last executing test programs:

1m21.907945167s ago: executing program 1 (id=251):
r0 = socket$igmp(0x2, 0x3, 0x2)
fcntl$setstatus(r0, 0x4, 0x2c00)
sendto$inet(r0, 0x0, 0x0, 0x4, &(0x7f0000001080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) (fail_nth: 2)

1m21.770566121s ago: executing program 1 (id=252):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000480)=ANY=[@ANYRES32, @ANYBLOB="42df81b39d8e289e2249"], &(0x7f0000000440)='GPL\x00', 0x100002, 0xba, &(0x7f00000004c0)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r5, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000000080)='D', 0x1, 0x4014, 0x0, 0x0)
shutdown(r5, 0x0)
splice(r0, 0x0, r4, 0x0, 0xbb2b, 0x10)
ioctl$I2C_RETRIES(0xffffffffffffffff, 0x701, 0xa)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
connect$l2tp6(r6, &(0x7f0000000240)={0xa, 0x0, 0x3, @private1={0xfc, 0x1, '\x00', 0x20}, 0xa}, 0x20)
socket(0x10, 0x80002, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010e7010000000000000000000000000a20000000000a03000000000000000000070000000c00044000000000000000021c000000090a010400000000000000000700"], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000340), 0x1ff, 0x80800)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r7, 0xc01064c8, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000100)=[0x0, <r8=>0x0]})
mkdir(&(0x7f0000000280)='./file0\x00', 0x4)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010007000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000048000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140000100075c0000000e0a01020000080000000000010000000900020073797a32000000000900010073797a30"], 0xec}, 0x1, 0x0, 0x0, 0x4004}, 0x40)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r7, 0xc04064aa, &(0x7f00000002c0)={&(0x7f00000010c0)=[0x0], 0x0, r8, 0x0, '\x00', 0x1})

1m20.790880104s ago: executing program 1 (id=261):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newrule={0x2c, 0x20, 0x2d2c6d60ea1da725, 0x70bd27, 0x25dfdbfd, {0xa, 0x0, 0x0, 0xcd, 0xff, 0x0, 0x0, 0x1, 0x10002}, [@FIB_RULE_POLICY=@FRA_PRIORITY={0x8}, @FIB_RULE_POLICY=@FRA_FWMARK={0x8, 0xa, 0xfffffff9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040090}, 0x40000)

1m20.790440822s ago: executing program 1 (id=262):
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
mkdir(&(0x7f0000000080)='./file1\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000040)='./file1\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f0000000580), 0x24, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200)
chdir(&(0x7f0000000100)='./file0\x00')
r1 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$KDENABIO(r1, 0x4b36)
r2 = openat$dlm_plock(0xffffff9c, &(0x7f0000000040), 0x230040, 0x0)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x5c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3, 0x0, 0x6}, [@IPSET_ATTR_ADT={0x38, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0x3356}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAME={0x9, 0x12, 'syz1\x00'}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e24}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x3}}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x4}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000004)
r3 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
unlink(&(0x7f0000000000)='./file1\x00')
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f0000006300)={0x2020, 0x0, <r5=>0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r4, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x19}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
fcntl$lock(r7, 0x6, &(0x7f0000000000)={0x1, 0x0, 0x7, 0x2, r6})
write$binfmt_elf64(r3, &(0x7f0000000040)=ANY=[], 0x509)
close(r3)

1m17.6410239s ago: executing program 1 (id=284):
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000001180)='./bus\x00')
open$dir(&(0x7f0000000100)='./file0\x00', 0x15b800, 0x0)
rmdir(&(0x7f0000000440)='./file0\x00')
open(&(0x7f0000000140)='./file0\x00', 0x0, 0x1) (fail_nth: 2)

1m17.200913562s ago: executing program 1 (id=285):
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)={0x14, 0x1, 0x4, 0x101, 0x0, 0x0, {0x0, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x20000000)

1m17.147565949s ago: executing program 32 (id=285):
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)={0x14, 0x1, 0x4, 0x101, 0x0, 0x0, {0x0, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x20000000)

7.320058482s ago: executing program 0 (id=663):
setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$unix(0x1, 0x5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000100)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000180)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r6, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x10, &(0x7f0000006000)=[@in={0x2, 0x0, @local}]}, &(0x7f0000005ec0)=0x10)
getsockopt$inet_sctp6_SCTP_RTOINFO(r6, 0x84, 0x85, &(0x7f0000005f40)={r7}, &(0x7f0000005e80)=0xfc9e)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r5})
close_range(r1, 0xffffffffffffffff, 0x0)

6.355511011s ago: executing program 0 (id=667):
prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000001140)=@base={0x5, 0x10001, 0x7fff, 0x202, 0x1}, 0x50)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100000010010000010000008c0fbd205e6d"], 0x10}, 0x8000)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x300}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864d0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vcsa(0xffffff9c, &(0x7f0000000180), 0x801, 0x0)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
mount(&(0x7f0000000280)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000300)='msdos\x00', 0x4404a, 0x0)
ioctl$FS_IOC_SETFLAGS(r6, 0x40186f40, &(0x7f0000000440)=0x1f)

5.610857448s ago: executing program 4 (id=669):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
syz_io_uring_setup(0x8eb, &(0x7f0000000140)={0x0, 0xe2ec, 0x400, 0xeffffffb, 0x330}, 0x0, &(0x7f0000ff4000))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@var={0x0, 0x21}]}}, 0x0, 0x2a}, 0x20)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000480)={0x0, 0xfb8d, 0x1000, 0x10000001, 0xffdffffd}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000340)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x81}})
io_uring_enter(r1, 0x47f6, 0xffffffff, 0x4a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, 0x0, &(0x7f0000000480)='syzkaller\x00'}, 0x94)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x14, 0x0, &(0x7f00000001c0)=[@request_death, @exit_looper], 0x0, 0x0, 0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r4)
sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r5, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r6=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r7, 0x0, 0x0)
syz_usb_control_io(r7, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0)

5.418408852s ago: executing program 3 (id=670):
setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$unix(0x1, 0x5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000100)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000180)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r6, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x10, &(0x7f0000006000)=[@in={0x2, 0x0, @local}]}, &(0x7f0000005ec0)=0x10)
getsockopt$inet_sctp6_SCTP_RTOINFO(r6, 0x84, 0x85, &(0x7f0000005f40)={r7}, &(0x7f0000005e80)=0xfc9e)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r5})
close_range(r1, 0xffffffffffffffff, 0x0)

4.77926762s ago: executing program 0 (id=671):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x25)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_GET_MAP_INFO(0x3, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = socket$inet6(0xa, 0x1, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000000)={0x500, 0x0, 0x0}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
openat$ptmx(0xffffff9c, 0x0, 0x200, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x3, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000), 0xffffff6a)

4.475578089s ago: executing program 3 (id=673):
setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$unix(0x1, 0x5, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000100)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r5})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000180)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, <r6=>0xffffffffffffffff})
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r7, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={<r8=>0x0, 0x10, &(0x7f0000006000)=[@in={0x2, 0x0, @local}]}, &(0x7f0000005ec0)=0x10)
getsockopt$inet_sctp6_SCTP_RTOINFO(r7, 0x84, 0x85, &(0x7f0000005f40)={r8}, &(0x7f0000005e80)=0xfc9e)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6})
close_range(r2, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$bt_BT_VOICE(r0, 0x12, 0xb, 0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)

3.630590525s ago: executing program 0 (id=674):
fsopen(&(0x7f0000000080)='sysfs\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x101002, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000740)=0xe)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000340)=0xff)
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
ioctl$sock_ifreq(r2, 0x8971, &(0x7f0000000240)={'bridge0\x00', @ifru_ivalue=0x7ff})
syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010028bd7000fddbdf4b3c5ec2130a250700", @ANYRES32=0x0, @ANYBLOB="0c009900ff0700005d000000"], 0x28}}, 0x24044884)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2={0xff, 0x3}}, 0x1c)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000002840)={0x1, &(0x7f0000000100)=[{0x80000006, 0x0, 0x0, 0x4}]}, 0x8)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r6, 0xae80, 0x0)

3.525193569s ago: executing program 3 (id=675):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffb6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x4044801)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000cc0)={0x3, @pix={0x4b4c, 0x8, 0x355e4756, 0x0, 0x2, 0x7, 0xe1a25934a40398d7, 0x5, 0x1, 0x2, 0x2, 0x4}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffffffffffc71, &(0x7f00000000c0)=0xfffffffffffffffd)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000140)='./file1\x00', 0x2401c2, 0x0)
ftruncate(r1, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f0000000bc0), 0x0, 0x12113, 0x0)
sendfile(r2, 0xffffffffffffffff, 0x0, 0x578410eb)
socket$kcm(0x10, 0x2, 0x0)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/time\x00')
ioctl$TUNGETVNETHDRSZ(r4, 0x8004b707, 0x0)
acct(0x0)
acct(0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8)

3.490781765s ago: executing program 2 (id=676):
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0)
r0 = socket(0xa, 0x3, 0x3a)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r3, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r3, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd})
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x80000000)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_udp_encap(r4, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000600)=ANY=[@ANYRES64=r0, @ANYRES32, @ANYBLOB="0000000000000065fdc0d8e7c27bd1007b8af8ff00000000bfa200000000000007020000a359853364f8ffffffb703000008000000b704000001000000850063d2030000009500000000000000d8830623fec108fb3ca12a166bc63b267671f01b2916cbb3a316e01b9509c625baaf0cea6def6b1e2f884a8b49ad329f7c846ebddadbef7c94667fe80bc07e131ef5616a7885c065e7442c79c5dfeb1891f41c3732c26f37bab99fc89b3446ec21f6129600ad48f7cc18148c707037b34e5bd20fdc08663c3c49a9027b9fbf121f9b85937ff12db5165d2aa6bfb6c1a07724138d76fbe4c811e5a52c49de2e7970413db37939a02ae267c9dff0e1bd58bcbf409a3a02ee66f1f6c145a7b1ba660dee10748e0a05e05f10fc7b3493327b1d7df88873ee00cbb10b273353101a1402771dbdc068c4b1a16048d6525bc9552772a27887163e7cbb2c214b26339d9a14ba08d672c68fffb59b16b8fd3eb96098122dc4b4c72ced608309fad62ac920f9a9c3026f67ec50773ed34bb9cd69d7b562d5cbd6d725d215b863d79407e25777c4e782590d6d5c3d0300000000000000e28aa5a5d19505e34fbfa63d64054600000000"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0b00000008000000000400000900000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)={<r6=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r6, 0x1, 0x1d, &(0x7f00000001c0), 0x4)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x1}}, 0x40)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00', <r7=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010000304000000000000000000000400", @ANYRES32=0x0, @ANYBLOB="00a30000000000c851368b800b0001006d616373656300001800028005000900010000000c0001000d0000000000000008000500", @ANYRES32=r7, @ANYBLOB], 0x50}, 0x1, 0x0, 0x0, 0x24008000}, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000340)={'pim6reg\x00', 0x2})
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x4, 0x1, 0x4}, 0xc)

3.120246199s ago: executing program 4 (id=677):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0xc95e})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
r1 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e23, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c)
writev(r1, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
syz_clone3(&(0x7f0000000300)={0x4100, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, 0x0}, 0x58)

2.852046387s ago: executing program 3 (id=679):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x18)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0, 0x40}}, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r5 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002)
write$binfmt_aout(r5, &(0x7f0000000100)=ANY=[@ANYBLOB="03010000b5"], 0xc8)
socket$inet6(0xa, 0x800, 0x7c)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES32=r6, @ANYBLOB="0000000000000000b70200f9ffffffffffffff008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r7}, 0x10)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x2010, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1)
setrlimit(0x6, &(0x7f0000000000)={0x10000000000b35d, 0x800000b35d})
mlockall(0x1)
mlockall(0x3)
socket$nl_generic(0x10, 0x3, 0x10)

2.669716884s ago: executing program 4 (id=680):
prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000001140)=@base={0x5, 0x10001, 0x7fff, 0x202, 0x1}, 0x50)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100000010010000010000008c0fbd205e6d"], 0x10}, 0x8000)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x300}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864d0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vcsa(0xffffff9c, &(0x7f0000000180), 0x801, 0x0)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
mount(&(0x7f0000000280)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000300)='msdos\x00', 0x4404a, 0x0)
ioctl$FS_IOC_SETFLAGS(r6, 0x40186f40, &(0x7f0000000440)=0x1f)

2.612682103s ago: executing program 2 (id=681):
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x10}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1d, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x6}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)="cc", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)}}], 0x2, 0x4048884)
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x38, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x8, @private1, 0x1}, 0x1c)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x2d, &(0x7f00000001c0)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000002c0)={0xffffffff, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r5, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r5, 0x402c5342, &(0x7f0000000040)={0x0, 0x7a124, 0x60, {0x0, 0x100}})
socket(0x2, 0x80805, 0x0)
r6 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e20, 0x9c000000, @ipv4={'\x00', '\xff\xff', @remote}, 0x1df}}, 0x80, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="100000001001000001000000dc0000007f3cfb59e02552e4886e81e9ae9b60939ab0d406acd6f45c6f2cc8e94422b5dc1b58f660ca66ccc8182adc6a1ad8893ae7abb9e5289cf3881851cadc9f3e12d26ee8c2802576eeda88eb481c303b60dbf9afb2515040718a77addccad274e689df2088b676e74fbb65f8ae344c6db17c1536839e4a067118773cd34de900b0bcd51010516f7f057a7289c58f31554c95adcf2019fcc61ebf89bb1e90770bf5529ab0b02ea96d3b3412aef192a179a4db4b522d00000000"], 0x10}, 0x40)

1.972419157s ago: executing program 0 (id=682):
setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$unix(0x1, 0x5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000100)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000180)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r6, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x10, &(0x7f0000006000)=[@in={0x2, 0x0, @local}]}, &(0x7f0000005ec0)=0x10)
getsockopt$inet_sctp6_SCTP_RTOINFO(r6, 0x84, 0x85, &(0x7f0000005f40)={r7}, &(0x7f0000005e80)=0xfc9e)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r5})
close_range(r1, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)

1.599691744s ago: executing program 2 (id=683):
openat$audio1(0xffffff9c, &(0x7f0000000280), 0x6ac581, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x200, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x4f}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x4, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x0, 0x0, 0x2}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x6, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000003c0), 0x1, 0x8000)
ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f0000000400)=0x9)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x23010, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000d00)={[&(0x7f0000000840)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000240)=[@mss, @window={0x3, 0x0, 0x1}, @mss={0x2, 0x1}, @mss={0x2, 0x1}, @window, @timestamp, @window={0x3, 0xfff5, 0x8}], 0x7)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x736, 0x0, 0xfffffffffffffd25)
shutdown(r4, 0x1)

1.419696627s ago: executing program 4 (id=684):
setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$unix(0x1, 0x5, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000100)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r5})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000180)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, <r6=>0xffffffffffffffff})
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r7, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={<r8=>0x0, 0x10, &(0x7f0000006000)=[@in={0x2, 0x0, @local}]}, &(0x7f0000005ec0)=0x10)
getsockopt$inet_sctp6_SCTP_RTOINFO(r7, 0x84, 0x85, &(0x7f0000005f40)={r8}, &(0x7f0000005e80)=0xfc9e)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6})
close_range(r2, 0xffffffffffffffff, 0x0)
setsockopt$bt_BT_VOICE(r0, 0x12, 0xb, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)

1.040078686s ago: executing program 3 (id=685):
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x10}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1d, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x6}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)="cc", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)}}], 0x2, 0x4048884)
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x38, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x8, @private1, 0x1}, 0x1c)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x2d, &(0x7f00000001c0)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000002c0)={0xffffffff, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r5, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r5, 0x402c5342, &(0x7f0000000040)={0x0, 0x7a124, 0x60, {0x0, 0x100}})
socket(0x2, 0x80805, 0x0)
r6 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e20, 0x9c000000, @ipv4={'\x00', '\xff\xff', @remote}, 0x1df}}, 0x80, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="100000001001000001000000dc0000007f3cfb59e02552e4886e81e9ae9b60939ab0d406acd6f45c6f2cc8e94422b5dc1b58f660ca66ccc8182adc6a1ad8893ae7abb9e5289cf3881851cadc9f3e12d26ee8c2802576eeda88eb481c303b60dbf9afb2515040718a77addccad274e689df2088b676e74fbb65f8ae344c6db17c1536839e4a067118773cd34de900b0bcd51010516f7f057a7289c58f31554c95adcf2019fcc61ebf89bb1e90770bf5"], 0x10}, 0x40)

974.299998ms ago: executing program 0 (id=686):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
syz_io_uring_setup(0x8eb, &(0x7f0000000140)={0x0, 0xe2ec, 0x400, 0xeffffffb, 0x330}, 0x0, &(0x7f0000ff4000))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@var={0x0, 0x21}]}}, 0x0, 0x2a}, 0x20)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000480)={0x0, 0xfb8d, 0x1000, 0x10000001, 0xffdffffd}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000340)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x81}})
io_uring_enter(r1, 0x47f6, 0xffffffff, 0x4a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, 0x0, &(0x7f0000000480)='syzkaller\x00'}, 0x94)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x14, 0x0, &(0x7f00000001c0)=[@request_death, @exit_looper], 0x0, 0x0, 0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r4)
sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r5, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r6=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r7, 0x0, 0x0)
syz_usb_control_io(r7, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0)

