] usb 7-1: USB disconnect, device number 16
[  459.424156][   T76] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  460.050102][T14963] fuse: Unknown parameter '0x0000000000000007'
[  460.089071][   T40] audit: type=1804 audit(1745588714.666:1122): pid=14962 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2016" name="/newroot/524/file0" dev="tmpfs" ino=3411 res=1 errno=0
[  460.155096][   T40] audit: type=1804 audit(1745588714.726:1123): pid=14962 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2016" name="/newroot/524/file0" dev="tmpfs" ino=3411 res=1 errno=0
[  460.172910][T14961] uprobe: syz.0.2016:14961 failed to unregister, leaking uprobe
[  462.985858][   T40] audit: type=1804 audit(1745588717.566:1124): pid=15012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2028" name="/newroot/502/file0" dev="tmpfs" ino=3334 res=1 errno=0
[  463.045142][   T40] audit: type=1804 audit(1745588717.626:1125): pid=15013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2028" name="/newroot/502/file0" dev="tmpfs" ino=3334 res=1 errno=0
[  463.060524][T15011] uprobe: syz.1.2028:15011 failed to unregister, leaking uprobe
[  465.260330][T15042] uprobe: syz.3.2037:15042 failed to unregister, leaking uprobe
[  467.113960][T15078] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2044'.
[  469.407149][   T40] audit: type=1804 audit(1745588723.986:1126): pid=15124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2054" name="/newroot/497/file0" dev="tmpfs" ino=3220 res=1 errno=0
[  469.527352][T15123] uprobe: syz.3.2054:15123 failed to unregister, leaking uprobe
[  470.615302][   T10] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  470.769491][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  470.772965][   T10] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  470.775953][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  470.782632][   T10] usb 5-1: config 0 descriptor??
[  471.019512][   T10] usbhid 5-1:0.0: can't add hid device: -71
[  471.022606][   T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  471.029155][   T10] usb 5-1: USB disconnect, device number 23
[  471.445121][ T5988] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  471.595083][ T5988] usb 5-1: Using ep0 maxpacket: 32
[  471.598255][ T5988] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  471.601709][ T5988] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  471.604553][ T5988] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  471.610840][ T5988] usb 5-1: config 0 descriptor??
[  471.615326][ T5988] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  471.621182][ T5988] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  472.221258][ T5990] usb 5-1: USB disconnect, device number 24
[  472.224824][ T5990] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  472.315327][ T5988] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  472.467021][ T5988] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  472.471760][ T5988] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  472.475841][ T5988] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  472.482425][ T5988] usb 8-1: config 0 descriptor??
[  472.695115][ T5988] usbhid 8-1:0.0: can't add hid device: -71
[  472.697068][ T5988] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  472.701458][ T5988] usb 8-1: USB disconnect, device number 25
[  473.135142][ T5988] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  473.295129][ T5988] usb 8-1: Using ep0 maxpacket: 32
[  473.298284][ T5988] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  473.301708][ T5988] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  473.304571][ T5988] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.308693][ T5988] usb 8-1: config 0 descriptor??
[  473.311787][ T5988] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  473.316228][ T5988] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  473.844906][ T5990] usb 8-1: USB disconnect, device number 26
[  473.848622][ T5990] ldusb 8-1:0.0: LD USB Device #0 now disconnected
[  481.390445][T15320] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  481.395255][T15320] overlayfs: failed to set xattr on upper
[  481.398965][T15320] overlayfs: ...falling back to redirect_dir=nofollow.
[  481.402528][T15320] overlayfs: ...falling back to index=off.
[  481.405965][T15320] overlayfs: ...falling back to uuid=null.
[  481.409446][T15320] overlayfs: failed to clone lowerpath
[  481.697618][T15325] overlayfs: failed to resolve './file1': -2
[  481.913802][T15329] overlayfs: failed to resolve './file1': -2
[  483.632513][T15353] overlayfs: failed to clone upperpath
[  483.855197][ T5988] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  484.010444][ T5988] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  484.030036][ T5988] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  484.033217][ T5988] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  484.054859][ T5988] usb 7-1: config 0 descriptor??
[  484.365857][ T5988] usbhid 7-1:0.0: can't add hid device: -71
[  484.367832][ T5988] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  484.372033][ T5988] usb 7-1: USB disconnect, device number 17
[  484.935138][ T5988] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  485.085062][ T5988] usb 7-1: Using ep0 maxpacket: 32
[  485.088080][ T5988] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  485.091412][ T5988] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  485.094310][ T5988] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  485.098571][ T5988] usb 7-1: config 0 descriptor??
[  485.101814][ T5988] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  485.106382][ T5988] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  485.649367][   T76] usb 7-1: USB disconnect, device number 18
[  485.653204][   T76] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  492.725193][   T34] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  492.907361][   T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  492.910659][   T34] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  492.913468][   T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.917275][   T34] usb 7-1: config 0 descriptor??
[  493.129216][   T34] usbhid 7-1:0.0: can't add hid device: -71
[  493.131100][   T34] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  493.134835][   T34] usb 7-1: USB disconnect, device number 19
[  493.575088][  T146] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  493.725132][  T146] usb 7-1: Using ep0 maxpacket: 32
[  493.728366][  T146] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  493.731764][  T146] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  493.734729][  T146] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.738878][  T146] usb 7-1: config 0 descriptor??
[  493.743026][  T146] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  493.749155][  T146] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  494.275831][ T5988] usb 7-1: USB disconnect, device number 20
[  494.278653][ T5988] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  494.422616][T15824] netlink: 'syz.3.2158': attribute type 12 has an invalid length.
[  494.496760][T15829] Process accounting resumed
[  495.875842][T15872] FAULT_INJECTION: forcing a failure.
[  495.875842][T15872] name failslab, interval 1, probability 0, space 0, times 0
[  495.880929][T15872] CPU: 0 UID: 0 PID: 15872 Comm: syz.2.2167 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  495.880954][T15872] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  495.880963][T15872] Call Trace:
[  495.880969][T15872]  <TASK>
[  495.880975][T15872]  dump_stack_lvl+0x16c/0x1f0
[  495.881003][T15872]  should_fail_ex+0x512/0x640
[  495.881021][T15872]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  495.881043][T15872]  should_failslab+0xc2/0x120
[  495.881063][T15872]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  495.881082][T15872]  ? hugetlbfs_alloc_inode+0x8c/0x1d0
[  495.881105][T15872]  hugetlbfs_alloc_inode+0x8c/0x1d0
[  495.881124][T15872]  ? __pfx_hugetlbfs_alloc_inode+0x10/0x10
[  495.881143][T15872]  alloc_inode+0x61/0x240
[  495.881163][T15872]  new_inode+0x22/0x1c0
[  495.881185][T15872]  hugetlbfs_get_inode+0x354/0x730
[  495.881207][T15872]  hugetlb_file_setup+0x15b/0x620
[  495.881230][T15872]  ksys_mmap_pgoff+0x189/0x5c0
[  495.881253][T15872]  ? __ia32_sys_mmap_pgoff+0x11/0x1b0
[  495.881277][T15872]  __do_fast_syscall_32+0x73/0x120
[  495.881301][T15872]  do_fast_syscall_32+0x32/0x80
[  495.881322][T15872]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  495.881342][T15872] RIP: 0023:0xf70ce579
[  495.881354][T15872] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  495.881370][T15872] RSP: 002b:00000000f509d55c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0
[  495.881385][T15872] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000ff5000
[  495.881396][T15872] RDX: 0000000000000004 RSI: 000000000005c831 RDI: 00000000ffffffff
[  495.881405][T15872] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  495.881415][T15872] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  495.881424][T15872] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  495.881444][T15872]  </TASK>
[  496.165151][T15879] netlink: 'syz.0.2169': attribute type 12 has an invalid length.
[  496.457005][T15886] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2172'.
[  498.599284][T15939] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2181'.
[  499.979794][T15993] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2189'.
[  500.587151][T16003] FAULT_INJECTION: forcing a failure.
[  500.587151][T16003] name failslab, interval 1, probability 0, space 0, times 0
[  500.595653][T16003] CPU: 2 UID: 60928 PID: 16003 Comm: syz.0.2192 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  500.595670][T16003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  500.595678][T16003] Call Trace:
[  500.595681][T16003]  <TASK>
[  500.595686][T16003]  dump_stack_lvl+0x16c/0x1f0
[  500.595706][T16003]  should_fail_ex+0x512/0x640
[  500.595719][T16003]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  500.595736][T16003]  should_failslab+0xc2/0x120
[  500.595751][T16003]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  500.595766][T16003]  ? ovl_mount_dir+0x26/0x1f0
[  500.595784][T16003]  kstrdup+0x53/0x100
[  500.595799][T16003]  ovl_mount_dir+0x26/0x1f0
[  500.595819][T16003]  ovl_parse_param+0xdaf/0x1570
[  500.595838][T16003]  ? __pfx_ovl_parse_param+0x10/0x10
[  500.595854][T16003]  ? rcu_is_watching+0x12/0xc0
[  500.595865][T16003]  ? trace_kmalloc+0x2b/0xd0
[  500.595879][T16003]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  500.595894][T16003]  ? static_key_count+0x5a/0x70
[  500.595906][T16003]  ? __pfx_ovl_parse_param+0x10/0x10
[  500.595923][T16003]  vfs_parse_fs_param+0x208/0x3c0
[  500.595936][T16003]  vfs_parse_fs_string+0xe9/0x150
[  500.595947][T16003]  ? __pfx_vfs_parse_fs_string+0x10/0x10
[  500.595962][T16003]  ? ovl_next_opt+0x143/0x1c0
[  500.595978][T16003]  ? __pfx_ovl_next_opt+0x10/0x10
[  500.595993][T16003]  vfs_parse_monolithic_sep+0x16f/0x1f0
[  500.596005][T16003]  ? __pfx_vfs_parse_monolithic_sep+0x10/0x10
[  500.596017][T16003]  ? alloc_fs_context+0x59b/0x9c0
[  500.596031][T16003]  path_mount+0x148d/0x1f30
[  500.596045][T16003]  ? kmem_cache_free+0x2d4/0x4d0
[  500.596062][T16003]  ? __pfx_path_mount+0x10/0x10
[  500.596076][T16003]  ? putname+0x154/0x1a0
[  500.596091][T16003]  __ia32_sys_mount+0x28b/0x310
[  500.596104][T16003]  ? __pfx___ia32_sys_mount+0x10/0x10
[  500.596118][T16003]  ? rcu_is_watching+0x12/0xc0
[  500.596130][T16003]  __do_fast_syscall_32+0x73/0x120
[  500.596147][T16003]  do_fast_syscall_32+0x32/0x80
[  500.596163][T16003]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  500.596177][T16003] RIP: 0023:0xf7fa5579
[  500.596185][T16003] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  500.596196][T16003] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  500.596207][T16003] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000140
[  500.596213][T16003] RDX: 0000000080000240 RSI: 0000000000000000 RDI: 00000000800001c0
[  500.596220][T16003] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  500.596226][T16003] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  500.596232][T16003] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  500.596245][T16003]  </TASK>
[  500.645391][T16005] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2193'.
[  500.828357][ T1414] ieee802154 phy0 wpan0: encryption failed: -22
[  500.830595][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[  501.312511][T16026] netlink: 'syz.1.2197': attribute type 12 has an invalid length.
[  502.546034][T16066] geneve2: entered promiscuous mode
[  502.547932][T16066] geneve2: entered allmulticast mode
[  502.596277][T16072] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2206'.
[  503.072752][   T47] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  503.170985][ T5957] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  503.174940][ T5957] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  503.178992][ T5957] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  503.187557][ T5957] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  503.190560][ T5957] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  503.202653][   T47] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  503.338565][   T47] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  503.384810][   T47] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  503.519200][T16079] chnl_net:caif_netlink_parms(): no params data found
[  503.534011][   T47] bridge_slave_1: left allmulticast mode
[  503.536689][   T47] bridge_slave_1: left promiscuous mode
[  503.539862][   T47] bridge0: port 2(bridge_slave_1) entered disabled state
[  503.547675][   T47] bridge_slave_0: left allmulticast mode
[  503.549593][   T47] bridge_slave_0: left promiscuous mode
[  503.551694][   T47] bridge0: port 1(bridge_slave_0) entered disabled state
[  503.694363][   T47] gretap0 (unregistering): left allmulticast mode
[  503.807022][   T47] team0: Port device geneve0 removed
[  503.987337][   T47] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  503.992477][   T47] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  503.998615][   T47] bond0 (unregistering): (slave macvlan2): Releasing backup interface
[  504.002571][   T47] team_slave_0: left promiscuous mode
[  504.005058][   T47] team_slave_1: left promiscuous mode
[  504.007942][   T47] bond0 (unregistering): Released all slaves
[  504.055080][    T9] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  504.084523][T16079] bridge0: port 1(bridge_slave_0) entered blocking state
[  504.088156][T16079] bridge0: port 1(bridge_slave_0) entered disabled state
[  504.091301][T16079] bridge_slave_0: entered allmulticast mode
[  504.096553][T16079] bridge_slave_0: entered promiscuous mode
[  504.103715][T16079] bridge0: port 2(bridge_slave_1) entered blocking state
[  504.108625][T16079] bridge0: port 2(bridge_slave_1) entered disabled state
[  504.111093][T16079] bridge_slave_1: entered allmulticast mode
[  504.114920][T16079] bridge_slave_1: entered promiscuous mode
[  504.152970][T16079] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  504.160658][T16079] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  504.200661][T16079] team0: Port device team_slave_0 added
[  504.204238][T16209] netlink: 'syz.2.2216': attribute type 12 has an invalid length.