672.841577ms ago: executing program 2 (id=687):
setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$unix(0x1, 0x5, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000100)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r5})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000180)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080))
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r6, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x10, &(0x7f0000006000)=[@in={0x2, 0x0, @local}]}, &(0x7f0000005ec0)=0x10)
getsockopt$inet_sctp6_SCTP_RTOINFO(r6, 0x84, 0x85, &(0x7f0000005f40)={r7}, &(0x7f0000005e80)=0xfc9e)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$bt_BT_VOICE(r0, 0x12, 0xb, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)

595.144431ms ago: executing program 4 (id=688):
syz_clone3(&(0x7f0000000300)={0x4100, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, 0x0}, 0x58)

369.558666ms ago: executing program 4 (id=689):
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0)
r0 = socket(0xa, 0x3, 0x3a)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r3, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r3, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd})
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x80000000)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_udp_encap(r4, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000600)=ANY=[@ANYRES64=r0, @ANYRES32, @ANYBLOB="0000000000000065fdc0d8e7c27bd1007b8af8ff00000000bfa200000000000007020000a359853364f8ffffffb703000008000000b704000001000000850063d2030000009500000000000000d8830623fec108fb3ca12a166bc63b267671f01b2916cbb3a316e01b9509c625baaf0cea6def6b1e2f884a8b49ad329f7c846ebddadbef7c94667fe80bc07e131ef5616a7885c065e7442c79c5dfeb1891f41c3732c26f37bab99fc89b3446ec21f6129600ad48f7cc18148c707037b34e5bd20fdc08663c3c49a9027b9fbf121f9b85937ff12db5165d2aa6bfb6c1a07724138d76fbe4c811e5a52c49de2e7970413db37939a02ae267c9dff0e1bd58bcbf409a3a02ee66f1f6c145a7b1ba660dee10748e0a05e05f10fc7b3493327b1d7df88873ee00cbb10b273353101a1402771dbdc068c4b1a16048d6525bc9552772a27887163e7cbb2c214b26339d9a14ba08d672c68fffb59b16b8fd3eb96098122dc4b4c72ced608309fad62ac920f9a9c3026f67ec50773ed34bb9cd69d7b562d5cbd6d725d215b863d79407e25777c4e782590d6d5c3d0300000000000000e28aa5a5d19505e34fbfa63d64054600000000"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0b00000008000000000400000900000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)={<r6=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r6, 0x1, 0x1d, &(0x7f00000001c0), 0x4)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x1}}, 0x40)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00', <r7=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010000304000000000000000000000400", @ANYRES32=0x0, @ANYBLOB="00a30000000000c851368b800b0001006d616373656300001800028005000900010000000c0001000d0000000000000008000500", @ANYRES32=r7, @ANYBLOB], 0x50}, 0x1, 0x0, 0x0, 0x24008000}, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000340)={'pim6reg\x00', 0x2})
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x4, 0x1, 0x4}, 0xc)

63.585834ms ago: executing program 2 (id=690):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)
syz_emit_ethernet(0xde, &(0x7f00000009c0)={@multicast, @remote, @void, {@ipv4={0x800, @tcp={{0x2c, 0x4, 0x0, 0x3f, 0xd0, 0x0, 0x0, 0x0, 0x6, 0x0, @broadcast, @empty, {[@ra={0x94, 0x4}, @ra={0x94, 0x4, 0x1}, @end, @ssrr={0x89, 0x3, 0x9b}, @ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x4c, 0x46, 0x1, 0x0, [{@rand_addr=0x64010102, 0xf}, {@private=0xa010102, 0x3}, {@private=0xa010101, 0x6}, {@remote, 0x3c70}, {@rand_addr=0x64010100, 0x8}, {@dev={0xac, 0x14, 0x14, 0x2f}, 0x2}, {@broadcast, 0x1}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x9}, {@rand_addr=0x64010102, 0x7f}]}, @cipso={0x86, 0x3f, 0x2, [{0x5, 0x7, "b525f3a3fa"}, {0x5, 0xc, "bcc148f21f5bb9903418"}, {0x1, 0xb, "d65861865a85924f85"}, {0x0, 0x6, "b54e32db"}, {0x7, 0x9, "6383e0f07b1386"}, {0x7, 0x4, "ddf1"}, {0x2, 0x2}, {0x2, 0x6, "ab2c3dae"}]}]}}, {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x2, 0xfffe, 0x0, 0x0, {[@mptcp=@syn={0x1e, 0xc, 0x9, 0x1, 0x8, 0x2, 0x1}]}}}}}}}, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r3=>0x0})
readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000100)=""/161, 0xd8}], 0x1)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000880)='\xf5\xfc\xd2\xec]\x95zx8*\xa2d\x11\xb5\xb1\x01\x00\x00\x00\xe49{\x8a{\x81s\xea$\xdfg\xb1\x03DY!\x97\xadM\xd7\xff\x8a\xcd[>\x12e\xc3]d8\xba\x8ec\x00\x00\x00\x00\x00\x00\x00\xa0\xe2\xd5y\xec\x90\x00\x98Y\x91\x19\x16\x89\xd0\x1a\xad\xcd\xd6\xd0\xc6\xb9\xeb\x95\xd3\x9cl\x9cu#\xb4\xee\xe5\x9d\t\fV\xd4\xda\xfc`2?\x15P\xba\x14b\x1c\xcc\xd5\xb9jA$s\xb9g3\x15M\xd9\xb9 \xca[\xc7\xec\xa9;\xee\x01\xc9\xc4\x1f\xc3\xe4\xfa\xd3fU\x0e\x86\xc8\xa7\xaf\xaf\x04p\xa3\x8bb\xbf\\\xdb\x83\x00\x96sy\x14\x1eo\xcc9&\x946\xf9\xf5v\xee\xb5m$;\x01\xb8\xeau\x00\xd1S=\x920H\xc2z\xb5\xbe\x95\xef\xeb\xd1\xc8\xa1\xba\xach\xbef\xa8\x86\xc2\x18\x9cC\x15\x9c^\xcf\xe9\xbcp\xb4Ff\x00\x9d>p\"\x19\xd8}|~\xae\xdb\a59f\xb8?\xba\xf2\x8e\xa5y\\\xf0\fkd??-\x983\xf3\x19\xc7\xc0/\xe9\x1a\x80=\xa72)\xd2\x00'/277, &(0x7f00000002c0)='/\x00\x01\x00H\x98', 0x0)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f00000000c0)=0x3)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r3, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0)

59.940714ms ago: executing program 3 (id=691):
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x10}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1d, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x6}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)="cc", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)}}], 0x2, 0x4048884)
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x38, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x8, @private1, 0x1}, 0x1c)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x2d, &(0x7f00000001c0)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000002c0)={0xffffffff, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r5, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r5, 0x402c5342, &(0x7f0000000040)={0x0, 0x7a124, 0x60, {0x0, 0x100}})
socket(0x2, 0x80805, 0x0)
r6 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e20, 0x9c000000, @ipv4={'\x00', '\xff\xff', @remote}, 0x1df}}, 0x80, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="100000001001000001000000dc0000007f3cfb59e02552e4886e81e9ae9b60939ab0d406acd6f45c6f2cc8e94422b5dc1b58f660ca66ccc8182adc6a1ad8893ae7abb9e5289cf3881851cadc9f3e12d26ee8c2802576eeda88eb481c303b60dbf9afb2515040718a77addccad274e689df2088b676e74fbb65f8ae344c6db17c1536839e4a067118773cd34de900b0bcd51010516f7f057a7289c58f31554c95adcf2019fcc61ebf89bb1e90770bf5529ab0b02ea96d3b3412aef192a179a4db4b522d00000000"], 0x10}, 0x40)

0s ago: executing program 2 (id=692):
prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000001140)=@base={0x5, 0x10001, 0x7fff, 0x202, 0x1}, 0x50)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100000010010000010000008c0fbd205e6d"], 0x10}, 0x8000)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x300}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864d0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vcsa(0xffffff9c, &(0x7f0000000180), 0x801, 0x0)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
mount(&(0x7f0000000280)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000300)='msdos\x00', 0x4404a, 0x0)
ioctl$FS_IOC_SETFLAGS(r6, 0x40186f40, &(0x7f0000000440)=0x1f)

kernel console output (not intermixed with test programs):