[  504.205101][    T9] usb 6-1: Using ep0 maxpacket: 8
[  504.207036][T16209] netlink: 'syz.2.2216': attribute type 29 has an invalid length.
[  504.209206][    T9] usb 6-1: no configurations
[  504.211071][T16209] netlink: 148 bytes leftover after parsing attributes in process `syz.2.2216'.
[  504.212482][    T9] usb 6-1: can't read configurations, error -22
[  504.215486][T16209] netlink: 'syz.2.2216': attribute type 1 has an invalid length.
[  504.219422][T16209] netlink: 'syz.2.2216': attribute type 2 has an invalid length.
[  504.221716][T16209] netlink: 'syz.2.2216': attribute type 3 has an invalid length.
[  504.224114][T16209] netlink: 19 bytes leftover after parsing attributes in process `syz.2.2216'.
[  504.232589][T16079] team0: Port device team_slave_1 added
[  504.280510][T16079] batman_adv: batadv0: Adding interface: batadv_slave_0
[  504.283324][T16079] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  504.293266][T16079] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  504.300342][T16079] batman_adv: batadv0: Adding interface: batadv_slave_1
[  504.303313][T16079] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  504.312059][T16079] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  504.355178][    T9] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  504.364448][T16079] hsr_slave_0: entered promiscuous mode
[  504.367508][T16079] hsr_slave_1: entered promiscuous mode
[  504.369867][T16079] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  504.372841][T16079] Cannot create hsr debugfs directory
[  504.535102][    T9] usb 6-1: Using ep0 maxpacket: 8
[  504.537215][    T9] usb 6-1: no configurations
[  504.538696][    T9] usb 6-1: can't read configurations, error -22
[  504.540788][    T9] usb usb6-port1: attempt power cycle
[  504.907994][    T9] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  504.942780][    T9] usb 6-1: Using ep0 maxpacket: 8
[  504.949424][    T9] usb 6-1: no configurations
[  504.953474][    T9] usb 6-1: can't read configurations, error -22
[  505.232792][   T68] Bluetooth: hci1: command tx timeout
[  505.253360][T16079] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  505.268935][T16079] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  505.278994][T16079] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  505.287188][T16079] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  505.289389][    T9] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  505.348136][T16079] 8021q: adding VLAN 0 to HW filter on device bond0
[  505.358947][T16079] 8021q: adding VLAN 0 to HW filter on device team0
[  505.362633][    T9] usb 6-1: Using ep0 maxpacket: 8
[  505.365082][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  505.365126][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  505.372035][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  505.374281][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  505.377382][    T9] usb 6-1: no configurations
[  505.379344][    T9] usb 6-1: can't read configurations, error -22
[  505.384750][    T9] usb usb6-port1: unable to enumerate USB device
[  505.483469][T16253] netlink: 'syz.2.2220': attribute type 12 has an invalid length.
[  505.504544][T16079] 8021q: adding VLAN 0 to HW filter on device batadv0
[  505.543553][T16079] veth0_vlan: entered promiscuous mode
[  505.552022][T16079] veth1_vlan: entered promiscuous mode
[  505.580787][T16079] veth0_macvtap: entered promiscuous mode
[  505.586596][T16079] veth1_macvtap: entered promiscuous mode
[  505.600029][T16079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  505.604442][T16079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  505.609225][T16079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  505.613480][T16079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  505.617685][T16079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  505.621054][T16079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  505.624971][T16079] batman_adv: batadv0: Interface activated: batadv_slave_0
[  505.634072][T16079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  505.638675][T16079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  505.641935][T16079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  505.645245][T16079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  505.648276][T16079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  505.652223][T16079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  505.656514][T16079] batman_adv: batadv0: Interface activated: batadv_slave_1
[  505.662435][T16079] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  505.665512][T16079] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  505.668286][T16079] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  505.671121][T16079] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  505.702983][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  505.708881][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  505.728731][  T103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  505.731276][  T103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  505.756648][   T47] IPVS: stopping backup sync thread 9822 ...
[  506.000616][   T47] hsr_slave_0: left promiscuous mode
[  506.002800][   T47] hsr_slave_1: left promiscuous mode
[  506.004893][   T47] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  506.008456][   T47] batman_adv: batadv0: Removing interface: batadv_slave_0
[  506.011575][   T47] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  506.013993][   T47] batman_adv: batadv0: Removing interface: batadv_slave_1
[  506.054727][   T47] veth1_macvtap: left promiscuous mode
[  506.075203][   T47] veth0_macvtap: left promiscuous mode
[  506.077302][   T47] veth1_vlan: left promiscuous mode
[  506.639941][T16267] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2222'.
[  506.999476][   T47] team0 (unregistering): Port device team_slave_1 removed
[  507.083674][   T47] team0 (unregistering): Port device team_slave_0 removed
[  507.215117][T16258] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  507.315261][   T68] Bluetooth: hci1: command tx timeout
[  507.378261][T16258] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  507.383059][T16258] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  507.386956][T16258] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  507.393166][T16258] usb 6-1: config 0 descriptor??
[  507.610114][T16258] usbhid 6-1:0.0: can't add hid device: -71
[  507.612059][T16258] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  507.621287][T16258] usb 6-1: USB disconnect, device number 24
[  507.681506][T16301] netlink: 'syz.3.2227': attribute type 12 has an invalid length.
[  507.717971][T16304] geneve2: entered promiscuous mode
[  507.721211][T16304] geneve2: entered allmulticast mode
[  507.731944][T16306] netlink: 'syz.3.2229': attribute type 12 has an invalid length.
[  507.764907][T16307] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2228'.
[  507.789702][T16311] netlink: 'syz.0.2231': attribute type 12 has an invalid length.
[  508.035119][   T76] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  508.045299][T16258] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  508.186698][   T76] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  508.190177][   T76] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  508.193207][   T76] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  508.198235][   T76] usb 8-1: config 0 descriptor??
[  508.405470][T16258] usb 6-1: Using ep0 maxpacket: 32
[  508.408673][T16258] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  508.412246][T16258] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  508.415240][T16258] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  508.416471][   T76] usbhid 8-1:0.0: can't add hid device: -71
[  508.418910][T16258] usb 6-1: config 0 descriptor??
[  508.420010][   T76] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  508.422790][T16258] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  508.424819][   T76] usb 8-1: USB disconnect, device number 27
[  508.427547][T16258] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  508.925063][   T76] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  508.976876][T13294] usb 6-1: USB disconnect, device number 25
[  508.980341][T13294] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[  509.075191][   T76] usb 8-1: Using ep0 maxpacket: 32
[  509.078633][   T76] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  509.082130][   T76] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  509.084946][   T76] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  509.089190][   T76] usb 8-1: config 0 descriptor??
[  509.093704][   T76] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  509.097896][   T76] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  509.229865][   T40] audit: type=1326 audit(1745588763.806:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2234" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7fc00000
[  509.385178][   T68] Bluetooth: hci1: command tx timeout
[  509.799318][T16336] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2236'.
[  509.952769][   T40] audit: type=1326 audit(1745588764.526:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2234" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf711e579 code=0x7fc00000
[  510.245154][   T76] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  510.396466][   T76] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  510.400147][   T76] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  510.403097][   T76] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.410598][   T76] usb 7-1: config 0 descriptor??
[  510.623100][   T76] usbhid 7-1:0.0: can't add hid device: -71
[  510.625282][   T76] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  510.629487][   T76] usb 7-1: USB disconnect, device number 21
[  510.789235][  T146] usb 8-1: USB disconnect, device number 28
[  510.793298][  T146] ldusb 8-1:0.0: LD USB Device #0 now disconnected
[  510.909764][T16359] random: crng reseeded on system resumption
[  511.085115][   T76] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  511.235227][    T9] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  511.398527][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  511.403283][    T9] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  511.407206][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.412469][    T9] usb 5-1: config 0 descriptor??
[  511.455126][   T76] usb 7-1: Using ep0 maxpacket: 32
[  511.458565][   T76] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  511.462709][   T76] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  511.465519][ T5957] Bluetooth: hci1: command tx timeout
[  511.466412][   T76] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.472299][   T76] usb 7-1: config 0 descriptor??
[  511.477333][   T76] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  511.482757][   T76] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  511.625366][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  511.627292][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  511.633853][    T9] usb 5-1: USB disconnect, device number 25
[  511.947988][ T5990] usb 7-1: USB disconnect, device number 22
[  511.955905][ T5990] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  512.064310][T16372] overlay: Unknown parameter '
'
[  512.075258][   T76] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  512.245063][   T76] usb 5-1: Using ep0 maxpacket: 32
[  512.248057][   T76] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  512.251600][   T76] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  512.254451][   T76] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  512.258347][   T76] usb 5-1: config 0 descriptor??
[  512.262514][   T76] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  512.266957][   T76] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  513.545161][ T5957] Bluetooth: hci1: command 0x0405 tx timeout
[  513.805159][T16258] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  513.942620][    T9] usb 5-1: USB disconnect, device number 26
[  513.947589][    T9] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  513.969350][T16258] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  513.972769][T16258] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  513.977648][T16258] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.981455][T16258] usb 7-1: config 0 descriptor??
[  514.316639][T16258] usbhid 7-1:0.0: can't add hid device: -71
[  514.319430][T16258] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  514.333534][T16258] usb 7-1: USB disconnect, device number 23
[  514.715089][T16258] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  514.875328][T16258] usb 7-1: Using ep0 maxpacket: 32
[  514.879469][T16258] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  514.883624][T16258] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  514.886601][T16258] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  514.894719][T16258] usb 7-1: config 0 descriptor??
[  514.898493][T16258] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  514.903068][T16258] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  515.125088][    T9] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  515.286445][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  515.289857][    T9] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  515.292658][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.296698][    T9] usb 5-1: config 0 descriptor??
[  515.508749][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  515.511415][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  515.518315][    T9] usb 5-1: USB disconnect, device number 27
[  515.965140][T16258] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  516.125476][T16258] usb 5-1: Using ep0 maxpacket: 32
[  516.128844][T16258] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  516.132250][T16258] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  516.135222][T16258] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  516.140352][T16258] usb 5-1: config 0 descriptor??
[  516.144194][T16258] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  516.148479][T16258] ldusb 5-1:0.0: LD USB Device #1 now attached to major 180 minor 1
[  516.412206][   T76] usb 7-1: USB disconnect, device number 24
[  516.423045][   T76] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  516.616337][    T9] usb 5-1: USB disconnect, device number 28
[  516.655932][    T9] ldusb 5-1:0.0: LD USB Device #1 now disconnected
[  516.935312][   T76] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  517.097640][   T76] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  517.102605][   T76] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  517.106922][   T76] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.112025][   T76] usb 7-1: config 0 descriptor??
[  517.297803][T16456] overlayfs: missing 'workdir'
[  517.622897][   T76] usbhid 7-1:0.0: can't add hid device: -71
[  517.625261][   T76] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  517.630085][   T76] usb 7-1: USB disconnect, device number 25
[  518.235225][   T76] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  518.385101][   T76] usb 7-1: Using ep0 maxpacket: 32
[  518.406057][   T76] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  518.410503][   T76] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  518.460928][   T76] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.466213][   T76] usb 7-1: config 0 descriptor??
[  518.478479][   T76] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  518.485233][   T76] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  518.883345][T16258] usb 7-1: USB disconnect, device number 26
[  518.901568][T16258] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  519.543684][T16486] random: crng reseeded on system resumption
[  520.364342][T16498] netlink: 'syz.0.2276': attribute type 12 has an invalid length.
[  520.769519][T16504] overlayfs: failed to resolve './file1': -2
[  521.877572][   T40] audit: type=1326 audit(1745588776.456:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16513 comm="syz.3.2280" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf708e579 code=0x0
[  521.942977][T16515] tipc: Started in network mode
[  521.944629][T16515] tipc: Node identity 7, cluster identity 4711
[  521.946843][T16515] tipc: Node number set to 7
[  524.677277][T16570] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2294'.
[  524.717714][T16571] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2293'.
[  525.461909][T16602] Failed to get privilege flags for destination (handle=0x2:0x0)
[  525.536541][T16604] netlink: 'syz.3.2301': attribute type 12 has an invalid length.
[  525.853702][T16612] overlayfs: missing 'workdir'
[  526.648900][T16625] input: syz0 as /devices/virtual/input/input62
[  526.770502][T16625] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  526.772745][T16625] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  526.779367][T16625] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  526.781669][T16625] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  526.786914][T16625] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  528.739558][T16668] overlayfs: missing 'workdir'
[  528.825163][   T68] Bluetooth: hci1: command 0x0405 tx timeout
[  528.829163][   T68] Bluetooth: hci3: command 0x0406 tx timeout
[  529.283706][T16674] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  529.332560][T16680] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  529.337572][T16680] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2323'.
[  529.404594][T16681] overlayfs: missing 'lowerdir'
[  530.287520][T16699] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2326'.
[  530.905691][T16669] Bluetooth: hci1: command 0x0405 tx timeout
[  530.905835][ T5957] Bluetooth: hci3: command 0x0406 tx timeout
[  531.044306][T16718] FAULT_INJECTION: forcing a failure.
[  531.044306][T16718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  531.050313][T16718] CPU: 1 UID: 0 PID: 16718 Comm: syz.1.2331 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  531.050341][T16718] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  531.050347][T16718] Call Trace:
[  531.050351][T16718]  <TASK>
[  531.050356][T16718]  dump_stack_lvl+0x16c/0x1f0
[  531.050375][T16718]  should_fail_ex+0x512/0x640
[  531.050391][T16718]  _copy_from_user+0x2e/0xd0
[  531.050405][T16718]  kstrtouint_from_user+0xd6/0x1d0
[  531.050415][T16718]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  531.050424][T16718]  ? __lock_acquire+0xaa4/0x1ba0
[  531.050445][T16718]  proc_fail_nth_write+0x83/0x250
[  531.050461][T16718]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  531.050480][T16718]  vfs_write+0x25c/0x1180
[  531.050491][T16718]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  531.050519][T16718]  ? __pfx___mutex_lock+0x10/0x10
[  531.050535][T16718]  ? __pfx_vfs_write+0x10/0x10
[  531.050553][T16718]  ? __fget_files+0x20e/0x3c0
[  531.050568][T16718]  ksys_write+0x12a/0x240
[  531.050578][T16718]  ? __pfx_ksys_write+0x10/0x10
[  531.050587][T16718]  ? rcu_is_watching+0x12/0xc0
[  531.050599][T16718]  ? rcu_is_watching+0x12/0xc0
[  531.050611][T16718]  __do_fast_syscall_32+0x73/0x120
[  531.050627][T16718]  do_fast_syscall_32+0x32/0x80
[  531.050642][T16718]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  531.050655][T16718] RIP: 0023:0xf7fc5579
[  531.050664][T16718] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  531.050674][T16718] RSP: 002b:00000000f50e6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  531.050684][T16718] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50e6620
[  531.050691][T16718] RDX: 0000000000000001 RSI: 00000000f7452ff4 RDI: 0000000000000000
[  531.050697][T16718] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  531.050702][T16718] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  531.050708][T16718] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  531.050721][T16718]  </TASK>
[  531.253873][T16725] overlayfs: missing 'lowerdir'
[  531.768646][T16729] FAULT_INJECTION: forcing a failure.
[  531.768646][T16729] name failslab, interval 1, probability 0, space 0, times 0
[  531.772560][T16729] CPU: 2 UID: 0 PID: 16729 Comm: syz.3.2334 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  531.772574][T16729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  531.772581][T16729] Call Trace:
[  531.772585][T16729]  <TASK>
[  531.772590][T16729]  dump_stack_lvl+0x16c/0x1f0
[  531.772607][T16729]  should_fail_ex+0x512/0x640
[  531.772620][T16729]  ? fs_reclaim_acquire+0xae/0x150
[  531.772638][T16729]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  531.772653][T16729]  should_failslab+0xc2/0x120
[  531.772667][T16729]  __kmalloc_noprof+0xd2/0x510
[  531.772683][T16729]  tomoyo_realpath_from_path+0xc2/0x6e0
[  531.772699][T16729]  ? tomoyo_profile+0x47/0x60
[  531.772721][T16729]  tomoyo_path_number_perm+0x245/0x580
[  531.772732][T16729]  ? tomoyo_path_number_perm+0x237/0x580
[  531.772746][T16729]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  531.772772][T16729]  ? find_held_lock+0x2b/0x80
[  531.772783][T16729]  ? hook_file_ioctl_common+0x145/0x410
[  531.772795][T16729]  ? __fget_files+0x204/0x3c0
[  531.772806][T16729]  ? __fget_files+0x20e/0x3c0
[  531.772815][T16729]  ? __fput_deferred+0x300/0x370
[  531.772831][T16729]  security_file_ioctl_compat+0x9b/0x240
[  531.772845][T16729]  __ia32_compat_sys_ioctl+0xc3/0x360
[  531.772863][T16729]  __do_fast_syscall_32+0x73/0x120
[  531.772879][T16729]  do_fast_syscall_32+0x32/0x80
[  531.772894][T16729]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  531.772907][T16729] RIP: 0023:0xf708e579
[  531.772915][T16729] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  531.772926][T16729] RSP: 002b:00000000f507e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  531.772936][T16729] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000720
[  531.772942][T16729] RDX: 0000000080000900 RSI: 0000000000000000 RDI: 0000000000000000
[  531.772948][T16729] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  531.772953][T16729] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  531.772959][T16729] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  531.772972][T16729]  </TASK>
[  531.772976][T16729] ERROR: Out of memory at tomoyo_realpath_from_path.
[  531.885152][    T9] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  532.332092][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  532.336058][    T9] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  532.339087][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.356708][    T9] usb 5-1: config 0 descriptor??
[  532.578124][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  532.580611][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  532.607810][    T9] usb 5-1: USB disconnect, device number 29
[  532.838249][T16750] input: syz0 as /devices/virtual/input/input63
[  532.985159][ T5957] Bluetooth: hci1: command 0x0405 tx timeout
[  533.125071][    T9] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  533.285646][    T9] usb 5-1: Using ep0 maxpacket: 32
[  533.332286][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  533.358154][    T9] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  533.362520][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  533.366167][    T9] usb 5-1: config 0 descriptor??
[  533.369871][    T9] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  533.373511][    T9] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  533.504590][T16760] netlink: 'syz.3.2342': attribute type 12 has an invalid length.
[  533.893324][T16766] overlay: Unknown parameter '#'
[  533.895538][T16258] usb 5-1: USB disconnect, device number 30
[  533.902393][T16258] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  534.579988][T16780] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2348'.
[  535.234797][T16802] overlayfs: missing 'lowerdir'
[  535.322258][T16804] netlink: 'syz.0.2352': attribute type 12 has an invalid length.
[  535.482111][T16813] FAULT_INJECTION: forcing a failure.
[  535.482111][T16813] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  535.489767][T16813] CPU: 2 UID: 0 PID: 16813 Comm: syz.0.2355 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  535.489793][T16813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  535.489804][T16813] Call Trace:
[  535.489812][T16813]  <TASK>
[  535.489819][T16813]  dump_stack_lvl+0x16c/0x1f0
[  535.489849][T16813]  should_fail_ex+0x512/0x640
[  535.489874][T16813]  _copy_from_user+0x2e/0xd0
[  535.489898][T16813]  copy_from_sockptr_offset.constprop.0+0x153/0x1a0
[  535.489928][T16813]  ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10
[  535.489962][T16813]  ? __lock_acquire+0xaa4/0x1ba0
[  535.489991][T16813]  do_ip_getsockopt+0x27f/0x2100
[  535.490014][T16813]  ? __pfx_do_ip_getsockopt+0x10/0x10
[  535.490033][T16813]  ? register_lock_class+0x41/0x4c0
[  535.490055][T16813]  ? __lock_acquire+0x5ca/0x1ba0
[  535.490084][T16813]  ? __lock_acquire+0xaa4/0x1ba0
[  535.490109][T16813]  ? _kstrtoull+0x145/0x200
[  535.490134][T16813]  ? __pfx__kstrtoull+0x10/0x10
[  535.490160][T16813]  ? aa_label_sk_perm+0x19b/0x5a0
[  535.490182][T16813]  ? __mutex_trylock_common+0xe9/0x250
[  535.490208][T16813]  ? __pfx___mutex_trylock_common+0x10/0x10
[  535.490235][T16813]  ? __pfx___might_resched+0x10/0x10
[  535.490259][T16813]  ? rcu_is_watching+0x12/0xc0
[  535.490276][T16813]  ? trace_contention_end+0xdd/0x130
[  535.490302][T16813]  ? __mutex_lock+0x1ca/0xb90
[  535.490332][T16813]  ip_getsockopt+0x9b/0x1e0
[  535.490349][T16813]  ? __pfx___mutex_lock+0x10/0x10
[  535.490375][T16813]  ? __pfx_ip_getsockopt+0x10/0x10
[  535.490390][T16813]  ? get_pid_task+0xfc/0x250
[  535.490420][T16813]  tcp_getsockopt+0x9e/0x100
[  535.490444][T16813]  smc_getsockopt+0x162/0x370
[  535.490464][T16813]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  535.490497][T16813]  ? __pfx_smc_getsockopt+0x10/0x10
[  535.490514][T16813]  ? find_held_lock+0x2b/0x80
[  535.490537][T16813]  ? __pfx_smc_getsockopt+0x10/0x10
[  535.490558][T16813]  do_sock_getsockopt+0x3fc/0x800
[  535.490590][T16813]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  535.490616][T16813]  ? __fget_files+0x204/0x3c0
[  535.490646][T16813]  __sys_getsockopt+0x123/0x1a0
[  535.490676][T16813]  __ia32_sys_getsockopt+0xbc/0x160
[  535.490698][T16813]  ? lockdep_hardirqs_on+0x7c/0x110
[  535.490722][T16813]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  535.490747][T16813]  __do_fast_syscall_32+0x73/0x120
[  535.490775][T16813]  do_fast_syscall_32+0x32/0x80
[  535.490801][T16813]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  535.490824][T16813] RIP: 0023:0xf711e579
[  535.490838][T16813] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  535.490855][T16813] RSP: 002b:00000000f510e55c EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[  535.490874][T16813] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  535.490885][T16813] RDX: 0000000000000040 RSI: 0000000080000440 RDI: 0000000080000300
[  535.490896][T16813] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  535.490907][T16813] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  535.490915][T16813] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  535.490938][T16813]  </TASK>
[  535.695847][   T34] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[  535.857439][   T34] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  535.861288][   T34] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  535.864395][   T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.872667][   T34] usb 8-1: config 0 descriptor??
[  535.983581][T16816] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  536.080267][   T34] usbhid 8-1:0.0: can't add hid device: -71
[  536.082300][   T34] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  536.086788][   T34] usb 8-1: USB disconnect, device number 29
[  536.151709][T16821] overlay: Unknown parameter '#'
[  536.175607][T16816] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  536.296400][T16816] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  536.399032][T16816] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  536.505212][   T34] usb 7-1: new full-speed USB device number 27 using dummy_hcd
[  536.515394][   T76] usb 8-1: new high-speed USB device number 30 using dummy_hcd
[  536.573577][T16816] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  536.584392][T16816] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  536.596203][T16816] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  536.607793][T16816] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  536.668267][   T76] usb 8-1: Using ep0 maxpacket: 32
[  536.674945][   T34] usb 7-1: config 0 has an invalid interface number: 201 but max is 0
[  536.678346][   T34] usb 7-1: config 0 has no interface number 0
[  536.680485][   T34] usb 7-1: config 0 interface 201 has no altsetting 0
[  536.682959][   T34] usb 7-1: New USB device found, idVendor=12d1, idProduct=b9ee, bcdDevice=11.78
[  536.686856][   T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  536.690526][   T76] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  536.694933][   T76] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  536.698826][   T76] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  536.703254][   T34] usb 7-1: config 0 descriptor??
[  536.709296][   T34] option 7-1:0.201: GSM modem (1-port) converter detected
[  536.712164][   T76] usb 8-1: config 0 descriptor??
[  536.716770][   T76] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  536.724083][   T76] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  536.912535][T13294] usb 7-1: USB disconnect, device number 27
[  536.924657][T13294] option 7-1:0.201: device disconnected
[  536.941002][T16827] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 108
[  537.170670][T16835] netlink: 'syz.1.2361': attribute type 12 has an invalid length.
[  537.222233][   T76] usb 8-1: USB disconnect, device number 30
[  537.227292][   T76] ldusb 8-1:0.0: LD USB Device #0 now disconnected
[  537.468122][T16844] FAULT_INJECTION: forcing a failure.
[  537.468122][T16844] name failslab, interval 1, probability 0, space 0, times 0
[  537.472006][T16844] CPU: 2 UID: 0 PID: 16844 Comm: syz.2.2364 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  537.472021][T16844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  537.472039][T16844] Call Trace:
[  537.472044][T16844]  <TASK>
[  537.472048][T16844]  dump_stack_lvl+0x16c/0x1f0
[  537.472077][T16844]  should_fail_ex+0x512/0x640
[  537.472109][T16844]  should_failslab+0xc2/0x120
[  537.472123][T16844]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  537.472136][T16844]  ? skb_clone+0x190/0x3f0
[  537.472153][T16844]  skb_clone+0x190/0x3f0
[  537.472167][T16844]  netlink_deliver_tap+0xabd/0xd30
[  537.472185][T16844]  netlink_unicast+0x6b2/0x7f0
[  537.472201][T16844]  ? __pfx_netlink_unicast+0x10/0x10
[  537.472219][T16844]  netlink_ack+0x696/0xb80
[  537.472238][T16844]  netlink_rcv_skb+0x347/0x440
[  537.472252][T16844]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  537.472268][T16844]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  537.472290][T16844]  ? netlink_deliver_tap+0x1ae/0xd30
[  537.472306][T16844]  netlink_unicast+0x53a/0x7f0
[  537.472322][T16844]  ? __pfx_netlink_unicast+0x10/0x10
[  537.472340][T16844]  netlink_sendmsg+0x8d1/0xdd0
[  537.472357][T16844]  ? __pfx_netlink_sendmsg+0x10/0x10
[  537.472373][T16844]  ? __import_iovec+0x1c8/0x660
[  537.472389][T16844]  ____sys_sendmsg+0xa95/0xc70
[  537.472401][T16844]  ? __pfx_____sys_sendmsg+0x10/0x10
[  537.472410][T16844]  ? get_compat_msghdr+0x11a/0x170
[  537.472432][T16844]  ___sys_sendmsg+0x134/0x1d0
[  537.472447][T16844]  ? __pfx____sys_sendmsg+0x10/0x10
[  537.472477][T16844]  __sys_sendmsg+0x16d/0x220
[  537.472490][T16844]  ? __pfx___sys_sendmsg+0x10/0x10
[  537.472509][T16844]  ? rcu_is_watching+0x12/0xc0
[  537.472522][T16844]  __do_fast_syscall_32+0x73/0x120
[  537.472538][T16844]  do_fast_syscall_32+0x32/0x80
[  537.472553][T16844]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  537.472565][T16844] RIP: 0023:0xf70ce579
[  537.472574][T16844] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  537.472584][T16844] RSP: 002b:00000000f50be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  537.472595][T16844] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  537.472601][T16844] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  537.472606][T16844] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  537.472612][T16844] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  537.472618][T16844] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  537.472630][T16844]  </TASK>
[  537.681558][T16849] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2365'.