47.767211][ T5954] 8021q: adding VLAN 0 to HW filter on device team0
[   47.781941][ T5965] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.792320][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.794591][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.805454][ T1230] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.807773][ T1230] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.811859][ T5963] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.825274][ T5965] 8021q: adding VLAN 0 to HW filter on device team0
[   47.834423][ T5963] 8021q: adding VLAN 0 to HW filter on device team0
[   47.862351][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.865422][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.871100][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.874032][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.880168][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.882755][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.891816][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.894052][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.943014][ T5953] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.977192][ T5953] veth0_vlan: entered promiscuous mode
[   47.986732][ T5953] veth1_vlan: entered promiscuous mode
[   48.004717][ T5954] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.020368][ T5953] veth0_macvtap: entered promiscuous mode
[   48.024806][ T5953] veth1_macvtap: entered promiscuous mode
[   48.039726][ T5953] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.047112][ T5953] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.057264][ T5953] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.060128][ T5953] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.062798][ T5953] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.065672][ T5953] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.080237][ T5954] veth0_vlan: entered promiscuous mode
[   48.092068][ T5963] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.101989][ T5954] veth1_vlan: entered promiscuous mode
[   48.107455][ T5965] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.123894][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.127657][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.143339][ T1230] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.148397][ T1230] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.163561][ T5954] veth0_macvtap: entered promiscuous mode
[   48.167423][ T5963] veth0_vlan: entered promiscuous mode
[   48.176377][ T5954] veth1_macvtap: entered promiscuous mode
[   48.181288][ T5953] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   48.186461][ T5963] veth1_vlan: entered promiscuous mode
[   48.189275][ T5965] veth0_vlan: entered promiscuous mode
[   48.202225][ T5954] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.206885][ T5965] veth1_vlan: entered promiscuous mode
[   48.213111][ T5954] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.222254][ T5954] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.225483][ T5954] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.228202][ T5954] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.230999][ T5954] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.253431][ T5965] veth0_macvtap: entered promiscuous mode
[   48.268623][ T5965] veth1_macvtap: entered promiscuous mode
[   48.274935][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   48.287406][ T5963] veth0_macvtap: entered promiscuous mode
[   48.291080][ T5963] veth1_macvtap: entered promiscuous mode
[   48.300546][ T5965] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.313145][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.319757][ T5965] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.319812][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.334080][ T5965] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.336737][ T6042] netlink: 'syz.0.1': attribute type 10 has an invalid length.
[   48.337446][ T5965] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.342065][ T5965] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.344742][ T5965] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.374828][ T5963] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.399906][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.401703][ T5963] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.405916][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.418709][ T5963] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.421345][ T5963] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.423952][ T5963] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.427675][ T5963] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.465320][ T1230] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.470535][ T1230] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.514306][   T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.524177][   T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.562934][   T73] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.566117][    C3] Illegal XDP return value 16128 on prog  (id 2) dev bond_slave_0, expect packet loss!
[   48.577043][   T73] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.585691][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   48.589403][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   48.605954][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   48.641174][ T6046] netlink: 'syz.2.3': attribute type 10 has an invalid length.
[   48.657581][ T6046] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   48.684578][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   48.743888][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   48.773683][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.790147][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.889379][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   48.945659][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   48.991742][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   49.094289][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   49.386466][ T6052] netlink: 'syz.1.2': attribute type 10 has an invalid length.
[   49.425263][ T6052] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   49.612538][ T6057] netlink: 'syz.2.6': attribute type 10 has an invalid length.
[   49.704506][ T5318] Bluetooth: hci0: command tx timeout
[   49.707472][ T5318] Bluetooth: hci1: command tx timeout
[   49.710439][ T5318] Bluetooth: hci2: command tx timeout
[   49.765290][ T5961] Bluetooth: hci3: command tx timeout
[   49.881897][ T6060] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4'.
[   51.775474][ T5961] Bluetooth: hci2: command tx timeout
[   51.777191][ T5961] Bluetooth: hci1: command tx timeout
[   51.778878][ T5961] Bluetooth: hci0: command tx timeout
[   51.855183][ T5318] Bluetooth: hci3: command tx timeout
[   52.242000][ T6089] netdevsim netdevsim3: Direct firmware load for @ failed with error -2
[   52.245922][ T6089] netdevsim netdevsim3: Falling back to sysfs fallback for: @
[   52.963656][   T40] audit: type=1326 audit(1753426504.773:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6112 comm="syz.2.17" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   52.971186][   T40] audit: type=1326 audit(1753426504.773:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6112 comm="syz.2.17" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   53.002357][   T40] audit: type=1326 audit(1753426504.803:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6112 comm="syz.2.17" exe="/syz-executor" sig=0 arch=40000003 syscall=164 compat=1 ip=0xf707e579 code=0x7ffc0000
[   53.043985][   T40] audit: type=1326 audit(1753426504.803:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6112 comm="syz.2.17" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   53.083880][   T40] audit: type=1326 audit(1753426504.803:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6112 comm="syz.2.17" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   53.094414][   T40] audit: type=1326 audit(1753426504.823:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6112 comm="syz.2.17" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf707e579 code=0x7ffc0000
[   53.107597][   T40] audit: type=1326 audit(1753426504.823:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6112 comm="syz.2.17" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   53.134675][   T40] audit: type=1326 audit(1753426504.823:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6112 comm="syz.2.17" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   53.144800][   T40] audit: type=1326 audit(1753426504.823:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6112 comm="syz.2.17" exe="/syz-executor" sig=0 arch=40000003 syscall=156 compat=1 ip=0xf707e579 code=0x7ffc0000
[   53.151887][   T40] audit: type=1326 audit(1753426504.823:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6112 comm="syz.2.17" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   53.386503][ T6117] netdevsim netdevsim2: Direct firmware load for @ failed with error -2
[   53.389264][ T6117] netdevsim netdevsim2: Falling back to sysfs fallback for: @
[   53.583896][ T6123] netlink: 'syz.0.19': attribute type 10 has an invalid length.
[   53.598888][ T6123] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   53.909686][ T5318] Bluetooth: hci0: command tx timeout
[   53.912015][ T5318] Bluetooth: hci1: command tx timeout
[   53.914282][ T5318] Bluetooth: hci2: command tx timeout
[   53.925302][ T5957] Bluetooth: hci3: command tx timeout
[   54.815560][ T6138] lo speed is unknown, defaulting to 1000
[   54.819388][ T6138] lo speed is unknown, defaulting to 1000
[   54.822150][ T6138] lo speed is unknown, defaulting to 1000
[   54.898231][ T6138] infiniband s
z1: set active
[   54.900354][   T53] lo speed is unknown, defaulting to 1000
[   54.902254][ T6138] infiniband s
z1: added lo
[   54.925979][ T6138] RDS/IB: s
z1: added
[   54.927495][ T6138] smc: adding ib device s
z1 with port count 1
[   54.929524][ T6138] smc:    ib device s
z1 port 1 has pnetid 
[   54.932263][   T53] lo speed is unknown, defaulting to 1000
[   54.935692][ T6138] lo speed is unknown, defaulting to 1000
[   55.026063][ T6138] lo speed is unknown, defaulting to 1000
[   55.117073][ T6138] lo speed is unknown, defaulting to 1000
[   55.165106][ T6006] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   55.195847][ T6138] lo speed is unknown, defaulting to 1000
[   55.327984][ T6006] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   55.331496][ T6006] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   55.334546][ T6006] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   55.337605][ T6006] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   55.343780][ T6140] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   55.349589][ T6006] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[   55.529669][ T6151] netlink: 'syz.2.24': attribute type 10 has an invalid length.
[   55.545419][ T6151] batman_adv: batadv0: Adding interface: team0
[   55.547387][ T6151] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.555226][ T6151] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[   55.667697][ T6150] process 'syz.1.23' launched './file0' with NULL argv: empty string added
[   55.728899][ T6149] netlink: 'syz.2.24': attribute type 10 has an invalid length.
[   55.739147][ T6149] netlink: 2 bytes leftover after parsing attributes in process `syz.2.24'.
[   55.750956][ T6149] team0: entered promiscuous mode
[   55.757911][ T6149] team_slave_0: entered promiscuous mode
[   55.766885][ T6149] team_slave_1: entered promiscuous mode
[   55.776918][ T6149] 8021q: adding VLAN 0 to HW filter on device team0
[   55.781104][ T6149] batman_adv: batadv0: Interface activated: team0
[   55.785339][ T6149] batman_adv: batadv0: Interface deactivated: team0
[   55.788612][ T6149] batman_adv: batadv0: Removing interface: team0
[   55.793761][ T6149] bridge0: port 3(team0) entered blocking state
[   55.797802][ T6149] bridge0: port 3(team0) entered disabled state
[   55.800716][ T6149] team0: entered allmulticast mode
[   55.802927][ T6149] team_slave_0: entered allmulticast mode
[   55.805412][ T6149] team_slave_1: entered allmulticast mode
[   55.813860][ T6149] bridge0: port 3(team0) entered blocking state
[   55.816725][ T6149] bridge0: port 3(team0) entered forwarding state
[   56.153159][ T6164] netlink: 'syz.1.27': attribute type 10 has an invalid length.
[   56.362353][ T6165] netlink: 8 bytes leftover after parsing attributes in process `syz.3.25'.
[   56.365331][ T6165] netlink: 'syz.3.25': attribute type 5 has an invalid length.
[   56.367950][ T6165] netlink: 20 bytes leftover after parsing attributes in process `syz.3.25'.
[   56.386334][ T6165] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[   56.389571][ T6165] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[   56.392446][ T6165] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[   56.397572][ T6165] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[   56.400844][ T6165] geneve2: entered promiscuous mode
[   56.402773][ T6165] geneve2: entered allmulticast mode
[   56.994926][ T6159] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   56.998307][ T6159] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   57.427707][   T61] IPVS: starting estimator thread 0...
[   57.476466][   T61] usb 5-1: USB disconnect, device number 2
[   57.515147][ T6170] IPVS: using max 44 ests per chain, 105600 per kthread
[   57.575890][ T6159] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   57.583153][ T6159] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   57.644922][ T6179] netlink: 'syz.0.29': attribute type 10 has an invalid length.
[   57.688430][ T6159] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   57.728160][ T6183] netlink: 'syz.1.31': attribute type 10 has an invalid length.
[   58.245886][ T5957] Bluetooth: hci1: command 0x0c1a tx timeout
[   59.100461][ T6159] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   59.139224][ T6159] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   59.141961][ T6159] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   59.164869][ T6159] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   59.179648][ T6159] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   59.183636][ T6159] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   59.188867][ T6159] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   59.238867][ T6193] netlink: 'syz.1.32': attribute type 10 has an invalid length.
[   59.738469][ T5957] Bluetooth: hci0: command 0x0c1a tx timeout
[   60.185266][ T6202] netlink: 'syz.1.35': attribute type 10 has an invalid length.
[   60.325094][ T5957] Bluetooth: hci1: command 0x0c1a tx timeout
[   61.243597][ T5957] Bluetooth: hci3: command 0x0c1a tx timeout
[   61.243619][ T5318] Bluetooth: hci2: command 0x0c1a tx timeout
[   61.416511][   T40] kauditd_printk_skb: 14 callbacks suppressed
[   61.416560][   T40] audit: type=1804 audit(1753426512.903:26): pid=6214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.37" name="/newroot/8/bus/bus" dev="overlay" ino=69 res=1 errno=0
[   61.424955][   T40] audit: type=1804 audit(1753426512.923:27): pid=6214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.37" name="/newroot/8/bus/bus" dev="overlay" ino=69 res=1 errno=0
[   61.778516][ T5318] Bluetooth: hci0: command 0x0c1a tx timeout
[   61.960900][ T6225] syz.3.39 uses obsolete (PF_INET,SOCK_PACKET)
[   62.110679][ T6227] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[   62.112882][ T6227] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   62.116063][ T6227] vhci_hcd vhci_hcd.0: Device attached
[   62.167200][ T6228] vhci_hcd: connection closed
[   62.180444][   T73] vhci_hcd: stop threads
[   62.183917][   T73] vhci_hcd: release socket
[   62.185886][   T73] vhci_hcd: disconnect device
[   62.364308][   T10] libceph: connect (1)[c::]:6789 error -101
[   62.371572][   T10] libceph: mon0 (1)[c::]:6789 connect error
[   62.405197][ T5318] Bluetooth: hci1: command 0x0c1a tx timeout
[   62.491524][ T6233] ceph: No mds server is up or the cluster is laggy
[   62.504405][ T6242] =======================================================
[   62.504405][ T6242] WARNING: The mand mount option has been deprecated and
[   62.504405][ T6242]          and is ignored by this kernel. Remove the mand
[   62.504405][ T6242]          option from the mount to silence this warning.
[   62.504405][ T6242] =======================================================
[   62.523070][ T6244] netlink: 'syz.2.42': attribute type 10 has an invalid length.
[   62.540350][ T6233] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   62.548992][ T6233] nfs4: Bad value for 'source'
[   63.095859][   T10] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   63.245166][   T10] usb 8-1: Using ep0 maxpacket: 32
[   63.248235][   T10] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 16129, setting to 1024
[   63.251791][   T10] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024
[   63.256960][   T10] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   63.259884][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   63.267392][   T10] usb 8-1: Product: syz
[   63.268919][   T10] usb 8-1: Manufacturer: syz
[   63.272432][   T10] usb 8-1: SerialNumber: syz
[   63.285134][ T5318] Bluetooth: hci2: command 0x0c1a tx timeout
[   63.295339][ T5318] Bluetooth: hci3: command 0x0c1a tx timeout
[   63.375986][ T6260] netlink: 'syz.0.47': attribute type 10 has an invalid length.
[   63.845261][ T5318] Bluetooth: hci0: command 0x0c1a tx timeout
[   63.900155][ T6270] netlink: 'syz.0.49': attribute type 10 has an invalid length.
[   64.547180][   T40] audit: type=1326 audit(1753426516.363:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6287 comm="syz.2.55" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   64.562012][   T40] audit: type=1326 audit(1753426516.363:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6287 comm="syz.2.55" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   64.572504][   T40] audit: type=1326 audit(1753426516.383:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6287 comm="syz.2.55" exe="/syz-executor" sig=0 arch=40000003 syscall=164 compat=1 ip=0xf707e579 code=0x7ffc0000
[   64.590899][   T40] audit: type=1326 audit(1753426516.383:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6287 comm="syz.2.55" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   64.598549][   T40] audit: type=1326 audit(1753426516.383:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6287 comm="syz.2.55" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   64.605174][   T40] audit: type=1326 audit(1753426516.403:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6287 comm="syz.2.55" exe="/syz-executor" sig=0 arch=40000003 syscall=156 compat=1 ip=0xf707e579 code=0x7ffc0000
[   64.611636][   T40] audit: type=1326 audit(1753426516.403:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6287 comm="syz.2.55" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   64.618156][   T40] audit: type=1326 audit(1753426516.403:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6287 comm="syz.2.55" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   65.139214][ T6297] netdevsim netdevsim2: Direct firmware load for @ failed with error -2
[   65.142106][ T6297] netdevsim netdevsim2: Falling back to sysfs fallback for: @
[   65.365153][ T5957] Bluetooth: hci2: command 0x0c1a tx timeout
[   65.367539][ T5318] Bluetooth: hci3: command 0x0c1a tx timeout
[   65.560838][   T10] cdc_ncm 8-1:1.0: bind() failure
[   65.564487][   T10] cdc_ncm 8-1:1.1: CDC Union missing and no IAD found
[   65.575099][   T10] cdc_ncm 8-1:1.1: bind() failure
[   65.599640][   T10] usb 8-1: USB disconnect, device number 2
[   65.777301][ T6305] netlink: 'syz.3.58': attribute type 10 has an invalid length.
[   65.790320][ T6305] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   66.623219][   T40] kauditd_printk_skb: 102 callbacks suppressed
[   66.623229][   T40] audit: type=1326 audit(1753426518.433:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6310 comm="syz.1.60" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[   66.632984][   T40] audit: type=1326 audit(1753426518.433:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6310 comm="syz.1.60" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[   66.693283][   T40] audit: type=1326 audit(1753426518.443:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6310 comm="syz.1.60" exe="/syz-executor" sig=0 arch=40000003 syscall=164 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[   66.700576][   T40] audit: type=1326 audit(1753426518.443:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6310 comm="syz.1.60" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[   66.708247][   T40] audit: type=1326 audit(1753426518.443:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6310 comm="syz.1.60" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[   66.715211][   T40] audit: type=1326 audit(1753426518.443:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6310 comm="syz.1.60" exe="/syz-executor" sig=0 arch=40000003 syscall=156 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[   66.724036][   T40] audit: type=1326 audit(1753426518.443:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6310 comm="syz.1.60" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[   66.733589][   T40] audit: type=1326 audit(1753426518.443:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6310 comm="syz.1.60" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[   66.740468][   T40] audit: type=1326 audit(1753426518.453:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6310 comm="syz.1.60" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[   66.755081][   T40] audit: type=1326 audit(1753426518.453:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6310 comm="syz.1.60" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[   67.045824][ T6327] netdevsim netdevsim1: Direct firmware load for @ failed with error -2
[   67.048797][ T6327] netdevsim netdevsim1: Falling back to sysfs fallback for: @
[   67.455345][ T5957] Bluetooth: hci3: command 0x0c1a tx timeout
[   69.320672][ T6360] netlink: 'syz.3.72': attribute type 10 has an invalid length.
[   70.816437][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[   70.824298][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[   70.877857][ T6370] tipc: Started in network mode
[   70.879521][ T6370] tipc: Node identity ac1414aa, cluster identity 4711
[   70.882550][ T6370] tipc: Enabled bearer <udp:syz2>, priority 10
[   70.890581][ T6370] tipc: Enabled bearer <eth:team0>, priority 0
[   70.909082][ T6370] binder: 6369:6370 ioctl c0306201 0 returned -14
[   70.999942][ T6376] netlink: 'syz.2.77': attribute type 10 has an invalid length.
[   71.582746][ T6384] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.585576][ T6384] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.639904][ T6384] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   71.646301][ T6384] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   71.687899][ T6384] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   71.690672][ T6384] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   71.693464][ T6384] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   71.698885][ T6384] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   71.885777][   T53] tipc: Node number set to 2886997162
[   72.266994][ T5318] Bluetooth: unknown link type 108
[   72.269665][ T5318] Bluetooth: hci0: connection err: -111
[   72.290754][   T40] kauditd_printk_skb: 8 callbacks suppressed
[   72.290763][   T40] audit: type=1326 audit(1753426524.103:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6402 comm="syz.0.82" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7ffc0000
[   72.300914][   T40] audit: type=1326 audit(1753426524.103:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6402 comm="syz.0.82" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7ffc0000
[   72.308044][   T40] audit: type=1326 audit(1753426524.103:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6402 comm="syz.0.82" exe="/syz-executor" sig=0 arch=40000003 syscall=164 compat=1 ip=0xf7f34579 code=0x7ffc0000
[   72.314958][   T40] audit: type=1326 audit(1753426524.103:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6402 comm="syz.0.82" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7ffc0000
[   72.322059][   T40] audit: type=1326 audit(1753426524.103:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6402 comm="syz.0.82" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7ffc0000
[   72.329206][   T40] audit: type=1326 audit(1753426524.103:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6402 comm="syz.0.82" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f34579 code=0x7ffc0000
[   72.335822][   T40] audit: type=1326 audit(1753426524.103:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6402 comm="syz.0.82" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7ffc0000
[   72.343859][   T40] audit: type=1326 audit(1753426524.103:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6402 comm="syz.0.82" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7ffc0000
[   72.350846][   T40] audit: type=1326 audit(1753426524.103:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6402 comm="syz.0.82" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf7f34579 code=0x7ffc0000
[   72.358799][   T40] audit: type=1326 audit(1753426524.103:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6402 comm="syz.0.82" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7ffc0000
[   72.897290][ T6411] netdevsim netdevsim0: Direct firmware load for @ failed with error -2
[   72.900045][ T6411] netdevsim netdevsim0: Falling back to sysfs fallback for: @
[   73.560739][ T6424] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   73.572389][ T6424] netlink: 48 bytes leftover after parsing attributes in process `syz.3.86'.
[   74.524804][ T6439] netlink: 48 bytes leftover after parsing attributes in process `syz.1.99'.
[   74.891768][ T6447] bridge0: port 3(team0) entered disabled state
[   74.894951][ T6447] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.898353][ T6447] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.979146][ T6447] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   74.992291][ T6447] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   75.064098][ T6447] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.070518][ T6447] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.073869][ T6447] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.076898][ T6447] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.972259][ T6480] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[   75.974093][ T6480] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   75.976773][ T6480] vhci_hcd vhci_hcd.0: Device attached
[   76.092399][ T6481] vhci_hcd: connection closed
[   76.275086][ T6449] usb 41-1: new high-speed USB device number 2 using vhci_hcd
[   76.349688][ T6482] vhci_hcd: sendmsg failed!, ret=-32 for 48
[   76.409912][   T91] vhci_hcd: stop threads
[   76.542205][   T91] vhci_hcd: release socket
[   76.570390][   T91] vhci_hcd: disconnect device
[   77.016842][ T6492] netdevsim netdevsim0: Direct firmware load for @ failed with error -2
[   77.020374][ T6492] netdevsim netdevsim0: Falling back to sysfs fallback for: @
[   77.753011][   T40] kauditd_printk_skb: 103 callbacks suppressed
[   77.753021][   T40] audit: type=1326 audit(1753426529.563:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.3.97" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000
[   78.265746][ T6506] netlink: 'syz.0.102': attribute type 10 has an invalid length.
[   79.143430][   T40] audit: type=1804 audit(1753426530.953:270): pid=6516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.106" name="/newroot/28/bus/bus" dev="overlay" ino=180 res=1 errno=0
[   79.166891][   T40] audit: type=1804 audit(1753426530.983:271): pid=6516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.106" name="/newroot/28/bus/bus" dev="overlay" ino=180 res=1 errno=0
[   80.043882][ T6533] netlink: 'syz.0.110': attribute type 10 has an invalid length.
[   81.058413][  T838] cfg80211: failed to load regulatory.db
[   81.353989][ T6549] netlink: 'syz.2.115': attribute type 10 has an invalid length.
[   81.435841][ T6449] vhci_hcd: vhci_device speed not set
[   83.070060][ T6563] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   83.072089][ T6563] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   83.074019][ T6563] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   83.076842][ T6563] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   83.084900][   T40] audit: type=1326 audit(1753426534.893:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.2.118" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   83.092110][   T40] audit: type=1326 audit(1753426534.893:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.2.118" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   83.103241][   T40] audit: type=1326 audit(1753426534.903:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.2.118" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf707e579 code=0x7ffc0000
[   83.111213][   T40] audit: type=1326 audit(1753426534.903:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.2.118" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   83.119910][   T40] audit: type=1326 audit(1753426534.903:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.2.118" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   83.128428][   T40] audit: type=1326 audit(1753426534.903:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.2.118" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf707e579 code=0x7ffc0000
[   83.137578][   T40] audit: type=1326 audit(1753426534.903:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.2.118" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   83.145247][   T40] audit: type=1326 audit(1753426534.903:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.2.118" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf707e579 code=0x7ffc0000
[   83.156956][   T40] audit: type=1326 audit(1753426534.903:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.2.118" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x7ffc0000
[   83.176204][   T40] audit: type=1326 audit(1753426534.903:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.2.118" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf707e579 code=0x7ffc0000
[   84.335331][ T5318] Bluetooth: hci1: command 0x0c1a tx timeout
[   85.125194][ T5318] Bluetooth: hci3: command 0x0c1a tx timeout
[   85.125260][ T5961] Bluetooth: hci2: command 0x0c1a tx timeout
[   85.127760][ T5960] Bluetooth: hci0: command 0x0c1a tx timeout
[   85.197120][ T6610] trusted_key: encrypted_key: insufficient parameters specified
[   86.590049][ T6635] netdevsim netdevsim0: Direct firmware load for @ failed with error -2
[   86.592577][ T6635] netdevsim netdevsim0: Falling back to sysfs fallback for: @
[   87.206986][ T5961] Bluetooth: hci3: command 0x0c1a tx timeout
[   87.839090][ T6666] netlink: 8 bytes leftover after parsing attributes in process `syz.1.140'.
[   87.841835][ T6666] netlink: 'syz.1.140': attribute type 5 has an invalid length.
[   87.844209][ T6666] netlink: 20 bytes leftover after parsing attributes in process `syz.1.140'.
[   87.854749][ T6666] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0
[   87.857484][ T6666] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0
[   87.860061][ T6666] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0
[   87.862660][ T6666] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0
[   87.876930][ T6666] geneve2: entered promiscuous mode
[   87.878622][ T6666] geneve2: entered allmulticast mode
[   88.218603][ T6669] netlink: 'syz.3.142': attribute type 10 has an invalid length.
[   88.221217][ T6669] tipc: Resetting bearer <eth:team0>
[   88.234782][ T6669] batman_adv: batadv0: Adding interface: team0
[   88.237217][ T6669] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.244851][ T6669] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[   88.267269][ T6669] netlink: 'syz.3.142': attribute type 10 has an invalid length.
[   88.269713][ T6669] netlink: 2 bytes leftover after parsing attributes in process `syz.3.142'.
[   88.273127][ T6669] team0: entered promiscuous mode
[   88.275207][ T6669] team_slave_0: entered promiscuous mode
[   88.277427][ T6669] team_slave_1: entered promiscuous mode
[   88.282108][ T6669] 8021q: adding VLAN 0 to HW filter on device team0
[   88.284950][ T6669] batman_adv: batadv0: Interface activated: team0
[   88.352586][ T6669] batman_adv: batadv0: Interface deactivated: team0
[   88.362448][ T6669] batman_adv: batadv0: Removing interface: team0
[   88.372752][ T6669] bridge0: port 3(team0) entered blocking state
[   88.380954][ T6669] bridge0: port 3(team0) entered disabled state
[   88.385222][ T6669] team0: entered allmulticast mode
[   88.389209][ T6669] team_slave_0: entered allmulticast mode
[   88.394037][ T6669] team_slave_1: entered allmulticast mode
[   88.398566][ T6669] bridge0: port 3(team0) entered blocking state
[   88.400617][ T6669] bridge0: port 3(team0) entered forwarding state
[   89.001450][ T6694] FAULT_INJECTION: forcing a failure.
[   89.001450][ T6694] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   89.006166][ T6694] CPU: 3 UID: 0 PID: 6694 Comm: syz.2.148 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   89.006180][ T6694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   89.006187][ T6694] Call Trace:
[   89.006190][ T6694]  <TASK>
[   89.006194][ T6694]  dump_stack_lvl+0x16c/0x1f0
[   89.006209][ T6694]  should_fail_ex+0x512/0x640
[   89.006222][ T6694]  _copy_from_user+0x2e/0xd0
[   89.006234][ T6694]  copy_from_sockptr_offset+0x15c/0x1b0
[   89.006249][ T6694]  ? __pfx_copy_from_sockptr_offset+0x10/0x10
[   89.006264][ T6694]  ? rcu_is_watching+0x12/0xc0
[   89.006277][ T6694]  do_tcp_getsockopt+0x1004/0x25d0
[   89.006287][ T6694]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   89.006302][ T6694]  ? __pfx_do_tcp_getsockopt+0x10/0x10
[   89.006312][ T6694]  ? unwind_get_return_address+0x59/0xa0
[   89.006331][ T6694]  ? __lock_acquire+0x622/0x1c90
[   89.006349][ T6694]  ? _kstrtoull+0x145/0x200
[   89.006362][ T6694]  ? __pfx__kstrtoull+0x10/0x10
[   89.006376][ T6694]  ? aa_label_sk_perm+0x19b/0x5a0
[   89.006394][ T6694]  ? __pfx_aa_label_sk_perm+0x10/0x10
[   89.006410][ T6694]  ? __lock_acquire+0x622/0x1c90
[   89.006432][ T6694]  ? __pfx___might_resched+0x10/0x10
[   89.006448][ T6694]  ? __lock_acquire+0x622/0x1c90
[   89.006461][ T6694]  ? __pfx_aa_sk_perm+0x10/0x10
[   89.006476][ T6694]  tcp_getsockopt+0xdf/0x100
[   89.006487][ T6694]  ? __pfx_sock_common_getsockopt+0x10/0x10
[   89.006501][ T6694]  do_sock_getsockopt+0x34a/0x440
[   89.006515][ T6694]  ? __pfx_do_sock_getsockopt+0x10/0x10
[   89.006527][ T6694]  ? __fget_files+0x204/0x3c0
[   89.006549][ T6694]  __sys_getsockopt+0x123/0x1b0
[   89.006574][ T6694]  __ia32_sys_getsockopt+0xbc/0x160
[   89.006585][ T6694]  ? lockdep_hardirqs_on+0x7c/0x110
[   89.006595][ T6694]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[   89.006606][ T6694]  __do_fast_syscall_32+0x7c/0x3a0
[   89.006618][ T6694]  do_fast_syscall_32+0x32/0x80
[   89.006628][ T6694]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   89.006641][ T6694] RIP: 0023:0xf707e579
[   89.006649][ T6694] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   89.006658][ T6694] RSP: 002b:00000000f502c55c EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[   89.006668][ T6694] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000006
[   89.006674][ T6694] RDX: 0000000000000023 RSI: 00000000800000c0 RDI: 00000000800001c0
[   89.006680][ T6694] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   89.006686][ T6694] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   89.006692][ T6694] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   89.006704][ T6694]  </TASK>
[   89.098700][    C3] vkms_vblank_simulate: vblank timer overrun
[   89.217021][ T6701] ubi31: attaching mtd0
[   89.222447][ T6701] ubi31: scanning is finished
[   89.224137][ T6701] ubi31: empty MTD device detected
[   89.316565][ T6701] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[   89.319121][ T6701] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[   89.321539][ T6701] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[   89.323825][ T6701] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[   89.326321][ T6701] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[   89.328580][ T6701] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[   89.331235][ T6701] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4290282407
[   89.334451][ T6701] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[   89.338163][ T6703] ubi31: background thread "ubi_bgt31d" started, PID 6703
[   89.503106][ T6706] FAULT_INJECTION: forcing a failure.
[   89.503106][ T6706] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   89.507272][ T6706] CPU: 3 UID: 0 PID: 6706 Comm: syz.1.152 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   89.507285][ T6706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   89.507291][ T6706] Call Trace:
[   89.507295][ T6706]  <TASK>
[   89.507299][ T6706]  dump_stack_lvl+0x16c/0x1f0
[   89.507314][ T6706]  should_fail_ex+0x512/0x640
[   89.507327][ T6706]  _copy_to_iter+0x463/0x16f0
[   89.507342][ T6706]  ? __pfx__copy_to_iter+0x10/0x10
[   89.507355][ T6706]  ? find_held_lock+0x2b/0x80
[   89.507366][ T6706]  ? igmp_mc_seq_stop+0xab/0x150
[   89.507380][ T6706]  seq_read_iter+0xcf8/0x12c0
[   89.507400][ T6706]  seq_read+0x39e/0x4e0
[   89.507414][ T6706]  ? __pfx_seq_read+0x10/0x10
[   89.507444][ T6706]  ? get_pid_task+0xfc/0x250
[   89.507463][ T6706]  ? __pfx_seq_read+0x10/0x10
[   89.507477][ T6706]  proc_reg_read+0x23d/0x330
[   89.507487][ T6706]  ? __pfx_proc_reg_read+0x10/0x10
[   89.507498][ T6706]  vfs_read+0x1e4/0xc60
[   89.507510][ T6706]  ? __pfx_vfs_read+0x10/0x10
[   89.507518][ T6706]  ? find_held_lock+0x2b/0x80
[   89.507528][ T6706]  ? __fget_files+0x204/0x3c0
[   89.507545][ T6706]  ? __fget_files+0x20e/0x3c0
[   89.507559][ T6706]  ? __fget_files+0x1b0/0x3c0
[   89.507578][ T6706]  ksys_pread64+0x161/0x1a0
[   89.507588][ T6706]  ? __pfx_ksys_pread64+0x10/0x10
[   89.507598][ T6706]  ? rcu_is_watching+0x12/0xc0
[   89.507611][ T6706]  __do_fast_syscall_32+0x7c/0x3a0
[   89.507623][ T6706]  do_fast_syscall_32+0x32/0x80
[   89.507633][ T6706]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   89.507646][ T6706] RIP: 0023:0xf7fa7579