[  537.774471][T16858] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  537.809457][T16860] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2367'.
[  537.832342][T16860] io-wq is not configured for unbound workers
[  537.906163][T16858] /dev/sr0: Can't open blockdev
[  538.128742][T16866] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.203019][T16866] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.298751][T16866] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.306919][T16871] netlink: 'syz.1.2370': attribute type 12 has an invalid length.
[  538.572284][T16866] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.753066][T16884] FAULT_INJECTION: forcing a failure.
[  538.753066][T16884] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  538.765348][T16884] CPU: 3 UID: 0 PID: 16884 Comm: syz.0.2374 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  538.765372][T16884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  538.765383][T16884] Call Trace:
[  538.765389][T16884]  <TASK>
[  538.765410][T16884]  dump_stack_lvl+0x16c/0x1f0
[  538.765438][T16884]  should_fail_ex+0x512/0x640
[  538.765462][T16884]  should_fail_alloc_page+0xe7/0x130
[  538.765486][T16884]  prepare_alloc_pages+0x3c2/0x610
[  538.765516][T16884]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  538.765537][T16884]  ? finish_task_switch.isra.0+0x2fa/0xc10
[  538.765557][T16884]  ? rcu_is_watching+0x12/0xc0
[  538.765574][T16884]  ? trace_sched_exit_tp+0xde/0x130
[  538.765595][T16884]  ? __schedule+0x1186/0x5de0
[  538.765616][T16884]  ? unwind_get_return_address+0x59/0xa0
[  538.765645][T16884]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  538.765674][T16884]  ? __pfx___schedule+0x10/0x10
[  538.765694][T16884]  ? lockdep_hardirqs_on+0x7c/0x110
[  538.765720][T16884]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  538.765746][T16884]  ? policy_nodemask+0xea/0x4e0
[  538.765769][T16884]  alloc_pages_mpol+0x1fb/0x550
[  538.765792][T16884]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  538.765811][T16884]  ? __pfx___pollwait+0x10/0x10
[  538.765842][T16884]  ? __pfx___pollwait+0x10/0x10
[  538.765863][T16884]  alloc_pages_noprof+0x131/0x390
[  538.765884][T16884]  get_free_pages_noprof+0xc/0x40
[  538.765904][T16884]  __pollwait+0x295/0x490
[  538.765929][T16884]  ? __pfx___pollwait+0x10/0x10
[  538.765951][T16884]  datagram_poll+0x7d/0x4f0
[  538.765970][T16884]  ? __pfx_datagram_poll+0x10/0x10
[  538.765987][T16884]  sock_poll+0x15d/0x510
[  538.766003][T16884]  ? __pfx_sock_poll+0x10/0x10
[  538.766028][T16884]  do_select+0xd67/0x17d0
[  538.766061][T16884]  ? __pfx_do_select+0x10/0x10
[  538.766087][T16884]  ? __io_arm_poll_handler+0xb70/0x1430
[  538.766108][T16884]  ? __pfx___pollwait+0x10/0x10
[  538.766135][T16884]  ? __pfx_pollwake+0x10/0x10
[  538.766162][T16884]  ? __pfx_pollwake+0x10/0x10
[  538.766189][T16884]  ? __pfx_pollwake+0x10/0x10
[  538.766216][T16884]  ? __pfx_pollwake+0x10/0x10
[  538.766242][T16884]  ? __pfx_pollwake+0x10/0x10
[  538.766269][T16884]  ? __pfx_pollwake+0x10/0x10
[  538.766295][T16884]  ? __pfx_pollwake+0x10/0x10
[  538.766322][T16884]  ? __pfx_pollwake+0x10/0x10
[  538.766349][T16884]  ? __pfx_pollwake+0x10/0x10
[  538.766382][T16884]  ? find_held_lock+0x2b/0x80
[  538.766405][T16884]  ? compat_core_sys_select+0x685/0x880
[  538.766420][T16884]  compat_core_sys_select+0x685/0x880
[  538.766443][T16884]  ? __pfx_compat_core_sys_select+0x10/0x10
[  538.766465][T16884]  ? proc_fail_nth_write+0x9f/0x250
[  538.766507][T16884]  ? set_compat_user_sigmask+0x213/0x2a0
[  538.766527][T16884]  ? __pfx_set_compat_user_sigmask+0x10/0x10
[  538.766553][T16884]  __ia32_compat_sys_pselect6_time32+0x2d1/0x390
[  538.766575][T16884]  ? __pfx___ia32_compat_sys_pselect6_time32+0x10/0x10
[  538.766593][T16884]  ? fput+0x70/0xf0
[  538.766613][T16884]  ? ksys_write+0x1b9/0x240
[  538.766629][T16884]  ? __pfx_ksys_write+0x10/0x10
[  538.766651][T16884]  ? rcu_is_watching+0x12/0xc0
[  538.766670][T16884]  ? rcu_is_watching+0x12/0xc0
[  538.766689][T16884]  __do_fast_syscall_32+0x73/0x120
[  538.766714][T16884]  do_fast_syscall_32+0x32/0x80
[  538.766738][T16884]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  538.766758][T16884] RIP: 0023:0xf711e579
[  538.766772][T16884] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  538.766788][T16884] RSP: 002b:00000000f50ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000134
[  538.766805][T16884] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 00000000800001c0
[  538.766816][T16884] RDX: 0000000000000000 RSI: 00000000800002c0 RDI: 0000000000000000
[  538.766827][T16884] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  538.766836][T16884] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  538.766846][T16884] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  538.766869][T16884]  </TASK>
[  538.768555][T16866] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  538.911264][T16866] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  538.918370][T16866] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  538.925970][T16866] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  538.995347][T16886] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  539.006596][   T40] audit: type=1804 audit(1745588793.586:1130): pid=16888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2375" name="/newroot/592/file0" dev="tmpfs" ino=3897 res=1 errno=0
[  539.025244][   T40] audit: type=1804 audit(1745588793.586:1131): pid=16887 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2375" name="/newroot/592/file0" dev="tmpfs" ino=3897 res=1 errno=0
[  539.186606][T16893] overlay: Unknown parameter '/'
[  540.054355][T16905] netlink: 'syz.1.2380': attribute type 12 has an invalid length.
[  540.379107][   T40] audit: type=1326 audit(1745588794.956:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16919 comm="syz.2.2384" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  540.386041][   T40] audit: type=1326 audit(1745588794.956:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16919 comm="syz.2.2384" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  540.390075][T16920] (syz.2.2384,16920,2):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  540.397752][T16920] (syz.2.2384,16920,2):ocfs2_fill_super:1177 ERROR: status = -22
[  540.400482][   T40] audit: type=1326 audit(1745588794.956:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16919 comm="syz.2.2384" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  540.407448][T16922] IPVS: length: 78 != 6815856
[  540.407532][   T40] audit: type=1326 audit(1745588794.956:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16919 comm="syz.2.2384" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  540.418915][   T40] audit: type=1326 audit(1745588794.956:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16919 comm="syz.2.2384" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  540.427047][   T40] audit: type=1326 audit(1745588794.956:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16919 comm="syz.2.2384" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  540.433843][   T40] audit: type=1326 audit(1745588794.976:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16919 comm="syz.2.2384" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  540.441987][   T40] audit: type=1326 audit(1745588794.976:1139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16919 comm="syz.2.2384" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  541.402501][T16945] warn_alloc: 1 callbacks suppressed
[  541.402511][T16945] syz.3.2391: vmalloc error: size 16777216, failed to allocated page array size 32768, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  541.410330][T16945] CPU: 3 UID: 0 PID: 16945 Comm: syz.3.2391 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  541.410345][T16945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  541.410352][T16945] Call Trace:
[  541.410355][T16945]  <TASK>
[  541.410360][T16945]  dump_stack_lvl+0x16c/0x1f0
[  541.410378][T16945]  warn_alloc+0x248/0x3a0
[  541.410391][T16945]  ? __pfx_warn_alloc+0x10/0x10
[  541.410408][T16945]  ? __get_vm_area_node+0x1b9/0x300
[  541.410424][T16945]  ? __get_vm_area_node+0x1e5/0x300
[  541.410443][T16945]  __vmalloc_node_range_noprof+0x1110/0x1540
[  541.410453][T16945]  ? fib_table_delete+0x574/0x8d0
[  541.410471][T16945]  ? __v4l2_ctrl_modify_dimensions+0x1be/0x630
[  541.410487][T16945]  ? __pfx___might_resched+0x10/0x10
[  541.410500][T16945]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  541.410517][T16945]  __kvmalloc_node_noprof+0x2ff/0x600
[  541.410529][T16945]  ? __v4l2_ctrl_modify_dimensions+0x1be/0x630
[  541.410542][T16945]  ? __v4l2_ctrl_modify_dimensions+0x1be/0x630
[  541.410557][T16945]  ? __v4l2_ctrl_modify_dimensions+0x1be/0x630
[  541.410570][T16945]  __v4l2_ctrl_modify_dimensions+0x1be/0x630
[  541.410585][T16945]  vivid_update_format_cap+0x12de/0x25a0
[  541.410600][T16945]  ? __asan_memset+0x23/0x50
[  541.410612][T16945]  ? __pfx_vivid_update_format_cap+0x10/0x10
[  541.410627][T16945]  ? vivid_get_format+0x124/0x180
[  541.410640][T16945]  vivid_s_fmt_vid_cap+0x1a06/0x32d0
[  541.410659][T16945]  ? __asan_memset+0x23/0x50
[  541.410676][T16945]  ? __pfx_vivid_s_fmt_vid_cap+0x10/0x10
[  541.410688][T16945]  fmt_sp2mp_func+0xb1/0x3e0
[  541.410700][T16945]  ? __pfx_fmt_sp2mp_func+0x10/0x10
[  541.410723][T16945]  ? v4l_sanitize_format+0x18d/0x430
[  541.410741][T16945]  vidioc_s_fmt_vid_cap+0xa0/0xe0
[  541.410755][T16945]  vivid_s_fmt_cap+0x76/0xc0
[  541.410767][T16945]  v4l_s_fmt+0x430/0xf30
[  541.410784][T16945]  __video_do_ioctl+0xb3d/0xfc0
[  541.410802][T16945]  ? __might_fault+0xe3/0x190
[  541.410814][T16945]  ? __pfx___video_do_ioctl+0x10/0x10
[  541.410836][T16945]  video_usercopy+0x47c/0x1440
[  541.410846][T16945]  ? __pfx___video_do_ioctl+0x10/0x10
[  541.410863][T16945]  ? __pfx_video_usercopy+0x10/0x10
[  541.410878][T16945]  ? hook_file_ioctl_common+0x145/0x410
[  541.410894][T16945]  v4l2_ioctl+0x1ba/0x250
[  541.410911][T16945]  v4l2_compat_ioctl32+0x214/0x2c0
[  541.410925][T16945]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  541.410940][T16945]  __ia32_compat_sys_ioctl+0x24c/0x360
[  541.410957][T16945]  __do_fast_syscall_32+0x73/0x120
[  541.410974][T16945]  do_fast_syscall_32+0x32/0x80
[  541.410989][T16945]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  541.411002][T16945] RIP: 0023:0xf708e579
[  541.411010][T16945] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  541.411020][T16945] RSP: 002b:00000000f505d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  541.411030][T16945] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000c0d05605
[  541.411036][T16945] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  541.411042][T16945] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  541.411048][T16945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  541.411054][T16945] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  541.411066][T16945]  </TASK>
[  541.411070][T16945] Mem-Info:
[  541.530156][T16945] active_anon:10987 inactive_anon:647 isolated_anon:0
[  541.530156][T16945]  active_file:10078 inactive_file:22927 isolated_file:0
[  541.530156][T16945]  unevictable:1768 dirty:271 writeback:0
[  541.530156][T16945]  slab_reclaimable:5662 slab_unreclaimable:60943
[  541.530156][T16945]  mapped:27638 shmem:5215 pagetables:2618
[  541.530156][T16945]  sec_pagetables:316 bounce:0
[  541.530156][T16945]  kernel_misc_reclaimable:0
[  541.530156][T16945]  free:51930 free_pcp:5096 free_cma:0
[  541.541564][T16948] overlay: Unknown parameter '#'
[  541.543958][T16945] Node 0 active_anon:5468kB inactive_anon:1548kB active_file:1344kB inactive_file:716kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:2072kB dirty:4kB writeback:0kB shmem:5504kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9736kB pagetables:3724kB sec_pagetables:1148kB all_unreclaimable? no Balloon:0kB
[  541.556574][T16945] Node 1 active_anon:38480kB inactive_anon:1040kB active_file:38968kB inactive_file:90992kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:108480kB dirty:1120kB writeback:0kB shmem:15356kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4400kB pagetables:6748kB sec_pagetables:116kB all_unreclaimable? no Balloon:0kB
[  541.570181][T16945] Node 0 DMA free:2104kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:76kB inactive_anon:0kB active_file:0kB inactive_file:32kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:412kB local_pcp:116kB free_cma:0kB
[  541.581341][T16945] lowmem_reserve[]: 0 290 290 290 290
[  541.583090][T16945] Node 0 DMA32 free:20684kB boost:2048kB min:15384kB low:18716kB high:22048kB reserved_highatomic:2048KB active_anon:5392kB inactive_anon:1548kB active_file:1344kB inactive_file:684kB unevictable:3536kB writepending:4kB present:1032196kB managed:297556kB mlocked:0kB bounce:0kB free_pcp:1984kB local_pcp:276kB free_cma:0kB
[  541.592364][T16945] lowmem_reserve[]: 0 0 0 0 0
[  541.593879][T16945] Node 1 DMA32 free:202492kB boost:20480kB min:67628kB low:79412kB high:91196kB reserved_highatomic:8192KB active_anon:38444kB inactive_anon:1036kB active_file:38968kB inactive_file:90992kB unevictable:3536kB writepending:1176kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:992kB local_pcp:32kB free_cma:0kB
[  541.603454][T16945] lowmem_reserve[]: 0 0 0 0 0
[  541.611552][T16945] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 6*16kB (M) 12*32kB (UM) 5*64kB (UM) 0*128kB 1*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2100kB
[  541.617929][T16945] Node 0 DMA32: 184*4kB (UM) 87*8kB (UME) 55*16kB (UME) 89*32kB (UMEH) 33*64kB (UMEH) 36*128kB (UMEH) 14*256kB (UMH) 6*512kB (UMEH) 2*1024kB (ME) 0*2048kB 0*4096kB = 20584kB
[  541.623317][T16945] Node 1 DMA32: 263*4kB (UMEH) 378*8kB (UMEH) 546*16kB (UME) 366*32kB (UMEH) 386*64kB (UME) 121*128kB (UME) 21*256kB (UME) 14*512kB (UME) 22*1024kB (UME) 19*2048kB (UMH) 16*4096kB (UM) = 204236kB
[  541.629449][T16945] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  541.633568][T16945] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  541.638868][T16945] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  541.646274][T16945] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  541.650181][T16945] 38316 total pagecache pages
[  541.652246][T16945] 111 pages in swap cache
[  541.656717][T16945] Free swap  = 121916kB
[  541.658562][T16945] Total swap = 124996kB
[  541.660416][T16945] 524155 pages RAM
[  541.662094][T16945] 0 pages HighMem/MovableOnly
[  541.664160][T16945] 208855 pages reserved
[  541.667252][T16945] 0 pages cma reserved
[  541.999471][T16956] netlink: 872 bytes leftover after parsing attributes in process `syz.3.2393'.