[   89.507654][ T6706] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   89.507663][ T6706] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 00000000000000b4
[   89.507673][ T6706] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[   89.507679][ T6706] RDX: 000000000000fd8a RSI: 000000000000003c RDI: 0000000000000000
[   89.507685][ T6706] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   89.507690][ T6706] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   89.507696][ T6706] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   89.507708][ T6706]  </TASK>
[   89.584361][    C3] vkms_vblank_simulate: vblank timer overrun
[   89.667705][ T6713] netlink: 12 bytes leftover after parsing attributes in process `syz.1.154'.
[   89.790242][ T6720] FAULT_INJECTION: forcing a failure.
[   89.790242][ T6720] name failslab, interval 1, probability 0, space 0, times 1
[   89.794236][ T6720] CPU: 2 UID: 0 PID: 6720 Comm: syz.2.156 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   89.794250][ T6720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   89.794256][ T6720] Call Trace:
[   89.794260][ T6720]  <TASK>
[   89.794264][ T6720]  dump_stack_lvl+0x16c/0x1f0
[   89.794278][ T6720]  should_fail_ex+0x512/0x640
[   89.794289][ T6720]  ? fs_reclaim_acquire+0xae/0x150
[   89.794304][ T6720]  ? tomoyo_encode2+0x100/0x3e0
[   89.794313][ T6720]  should_failslab+0xc2/0x120
[   89.794325][ T6720]  __kmalloc_noprof+0xd2/0x510
[   89.794339][ T6720]  tomoyo_encode2+0x100/0x3e0
[   89.794350][ T6720]  tomoyo_encode+0x29/0x50
[   89.794359][ T6720]  tomoyo_realpath_from_path+0x18f/0x6e0
[   89.794370][ T6720]  ? tomoyo_profile+0x47/0x60
[   89.794382][ T6720]  tomoyo_path_number_perm+0x245/0x580
[   89.794395][ T6720]  ? tomoyo_path_number_perm+0x237/0x580
[   89.794410][ T6720]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   89.794438][ T6720]  ? find_held_lock+0x2b/0x80
[   89.794449][ T6720]  ? hook_file_ioctl_common+0x145/0x410
[   89.794465][ T6720]  ? __fget_files+0x20e/0x3c0
[   89.794480][ T6720]  ? __fput_deferred+0x480/0x480
[   89.794494][ T6720]  security_file_ioctl_compat+0x9b/0x240
[   89.794510][ T6720]  __ia32_compat_sys_ioctl+0xc3/0x370
[   89.794526][ T6720]  __do_fast_syscall_32+0x7c/0x3a0
[   89.794538][ T6720]  do_fast_syscall_32+0x32/0x80
[   89.794548][ T6720]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   89.794560][ T6720] RIP: 0023:0xf707e579
[   89.794569][ T6720] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   89.794578][ T6720] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   89.794588][ T6720] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[   89.794594][ T6720] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   89.794600][ T6720] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   89.794605][ T6720] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   89.794611][ T6720] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   89.794623][ T6720]  </TASK>
[   89.794633][ T6720] ERROR: Out of memory at tomoyo_realpath_from_path.
[   89.915106][ T6726] block device autoloading is deprecated and will be removed.
[   89.958446][ T6729] input: syz1 as /devices/virtual/input/input5
[   89.982727][ T6725] md2: using deprecated bitmap file support
[   89.985500][ T6725] md2: error: failed to get bitmap file
[   90.119943][ T6738] binder: BINDER_SET_CONTEXT_MGR already set
[   90.122504][ T6738] binder: 6736:6738 ioctl 4018620d 800000c0 returned -16
[   90.126329][ T6737] binder_alloc: binder_alloc_mmap_handler: 6736 80ffd000-81000000 already mapped failed -16
[   90.129930][ T6738] binder_alloc: 6736: binder_alloc_buf, no vma
[   90.338417][ T6744] FAULT_INJECTION: forcing a failure.
[   90.338417][ T6744] name failslab, interval 1, probability 0, space 0, times 0
[   90.351120][ T6744] CPU: 1 UID: 0 PID: 6744 Comm: syz.1.162 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   90.351143][ T6744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   90.351149][ T6744] Call Trace:
[   90.351152][ T6744]  <TASK>
[   90.351157][ T6744]  dump_stack_lvl+0x16c/0x1f0
[   90.351171][ T6744]  should_fail_ex+0x512/0x640
[   90.351182][ T6744]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[   90.351195][ T6744]  should_failslab+0xc2/0x120
[   90.351206][ T6744]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[   90.351217][ T6744]  ? sock_alloc_inode+0x25/0x1c0
[   90.351233][ T6744]  ? __pfx_sock_alloc_inode+0x10/0x10
[   90.351244][ T6744]  sock_alloc_inode+0x25/0x1c0
[   90.351256][ T6744]  alloc_inode+0x61/0x240
[   90.351269][ T6744]  sock_alloc+0x40/0x280
[   90.351281][ T6744]  do_accept+0xf7/0x530
[   90.351296][ T6744]  ? do_raw_spin_lock+0x12c/0x2b0
[   90.351312][ T6744]  ? __pfx_do_accept+0x10/0x10
[   90.351335][ T6744]  __sys_accept4+0x100/0x1c0
[   90.351349][ T6744]  ? __pfx___sys_accept4+0x10/0x10
[   90.351364][ T6744]  ? __pfx_ksys_write+0x10/0x10
[   90.351376][ T6744]  __ia32_sys_accept4+0x94/0x100
[   90.351391][ T6744]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[   90.351402][ T6744]  __do_fast_syscall_32+0x7c/0x3a0
[   90.351414][ T6744]  do_fast_syscall_32+0x32/0x80
[   90.351425][ T6744]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   90.351437][ T6744] RIP: 0023:0xf7fa7579
[   90.351446][ T6744] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   90.351456][ T6744] RSP: 002b:00000000f50a555c EFLAGS: 00000296 ORIG_RAX: 000000000000016c
[   90.351465][ T6744] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000000
[   90.351471][ T6744] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   90.351477][ T6744] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   90.351482][ T6744] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   90.351488][ T6744] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   90.351500][ T6744]  </TASK>
[   90.425612][ T6748] IPVS: sync thread started: state = BACKUP, mcast_ifn = ip6gre0, syncid = 1, id = 0
[   91.156788][ T6766] FAULT_INJECTION: forcing a failure.
[   91.156788][ T6766] name failslab, interval 1, probability 0, space 0, times 0
[   91.160801][ T6766] CPU: 2 UID: 0 PID: 6766 Comm: syz.1.170 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   91.160815][ T6766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   91.160821][ T6766] Call Trace:
[   91.160825][ T6766]  <TASK>
[   91.160829][ T6766]  dump_stack_lvl+0x16c/0x1f0
[   91.160843][ T6766]  should_fail_ex+0x512/0x640
[   91.160855][ T6766]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[   91.160867][ T6766]  should_failslab+0xc2/0x120
[   91.160879][ T6766]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[   91.160890][ T6766]  ? __alloc_skb+0x2b2/0x380
[   91.160902][ T6766]  __alloc_skb+0x2b2/0x380
[   91.160912][ T6766]  ? __pfx___alloc_skb+0x10/0x10
[   91.160923][ T6766]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[   91.160957][ T6766]  netlink_alloc_large_skb+0x69/0x130
[   91.160979][ T6766]  netlink_sendmsg+0x6a1/0xdd0
[   91.160993][ T6766]  ? __pfx_netlink_sendmsg+0x10/0x10
[   91.161006][ T6766]  ? __import_iovec+0x1dd/0x650
[   91.161021][ T6766]  ____sys_sendmsg+0xa95/0xc70
[   91.161036][ T6766]  ? __pfx_____sys_sendmsg+0x10/0x10
[   91.161049][ T6766]  ? get_compat_msghdr+0x11a/0x170
[   91.161069][ T6766]  ___sys_sendmsg+0x134/0x1d0
[   91.161085][ T6766]  ? __pfx____sys_sendmsg+0x10/0x10
[   91.161101][ T6766]  ? find_held_lock+0x2b/0x80
[   91.161121][ T6766]  __sys_sendmsg+0x16d/0x220
[   91.161132][ T6766]  ? __pfx___sys_sendmsg+0x10/0x10
[   91.161148][ T6766]  ? rcu_is_watching+0x12/0xc0
[   91.161160][ T6766]  __do_fast_syscall_32+0x7c/0x3a0
[   91.161172][ T6766]  do_fast_syscall_32+0x32/0x80
[   91.161183][ T6766]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   91.161195][ T6766] RIP: 0023:0xf7fa7579
[   91.161207][ T6766] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   91.161217][ T6766] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[   91.161226][ T6766] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800002c0
[   91.161232][ T6766] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   91.161238][ T6766] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   91.161244][ T6766] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   91.161249][ T6766] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   91.161261][ T6766]  </TASK>
[   91.313723][ T6772] vlan2: entered allmulticast mode
[   91.317567][ T6772] erspan0: entered allmulticast mode
[   91.490662][ T5961] Bluetooth: hci1: unexpected event for opcode 0x2019
[   91.496909][ T6784] Zero length message leads to an empty skb
[   91.573718][ T6790] block device autoloading is deprecated and will be removed.
[   91.577295][ T6786] FAULT_INJECTION: forcing a failure.
[   91.577295][ T6786] name failslab, interval 1, probability 0, space 0, times 0
[   91.581250][ T6786] CPU: 0 UID: 0 PID: 6786 Comm: syz.0.177 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   91.581264][ T6786] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   91.581270][ T6786] Call Trace:
[   91.581274][ T6786]  <TASK>
[   91.581278][ T6786]  dump_stack_lvl+0x16c/0x1f0
[   91.581292][ T6786]  should_fail_ex+0x512/0x640
[   91.581303][ T6786]  ? fs_reclaim_acquire+0xae/0x150
[   91.581318][ T6786]  ? tomoyo_encode2+0x100/0x3e0
[   91.581328][ T6786]  should_failslab+0xc2/0x120
[   91.581340][ T6786]  __kmalloc_noprof+0xd2/0x510
[   91.581350][ T6786]  ? d_absolute_path+0x136/0x1a0
[   91.581364][ T6786]  tomoyo_encode2+0x100/0x3e0
[   91.581375][ T6786]  tomoyo_encode+0x29/0x50
[   91.581384][ T6786]  tomoyo_realpath_from_path+0x18f/0x6e0
[   91.581397][ T6786]  tomoyo_path_number_perm+0x245/0x580
[   91.581411][ T6786]  ? tomoyo_path_number_perm+0x237/0x580
[   91.581426][ T6786]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   91.581455][ T6786]  ? find_held_lock+0x2b/0x80
[   91.581466][ T6786]  ? hook_file_ioctl_common+0x145/0x410
[   91.581482][ T6786]  ? __fget_files+0x20e/0x3c0
[   91.581497][ T6786]  ? __fput_deferred+0x480/0x480
[   91.581511][ T6786]  security_file_ioctl_compat+0x9b/0x240
[   91.581527][ T6786]  __ia32_compat_sys_ioctl+0xc3/0x370
[   91.581543][ T6786]  __do_fast_syscall_32+0x7c/0x3a0
[   91.581556][ T6786]  do_fast_syscall_32+0x32/0x80
[   91.581566][ T6786]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   91.581579][ T6786] RIP: 0023:0xf7f34579
[   91.581587][ T6786] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   91.581596][ T6786] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   91.581606][ T6786] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000004004092b
[   91.581612][ T6786] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000
[   91.581617][ T6786] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   91.581623][ T6786] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   91.581629][ T6786] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   91.581641][ T6786]  </TASK>
[   91.581652][ T6786] ERROR: Out of memory at tomoyo_realpath_from_path.
[   91.706020][ T6786] md2: using deprecated bitmap file support
[   91.707880][ T6786] md2: error: failed to get bitmap file
[   91.773443][ T6796] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.836910][ T6796] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.911220][ T6796] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.046264][  T838] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   92.078698][ T6796] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.162836][ T6796] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.165409][ T6809] FAULT_INJECTION: forcing a failure.
[   92.165409][ T6809] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   92.170182][ T6809] CPU: 3 UID: 0 PID: 6809 Comm: syz.2.181 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   92.170196][ T6809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   92.170202][ T6809] Call Trace:
[   92.170211][ T6809]  <TASK>
[   92.170215][ T6809]  dump_stack_lvl+0x16c/0x1f0
[   92.170230][ T6809]  should_fail_ex+0x512/0x640
[   92.170242][ T6809]  _copy_to_user+0x32/0xd0
[   92.170255][ T6809]  simple_read_from_buffer+0xcb/0x170
[   92.170272][ T6809]  proc_fail_nth_read+0x197/0x270
[   92.170287][ T6809]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   92.170302][ T6809]  ? rw_verify_area+0xcf/0x680
[   92.170316][ T6809]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   92.170330][ T6809]  vfs_read+0x1e4/0xc60
[   92.170339][ T6809]  ? fdget_pos+0x2a2/0x370
[   92.170350][ T6809]  ? __pfx_vfs_read+0x10/0x10
[   92.170358][ T6809]  ? find_held_lock+0x2b/0x80
[   92.170373][ T6809]  ? __fget_files+0x20e/0x3c0
[   92.170392][ T6809]  ksys_read+0x12a/0x250
[   92.170401][ T6809]  ? __pfx_ksys_read+0x10/0x10
[   92.170411][ T6809]  ? rcu_is_watching+0x12/0xc0
[   92.170424][ T6809]  __do_fast_syscall_32+0x7c/0x3a0
[   92.170436][ T6809]  do_fast_syscall_32+0x32/0x80
[   92.170447][ T6809]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   92.170459][ T6809] RIP: 0023:0xf707e579
[   92.170468][ T6809] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   92.170477][ T6809] RSP: 002b:00000000f504d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   92.170486][ T6809] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f504d620
[   92.170493][ T6809] RDX: 000000000000000f RSI: 00000000f73e4ff4 RDI: 0000000000000000
[   92.170498][ T6809] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   92.170504][ T6809] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[   92.170510][ T6809] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   92.170522][ T6809]  </TASK>
[   92.170947][ T6796] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.242483][ T6796] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.250933][ T6796] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.255186][  T838] usb 5-1: Using ep0 maxpacket: 16
[   92.258383][  T838] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.261760][  T838] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   92.264729][  T838] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[   92.268758][  T838] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[   92.271595][  T838] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.276757][  T838] usb 5-1: config 0 descriptor??
[   92.389226][ T6805] netlink: 'syz.1.182': attribute type 4 has an invalid length.
[   92.395142][ T6805] netlink: 32 bytes leftover after parsing attributes in process `syz.1.182'.
[   92.478679][ T6816] FAULT_INJECTION: forcing a failure.
[   92.478679][ T6816] name failslab, interval 1, probability 0, space 0, times 0
[   92.483645][ T6816] CPU: 0 UID: 0 PID: 6816 Comm: syz.2.185 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   92.483660][ T6816] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   92.483666][ T6816] Call Trace:
[   92.483670][ T6816]  <TASK>
[   92.483675][ T6816]  dump_stack_lvl+0x16c/0x1f0
[   92.483690][ T6816]  should_fail_ex+0x512/0x640
[   92.483701][ T6816]  ? fs_reclaim_acquire+0xae/0x150
[   92.483716][ T6816]  ? tomoyo_encode2+0x100/0x3e0
[   92.483726][ T6816]  should_failslab+0xc2/0x120
[   92.483738][ T6816]  __kmalloc_noprof+0xd2/0x510
[   92.483752][ T6816]  tomoyo_encode2+0x100/0x3e0
[   92.483763][ T6816]  tomoyo_encode+0x29/0x50
[   92.483771][ T6816]  tomoyo_realpath_from_path+0x18f/0x6e0
[   92.483782][ T6816]  ? tomoyo_profile+0x47/0x60
[   92.483795][ T6816]  tomoyo_path_number_perm+0x245/0x580
[   92.483808][ T6816]  ? tomoyo_path_number_perm+0x237/0x580
[   92.483823][ T6816]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   92.483851][ T6816]  ? find_held_lock+0x2b/0x80
[   92.483861][ T6816]  ? hook_file_ioctl_common+0x145/0x410
[   92.483878][ T6816]  ? __fget_files+0x20e/0x3c0
[   92.483893][ T6816]  ? __fput_deferred+0x480/0x480
[   92.483908][ T6816]  security_file_ioctl_compat+0x9b/0x240
[   92.483928][ T6816]  __ia32_compat_sys_ioctl+0xc3/0x370
[   92.483944][ T6816]  __do_fast_syscall_32+0x7c/0x3a0
[   92.483957][ T6816]  do_fast_syscall_32+0x32/0x80
[   92.483967][ T6816]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   92.483979][ T6816] RIP: 0023:0xf707e579
[   92.483988][ T6816] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   92.483997][ T6816] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   92.484007][ T6816] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[   92.484013][ T6816] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   92.484019][ T6816] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   92.484024][ T6816] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   92.484030][ T6816] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   92.484042][ T6816]  </TASK>
[   92.484053][ T6816] ERROR: Out of memory at tomoyo_realpath_from_path.
[   92.669726][ T6822] FAULT_INJECTION: forcing a failure.
[   92.669726][ T6822] name failslab, interval 1, probability 0, space 0, times 0
[   92.673665][ T6822] CPU: 2 UID: 0 PID: 6822 Comm: syz.2.187 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   92.673679][ T6822] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   92.673685][ T6822] Call Trace:
[   92.673688][ T6822]  <TASK>
[   92.673692][ T6822]  dump_stack_lvl+0x16c/0x1f0
[   92.673707][ T6822]  should_fail_ex+0x512/0x640
[   92.673718][ T6822]  ? fs_reclaim_acquire+0xae/0x150
[   92.673733][ T6822]  ? tomoyo_encode2+0x100/0x3e0
[   92.673742][ T6822]  should_failslab+0xc2/0x120
[   92.673754][ T6822]  __kmalloc_noprof+0xd2/0x510
[   92.673775][ T6822]  ? d_absolute_path+0x136/0x1a0
[   92.673792][ T6822]  tomoyo_encode2+0x100/0x3e0
[   92.673803][ T6822]  tomoyo_encode+0x29/0x50
[   92.673811][ T6822]  tomoyo_realpath_from_path+0x18f/0x6e0
[   92.673825][ T6822]  tomoyo_path_number_perm+0x245/0x580
[   92.673838][ T6822]  ? tomoyo_path_number_perm+0x237/0x580
[   92.673853][ T6822]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   92.673882][ T6822]  ? find_held_lock+0x2b/0x80
[   92.673892][ T6822]  ? hook_file_ioctl_common+0x145/0x410
[   92.673909][ T6822]  ? __fget_files+0x20e/0x3c0
[   92.673924][ T6822]  ? __fput_deferred+0x480/0x480
[   92.673938][ T6822]  security_file_ioctl_compat+0x9b/0x240
[   92.673954][ T6822]  __ia32_compat_sys_ioctl+0xc3/0x370
[   92.673970][ T6822]  __do_fast_syscall_32+0x7c/0x3a0
[   92.673982][ T6822]  do_fast_syscall_32+0x32/0x80
[   92.673992][ T6822]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   92.674005][ T6822] RIP: 0023:0xf707e579
[   92.674013][ T6822] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   92.674022][ T6822] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   92.674032][ T6822] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000007b0
[   92.674038][ T6822] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[   92.674044][ T6822] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   92.674049][ T6822] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   92.674055][ T6822] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   92.674068][ T6822]  </TASK>
[   92.674114][ T6822] ERROR: Out of memory at tomoyo_realpath_from_path.
[   92.751081][  T838] shield 0003:0955:7214.0002: unknown main item tag 0x0
[   92.753358][  T838] shield 0003:0955:7214.0002: unknown main item tag 0x0
[   92.755667][  T838] shield 0003:0955:7214.0002: unknown main item tag 0x0
[   92.757832][  T838] shield 0003:0955:7214.0002: unknown main item tag 0x0
[   92.760012][  T838] shield 0003:0955:7214.0002: unknown main item tag 0x0
[   92.764070][  T838] input: HID 0955:7214 Haptics as /devices/virtual/input/input6