[  543.583706][T16669] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  543.587649][T16669] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  543.591742][T16669] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  543.594736][T16669] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  543.606733][T16669] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  543.751163][T16974] chnl_net:caif_netlink_parms(): no params data found
[  543.815134][   T59] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  543.968944][T16974] bridge0: port 1(bridge_slave_0) entered blocking state
[  543.971101][T16974] bridge0: port 1(bridge_slave_0) entered disabled state
[  543.973107][T16974] bridge_slave_0: entered allmulticast mode
[  543.975889][T16974] bridge_slave_0: entered promiscuous mode
[  543.980325][   T59] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  543.983861][   T59] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  543.986996][   T59] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  543.993816][   T59] usb 5-1: config 0 descriptor??
[  544.006446][T16974] bridge0: port 2(bridge_slave_1) entered blocking state
[  544.008546][T16974] bridge0: port 2(bridge_slave_1) entered disabled state
[  544.010913][T16974] bridge_slave_1: entered allmulticast mode
[  544.014389][T16974] bridge_slave_1: entered promiscuous mode
[  544.099222][T16974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  544.134484][T16974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  544.214953][T16974] team0: Port device team_slave_0 added
[  544.216424][   T59] usbhid 5-1:0.0: can't add hid device: -71
[  544.218946][   T59] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  544.230625][   T59] usb 5-1: USB disconnect, device number 31
[  544.241929][T16974] team0: Port device team_slave_1 added
[  544.297296][T16974] batman_adv: batadv0: Adding interface: batadv_slave_0
[  544.299596][T16974] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  544.307858][T16974] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  544.314494][ T1138] bridge_slave_1: left allmulticast mode
[  544.323777][T16925] Set syz1 is full, maxelem 65536 reached
[  544.324930][ T1138] bridge_slave_1: left promiscuous mode
[  544.330129][ T1138] bridge0: port 2(bridge_slave_1) entered disabled state
[  544.334827][ T1138] bridge_slave_0: left allmulticast mode
[  544.336913][ T1138] bridge_slave_0: left promiscuous mode
[  544.338752][ T1138] bridge0: port 1(bridge_slave_0) entered disabled state
[  544.463431][T16983] FAULT_INJECTION: forcing a failure.
[  544.463431][T16983] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  544.469068][T16983] CPU: 0 UID: 0 PID: 16983 Comm: syz.2.2401 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  544.469103][T16983] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  544.469110][T16983] Call Trace:
[  544.469114][T16983]  <TASK>
[  544.469118][T16983]  dump_stack_lvl+0x16c/0x1f0
[  544.469142][T16983]  should_fail_ex+0x512/0x640
[  544.469161][T16983]  _copy_from_user+0x2e/0xd0
[  544.469179][T16983]  get_compat_msghdr+0xa7/0x170
[  544.469199][T16983]  ? __pfx_get_compat_msghdr+0x10/0x10
[  544.469221][T16983]  ? __lock_acquire+0x5ca/0x1ba0
[  544.469246][T16983]  ___sys_recvmsg+0x191/0x1a0
[  544.469268][T16983]  ? __pfx____sys_recvmsg+0x10/0x10
[  544.469300][T16983]  ? get_pid_task+0xb0/0x250
[  544.469321][T16983]  ? __pfx___might_resched+0x10/0x10
[  544.469344][T16983]  do_recvmmsg+0x568/0x740
[  544.469365][T16983]  ? __pfx_do_recvmmsg+0x10/0x10
[  544.469399][T16983]  ? __fget_files+0x20e/0x3c0
[  544.469417][T16983]  __sys_recvmmsg+0x21c/0x280
[  544.469437][T16983]  ? __pfx___sys_recvmmsg+0x10/0x10
[  544.469459][T16983]  ? __pfx_ksys_write+0x10/0x10
[  544.469474][T16983]  ? rcu_is_watching+0x12/0xc0
[  544.469492][T16983]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  544.469512][T16983]  ? lockdep_hardirqs_on+0x7c/0x110
[  544.469532][T16983]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  544.469554][T16983]  __do_fast_syscall_32+0x73/0x120
[  544.469578][T16983]  do_fast_syscall_32+0x32/0x80
[  544.469599][T16983]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  544.469625][T16983] RIP: 0023:0xf70ce579
[  544.469636][T16983] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  544.469651][T16983] RSP: 002b:00000000f50be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  544.469666][T16983] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800055c0
[  544.469676][T16983] RDX: 000000000400023c RSI: 0000000000000300 RDI: 0000000000000000
[  544.469685][T16983] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  544.469694][T16983] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  544.469704][T16983] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  544.469724][T16983]  </TASK>
[  544.653806][ T1138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  544.655194][   T59] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  544.661524][ T1138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  544.666560][ T1138] bond0 (unregistering): Released all slaves
[  544.685935][T16974] batman_adv: batadv0: Adding interface: batadv_slave_1
[  544.688489][T16974] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  544.705098][T16974] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  544.806818][   T59] usb 5-1: Using ep0 maxpacket: 32
[  544.837465][   T59] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  544.840977][   T59] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  544.841217][T16989] overlayfs: missing 'lowerdir'
[  544.855548][   T59] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.860964][   T59] usb 5-1: config 0 descriptor??
[  544.869905][   T59] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  544.876144][   T59] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  544.876209][T16974] hsr_slave_0: entered promiscuous mode
[  544.886953][T16974] hsr_slave_1: entered promiscuous mode
[  544.895132][T16974] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  544.897621][T16974] Cannot create hsr debugfs directory
[  545.121505][ T1138] hsr_slave_0: left promiscuous mode
[  545.124465][ T1138] hsr_slave_1: left promiscuous mode
[  545.127179][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_0
[  545.130349][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_1
[  545.433487][   T76] usb 5-1: USB disconnect, device number 32
[  545.441996][   T76] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  545.627990][ T5957] Bluetooth: hci3: command tx timeout
[  545.751960][ T1138] team0 (unregistering): Port device team_slave_1 removed
[  545.846946][ T1138] team0 (unregistering): Port device team_slave_0 removed
[  545.935306][T17004] overlayfs: missing 'lowerdir'
[  546.034367][T17007] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2404'.
[  547.048775][T17041] netlink: 'syz.3.2407': attribute type 12 has an invalid length.
[  547.134830][T17044] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2408'.
[  547.202659][T16974] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  547.210843][T16974] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  547.218291][ T1138] IPVS: stop unused estimator thread 0...
[  547.221510][T16974] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  547.240181][T16974] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  547.319684][T16974] 8021q: adding VLAN 0 to HW filter on device bond0
[  547.349145][T16974] 8021q: adding VLAN 0 to HW filter on device team0
[  547.371990][T16974] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  547.376271][T16974] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  547.382509][   T87] bridge0: port 1(bridge_slave_0) entered blocking state
[  547.384670][   T87] bridge0: port 1(bridge_slave_0) entered forwarding state
[  547.680057][   T87] bridge0: port 2(bridge_slave_1) entered blocking state
[  547.683436][   T87] bridge0: port 2(bridge_slave_1) entered forwarding state
[  547.706135][ T5957] Bluetooth: hci3: command tx timeout
[  547.719609][T17070] netlink: 'syz.0.2413': attribute type 12 has an invalid length.
[  547.854287][T16974] 8021q: adding VLAN 0 to HW filter on device batadv0
[  547.869792][T17082] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2414'.
[  547.911907][T16974] veth0_vlan: entered promiscuous mode
[  547.924589][T16974] veth1_vlan: entered promiscuous mode
[  547.946119][T16974] veth0_macvtap: entered promiscuous mode
[  547.952184][T16974] veth1_macvtap: entered promiscuous mode
[  547.964939][T16974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  547.970622][T16974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  547.974427][T16974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  547.978561][T16974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  547.982367][T16974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  548.055310][T16974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  548.060471][T16974] batman_adv: batadv0: Interface activated: batadv_slave_0
[  548.070060][T16974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  548.074168][T16974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  548.078584][T16974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  548.083010][T16974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  548.089369][T16974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  548.093453][T16974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  548.099279][T16974] batman_adv: batadv0: Interface activated: batadv_slave_1
[  548.114527][T16974] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  548.118027][T16974] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  548.121419][T16974] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  548.127778][T16974] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  548.190511][   T87] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  548.193505][   T87] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  548.213308][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  548.217112][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  548.288763][T17098] overlayfs: missing 'lowerdir'
[  548.697956][T17103] overlay: Unknown parameter '#'
[  549.061587][T17111] netlink: 'syz.2.2418': attribute type 12 has an invalid length.
[  549.785169][ T5957] Bluetooth: hci3: command tx timeout
[  549.870096][T17123] netlink: 'syz.1.2421': attribute type 12 has an invalid length.
[  550.578075][T17132] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2424'.
[  550.934514][T17148] netlink: 'syz.1.2427': attribute type 12 has an invalid length.
[  551.180922][T16669] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  551.191090][T16669] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  551.198014][T16669] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  551.202121][T16669] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  551.209428][T16669] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  551.237911][T17155] overlayfs: missing 'lowerdir'
[  551.541277][T17153] chnl_net:caif_netlink_parms(): no params data found
[  551.687242][   T13] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.702072][T17160] netlink: 'syz.3.2430': attribute type 12 has an invalid length.
[  551.748854][   T13] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.810708][T17153] bridge0: port 1(bridge_slave_0) entered blocking state
[  551.813709][T17153] bridge0: port 1(bridge_slave_0) entered disabled state
[  551.816297][T17153] bridge_slave_0: entered allmulticast mode
[  551.818946][T17153] bridge_slave_0: entered promiscuous mode
[  551.826503][   T13] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.857938][T17153] bridge0: port 2(bridge_slave_1) entered blocking state
[  551.860239][T17153] bridge0: port 2(bridge_slave_1) entered disabled state
[  551.863369][T17153] bridge_slave_1: entered allmulticast mode
[  551.865979][ T5957] Bluetooth: hci3: command tx timeout
[  551.870987][T17153] bridge_slave_1: entered promiscuous mode
[  551.929164][T17153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  551.941398][T17153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  551.977917][   T13] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.980614][T17173] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2433'.
[  552.037709][T17153] team0: Port device team_slave_0 added
[  552.048012][T17153] team0: Port device team_slave_1 added
[  552.169617][T17153] batman_adv: batadv0: Adding interface: batadv_slave_0
[  552.172009][T17153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  552.183003][T17153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  552.198306][T17153] batman_adv: batadv0: Adding interface: batadv_slave_1
[  552.200725][T17153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  552.215157][T17153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  552.517765][T17153] hsr_slave_0: entered promiscuous mode
[  552.520468][T17153] hsr_slave_1: entered promiscuous mode
[  552.523496][   T13] bridge_slave_0: left allmulticast mode
[  552.525699][   T13] bridge_slave_0: left promiscuous mode
[  552.527539][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  552.975510][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  552.996578][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  553.006958][   T13] bond0 (unregistering): Released all slaves
[  553.135724][   T13] tipc: Disabling bearer <udp:s>
[  553.140355][   T13] tipc: Left network mode
[  553.236765][ T5957] Bluetooth: hci4: command tx timeout
[  553.361772][   T13] hsr_slave_0: left promiscuous mode
[  553.364766][   T13] hsr_slave_1: left promiscuous mode
[  553.367790][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  553.370982][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  553.374741][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  553.377861][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  553.394151][   T13] veth1_macvtap: left promiscuous mode
[  553.396470][   T13] veth0_macvtap: left promiscuous mode
[  553.398994][   T13] veth1_vlan: left promiscuous mode
[  553.401295][   T13] veth0_vlan: left promiscuous mode
[  553.980283][   T13] team0 (unregistering): Port device team_slave_1 removed
[  554.057222][   T13] team0 (unregistering): Port device team_slave_0 removed
[  554.867074][T17215] netlink: 'syz.1.2439': attribute type 12 has an invalid length.
[  555.011344][T17153] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  555.043553][T17153] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  555.055248][T17153] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  555.060148][T17153] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  555.122444][T17224] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2442'.
[  555.187048][T17153] 8021q: adding VLAN 0 to HW filter on device bond0
[  555.194567][T17153] 8021q: adding VLAN 0 to HW filter on device team0
[  555.212005][T17153] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  555.215581][T17153] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  555.260332][T17204] bridge0: port 1(bridge_slave_0) entered blocking state
[  555.262595][T17204] bridge0: port 1(bridge_slave_0) entered forwarding state
[  555.271562][T17204] bridge0: port 2(bridge_slave_1) entered blocking state
[  555.273829][T17204] bridge0: port 2(bridge_slave_1) entered forwarding state
[  555.305078][ T5957] Bluetooth: hci4: command tx timeout
[  555.330117][   T13] IPVS: stop unused estimator thread 0...
[  555.502366][T17153] 8021q: adding VLAN 0 to HW filter on device batadv0
[  555.559536][T17153] veth0_vlan: entered promiscuous mode
[  555.577525][T17153] veth1_vlan: entered promiscuous mode
[  555.640485][T17153] veth0_macvtap: entered promiscuous mode
[  555.644843][T17153] veth1_macvtap: entered promiscuous mode
[  555.653714][T17153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  555.659168][T17153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  555.663243][T17153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  555.669839][T17153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  555.673810][T17153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  555.678704][T17153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  555.682614][T17153] batman_adv: batadv0: Interface activated: batadv_slave_0
[  555.690353][T17153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  555.693646][T17153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  555.697726][T17153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  555.701607][T17153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  555.704721][T17153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  555.709593][T17153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  555.714654][T17153] batman_adv: batadv0: Interface activated: batadv_slave_1
[  555.725360][T17153] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  555.729071][T17153] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  555.732712][T17153] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  555.737234][T17153] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  555.801455][   T47] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  555.804370][   T47] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  555.829856][T17204] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  555.833240][T17204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  556.002661][T17257] FAULT_INJECTION: forcing a failure.
[  556.002661][T17257] name failslab, interval 1, probability 0, space 0, times 0
[  556.007979][T17257] CPU: 1 UID: 0 PID: 17257 Comm: syz.1.2446 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  556.008014][T17257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  556.008024][T17257] Call Trace:
[  556.008030][T17257]  <TASK>
[  556.008037][T17257]  dump_stack_lvl+0x16c/0x1f0
[  556.008064][T17257]  should_fail_ex+0x512/0x640
[  556.008081][T17257]  ? fs_reclaim_acquire+0xae/0x150
[  556.008106][T17257]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  556.008127][T17257]  should_failslab+0xc2/0x120
[  556.008148][T17257]  __kmalloc_noprof+0xd2/0x510
[  556.008172][T17257]  tomoyo_realpath_from_path+0xc2/0x6e0
[  556.008195][T17257]  ? tomoyo_profile+0x47/0x60
[  556.008221][T17257]  tomoyo_path_number_perm+0x245/0x580
[  556.008246][T17257]  ? tomoyo_path_number_perm+0x237/0x580
[  556.008266][T17257]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  556.008285][T17257]  ? finish_task_switch.isra.0+0x221/0xc10
[  556.008325][T17257]  ? find_held_lock+0x2b/0x80
[  556.008340][T17257]  ? hook_file_ioctl_common+0x145/0x410
[  556.008356][T17257]  ? __fget_files+0x204/0x3c0
[  556.008375][T17257]  ? __fget_files+0x20e/0x3c0
[  556.008387][T17257]  ? __fput_deferred+0x300/0x370
[  556.008410][T17257]  security_file_ioctl_compat+0x9b/0x240
[  556.008432][T17257]  __ia32_compat_sys_ioctl+0xc3/0x360
[  556.008458][T17257]  __do_fast_syscall_32+0x73/0x120
[  556.008482][T17257]  do_fast_syscall_32+0x32/0x80
[  556.008504][T17257]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  556.008522][T17257] RIP: 0023:0xf70fe579
[  556.008534][T17257] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  556.008549][T17257] RSP: 002b:00000000f50ac55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  556.008563][T17257] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000c1205531
[  556.008573][T17257] RDX: 0000000080002680 RSI: 0000000000000000 RDI: 0000000000000000
[  556.008582][T17257] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  556.008591][T17257] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  556.008599][T17257] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  556.008620][T17257]  </TASK>
[  556.008699][T17257] ERROR: Out of memory at tomoyo_realpath_from_path.
[  556.161123][T17260] input: syz0 as /devices/virtual/input/input64
[  556.246790][T17260] xt_hashlimit: invalid interval
[  556.250725][T17263] netlink: 'syz.0.2448': attribute type 12 has an invalid length.
[  556.952523][T17275] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2452'.
[  557.033430][T17278] FAULT_INJECTION: forcing a failure.
[  557.033430][T17278] name failslab, interval 1, probability 0, space 0, times 0
[  557.041411][T17278] CPU: 2 UID: 0 PID: 17278 Comm: syz.2.2453 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  557.041442][T17278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  557.041453][T17278] Call Trace:
[  557.041460][T17278]  <TASK>
[  557.041468][T17278]  dump_stack_lvl+0x16c/0x1f0
[  557.041498][T17278]  should_fail_ex+0x512/0x640
[  557.041525][T17278]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  557.041549][T17278]  should_failslab+0xc2/0x120
[  557.041573][T17278]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  557.041596][T17278]  ? rxrpc_setsockopt+0x43f/0x710
[  557.041618][T17278]  rxrpc_server_keyring+0xfc/0x300
[  557.041639][T17278]  ? __pfx_rxrpc_server_keyring+0x10/0x10
[  557.041658][T17278]  ? __local_bh_enable_ip+0xa4/0x120
[  557.041685][T17278]  rxrpc_setsockopt+0x43f/0x710
[  557.041704][T17278]  ? __pfx_rxrpc_setsockopt+0x10/0x10
[  557.041721][T17278]  ? find_held_lock+0x2b/0x80
[  557.041745][T17278]  ? __pfx_rxrpc_setsockopt+0x10/0x10
[  557.041763][T17278]  do_sock_setsockopt+0x221/0x470
[  557.041791][T17278]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  557.041832][T17278]  __sys_setsockopt+0x120/0x1a0
[  557.041859][T17278]  __ia32_sys_setsockopt+0xbc/0x160
[  557.041880][T17278]  ? lockdep_hardirqs_on+0x7c/0x110
[  557.041904][T17278]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  557.041929][T17278]  __do_fast_syscall_32+0x73/0x120
[  557.041954][T17278]  do_fast_syscall_32+0x32/0x80
[  557.041979][T17278]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  557.042000][T17278] RIP: 0023:0xf704e579
[  557.042015][T17278] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  557.042031][T17278] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  557.042046][T17278] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000110
[  557.042058][T17278] RDX: 0000000000000002 RSI: 0000000080000540 RDI: 00000000000000ca
[  557.042069][T17278] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  557.042080][T17278] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  557.042090][T17278] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  557.042114][T17278]  </TASK>
[  557.138163][    C2] vkms_vblank_simulate: vblank timer overrun
[  557.395178][ T5957] Bluetooth: hci4: command tx timeout
[  559.039965][T16669] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  559.045192][T16669] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  559.049175][T16669] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  559.051698][T16669] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  559.054156][T16669] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  559.234826][T17364] chnl_net:caif_netlink_parms(): no params data found
[  559.444759][T17364] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.447707][T17364] bridge0: port 1(bridge_slave_0) entered disabled state
[  559.450530][T17364] bridge_slave_0: entered allmulticast mode
[  559.453591][T17364] bridge_slave_0: entered promiscuous mode
[  559.475149][T16669] Bluetooth: hci4: command tx timeout
[  559.479205][ T1144] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  559.489444][T17364] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.492087][T17364] bridge0: port 2(bridge_slave_1) entered disabled state
[  559.494360][T17364] bridge_slave_1: entered allmulticast mode
[  559.497690][T17364] bridge_slave_1: entered promiscuous mode
[  559.549155][ T1144] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  559.558466][T17364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  559.564549][T17364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  559.616410][T17364] team0: Port device team_slave_0 added
[  559.629513][ T1144] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  559.711382][T17364] team0: Port device team_slave_1 added
[  559.856105][ T1144] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  559.865584][T17364] batman_adv: batadv0: Adding interface: batadv_slave_0
[  559.867971][T17364] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  559.877012][T17364] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  559.881044][T17364] batman_adv: batadv0: Adding interface: batadv_slave_1
[  559.883216][T17364] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  559.892832][T17364] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  559.948037][T17364] hsr_slave_0: entered promiscuous mode
[  559.951540][T17364] hsr_slave_1: entered promiscuous mode
[  559.954556][T17364] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  559.957986][T17364] Cannot create hsr debugfs directory
[  560.210660][ T1144] bridge_slave_1: left allmulticast mode
[  560.212584][ T1144] bridge_slave_1: left promiscuous mode
[  560.214481][ T1144] bridge0: port 2(bridge_slave_1) entered disabled state
[  560.222988][ T1144] bridge_slave_0: left allmulticast mode
[  560.224860][ T1144] bridge_slave_0: left promiscuous mode
[  560.227099][ T1144] bridge0: port 1(bridge_slave_0) entered disabled state
[  560.742690][ T1144] 
 (unregistering): (slave bond_slave_0): Releasing backup interface
[  560.768896][ T1144] 
 (unregistering): (slave bond_slave_1): Releasing backup interface
[  560.772999][ T1144] 
 (unregistering): Released all slaves
[  560.861901][ T1144] tipc: Left network mode
[  561.017205][T17420] Bluetooth: MGMT ver 1.23
[  561.065099][T16669] Bluetooth: hci0: command tx timeout
[  561.217014][ T1144] hsr_slave_0: left promiscuous mode
[  561.248589][ T1144] hsr_slave_1: left promiscuous mode
[  561.259418][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  561.275627][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  561.278560][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  561.281579][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  561.407406][ T1144] veth1_macvtap: left promiscuous mode
[  561.418111][ T1144] veth0_macvtap: left promiscuous mode
[  561.426582][ T1144] veth1_vlan: left promiscuous mode
[  561.434122][ T1144] veth0_vlan: left promiscuous mode
[  562.272164][ T1414] ieee802154 phy0 wpan0: encryption failed: -22
[  562.274210][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[  562.342426][ T1144] team0 (unregistering): Port device team_slave_1 removed
[  562.413634][ T1144] team0 (unregistering): Port device team_slave_0 removed
[  563.052248][T17442] batadv_slave_1: entered promiscuous mode
[  563.056610][T17447] batadv_slave_1: left promiscuous mode
[  563.145510][T16669] Bluetooth: hci0: command tx timeout
[  563.428214][T17364] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  563.434323][T17364] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  563.440613][T17364] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  563.445962][T17364] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  563.505621][T17364] 8021q: adding VLAN 0 to HW filter on device bond0
[  563.517481][T17364] 8021q: adding VLAN 0 to HW filter on device team0
[  563.524663][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  563.526943][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  563.537017][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  563.539234][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  563.554977][ T1144] IPVS: stop unused estimator thread 0...
[  563.563038][T17364] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  563.649854][T17364] 8021q: adding VLAN 0 to HW filter on device batadv0
[  563.683139][T17364] veth0_vlan: entered promiscuous mode
[  563.693730][T17364] veth1_vlan: entered promiscuous mode
[  563.718574][T17364] veth0_macvtap: entered promiscuous mode
[  563.725259][T17364] veth1_macvtap: entered promiscuous mode
[  563.736917][T17364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  563.740526][T17364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  563.743654][T17364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  563.747936][T17364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  563.751290][T17364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  563.754857][T17364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  563.759915][T17364] batman_adv: batadv0: Interface activated: batadv_slave_0
[  563.770148][T17364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  563.773417][T17364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  563.776936][T17364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  563.780198][T17364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  563.783212][T17364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  563.788766][T17364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  563.793624][T17364] batman_adv: batadv0: Interface activated: batadv_slave_1
[  563.801397][T17364] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  563.804865][T17364] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  563.808387][T17364] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  563.811650][T17364] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  563.851711][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  563.854749][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  563.870829][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  563.873467][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  564.529312][T17502] overlayfs: missing 'lowerdir'
[  565.114242][T17516] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2494'.
[  565.120019][T17516] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2494'.
[  565.129328][T17516] mac80211_hwsim hwsim19 wlan0: entered promiscuous mode
[  565.132737][T17516] macsec1: entered allmulticast mode
[  565.134824][T17516] mac80211_hwsim hwsim19 wlan0: entered allmulticast mode
[  565.227162][T16669] Bluetooth: hci0: command tx timeout
[  565.254852][T17516] mac80211_hwsim hwsim19 wlan0: left allmulticast mode
[  565.258575][T17516] mac80211_hwsim hwsim19 wlan0: left promiscuous mode
[  566.444921][T17541] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2502'.
[  566.506522][T17546] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  566.509450][T17546] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  566.735100][ T5990] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  567.136459][ T5990] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  567.139871][ T5990] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  567.142703][ T5990] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.146449][ T5990] usb 5-1: config 0 descriptor??
[  567.305110][T16669] Bluetooth: hci0: command tx timeout
[  567.355737][ T5990] usbhid 5-1:0.0: can't add hid device: -71
[  567.357715][ T5990] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  567.361172][ T5990] usb 5-1: USB disconnect, device number 33
[  567.895296][   T65] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  568.065185][   T65] usb 5-1: Using ep0 maxpacket: 32
[  568.071940][   T65] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  568.076444][   T65] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  568.080427][   T65] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  568.086084][   T65] usb 5-1: config 0 descriptor??