[   92.783885][  T838] shield 0003:0955:7214.0002: Registered Thunderstrike controller
[   92.787022][  T838] shield 0003:0955:7214.0002: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0
[   92.897066][ T6796] random: crng reseeded on system resumption
[   92.908133][   T24] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[   92.911949][   T24] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[   92.915724][   T24] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[   92.920023][   T24] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[   92.923768][ T5993] usb 5-1: USB disconnect, device number 3
[   93.154752][ T6834] netlink: 96 bytes leftover after parsing attributes in process `syz.1.191'.
[   93.167092][ T6834] bridge0: port 3(vlan2) entered blocking state
[   93.169291][ T6834] bridge0: port 3(vlan2) entered disabled state
[   93.171332][ T6834] vlan2: entered allmulticast mode
[   93.172954][ T6834] dummy0: entered allmulticast mode
[   93.177147][ T6834] vlan2: entered promiscuous mode
[   93.178746][ T6834] dummy0: entered promiscuous mode
[   93.620158][ T6849] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.622643][ T6849] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.682728][ T6849] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   93.688411][ T6849] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   93.723625][ T6849] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.727758][ T6849] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.730348][ T6849] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.733414][ T6849] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.748589][ T5993] lo speed is unknown, defaulting to 1000
[   93.750402][ T5993] s
z1: Port: 1 Link DOWN
[   93.752057][ T5993] lo speed is unknown, defaulting to 1000
[   93.904312][ T6873] FAULT_INJECTION: forcing a failure.
[   93.904312][ T6873] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   93.909723][ T6873] CPU: 3 UID: 0 PID: 6873 Comm: syz.2.199 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   93.909739][ T6873] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.909745][ T6873] Call Trace:
[   93.909749][ T6873]  <TASK>
[   93.909754][ T6873]  dump_stack_lvl+0x16c/0x1f0
[   93.909768][ T6873]  should_fail_ex+0x512/0x640
[   93.909781][ T6873]  _copy_to_user+0x32/0xd0
[   93.909793][ T6873]  simple_read_from_buffer+0xcb/0x170
[   93.909810][ T6873]  proc_fail_nth_read+0x197/0x270
[   93.909824][ T6873]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   93.909839][ T6873]  ? rw_verify_area+0xcf/0x680
[   93.909853][ T6873]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   93.909867][ T6873]  vfs_read+0x1e4/0xc60
[   93.909877][ T6873]  ? fdget_pos+0x2a2/0x370
[   93.909888][ T6873]  ? __pfx_vfs_read+0x10/0x10
[   93.909896][ T6873]  ? find_held_lock+0x2b/0x80
[   93.909910][ T6873]  ? __fget_files+0x20e/0x3c0
[   93.909929][ T6873]  ksys_read+0x12a/0x250
[   93.909938][ T6873]  ? __pfx_ksys_read+0x10/0x10
[   93.909948][ T6873]  ? rcu_is_watching+0x12/0xc0
[   93.909961][ T6873]  __do_fast_syscall_32+0x7c/0x3a0
[   93.909983][ T6873]  do_fast_syscall_32+0x32/0x80
[   93.909994][ T6873]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   93.910006][ T6873] RIP: 0023:0xf707e579
[   93.910015][ T6873] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   93.910024][ T6873] RSP: 002b:00000000f506e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   93.910034][ T6873] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f506e620
[   93.910040][ T6873] RDX: 000000000000000f RSI: 00000000f73e4ff4 RDI: 0000000000000000
[   93.910046][ T6873] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   93.910051][ T6873] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[   93.910057][ T6873] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   93.910069][ T6873]  </TASK>
[   93.980885][    C3] vkms_vblank_simulate: vblank timer overrun
[   94.142571][ T6886] loop6: detected capacity change from 0 to 2560
[   94.147060][ T5955] Buffer I/O error on dev loop6, logical block 0, async page read
[   94.149771][ T5955] Buffer I/O error on dev loop6, logical block 0, async page read
[   94.152846][ T5955] Buffer I/O error on dev loop6, logical block 0, async page read
[   94.157042][ T5955] Buffer I/O error on dev loop6, logical block 0, async page read
[   94.159563][ T5955] Buffer I/O error on dev loop6, logical block 0, async page read
[   94.162190][ T5955] Buffer I/O error on dev loop6, logical block 0, async page read
[   94.165737][ T5955] Buffer I/O error on dev loop6, logical block 0, async page read
[   94.168452][ T5955] Buffer I/O error on dev loop6, logical block 0, async page read
[   94.170961][ T5955] ldm_validate_partition_table(): Disk read failed.
[   94.173175][ T5955] Buffer I/O error on dev loop6, logical block 0, async page read
[   94.176034][ T5955] Buffer I/O error on dev loop6, logical block 0, async page read
[   94.178657][ T5955] Dev loop6: unable to read RDB block 0
[   94.180621][ T5955]  loop6: unable to read partition table
[   94.185858][ T6886] ldm_validate_partition_table(): Disk read failed.
[   94.188093][ T6886] Dev loop6: unable to read RDB block 0
[   94.190851][ T6886]  loop6: unable to read partition table
[   94.195634][ T6886] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[   94.310829][ T6895] loop6: detected capacity change from 0 to 2560
[   94.314025][ T5955] ldm_validate_partition_table(): Disk read failed.
[   94.318382][ T5955] Dev loop6: unable to read RDB block 0
[   94.320366][ T5955]  loop6: unable to read partition table
[   94.322987][ T6895] ldm_validate_partition_table(): Disk read failed.
[   94.327746][ T6895] Dev loop6: unable to read RDB block 0
[   94.329693][ T6895]  loop6: unable to read partition table
[   94.335748][ T6895] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[   94.447742][ T6905] netlink: 4 bytes leftover after parsing attributes in process `syz.1.210'.
[   94.999815][ T6927] netlink: 8 bytes leftover after parsing attributes in process `syz.3.214'.
[   95.002947][ T6927] netlink: 48 bytes leftover after parsing attributes in process `syz.3.214'.
[   95.023021][ T6927] geneve3: entered promiscuous mode
[   95.024948][ T6927] geneve3: entered allmulticast mode
[   95.155172][ T1325] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   95.325110][ T1325] usb 7-1: Using ep0 maxpacket: 16
[   95.328968][ T1325] usb 7-1: unable to read config index 0 descriptor/start: -61
[   95.331542][ T1325] usb 7-1: can't read configurations, error -61
[   95.475090][ T1325] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   95.621623][ T6937] loop6: detected capacity change from 0 to 2560
[   95.625397][ T5955] ldm_validate_partition_table(): Disk read failed.
[   95.627717][ T5955] Dev loop6: unable to read RDB block 0
[   95.629865][ T5955]  loop6: unable to read partition table
[   95.633318][ T6937] ldm_validate_partition_table(): Disk read failed.
[   95.639745][ T1325] usb 7-1: Using ep0 maxpacket: 16
[   95.646065][ T6937] Dev loop6: unable to read RDB block 0
[   95.648921][ T6937]  loop6: unable to read partition table
[   95.651230][ T1325] usb 7-1: unable to read config index 0 descriptor/start: -61
[   95.653622][ T1325] usb 7-1: can't read configurations, error -61
[   95.653856][ T6937] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[   95.656606][ T1325] usb usb7-port1: attempt power cycle
[   95.718088][ T6942] netlink: 36 bytes leftover after parsing attributes in process `syz.3.220'.
[   95.755182][ T6947] FAULT_INJECTION: forcing a failure.
[   95.755182][ T6947] name failslab, interval 1, probability 0, space 0, times 0
[   95.759204][ T6947] CPU: 1 UID: 0 PID: 6947 Comm: syz.0.221 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   95.759218][ T6947] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   95.759224][ T6947] Call Trace:
[   95.759228][ T6947]  <TASK>
[   95.759232][ T6947]  dump_stack_lvl+0x16c/0x1f0
[   95.759247][ T6947]  should_fail_ex+0x512/0x640
[   95.759258][ T6947]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[   95.759271][ T6947]  should_failslab+0xc2/0x120
[   95.759282][ T6947]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[   95.759293][ T6947]  ? __alloc_skb+0x2b2/0x380
[   95.759305][ T6947]  __alloc_skb+0x2b2/0x380
[   95.759318][ T6947]  ? __pfx___alloc_skb+0x10/0x10
[   95.759335][ T6947]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[   95.759353][ T6947]  netlink_alloc_large_skb+0x69/0x130
[   95.759366][ T6947]  netlink_sendmsg+0x6a1/0xdd0
[   95.759380][ T6947]  ? __pfx_netlink_sendmsg+0x10/0x10
[   95.759393][ T6947]  ? __import_iovec+0x1dd/0x650
[   95.759408][ T6947]  ____sys_sendmsg+0xa95/0xc70
[   95.759423][ T6947]  ? __pfx_____sys_sendmsg+0x10/0x10
[   95.759436][ T6947]  ? get_compat_msghdr+0x11a/0x170
[   95.759453][ T6947]  ___sys_sendmsg+0x134/0x1d0
[   95.759464][ T6947]  ? __pfx____sys_sendmsg+0x10/0x10
[   95.759481][ T6947]  ? find_held_lock+0x2b/0x80
[   95.759500][ T6947]  __sys_sendmsg+0x16d/0x220
[   95.759511][ T6947]  ? __pfx___sys_sendmsg+0x10/0x10
[   95.759527][ T6947]  ? rcu_is_watching+0x12/0xc0
[   95.759540][ T6947]  __do_fast_syscall_32+0x7c/0x3a0
[   95.759552][ T6947]  do_fast_syscall_32+0x32/0x80
[   95.759563][ T6947]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   95.759575][ T6947] RIP: 0023:0xf7f34579
[   95.759583][ T6947] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   95.759592][ T6947] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[   95.759603][ T6947] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[   95.759609][ T6947] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   95.759615][ T6947] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   95.759620][ T6947] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   95.759626][ T6947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   95.759638][ T6947]  </TASK>
[   96.005092][ T1325] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[   96.025551][ T1325] usb 7-1: Using ep0 maxpacket: 16
[   96.029027][ T1325] usb 7-1: unable to read config index 0 descriptor/start: -61
[   96.031572][ T1325] usb 7-1: can't read configurations, error -61
[   96.175281][ T1325] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[   96.215258][ T1325] usb 7-1: Using ep0 maxpacket: 16
[   96.219746][ T1325] usb 7-1: unable to read config index 0 descriptor/start: -61
[   96.226357][ T1325] usb 7-1: can't read configurations, error -61
[   96.229738][ T1325] usb usb7-port1: unable to enumerate USB device
[   96.769060][ T6967] 9pnet_fd: Insufficient options for proto=fd
[   96.841668][ T6973] tipc: Started in network mode
[   96.843274][ T6973] tipc: Node identity 4, cluster identity 4711
[   96.845489][ T6973] tipc: Node number set to 4
[   97.014219][ T6976] FAULT_INJECTION: forcing a failure.
[   97.014219][ T6976] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   97.018419][ T6976] CPU: 2 UID: 0 PID: 6976 Comm: syz.0.230 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   97.018433][ T6976] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   97.018439][ T6976] Call Trace:
[   97.018443][ T6976]  <TASK>
[   97.018447][ T6976]  dump_stack_lvl+0x16c/0x1f0
[   97.018461][ T6976]  should_fail_ex+0x512/0x640
[   97.018474][ T6976]  _copy_to_user+0x32/0xd0
[   97.018500][ T6976]  simple_read_from_buffer+0xcb/0x170
[   97.018517][ T6976]  proc_fail_nth_read+0x197/0x270
[   97.018531][ T6976]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   97.018546][ T6976]  ? rw_verify_area+0xcf/0x680
[   97.018560][ T6976]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   97.018574][ T6976]  vfs_read+0x1e4/0xc60
[   97.018583][ T6976]  ? fdget_pos+0x2a2/0x370
[   97.018594][ T6976]  ? __pfx_vfs_read+0x10/0x10
[   97.018602][ T6976]  ? find_held_lock+0x2b/0x80
[   97.018617][ T6976]  ? __fget_files+0x20e/0x3c0
[   97.018636][ T6976]  ksys_read+0x12a/0x250
[   97.018644][ T6976]  ? __pfx_ksys_read+0x10/0x10
[   97.018655][ T6976]  ? rcu_is_watching+0x12/0xc0
[   97.018667][ T6976]  __do_fast_syscall_32+0x7c/0x3a0
[   97.018680][ T6976]  do_fast_syscall_32+0x32/0x80
[   97.018690][ T6976]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   97.018702][ T6976] RIP: 0023:0xf7f34579
[   97.018711][ T6976] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   97.018721][ T6976] RSP: 002b:00000000f5056590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   97.018730][ T6976] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5056620
[   97.018736][ T6976] RDX: 000000000000000f RSI: 00000000f73c4ff4 RDI: 0000000000000000
[   97.018742][ T6976] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   97.018747][ T6976] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[   97.018753][ T6976] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   97.018766][ T6976]  </TASK>
[   97.240688][ T6984] kAFS: unparsable volume name
[   97.501761][ T6990] ALSA: mixer_oss: invalid index 40000
[   97.616801][ T6999] FAULT_INJECTION: forcing a failure.
[   97.616801][ T6999] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   97.622175][ T6999] CPU: 2 UID: 0 PID: 6999 Comm: syz.2.238 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   97.622189][ T6999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   97.622195][ T6999] Call Trace:
[   97.622199][ T6999]  <TASK>
[   97.622203][ T6999]  dump_stack_lvl+0x16c/0x1f0
[   97.622218][ T6999]  should_fail_ex+0x512/0x640
[   97.622232][ T6999]  _copy_from_iter+0x29f/0x16f0
[   97.622247][ T6999]  ? __pfx__copy_from_iter+0x10/0x10
[   97.622259][ T6999]  ? rcu_is_watching+0x12/0xc0
[   97.622270][ T6999]  ? trace_kmalloc+0x2b/0xd0
[   97.622282][ T6999]  ? __kmalloc_noprof+0x242/0x510
[   97.622295][ T6999]  kernfs_fop_write_iter+0x19a/0x510
[   97.622311][ T6999]  vfs_write+0x6c4/0x1150
[   97.622321][ T6999]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[   97.622335][ T6999]  ? __pfx_vfs_write+0x10/0x10
[   97.622347][ T6999]  ? find_held_lock+0x2b/0x80
[   97.622367][ T6999]  ksys_write+0x12a/0x250
[   97.622377][ T6999]  ? __pfx_ksys_write+0x10/0x10
[   97.622388][ T6999]  ? rcu_is_watching+0x12/0xc0
[   97.622400][ T6999]  __do_fast_syscall_32+0x7c/0x3a0
[   97.622412][ T6999]  do_fast_syscall_32+0x32/0x80
[   97.622422][ T6999]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   97.622436][ T6999] RIP: 0023:0xf707e579
[   97.622444][ T6999] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   97.622453][ T6999] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[   97.622463][ T6999] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000000
[   97.622469][ T6999] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[   97.622475][ T6999] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   97.622480][ T6999] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   97.622486][ T6999] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   97.622499][ T6999]  </TASK>
[   97.956665][ T7018] netlink: 'syz.2.241': attribute type 4 has an invalid length.
[   98.355089][ T7024] FAULT_INJECTION: forcing a failure.
[   98.355089][ T7024] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   98.359164][ T7024] CPU: 3 UID: 0 PID: 7024 Comm: syz.1.247 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   98.359177][ T7024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   98.359184][ T7024] Call Trace:
[   98.359188][ T7024]  <TASK>
[   98.359192][ T7024]  dump_stack_lvl+0x16c/0x1f0
[   98.359207][ T7024]  should_fail_ex+0x512/0x640
[   98.359220][ T7024]  _copy_to_user+0x32/0xd0
[   98.359233][ T7024]  simple_read_from_buffer+0xcb/0x170
[   98.359250][ T7024]  proc_fail_nth_read+0x197/0x270
[   98.359264][ T7024]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   98.359279][ T7024]  ? rw_verify_area+0xcf/0x680
[   98.359293][ T7024]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   98.359307][ T7024]  vfs_read+0x1e4/0xc60
[   98.359316][ T7024]  ? fdget_pos+0x2a2/0x370
[   98.359327][ T7024]  ? __pfx_vfs_read+0x10/0x10
[   98.359335][ T7024]  ? find_held_lock+0x2b/0x80
[   98.359350][ T7024]  ? __fget_files+0x20e/0x3c0
[   98.359369][ T7024]  ksys_read+0x12a/0x250
[   98.359378][ T7024]  ? __pfx_ksys_read+0x10/0x10
[   98.359388][ T7024]  ? rcu_is_watching+0x12/0xc0
[   98.359401][ T7024]  __do_fast_syscall_32+0x7c/0x3a0
[   98.359413][ T7024]  do_fast_syscall_32+0x32/0x80
[   98.359423][ T7024]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   98.359436][ T7024] RIP: 0023:0xf7fa7579
[   98.359444][ T7024] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   98.359453][ T7024] RSP: 002b:00000000f50c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   98.359463][ T7024] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50c6620
[   98.359469][ T7024] RDX: 000000000000000f RSI: 00000000f7434ff4 RDI: 0000000000000000
[   98.359475][ T7024] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   98.359480][ T7024] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[   98.359486][ T7024] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   98.359499][ T7024]  </TASK>
[   98.426960][    C3] vkms_vblank_simulate: vblank timer overrun
[   98.492826][ T7032] FAULT_INJECTION: forcing a failure.
[   98.492826][ T7032] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   98.498303][ T7032] CPU: 1 UID: 0 PID: 7032 Comm: syz.1.251 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   98.498326][ T7032] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   98.498336][ T7032] Call Trace:
[   98.498343][ T7032]  <TASK>
[   98.498350][ T7032]  dump_stack_lvl+0x16c/0x1f0
[   98.498372][ T7032]  should_fail_ex+0x512/0x640
[   98.498400][ T7032]  _copy_to_user+0x32/0xd0
[   98.498422][ T7032]  simple_read_from_buffer+0xcb/0x170
[   98.498450][ T7032]  proc_fail_nth_read+0x197/0x270
[   98.498475][ T7032]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   98.498501][ T7032]  ? rw_verify_area+0xcf/0x680
[   98.498525][ T7032]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   98.498549][ T7032]  vfs_read+0x1e4/0xc60
[   98.498565][ T7032]  ? fdget_pos+0x2a2/0x370
[   98.498585][ T7032]  ? __pfx_vfs_read+0x10/0x10
[   98.498600][ T7032]  ? find_held_lock+0x2b/0x80
[   98.498626][ T7032]  ? __fget_files+0x20e/0x3c0
[   98.498660][ T7032]  ksys_read+0x12a/0x250
[   98.498676][ T7032]  ? __pfx_ksys_read+0x10/0x10
[   98.498694][ T7032]  ? rcu_is_watching+0x12/0xc0
[   98.498716][ T7032]  __do_fast_syscall_32+0x7c/0x3a0
[   98.498737][ T7032]  do_fast_syscall_32+0x32/0x80
[   98.498755][ T7032]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   98.498775][ T7032] RIP: 0023:0xf7fa7579
[   98.498789][ T7032] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   98.498804][ T7032] RSP: 002b:00000000f50c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   98.498819][ T7032] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50c6620
[   98.498830][ T7032] RDX: 000000000000000f RSI: 00000000f7434ff4 RDI: 0000000000000000
[   98.498839][ T7032] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   98.498847][ T7032] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[   98.498856][ T7032] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   98.498879][ T7032]  </TASK>
[   98.663823][ T7036] capability: warning: `syz.2.253' uses deprecated v2 capabilities in a way that may be insecure
[   98.667546][ T7036] FAULT_INJECTION: forcing a failure.
[   98.667546][ T7036] name failslab, interval 1, probability 0, space 0, times 0