[  568.091662][   T65] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  568.097369][   T65] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  568.501986][T13294] usb 5-1: USB disconnect, device number 34
[  568.507979][T13294] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  568.568249][T17580] input: syz0 as /devices/virtual/input/input65
[  568.689457][T17580] xt_hashlimit: invalid interval
[  568.939413][T17594] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2509'.
[  569.332033][T17612] overlayfs: missing 'lowerdir'
[  570.575197][T17659] FAULT_INJECTION: forcing a failure.
[  570.575197][T17659] name failslab, interval 1, probability 0, space 0, times 0
[  570.579550][T17659] CPU: 1 UID: 0 PID: 17659 Comm: syz.0.2513 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  570.579576][T17659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  570.579583][T17659] Call Trace:
[  570.579587][T17659]  <TASK>
[  570.579591][T17659]  dump_stack_lvl+0x16c/0x1f0
[  570.579609][T17659]  should_fail_ex+0x512/0x640
[  570.579622][T17659]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  570.579634][T17659]  should_failslab+0xc2/0x120
[  570.579648][T17659]  __kmalloc_cache_noprof+0x6a/0x3e0
[  570.579659][T17659]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  570.579674][T17659]  ? __svc_create+0x5c/0x9f0
[  570.579688][T17659]  ? __pfx_nfsd+0x10/0x10
[  570.579703][T17659]  __svc_create+0x5c/0x9f0
[  570.579718][T17659]  ? __pfx_nfsd+0x10/0x10
[  570.579731][T17659]  svc_create_pooled+0x50e/0x880
[  570.579745][T17659]  ? nfsd_reset_versions+0x86/0x2d0
[  570.579759][T17659]  ? __init_swait_queue_head+0xca/0x150
[  570.579771][T17659]  nfsd_create_serv+0x2b1/0x480
[  570.579803][T17659]  ? __pfx_nfsd_create_serv+0x10/0x10
[  570.579824][T17659]  nfsd_nl_listener_set_doit+0xe5/0x1a40
[  570.579840][T17659]  ? rcu_is_watching+0x12/0xc0
[  570.579851][T17659]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  570.579864][T17659]  ? __nla_parse+0x40/0x60
[  570.579880][T17659]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  570.579898][T17659]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  570.579919][T17659]  genl_family_rcv_msg_doit+0x206/0x2f0
[  570.579937][T17659]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  570.579953][T17659]  ? rcu_is_watching+0x12/0xc0
[  570.579968][T17659]  ? bpf_lsm_capable+0x9/0x10
[  570.579980][T17659]  ? security_capable+0x7e/0x260
[  570.579994][T17659]  genl_rcv_msg+0x55c/0x800
[  570.580005][T17659]  ? __pfx_genl_rcv_msg+0x10/0x10
[  570.580015][T17659]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  570.580028][T17659]  ? __lock_acquire+0xaa4/0x1ba0
[  570.580045][T17659]  netlink_rcv_skb+0x16a/0x440
[  570.580060][T17659]  ? __pfx_genl_rcv_msg+0x10/0x10
[  570.580070][T17659]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  570.580092][T17659]  ? __pfx_down_read+0x10/0x10
[  570.580102][T17659]  ? netlink_deliver_tap+0x1ae/0xd30
[  570.580118][T17659]  genl_rcv+0x28/0x40
[  570.580132][T17659]  netlink_unicast+0x53a/0x7f0
[  570.580153][T17659]  ? __pfx_netlink_unicast+0x10/0x10
[  570.580172][T17659]  netlink_sendmsg+0x8d1/0xdd0
[  570.580189][T17659]  ? __pfx_netlink_sendmsg+0x10/0x10
[  570.580205][T17659]  ? __import_iovec+0x1c8/0x660
[  570.580222][T17659]  ____sys_sendmsg+0xa95/0xc70
[  570.580234][T17659]  ? __pfx_____sys_sendmsg+0x10/0x10
[  570.580243][T17659]  ? get_compat_msghdr+0x11a/0x170
[  570.580263][T17659]  ___sys_sendmsg+0x134/0x1d0
[  570.580277][T17659]  ? __pfx____sys_sendmsg+0x10/0x10
[  570.580309][T17659]  __sys_sendmsg+0x16d/0x220
[  570.580323][T17659]  ? __pfx___sys_sendmsg+0x10/0x10
[  570.580343][T17659]  ? rcu_is_watching+0x12/0xc0
[  570.580355][T17659]  __do_fast_syscall_32+0x73/0x120
[  570.580371][T17659]  do_fast_syscall_32+0x32/0x80
[  570.580386][T17659]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  570.580399][T17659] RIP: 0023:0xf711e579
[  570.580407][T17659] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  570.580417][T17659] RSP: 002b:00000000f50cc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  570.580427][T17659] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000040
[  570.580433][T17659] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  570.580439][T17659] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  570.580445][T17659] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  570.580451][T17659] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  570.580464][T17659]  </TASK>
[  571.166664][T17674] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  571.171677][T17674] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  571.859240][T17705] input: syz0 as /devices/virtual/input/input66
[  571.985172][T17104] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  572.300842][T17104] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  572.312138][T17104] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  572.343591][T17104] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.352965][T17104] usb 6-1: config 0 descriptor??
[  572.574320][T17104] usbhid 6-1:0.0: can't add hid device: -71
[  572.576384][T17104] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  572.587021][T17104] usb 6-1: USB disconnect, device number 26
[  573.324250][T17104] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  573.625195][T17104] usb 6-1: Using ep0 maxpacket: 32
[  573.628418][T17104] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  573.635855][T17104] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  573.638631][T17104] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.655374][T17104] usb 6-1: config 0 descriptor??
[  573.666436][T17104] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  573.675776][T17741] input: syz0 as /devices/virtual/input/input67
[  573.689542][T17104] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  574.081735][T16258] usb 6-1: USB disconnect, device number 27
[  574.088778][T16258] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[  574.146508][T17744] input: syz0 as /devices/virtual/input/input68
[  574.648139][T17760] netlink: 'syz.3.2534': attribute type 1 has an invalid length.
[  574.650653][T17760] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2534'.
[  575.425916][T17767] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  575.433964][T17767] VFS: Can't find a romfs filesystem on dev sr0.
[  575.433964][T17767] 
[  575.583134][T17775] input: syz0 as /devices/virtual/input/input69
[  575.714186][T17784] input: syz0 as /devices/virtual/input/input70
[  576.378957][T17798] netlink: 'syz.0.2545': attribute type 1 has an invalid length.
[  576.381594][T17798] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2545'.
[  576.826137][T17806] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2547'.
[  578.051667][T17833] input: syz0 as /devices/virtual/input/input71
[  578.395183][T16258] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  578.557003][T16258] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  578.561878][T16258] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  578.566169][T16258] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.572808][T16258] usb 5-1: config 0 descriptor??
[  578.806301][T17841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  578.810655][T17841] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  579.078786][T16258] usbhid 5-1:0.0: can't add hid device: -71
[  579.080690][T16258] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  579.095190][T16258] usb 5-1: USB disconnect, device number 35
[  579.460483][T17872] FAULT_INJECTION: forcing a failure.
[  579.460483][T17872] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  579.465657][T17874] input: syz0 as /devices/virtual/input/input72
[  579.468948][T17872] CPU: 3 UID: 0 PID: 17872 Comm: syz.1.2565 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  579.468972][T17872] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  579.468983][T17872] Call Trace:
[  579.468989][T17872]  <TASK>
[  579.468996][T17872]  dump_stack_lvl+0x16c/0x1f0
[  579.469024][T17872]  should_fail_ex+0x512/0x640
[  579.469048][T17872]  _copy_from_iter+0x2a4/0x15b0
[  579.469073][T17872]  ? __alloc_skb+0x200/0x380
[  579.469097][T17872]  ? __pfx__copy_from_iter+0x10/0x10
[  579.469120][T17872]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  579.469152][T17872]  netlink_sendmsg+0x829/0xdd0
[  579.469181][T17872]  ? __pfx_netlink_sendmsg+0x10/0x10
[  579.469206][T17872]  ? __import_iovec+0x1c8/0x660
[  579.469233][T17872]  ____sys_sendmsg+0xa95/0xc70
[  579.469252][T17872]  ? __pfx_____sys_sendmsg+0x10/0x10
[  579.469273][T17872]  ? get_compat_msghdr+0x11a/0x170
[  579.469305][T17872]  ___sys_sendmsg+0x134/0x1d0
[  579.469329][T17872]  ? __pfx____sys_sendmsg+0x10/0x10
[  579.469381][T17872]  __sys_sendmsg+0x16d/0x220
[  579.469404][T17872]  ? __pfx___sys_sendmsg+0x10/0x10
[  579.469437][T17872]  ? rcu_is_watching+0x12/0xc0
[  579.469458][T17872]  __do_fast_syscall_32+0x73/0x120
[  579.469485][T17872]  do_fast_syscall_32+0x32/0x80
[  579.469509][T17872]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  579.469529][T17872] RIP: 0023:0xf70fe579
[  579.469543][T17872] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  579.469559][T17872] RSP: 002b:00000000f50ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  579.469575][T17872] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300
[  579.469586][T17872] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  579.469596][T17872] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  579.469605][T17872] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  579.469614][T17872] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  579.469637][T17872]  </TASK>
[  579.643080][T17884] FAULT_INJECTION: forcing a failure.
[  579.643080][T17884] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  579.647222][T17884] CPU: 2 UID: 0 PID: 17884 Comm: syz.0.2569 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  579.647236][T17884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  579.647243][T17884] Call Trace:
[  579.647247][T17884]  <TASK>
[  579.647250][T17884]  dump_stack_lvl+0x16c/0x1f0
[  579.647269][T17884]  should_fail_ex+0x512/0x640
[  579.647283][T17884]  _copy_to_user+0x32/0xd0
[  579.647298][T17884]  simple_read_from_buffer+0xcb/0x170
[  579.647315][T17884]  proc_fail_nth_read+0x197/0x270
[  579.647331][T17884]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  579.647347][T17884]  ? rw_verify_area+0xcf/0x680
[  579.647363][T17884]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  579.647378][T17884]  vfs_read+0x1de/0xc70
[  579.647390][T17884]  ? __pfx___mutex_lock+0x10/0x10
[  579.647405][T17884]  ? __pfx_vfs_read+0x10/0x10
[  579.647419][T17884]  ? __fget_files+0x20e/0x3c0
[  579.647433][T17884]  ksys_read+0x12a/0x240
[  579.647443][T17884]  ? __pfx_ksys_read+0x10/0x10
[  579.647452][T17884]  ? rcu_is_watching+0x12/0xc0
[  579.647464][T17884]  ? rcu_is_watching+0x12/0xc0
[  579.647476][T17884]  __do_fast_syscall_32+0x73/0x120
[  579.647492][T17884]  do_fast_syscall_32+0x32/0x80
[  579.647507][T17884]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  579.647520][T17884] RIP: 0023:0xf711e579
[  579.647528][T17884] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  579.647538][T17884] RSP: 002b:00000000f510e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  579.647548][T17884] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00000000f510e620
[  579.647554][T17884] RDX: 000000000000000f RSI: 00000000f7482ff4 RDI: 0000000000000000
[  579.647560][T17884] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  579.647566][T17884] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  579.647571][T17884] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  579.647584][T17884]  </TASK>
[  579.915158][T17895] netlink: 'syz.1.2567': attribute type 1 has an invalid length.
[  579.918668][T17895] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2567'.
[  580.923235][T17920] ipvlan2: entered promiscuous mode
[  580.933930][T17920] bridge0: port 3(ipvlan2) entered blocking state
[  580.937531][T17920] bridge0: port 3(ipvlan2) entered disabled state
[  580.940916][T17920] ipvlan2: entered allmulticast mode
[  580.942668][T17920] bridge0: entered allmulticast mode
[  580.951495][T17920] ipvlan2: left allmulticast mode
[  580.953173][T17920] bridge0: left allmulticast mode
[  580.998703][T17922] input: syz0 as /devices/virtual/input/input74
[  581.091367][T17927] team_slave_0: entered promiscuous mode
[  581.093286][T17927] team_slave_1: entered promiscuous mode
[  581.095781][T17927] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  581.100739][T17927] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  581.325720][T17934] tipc: Failed to remove unknown binding: 66,1,1/0:2263020386/2263020388
[  581.329769][T17934] tipc: Failed to remove unknown binding: 66,1,1/0:2263020386/2263020388
[  581.709431][T17946] netlink: 'syz.3.2583': attribute type 1 has an invalid length.
[  581.711999][T17946] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2583'.
[  582.370249][T17956] netlink: 'syz.2.2585': attribute type 1 has an invalid length.
[  582.372831][T17956] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2585'.
[  582.610762][T17965] input: syz0 as /devices/virtual/input/input75
[  582.817429][T17968] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2587'.
[  583.487347][T17978] netlink: 'syz.2.2592': attribute type 2 has an invalid length.
[  583.497378][T17978] : entered promiscuous mode
[  583.646950][T17983] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.2594'.
[  583.989676][T17991] netlink: 'syz.1.2595': attribute type 12 has an invalid length.
[  584.555160][   T10] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  584.640917][T18001] input: syz0 as /devices/virtual/input/input76
[  584.761356][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  584.765988][   T10] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  584.768832][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  584.784349][   T10] usb 7-1: config 0 descriptor??
[  584.951624][T18006] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2600'.
[  585.033739][T18014] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2602'.
[  585.090894][T17994] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  585.097499][T17994] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  585.306737][   T10] usbhid 7-1:0.0: can't add hid device: -71
[  585.308722][   T10] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  585.312142][   T10] usb 7-1: USB disconnect, device number 28
[  586.585047][T18034] netlink: 'syz.1.2608': attribute type 12 has an invalid length.
[  586.972639][T18045] input: syz0 as /devices/virtual/input/input78
[  588.252582][T18073] tipc: Failed to remove unknown binding: 66,1,1/0:3604886314/3604886316
[  588.256238][T18073] tipc: Failed to remove unknown binding: 66,1,1/0:3604886314/3604886316
[  588.394105][   T44] BUG: sleeping function called from invalid context at mm/util.c:743
[  588.399241][   T44] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 44, name: kcompactd0
[  588.404209][   T44] preempt_count: 1, expected: 0
[  588.406433][   T44] RCU nest depth: 0, expected: 0
[  588.408494][   T44] 1 lock held by kcompactd0/44:
[  588.410547][   T44]  #0: ffff88801dc25a48 (&mapping->i_private_lock){+.+.}-{3:3}, at: __buffer_migrate_folio+0x25b/0x690
[  588.414896][   T44] Preemption disabled at:
[  588.414905][   T44] [<0000000000000000>] 0x0
[  588.418737][   T44] CPU: 2 UID: 0 PID: 44 Comm: kcompactd0 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  588.418759][   T44] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  588.418770][   T44] Call Trace:
[  588.418776][   T44]  <TASK>
[  588.418784][   T44]  dump_stack_lvl+0x16c/0x1f0
[  588.418811][   T44]  __might_resched+0x3c0/0x5e0
[  588.418833][   T44]  ? __pfx___might_resched+0x10/0x10
[  588.418858][   T44]  folio_mc_copy+0xfb/0x190
[  588.418887][   T44]  __migrate_folio.constprop.0+0xa1/0x3d0
[  588.418915][   T44]  __buffer_migrate_folio+0x5cd/0x690
[  588.418943][   T44]  ? __pfx_buffer_migrate_folio_norefs+0x10/0x10
[  588.418968][   T44]  move_to_new_folio+0x1d9/0x700
[  588.418994][   T44]  migrate_pages_batch+0x201d/0x31a0
[  588.419023][   T44]  ? __pfx_compaction_free+0x10/0x10
[  588.419048][   T44]  ? __pfx_migrate_pages_batch+0x10/0x10
[  588.419082][   T44]  migrate_pages_sync+0x12d/0x8a0
[  588.419107][   T44]  ? __pfx_compaction_alloc+0x10/0x10
[  588.419124][   T44]  ? __pfx_compaction_free+0x10/0x10
[  588.419146][   T44]  ? __pfx_migrate_pages_sync+0x10/0x10
[  588.419189][   T44]  migrate_pages+0x1b28/0x2350
[  588.419215][   T44]  ? __pfx_compaction_alloc+0x10/0x10
[  588.419229][   T44]  ? __pfx_compaction_free+0x10/0x10
[  588.419252][   T44]  ? __pfx_migrate_pages+0x10/0x10
[  588.419281][   T44]  ? __pfx_isolate_migratepages_block+0x10/0x10
[  588.419303][   T44]  ? __pfx___might_resched+0x10/0x10
[  588.419327][   T44]  compact_zone+0x1f6c/0x45f0
[  588.419355][   T44]  ? __lock_acquire+0xaa4/0x1ba0
[  588.419388][   T44]  ? __pfx_compact_zone+0x10/0x10
[  588.419416][   T44]  compact_node+0x1a4/0x2d0
[  588.419436][   T44]  ? __pfx_compact_node+0x10/0x10
[  588.419452][   T44]  ? __pfx___might_resched+0x10/0x10
[  588.419488][   T44]  ? __pfx_extfrag_for_order+0x10/0x10
[  588.419510][   T44]  ? rcu_is_watching+0x12/0xc0
[  588.419532][   T44]  kcompactd+0x762/0xea0
[  588.419554][   T44]  ? __pfx_kcompactd+0x10/0x10
[  588.419569][   T44]  ? find_held_lock+0x2b/0x80
[  588.419591][   T44]  ? __pfx_autoremove_wake_function+0x10/0x10
[  588.419613][   T44]  ? lockdep_hardirqs_on+0x7c/0x110
[  588.419656][   T44]  ? __kthread_parkme+0x19e/0x250
[  588.419680][   T44]  ? __pfx_kcompactd+0x10/0x10
[  588.419699][   T44]  kthread+0x3c2/0x780
[  588.419723][   T44]  ? __pfx_kthread+0x10/0x10
[  588.419745][   T44]  ? __pfx_kthread+0x10/0x10
[  588.419768][   T44]  ? __pfx_kthread+0x10/0x10
[  588.419788][   T44]  ? __pfx_kthread+0x10/0x10
[  588.419811][   T44]  ? rcu_is_watching+0x12/0xc0
[  588.419830][   T44]  ? __pfx_kthread+0x10/0x10
[  588.419855][   T44]  ret_from_fork+0x45/0x80
[  588.419873][   T44]  ? __pfx_kthread+0x10/0x10
[  588.419897][   T44]  ret_from_fork_asm+0x1a/0x30
[  588.419933][   T44]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  589.161543][   T87] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.272147][   T87] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.336805][   T87] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.413791][   T87] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.545321][   T87] bridge_slave_1: left allmulticast mode
[  589.547803][   T87] bridge_slave_1: left promiscuous mode
[  589.549664][   T87] bridge0: port 2(bridge_slave_1) entered disabled state
[  589.557171][   T87] bridge_slave_0: left allmulticast mode
[  589.559530][   T87] bridge_slave_0: left promiscuous mode
[  589.562710][   T87] bridge0: port 1(bridge_slave_0) entered disabled state
[  589.905818][   T87] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  589.910458][   T87] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  589.913923][   T87] bond0 (unregistering): Released all slaves
[  590.270417][   T87] hsr_slave_0: left promiscuous mode
[  590.272692][   T87] hsr_slave_1: left promiscuous mode
[  590.274868][   T87] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  590.278366][   T87] batman_adv: batadv0: Removing interface: batadv_slave_0
[  590.281904][   T87] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  590.284575][   T87] batman_adv: batadv0: Removing interface: batadv_slave_1
[  590.303689][   T87] veth1_macvtap: left promiscuous mode
[  590.307221][   T87] veth0_macvtap: left promiscuous mode
[  590.309039][   T87] veth1_vlan: left promiscuous mode
[  590.310718][   T87] veth0_vlan: left promiscuous mode
[  590.886134][   T87] team0 (unregistering): Port device team_slave_1 removed
[  590.952049][   T87] team0 (unregistering): Port device team_slave_0 removed
[  591.858566][   T87] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  591.921371][   T87] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  592.000094][   T87] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  592.068046][   T87] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  592.192973][   T87] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  592.260375][   T87] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  592.336889][   T87] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  592.396711][   T87] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  592.504187][   T87] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  592.577625][   T87] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  592.635990][   T87] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  592.707625][   T87] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  592.845532][   T87] bridge_slave_1: left allmulticast mode
[  592.847360][   T87] bridge_slave_1: left promiscuous mode
[  592.849204][   T87] bridge0: port 2(bridge_slave_1) entered disabled state
[  592.853239][   T87] bridge_slave_0: left allmulticast mode
[  592.855718][   T87] bridge_slave_0: left promiscuous mode
[  592.857807][   T87] bridge0: port 1(bridge_slave_0) entered disabled state
[  592.861912][   T87] bridge_slave_1: left allmulticast mode
[  592.863700][   T87] bridge_slave_1: left promiscuous mode
[  592.867390][   T87] bridge0: port 2(bridge_slave_1) entered disabled state
[  592.872639][   T87] bridge_slave_0: left allmulticast mode
[  592.874433][   T87] bridge_slave_0: left promiscuous mode
[  592.876998][   T87] bridge0: port 1(bridge_slave_0) entered disabled state
[  592.881671][   T87] bridge_slave_1: left allmulticast mode
[  592.883469][   T87] bridge_slave_1: left promiscuous mode
[  592.885559][   T87] bridge0: port 2(bridge_slave_1) entered disabled state
[  592.889450][   T87] bridge_slave_0: left allmulticast mode
[  592.891829][   T87] bridge_slave_0: left promiscuous mode
[  592.894286][   T87] bridge0: port 1(bridge_slave_0) entered disabled state
[  593.577987][   T87] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  593.582882][   T87] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  593.588720][   T87] bond0 (unregistering): (slave macvlan2): Releasing backup interface
[  593.592851][   T87] team_slave_0: left promiscuous mode
[  593.595239][   T87] team_slave_1: left promiscuous mode
[  593.604918][   T87] bond0 (unregistering): Released all slaves
[  593.687159][   T87] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  593.692737][   T87] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  593.697967][   T87] bond0 (unregistering): Released all slaves
[  593.779344][   T87] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  593.785103][   T87] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  593.789673][   T87] bond0 (unregistering): Released all slaves
[  593.890267][   T87] : left promiscuous mode
[  594.428553][   T87] hsr_slave_0: left promiscuous mode
[  594.431352][   T87] hsr_slave_1: left promiscuous mode
[  594.433581][   T87] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  594.437357][   T87] batman_adv: batadv0: Removing interface: batadv_slave_0
[  594.440831][   T87] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  594.443893][   T87] batman_adv: batadv0: Removing interface: batadv_slave_1
[  594.454495][   T87] hsr_slave_0: left promiscuous mode
[  594.458669][   T87] hsr_slave_1: left promiscuous mode
[  594.461420][   T87] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  594.464506][   T87] batman_adv: batadv0: Removing interface: batadv_slave_0
[  594.468372][   T87] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  594.471432][   T87] batman_adv: batadv0: Removing interface: batadv_slave_1
[  594.481433][   T87] hsr_slave_0: left promiscuous mode
[  594.484267][   T87] hsr_slave_1: left promiscuous mode
[  594.487381][   T87] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  594.490456][   T87] batman_adv: batadv0: Removing interface: batadv_slave_0
[  594.494099][   T87] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  594.497331][   T87] batman_adv: batadv0: Removing interface: batadv_slave_1
[  594.573247][   T87] veth1_macvtap: left promiscuous mode
[  594.576261][   T87] veth0_macvtap: left promiscuous mode
[  594.578152][   T87] veth1_vlan: left promiscuous mode
[  594.580033][   T87] veth0_vlan: left promiscuous mode
[  594.583171][   T87] veth1_macvtap: left promiscuous mode
[  594.586881][   T87] veth0_macvtap: left promiscuous mode
[  594.589065][   T87] veth1_vlan: left promiscuous mode
[  594.590779][   T87] veth0_vlan: left promiscuous mode
[  594.593345][   T87] veth1_macvtap: left promiscuous mode
[  594.595811][   T87] veth0_macvtap: left promiscuous mode
[  594.597610][   T87] veth1_vlan: left promiscuous mode
[  594.599305][   T87] veth0_vlan: left promiscuous mode
[  595.327776][   T87] team0 (unregistering): Port device team_slave_1 removed
[  595.391188][   T87] team0 (unregistering): Port device team_slave_0 removed
[  596.377079][   T87] team0 (unregistering): Port device team_slave_1 removed
[  596.441579][   T87] team0 (unregistering): Port device team_slave_0 removed
[  597.499499][   T87] team0 (unregistering): Port device team_slave_1 removed
[  597.567179][   T87] team0 (unregistering): Port device team_slave_0 removed

VM DIAGNOSIS:
13:47:23  Registers:
info registers vcpu 0

CPU#0
RAX=0000000002317f27 RBX=0000000000000000 RCX=ffffffff8b6f13e9 RDX=0000000000000000
RSI=ffffffff8dbe98c0 RDI=ffffffff8bf44f40 RBP=fffffbfff1c12ee8 RSP=ffffffff8e007e10
R8 =0000000000000001 R9 =ffffed10056465bd R10=ffff88802b232deb R11=0000000000000000
R12=0000000000000000 R13=ffffffff8e097740 R14=ffffffff90866910 R15=0000000000000000
RIP=ffffffff8b6efc7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977bf000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c2a9ecb CR3=000000005d498000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000039820f9 RBX=0000000000000001 RCX=ffffffff8b6f13e9 RDX=0000000000000000
RSI=ffffffff8dbe98c0 RDI=ffffffff8bf44f40 RBP=ffffed1003b55488 RSP=ffffc9000046fdc8
R8 =0000000000000001 R9 =ffffed10056665bd R10=ffff88802b332deb R11=0000000000000000
R12=0000000000000001 R13=ffff88801daaa440 R14=ffffffff90866910 R15=0000000000000000
RIP=ffffffff81001530 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880978bf000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080031000 CR3=0000000069d2a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000000003a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff854afb45 RDI=ffffffff9ae0cb80 RBP=ffffffff9ae0cb40 RSP=ffffc900006fee90
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=000000000000003a R14=ffffffff9ae0cb40 R15=ffffffff854afae0
RIP=ffffffff854afb6f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880979bf000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080003000 CR3=000000006d9ea000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=00000000fee0000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000001 RBX=ffff88806a995b90 RCX=ffffffff822922d8 RDX=ffffed100d532b76
RSI=0000000000000004 RDI=ffff88806a995bac RBP=00000000000005cc RSP=ffffc900076eef80
R8 =0000000000000001 R9 =ffffed100d532b75 R10=ffff88806a995baf R11=0000000000000000
R12=1ffff92000edddf6 R13=ffff88806a995bac R14=0000000000000001 R15=0000000000000000
RIP=ffffffff822922e0 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097abf000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000030811ffc CR3=0000000052240000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000