[   98.671753][ T7036] CPU: 3 UID: 0 PID: 7036 Comm: syz.2.253 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[   98.671767][ T7036] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   98.671773][ T7036] Call Trace:
[   98.671777][ T7036]  <TASK>
[   98.671781][ T7036]  dump_stack_lvl+0x16c/0x1f0
[   98.671795][ T7036]  should_fail_ex+0x512/0x640
[   98.671806][ T7036]  ? fs_reclaim_acquire+0xae/0x150
[   98.671821][ T7036]  ? tomoyo_encode2+0x100/0x3e0
[   98.671830][ T7036]  should_failslab+0xc2/0x120
[   98.671842][ T7036]  __kmalloc_noprof+0xd2/0x510
[   98.671852][ T7036]  ? d_absolute_path+0x136/0x1a0
[   98.671867][ T7036]  tomoyo_encode2+0x100/0x3e0
[   98.671883][ T7036]  tomoyo_encode+0x29/0x50
[   98.671896][ T7036]  tomoyo_realpath_from_path+0x18f/0x6e0
[   98.671915][ T7036]  tomoyo_path_number_perm+0x245/0x580
[   98.671933][ T7036]  ? tomoyo_path_number_perm+0x237/0x580
[   98.671954][ T7036]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   98.671982][ T7036]  ? find_held_lock+0x2b/0x80
[   98.671993][ T7036]  ? hook_file_ioctl_common+0x145/0x410
[   98.672009][ T7036]  ? __fget_files+0x20e/0x3c0
[   98.672025][ T7036]  ? __fput_deferred+0x480/0x480
[   98.672039][ T7036]  security_file_ioctl_compat+0x9b/0x240
[   98.672057][ T7036]  __ia32_compat_sys_ioctl+0xc3/0x370
[   98.672073][ T7036]  __do_fast_syscall_32+0x7c/0x3a0
[   98.672086][ T7036]  do_fast_syscall_32+0x32/0x80
[   98.672096][ T7036]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   98.672109][ T7036] RIP: 0023:0xf707e579
[   98.672118][ T7036] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   98.672127][ T7036] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   98.672137][ T7036] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b49
[   98.672143][ T7036] RDX: 0000000080000440 RSI: 0000000000000000 RDI: 0000000000000000
[   98.672149][ T7036] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   98.672154][ T7036] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   98.672160][ T7036] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   98.672173][ T7036]  </TASK>
[   98.672184][ T7036] ERROR: Out of memory at tomoyo_realpath_from_path.
[   98.864810][ T7041] netlink: 48 bytes leftover after parsing attributes in process `syz.1.252'.
[  100.269242][ T7072] FAULT_INJECTION: forcing a failure.
[  100.269242][ T7072] name failslab, interval 1, probability 0, space 0, times 0
[  100.274364][ T7072] CPU: 3 UID: 0 PID: 7072 Comm: syz.3.266 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[  100.274386][ T7072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  100.274396][ T7072] Call Trace:
[  100.274403][ T7072]  <TASK>
[  100.274409][ T7072]  dump_stack_lvl+0x16c/0x1f0
[  100.274431][ T7072]  should_fail_ex+0x512/0x640
[  100.274450][ T7072]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  100.274471][ T7072]  should_failslab+0xc2/0x120
[  100.274491][ T7072]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  100.274509][ T7072]  ? __alloc_skb+0x2b2/0x380
[  100.274530][ T7072]  __alloc_skb+0x2b2/0x380
[  100.274547][ T7072]  ? __pfx___alloc_skb+0x10/0x10
[  100.274566][ T7072]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  100.274592][ T7072]  netlink_alloc_large_skb+0x69/0x130
[  100.274615][ T7072]  netlink_sendmsg+0x6a1/0xdd0
[  100.274643][ T7072]  ? __pfx_netlink_sendmsg+0x10/0x10
[  100.274666][ T7072]  ? __import_iovec+0x1dd/0x650
[  100.274692][ T7072]  ____sys_sendmsg+0xa95/0xc70
[  100.274717][ T7072]  ? __pfx_____sys_sendmsg+0x10/0x10
[  100.274738][ T7072]  ? get_compat_msghdr+0x11a/0x170
[  100.274768][ T7072]  ___sys_sendmsg+0x134/0x1d0
[  100.274788][ T7072]  ? __pfx____sys_sendmsg+0x10/0x10
[  100.274818][ T7072]  ? find_held_lock+0x2b/0x80
[  100.274853][ T7072]  __sys_sendmsg+0x16d/0x220
[  100.274872][ T7072]  ? __pfx___sys_sendmsg+0x10/0x10
[  100.274901][ T7072]  ? rcu_is_watching+0x12/0xc0
[  100.274922][ T7072]  __do_fast_syscall_32+0x7c/0x3a0
[  100.274943][ T7072]  do_fast_syscall_32+0x32/0x80
[  100.274961][ T7072]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  100.274982][ T7072] RIP: 0023:0xf7fd3579
[  100.275011][ T7072] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  100.275027][ T7072] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  100.275049][ T7072] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480
[  100.275060][ T7072] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[  100.275069][ T7072] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  100.275078][ T7072] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  100.275088][ T7072] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  100.275110][ T7072]  </TASK>
[  100.365583][    C3] vkms_vblank_simulate: vblank timer overrun
[  100.399953][ T7081] FAULT_INJECTION: forcing a failure.
[  100.399953][ T7081] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  100.404121][ T7081] CPU: 2 UID: 0 PID: 7081 Comm: syz.3.269 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[  100.404135][ T7081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  100.404141][ T7081] Call Trace:
[  100.404145][ T7081]  <TASK>
[  100.404149][ T7081]  dump_stack_lvl+0x16c/0x1f0
[  100.404164][ T7081]  should_fail_ex+0x512/0x640
[  100.404177][ T7081]  _copy_to_user+0x32/0xd0
[  100.404190][ T7081]  bpf_prog_test_run_syscall+0x4c1/0x780
[  100.404204][ T7081]  ? __pfx_bpf_prog_test_run_syscall+0x10/0x10
[  100.404216][ T7081]  ? fput+0x70/0xf0
[  100.404228][ T7081]  ? __bpf_prog_get+0x97/0x2a0
[  100.404241][ T7081]  ? __pfx_bpf_prog_test_run_syscall+0x10/0x10
[  100.404253][ T7081]  __sys_bpf+0x1707/0x4ea0
[  100.404264][ T7081]  ? __pfx___sys_bpf+0x10/0x10
[  100.404273][ T7081]  ? ksys_write+0x190/0x250
[  100.404284][ T7081]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  100.404302][ T7081]  ? fput+0x70/0xf0
[  100.404313][ T7081]  ? ksys_write+0x1ac/0x250
[  100.404322][ T7081]  ? __pfx_ksys_write+0x10/0x10
[  100.404338][ T7081]  __ia32_sys_bpf+0x76/0xe0
[  100.404347][ T7081]  __do_fast_syscall_32+0x7c/0x3a0
[  100.404359][ T7081]  do_fast_syscall_32+0x32/0x80
[  100.404370][ T7081]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  100.404382][ T7081] RIP: 0023:0xf7fd3579
[  100.404390][ T7081] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  100.404399][ T7081] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  100.404409][ T7081] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000500
[  100.404415][ T7081] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[  100.404421][ T7081] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  100.404427][ T7081] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  100.404432][ T7081] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  100.404445][ T7081]  </TASK>
[  100.530433][ T7086] input: syz1 as /devices/virtual/input/input7
[  100.610844][ T7089] netlink: 'syz.3.272': attribute type 1 has an invalid length.
[  100.613385][ T7089] netlink: 208 bytes leftover after parsing attributes in process `syz.3.272'.
[  101.410409][ T7101] netlink: 36 bytes leftover after parsing attributes in process `syz.2.275'.
[  101.482598][ T7105] FAULT_INJECTION: forcing a failure.
[  101.482598][ T7105] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  101.491727][ T7105] CPU: 2 UID: 0 PID: 7105 Comm: syz.2.277 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[  101.491742][ T7105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  101.491749][ T7105] Call Trace:
[  101.491753][ T7105]  <TASK>
[  101.491757][ T7105]  dump_stack_lvl+0x16c/0x1f0
[  101.491772][ T7105]  should_fail_ex+0x512/0x640
[  101.491785][ T7105]  strncpy_from_user+0x3b/0x2e0
[  101.491802][ T7105]  getname_flags.part.0+0x8f/0x550
[  101.491818][ T7105]  getname_flags+0x93/0xf0
[  101.491833][ T7105]  __ia32_sys_mkdirat+0x75/0xb0
[  101.491844][ T7105]  __do_fast_syscall_32+0x7c/0x3a0
[  101.491855][ T7105]  do_fast_syscall_32+0x32/0x80
[  101.491866][ T7105]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  101.491878][ T7105] RIP: 0023:0xf707e579
[  101.491886][ T7105] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  101.491896][ T7105] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000128
[  101.491906][ T7105] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080002040
[  101.491912][ T7105] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  101.491918][ T7105] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  101.491923][ T7105] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  101.491929][ T7105] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  101.491941][ T7105]  </TASK>
[  101.595696][ T7110] netlink: 24 bytes leftover after parsing attributes in process `syz.3.279'.
[  102.544273][ T7123] netlink: 8 bytes leftover after parsing attributes in process `syz.3.283'.
[  102.813173][ T7125] cgroup: fork rejected by pids controller in /syz3
[  103.366639][ T5318] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  103.369597][ T5318] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  103.372404][ T5318] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  103.375960][ T5318] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  103.378850][ T5318] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  103.405867][ T8192] lo speed is unknown, defaulting to 1000
[  103.549552][ T8287] netlink: 'syz.3.289': attribute type 10 has an invalid length.
[  104.394459][ T8192] chnl_net:caif_netlink_parms(): no params data found
[  104.484936][ T8192] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.488330][ T8192] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.490657][ T8192] bridge_slave_0: entered allmulticast mode
[  104.493498][ T8192] bridge_slave_0: entered promiscuous mode
[  104.496921][ T8192] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.499941][ T8192] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.502203][ T8192] bridge_slave_1: entered allmulticast mode
[  104.504776][ T8192] bridge_slave_1: entered promiscuous mode
[  104.552991][ T8192] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.557623][ T8192] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.602234][ T8192] team0: Port device team_slave_0 added
[  104.617196][ T8192] team0: Port device team_slave_1 added
[  104.678239][ T8192] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.680445][ T8192] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.698630][ T8192] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.706671][ T8192] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.708897][ T8192] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.725105][ T8192] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.822066][ T8192] hsr_slave_0: entered promiscuous mode
[  104.824276][ T8192] hsr_slave_1: entered promiscuous mode
[  104.828613][ T8192] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  104.830949][ T8192] Cannot create hsr debugfs directory
[  105.035148][ T8192] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  105.042718][ T8192] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  105.061329][ T8192] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  105.090975][ T8192] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  105.196231][ T8192] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.198523][ T8192] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.200978][ T8192] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.203184][ T8192] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.253708][ T8192] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.262392][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.267831][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.286906][ T8192] 8021q: adding VLAN 0 to HW filter on device team0
[  105.293894][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.296285][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.309016][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.311999][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.445251][ T5961] Bluetooth: hci3: command tx timeout
[  105.456229][ T8192] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.522552][ T8331] netlink: 'syz.3.295': attribute type 10 has an invalid length.
[  105.704076][ T8192] veth0_vlan: entered promiscuous mode
[  105.711035][ T8192] veth1_vlan: entered promiscuous mode
[  105.729747][ T8192] veth0_macvtap: entered promiscuous mode
[  105.733504][ T8192] veth1_macvtap: entered promiscuous mode
[  105.742462][ T8192] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.747932][ T8192] batman_adv: batadv0: Interface activated: batadv_slave_1
[  105.752769][ T8192] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  105.759286][ T8192] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  105.762011][ T8192] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  105.767422][ T8192] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.841629][ T8343] netlink: 'syz.3.297': attribute type 10 has an invalid length.
[  105.908692][ T8342] netlink: 48 bytes leftover after parsing attributes in process `syz.2.296'.
[  106.184911][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.188778][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.255517][   T91] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.259511][   T91] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.525081][ T5961] Bluetooth: hci3: command tx timeout
[  108.005897][ T8393] netlink: 'syz.0.308': attribute type 10 has an invalid length.
[  108.531823][ T6449] libceph: connect (1)[c::]:6789 error -101
[  108.533869][ T6449] libceph: mon0 (1)[c::]:6789 connect error
[  108.683091][ T8399] ceph: No mds server is up or the cluster is laggy
[  108.683173][ T8406] netlink: 48 bytes leftover after parsing attributes in process `syz.0.311'.
[  108.696962][ T8406] pim6reg: entered allmulticast mode
[  109.055183][ T6449] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[  109.195097][ T6449] usb 9-1: device descriptor read/64, error -71
[  109.435221][ T6449] usb 9-1: new full-speed USB device number 3 using dummy_hcd
[  109.565062][ T6449] usb 9-1: device descriptor read/64, error -71
[  109.605085][ T5961] Bluetooth: hci3: command tx timeout
[  109.617959][ T8436] netlink: 'syz.3.319': attribute type 10 has an invalid length.
[  109.675740][ T6449] usb usb9-port1: attempt power cycle
[  109.962815][ T8442] netlink: 48 bytes leftover after parsing attributes in process `syz.3.321'.
[  109.968929][ T8442] pim6reg: entered allmulticast mode
[  110.015081][ T6449] usb 9-1: new full-speed USB device number 4 using dummy_hcd
[  110.035767][ T6449] usb 9-1: device descriptor read/8, error -71
[  110.223199][ T6862] libceph: connect (1)[c::]:6789 error -101
[  110.225321][ T6862] libceph: mon0 (1)[c::]:6789 connect error
[  110.285099][ T6449] usb 9-1: new full-speed USB device number 5 using dummy_hcd
[  110.322578][ T6449] usb 9-1: device descriptor read/8, error -71
[  110.385257][ T8448] ceph: No mds server is up or the cluster is laggy
[  110.456605][ T6449] usb usb9-port1: unable to enumerate USB device
[  110.457085][ T8458] FAULT_INJECTION: forcing a failure.
[  110.457085][ T8458] name failslab, interval 1, probability 0, space 0, times 0
[  110.462586][ T8458] CPU: 1 UID: 0 PID: 8458 Comm: syz.0.325 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[  110.462599][ T8458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  110.462606][ T8458] Call Trace:
[  110.462610][ T8458]  <TASK>
[  110.462615][ T8458]  dump_stack_lvl+0x16c/0x1f0
[  110.462629][ T8458]  should_fail_ex+0x512/0x640
[  110.462640][ T8458]  ? __kmalloc_noprof+0xbf/0x510
[  110.462651][ T8458]  ? bpf_test_init.isra.0+0x9e/0x140
[  110.462661][ T8458]  should_failslab+0xc2/0x120
[  110.462673][ T8458]  __kmalloc_noprof+0xd2/0x510
[  110.462686][ T8458]  bpf_test_init.isra.0+0x9e/0x140
[  110.462698][ T8458]  bpf_prog_test_run_skb+0x245/0x2280
[  110.462710][ T8458]  ? __fget_files+0x204/0x3c0
[  110.462729][ T8458]  ? __fget_files+0x20e/0x3c0
[  110.462743][ T8458]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  110.462757][ T8458]  ? fput+0x70/0xf0
[  110.462769][ T8458]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  110.462781][ T8458]  __sys_bpf+0x1707/0x4ea0
[  110.462796][ T8458]  ? __pfx___sys_bpf+0x10/0x10
[  110.462809][ T8458]  ? ksys_write+0x190/0x250
[  110.462825][ T8458]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  110.462852][ T8458]  ? fput+0x70/0xf0
[  110.462868][ T8458]  ? ksys_write+0x1ac/0x250
[  110.462881][ T8458]  ? __pfx_ksys_write+0x10/0x10
[  110.462896][ T8458]  __ia32_sys_bpf+0x76/0xe0
[  110.462909][ T8458]  __do_fast_syscall_32+0x7c/0x3a0
[  110.462925][ T8458]  do_fast_syscall_32+0x32/0x80
[  110.462938][ T8458]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  110.462955][ T8458] RIP: 0023:0xf7f34579
[  110.462965][ T8458] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  110.462977][ T8458] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  110.462992][ T8458] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000240
[  110.463000][ T8458] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  110.463009][ T8458] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  110.463017][ T8458] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  110.463026][ T8458] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  110.463045][ T8458]  </TASK>
[  110.535881][ T1325] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  110.665135][ T1325] usb 8-1: device descriptor read/64, error -71
[  110.915133][ T1325] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  111.045512][ T1325] usb 8-1: device descriptor read/64, error -71
[  111.155371][ T1325] usb usb8-port1: attempt power cycle
[  111.456840][ T8478] netlink: 'syz.2.330': attribute type 10 has an invalid length.
[  111.484930][ T8480] netlink: 48 bytes leftover after parsing attributes in process `syz.2.331'.
[  111.491135][ T8480] pim6reg: entered allmulticast mode
[  111.601647][ T1325] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  111.625519][ T1325] usb 8-1: device descriptor read/8, error -71
[  111.695206][ T5961] Bluetooth: hci3: command tx timeout
[  112.020128][ T1325] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  112.075563][ T1325] usb 8-1: device descriptor read/8, error -71
[  112.189049][ T1325] usb usb8-port1: unable to enumerate USB device
[  113.313980][ T8520] trusted_key: encrypted_key: insufficient parameters specified
[  113.352835][ T8521] netdevsim netdevsim3: Direct firmware load for @ failed with error -2
[  113.355626][ T8521] netdevsim netdevsim3: Falling back to sysfs fallback for: @
[  114.972105][ T8553] netlink: 'syz.3.347': attribute type 10 has an invalid length.
[  115.206117][ T8557] netlink: 48 bytes leftover after parsing attributes in process `syz.3.349'.
[  115.658600][ T8569] netdevsim netdevsim4: Direct firmware load for @ failed with error -2
[  115.661327][ T8569] netdevsim netdevsim4: Falling back to sysfs fallback for: @
[  115.843614][ T6458] libceph: connect (1)[c::]:6789 error -101
[  115.845632][ T6458] libceph: mon0 (1)[c::]:6789 connect error
[  115.996520][ T8571] ceph: No mds server is up or the cluster is laggy
[  116.217692][ T8582] netlink: 'syz.0.356': attribute type 10 has an invalid length.
[  117.657734][ T6020] libceph: connect (1)[c::]:6789 error -101
[  117.659724][ T6020] libceph: mon0 (1)[c::]:6789 connect error
[  117.723202][ T8618] netlink: 48 bytes leftover after parsing attributes in process `syz.2.363'.
[  117.811036][ T8615] ceph: No mds server is up or the cluster is laggy
[  118.292165][ T8630] netdevsim netdevsim4: Direct firmware load for @ failed with error -2
[  118.294747][ T8630] netdevsim netdevsim4: Falling back to sysfs fallback for: @
[  118.709535][ T8640] netlink: 'syz.3.371': attribute type 10 has an invalid length.
[  118.890386][ T5993] libceph: connect (1)[c::]:6789 error -101
[  118.892283][ T5993] libceph: mon0 (1)[c::]:6789 connect error
[  119.030952][ T8648] ceph: No mds server is up or the cluster is laggy
[  119.636844][ T8670] netlink: 48 bytes leftover after parsing attributes in process `syz.2.377'.
[  120.008469][ T8678] netlink: 'syz.4.380': attribute type 10 has an invalid length.
[  120.015352][ T8678] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  120.689429][ T8696] netdevsim netdevsim4: Direct firmware load for @ failed with error -2
[  120.694280][ T8696] netdevsim netdevsim4: Falling back to sysfs fallback for: @
[  120.981128][ T6458] libceph: connect (1)[c::]:6789 error -101
[  120.983274][ T6458] libceph: mon0 (1)[c::]:6789 connect error
[  121.246347][ T6458] libceph: connect (1)[c::]:6789 error -101
[  121.248282][ T6458] libceph: mon0 (1)[c::]:6789 connect error
[  121.757420][ T6458] libceph: connect (1)[c::]:6789 error -101
[  121.759494][ T6458] libceph: mon0 (1)[c::]:6789 connect error
[  121.806298][ T8699] ceph: No mds server is up or the cluster is laggy
[  121.809625][ T8721] netlink: 'syz.0.390': attribute type 10 has an invalid length.
[  121.959576][ T8725] netlink: 48 bytes leftover after parsing attributes in process `syz.3.392'.
[  123.087241][ T8742] netdevsim netdevsim2: Direct firmware load for @ failed with error -2
[  123.090129][ T8742] netdevsim netdevsim2: Falling back to sysfs fallback for: @
[  123.996529][ T8762] netlink: 'syz.2.403': attribute type 10 has an invalid length.
[  124.076684][ T6449] libceph: connect (1)[c::]:6789 error -101
[  124.078544][ T6449] libceph: mon0 (1)[c::]:6789 connect error
[  124.336152][ T6449] libceph: connect (1)[c::]:6789 error -101
[  124.338185][ T6449] libceph: mon0 (1)[c::]:6789 connect error
[  124.845335][ T6449] libceph: connect (1)[c::]:6789 error -101
[  124.847886][ T6449] libceph: mon0 (1)[c::]:6789 connect error
[  124.902471][ T8767] ceph: No mds server is up or the cluster is laggy
[  125.073457][ T8781] netdevsim netdevsim3: Direct firmware load for @ failed with error -2
[  125.076200][ T8781] netdevsim netdevsim3: Falling back to sysfs fallback for: @
[  125.452308][ T8788] netlink: 48 bytes leftover after parsing attributes in process `syz.4.409'.
[  125.859544][ T8803] netlink: 'syz.0.412': attribute type 10 has an invalid length.
[  126.681546][ T5993] libceph: connect (1)[c::]:6789 error -101
[  126.683978][ T5993] libceph: mon0 (1)[c::]:6789 connect error
[  127.107020][ T5993] libceph: connect (1)[c::]:6789 error -101
[  127.108951][ T5993] libceph: mon0 (1)[c::]:6789 connect error
[  127.495646][ T8819] ceph: No mds server is up or the cluster is laggy
[  127.761677][ T8847] netlink: 'syz.4.424': attribute type 10 has an invalid length.
[  129.031460][ T6020] libceph: connect (1)[c::]:6789 error -101
[  129.033528][ T6020] libceph: mon0 (1)[c::]:6789 connect error
[  129.295198][ T6020] libceph: connect (1)[c::]:6789 error -101
[  129.297261][ T6020] libceph: mon0 (1)[c::]:6789 connect error
[  129.746100][ T8887] netdevsim netdevsim2: Direct firmware load for @ failed with error -2
[  129.749669][ T8887] netdevsim netdevsim2: Falling back to sysfs fallback for: @
[  129.787085][ T8892] netlink: 'syz.3.434': attribute type 10 has an invalid length.
[  129.805673][ T6020] libceph: connect (1)[c::]:6789 error -101
[  129.810322][ T6020] libceph: mon0 (1)[c::]:6789 connect error
[  129.858556][ T8876] ceph: No mds server is up or the cluster is laggy
[  131.449060][ T5993] libceph: connect (1)[c::]:6789 error -101
[  131.451034][ T5993] libceph: mon0 (1)[c::]:6789 connect error
[  131.705475][ T5993] libceph: connect (1)[c::]:6789 error -101
[  131.708187][ T5993] libceph: mon0 (1)[c::]:6789 connect error
[  132.103437][ T8937] netdevsim netdevsim3: Direct firmware load for @ failed with error -2
[  132.106621][ T8937] netdevsim netdevsim3: Falling back to sysfs fallback for: @
[  132.215974][ T5993] libceph: connect (1)[c::]:6789 error -101
[  132.217939][ T5993] libceph: mon0 (1)[c::]:6789 connect error
[  132.247553][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[  132.249839][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[  132.278545][ T8922] ceph: No mds server is up or the cluster is laggy
[  132.530772][ T8940] netlink: 'syz.4.446': attribute type 10 has an invalid length.
[  133.925660][ T8975] netlink: 'syz.4.456': attribute type 10 has an invalid length.
[  134.001054][ T6449] libceph: connect (1)[c::]:6789 error -101
[  134.003089][ T6449] libceph: mon0 (1)[c::]:6789 connect error
[  134.265354][ T6449] libceph: connect (1)[c::]:6789 error -101
[  134.267311][ T6449] libceph: mon0 (1)[c::]:6789 connect error
[  134.721312][ T8994] netdevsim netdevsim2: Direct firmware load for @ failed with error -2
[  134.723986][ T8994] netdevsim netdevsim2: Falling back to sysfs fallback for: @
[  134.785319][ T6449] libceph: connect (1)[c::]:6789 error -101
[  134.787277][ T6449] libceph: mon0 (1)[c::]:6789 connect error
[  134.807153][ T8982] ceph: No mds server is up or the cluster is laggy
[  135.517000][ T9011] netlink: 'syz.2.465': attribute type 10 has an invalid length.
[  136.384110][ T9034] netlink: 48 bytes leftover after parsing attributes in process `syz.0.469'.
[  136.625254][ T1325] libceph: connect (1)[c::]:6789 error -101
[  136.627292][ T1325] libceph: mon0 (1)[c::]:6789 connect error
[  136.885270][ T1325] libceph: connect (1)[c::]:6789 error -101
[  136.887805][ T1325] libceph: mon0 (1)[c::]:6789 connect error
[  137.017530][ T9047] netdevsim netdevsim3: Direct firmware load for @ failed with error -2
[  137.020278][ T9047] netdevsim netdevsim3: Falling back to sysfs fallback for: @
[  137.294299][ T9052] netlink: 'syz.0.474': attribute type 10 has an invalid length.
[  137.395676][ T1325] libceph: connect (1)[c::]:6789 error -101
[  137.397734][ T1325] libceph: mon0 (1)[c::]:6789 connect error
[  137.451661][ T9040] ceph: No mds server is up or the cluster is laggy
[  138.771373][ T9087] netlink: 48 bytes leftover after parsing attributes in process `syz.3.482'.
[  139.212211][ T1325] libceph: connect (1)[c::]:6789 error -101
[  139.214268][ T1325] libceph: mon0 (1)[c::]:6789 connect error
[  139.477786][ T1325] libceph: connect (1)[c::]:6789 error -101
[  139.479588][ T1325] libceph: mon0 (1)[c::]:6789 connect error
[  139.600212][ T9100] netlink: 'syz.4.486': attribute type 10 has an invalid length.
[  139.629526][ T9101] netdevsim netdevsim2: Direct firmware load for @ failed with error -2
[  139.631945][ T9101] netdevsim netdevsim2: Falling back to sysfs fallback for: @
[  139.985184][ T1325] libceph: connect (1)[c::]:6789 error -101
[  139.987100][ T1325] libceph: mon0 (1)[c::]:6789 connect error
[  140.038185][ T9092] ceph: No mds server is up or the cluster is laggy
[  141.363126][ T9142] netlink: 'syz.2.496': attribute type 10 has an invalid length.
[  141.501074][ T9144] netlink: 48 bytes leftover after parsing attributes in process `syz.3.497'.
[  141.642197][ T9148] netdevsim netdevsim2: Direct firmware load for @ failed with error -2
[  141.644836][ T9148] netdevsim netdevsim2: Falling back to sysfs fallback for: @
[  142.408692][ T6454] libceph: connect (1)[c::]:6789 error -101
[  142.410727][ T6454] libceph: mon0 (1)[c::]:6789 connect error
[  142.665434][ T6454] libceph: connect (1)[c::]:6789 error -101
[  142.668246][ T6454] libceph: mon0 (1)[c::]:6789 connect error
[  143.175267][ T6454] libceph: connect (1)[c::]:6789 error -101
[  143.177241][ T6454] libceph: mon0 (1)[c::]:6789 connect error
[  143.237762][ T9163] ceph: No mds server is up or the cluster is laggy
[  143.620718][ T9186] netlink: 'syz.3.508': attribute type 10 has an invalid length.
[  145.044629][ T9221] netlink: 'syz.0.518': attribute type 10 has an invalid length.
[  147.343035][ T9262] netlink: 'syz.2.529': attribute type 10 has an invalid length.
[  147.544842][ T9273] netdevsim netdevsim3: Direct firmware load for @ failed with error -2
[  147.547496][ T9273] netdevsim netdevsim3: Falling back to sysfs fallback for: @
[  149.895658][ T9318] netlink: 'syz.0.543': attribute type 10 has an invalid length.
[  149.903794][ T9320] netdevsim netdevsim4: Direct firmware load for @ failed with error -2
[  149.906682][ T9320] netdevsim netdevsim4: Falling back to sysfs fallback for: @
[  152.110889][ T9360] netlink: 'syz.3.554': attribute type 10 has an invalid length.
[  152.203946][ T9365] netdevsim netdevsim2: Direct firmware load for @ failed with error -2
[  152.208225][ T9365] netdevsim netdevsim2: Falling back to sysfs fallback for: @
[  153.434834][ T9395] netlink: 'syz.0.564': attribute type 10 has an invalid length.
[  154.486037][ T9412] netdevsim netdevsim2: Direct firmware load for @ failed with error -2
[  154.492755][ T9412] netdevsim netdevsim2: Falling back to sysfs fallback for: @
[  155.566426][ T9437] netlink: 'syz.4.575': attribute type 10 has an invalid length.
[  157.160011][ T9474] netlink: 'syz.4.584': attribute type 10 has an invalid length.
[  158.045199][ T9490] FAULT_INJECTION: forcing a failure.
[  158.045199][ T9490] name failslab, interval 1, probability 0, space 0, times 0
[  158.050855][ T9490] CPU: 2 UID: 0 PID: 9490 Comm: syz.3.589 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[  158.050879][ T9490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  158.050890][ T9490] Call Trace:
[  158.050896][ T9490]  <TASK>
[  158.050903][ T9490]  dump_stack_lvl+0x16c/0x1f0
[  158.050926][ T9490]  should_fail_ex+0x512/0x640
[  158.050943][ T9490]  ? __kmalloc_noprof+0xbf/0x510
[  158.050964][ T9490]  ? fuse_dev_do_write+0x1c50/0x3420
[  158.050988][ T9490]  should_failslab+0xc2/0x120
[  158.051009][ T9490]  __kmalloc_noprof+0xd2/0x510
[  158.051026][ T9490]  ? fuse_copy_do+0x31b/0x430
[  158.051051][ T9490]  fuse_dev_do_write+0x1c50/0x3420
[  158.051076][ T9490]  ? _parse_integer_limit+0x17f/0x1d0
[  158.051107][ T9490]  ? __pfx_fuse_dev_do_write+0x10/0x10
[  158.051135][ T9490]  ? aa_file_perm+0x4c7/0xfb0
[  158.051157][ T9490]  ? aa_file_perm+0x4d6/0xfb0
[  158.051190][ T9490]  ? __asan_memset+0x23/0x50
[  158.051218][ T9490]  fuse_dev_write+0x155/0x1e0
[  158.051242][ T9490]  ? __pfx_fuse_dev_write+0x10/0x10
[  158.051275][ T9490]  ? bpf_lsm_file_permission+0x9/0x10
[  158.051297][ T9490]  ? security_file_permission+0x71/0x210
[  158.051324][ T9490]  ? rw_verify_area+0xcf/0x680
[  158.051353][ T9490]  vfs_write+0x6c4/0x1150
[  158.051370][ T9490]  ? __pfx_fuse_dev_write+0x10/0x10
[  158.051398][ T9490]  ? __pfx_vfs_write+0x10/0x10
[  158.051412][ T9490]  ? find_held_lock+0x2b/0x80
[  158.051452][ T9490]  ksys_write+0x12a/0x250
[  158.051468][ T9490]  ? __pfx_ksys_write+0x10/0x10
[  158.051487][ T9490]  ? rcu_is_watching+0x12/0xc0
[  158.051510][ T9490]  __do_fast_syscall_32+0x7c/0x3a0
[  158.051536][ T9490]  do_fast_syscall_32+0x32/0x80
[  158.051554][ T9490]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  158.051575][ T9490] RIP: 0023:0xf7fd3579
[  158.051589][ T9490] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  158.051605][ T9490] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  158.051622][ T9490] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  158.051633][ T9490] RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000000
[  158.051642][ T9490] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  158.051652][ T9490] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  158.051662][ T9490] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  158.051685][ T9490]  </TASK>
[  159.034289][ T9512] netlink: 'syz.2.595': attribute type 10 has an invalid length.
[  159.208898][ T9517] netdevsim netdevsim3: Direct firmware load for @ failed with error -2
[  159.213365][ T9517] netdevsim netdevsim3: Falling back to sysfs fallback for: @
[  162.992364][ T9588] lo speed is unknown, defaulting to 1000
[  163.068552][ T9593] warning: `syz.2.617' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  163.800325][ T9607] FAULT_INJECTION: forcing a failure.
[  163.800325][ T9607] name failslab, interval 1, probability 0, space 0, times 0
[  163.804270][ T9607] CPU: 1 UID: 0 PID: 9607 Comm: syz.2.622 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[  163.804310][ T9607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  163.804317][ T9607] Call Trace:
[  163.804321][ T9607]  <TASK>
[  163.804326][ T9607]  dump_stack_lvl+0x16c/0x1f0
[  163.804341][ T9607]  should_fail_ex+0x512/0x640
[  163.804352][ T9607]  ? fs_reclaim_acquire+0xae/0x150
[  163.804367][ T9607]  ? tomoyo_encode2+0x100/0x3e0
[  163.804376][ T9607]  should_failslab+0xc2/0x120
[  163.804388][ T9607]  __kmalloc_noprof+0xd2/0x510
[  163.804400][ T9607]  ? d_absolute_path+0x136/0x1a0
[  163.804414][ T9607]  tomoyo_encode2+0x100/0x3e0
[  163.804425][ T9607]  tomoyo_encode+0x29/0x50
[  163.804434][ T9607]  tomoyo_realpath_from_path+0x18f/0x6e0
[  163.804448][ T9607]  tomoyo_path_number_perm+0x245/0x580
[  163.804461][ T9607]  ? tomoyo_path_number_perm+0x237/0x580
[  163.804480][ T9607]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  163.804508][ T9607]  ? find_held_lock+0x2b/0x80
[  163.804519][ T9607]  ? hook_file_ioctl_common+0x145/0x410
[  163.804536][ T9607]  ? __fget_files+0x20e/0x3c0
[  163.804551][ T9607]  ? __fput_deferred+0x480/0x480
[  163.804565][ T9607]  security_file_ioctl_compat+0x9b/0x240
[  163.804581][ T9607]  __ia32_compat_sys_ioctl+0xc3/0x370
[  163.804597][ T9607]  __do_fast_syscall_32+0x7c/0x3a0
[  163.804609][ T9607]  do_fast_syscall_32+0x32/0x80
[  163.804620][ T9607]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  163.804632][ T9607] RIP: 0023:0xf707e579
[  163.804641][ T9607] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  163.804651][ T9607] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  163.804661][ T9607] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c008ae05
[  163.804668][ T9607] RDX: 0000000080000780 RSI: 0000000000000000 RDI: 0000000000000000
[  163.804673][ T9607] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  163.804679][ T9607] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  163.804685][ T9607] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  163.804698][ T9607]  </TASK>
[  163.804708][ T9607] ERROR: Out of memory at tomoyo_realpath_from_path.
[  167.298698][ T9677] ubi: mtd0 is already attached to ubi31
[  170.329197][ T9710] netlink: 'syz.4.651': attribute type 10 has an invalid length.
[  171.742885][ T9722] ubi: mtd0 is already attached to ubi31
[  172.687792][ T9746] netlink: 'syz.4.661': attribute type 10 has an invalid length.
[  174.825782][ T9773] ubi: mtd0 is already attached to ubi31
[  174.869237][ T9776] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.966229][ T9776] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.049990][ T9776] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.115144][ T6453] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  175.172782][ T9776] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.549942][ T9776] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  175.557524][ T9776] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  175.564551][ T9776] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  175.571573][ T9776] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  175.595090][ T6453] usb 9-1: Using ep0 maxpacket: 16
[  175.673712][ T6453] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  175.685837][ T6453] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  175.689967][ T6453] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  175.693967][ T6453] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  175.697339][ T6453] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.702675][ T6453] usb 9-1: config 0 descriptor??
[  175.718221][ T9787] netlink: 'syz.0.671': attribute type 10 has an invalid length.
[  176.204117][ T6453] shield 0003:0955:7214.0003: unknown main item tag 0x0
[  176.212704][ T6453] shield 0003:0955:7214.0003: unknown main item tag 0x0
[  176.216614][ T6453] shield 0003:0955:7214.0003: unknown main item tag 0x0
[  176.220810][ T6453] shield 0003:0955:7214.0003: unknown main item tag 0x0
[  176.224026][ T6453] shield 0003:0955:7214.0003: unknown main item tag 0x0
[  176.250669][ T6453] input: HID 0955:7214 Haptics as /devices/virtual/input/input8
[  176.361793][ T9776] random: crng reseeded on system resumption
[  176.490489][ T6453] shield 0003:0955:7214.0003: Registered Thunderstrike controller
[  176.539164][ T6453] shield 0003:0955:7214.0003: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0
[  176.659386][ T6454] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  176.715147][ T6454] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  176.754218][ T6454] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  176.772319][ T6453] usb 9-1: USB disconnect, device number 6
[  176.779898][ T6454] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  178.268529][ T9824] ubi: mtd0 is already attached to ubi31
[  179.715148][ T6453] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  179.865061][ T6453] usb 5-1: Using ep0 maxpacket: 16
[  179.867966][ T6453] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  179.872170][ T6453] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  179.876165][ T6453] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  179.880567][ T6453] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  179.883706][ T6453] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.892067][ T6453] usb 5-1: config 0 descriptor??
[  180.319215][ T6453] shield 0003:0955:7214.0004: unknown main item tag 0x0
[  180.321401][ T6453] shield 0003:0955:7214.0004: unknown main item tag 0x0
[  180.327856][ T6453] shield 0003:0955:7214.0004: unknown main item tag 0x0
[  180.330650][ T6453] shield 0003:0955:7214.0004: unknown main item tag 0x0
[  180.333439][ T6453] shield 0003:0955:7214.0004: unknown main item tag 0x0
[  180.340964][ T6453] input: HID 0955:7214 Haptics as /devices/virtual/input/input9
[  180.353932][ T6453] shield 0003:0955:7214.0004: Registered Thunderstrike controller
[  180.359040][ T6453] shield 0003:0955:7214.0004: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0
[  180.518254][ T9839] random: crng reseeded on system resumption
[  180.527127][ T6862] usb 5-1: USB disconnect, device number 4
[  180.535119][ T6862] ------------[ cut here ]------------
[  180.536844][ T6862] workqueue: work disable count underflowed
[  180.538714][ T6862] WARNING: CPU: 3 PID: 6862 at kernel/workqueue.c:4328 enable_work+0x2f8/0x340
[  180.541585][ T6862] Modules linked in:
[  180.543335][ T6862] CPU: 3 UID: 0 PID: 6862 Comm: kworker/3:16 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[  180.548756][ T6862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  180.552091][ T6862] Workqueue: usb_hub_wq hub_event
[  180.553708][ T6862] RIP: 0010:enable_work+0x2f8/0x340
[  180.555332][ T6862] Code: 89 ee e8 3b c0 37 00 45 84 ed 0f 85 29 fe ff ff e8 4d c5 37 00 c6 05 bd 16 0e 0f 01 90 48 c7 c7 40 08 ac 8b e8 d9 1f f7 ff 90 <0f> 0b 90 90 e9 06 fe ff ff 48 89 ef e8 27 21 9c 00 e9 aa fe ff ff
[  180.561287][ T6862] RSP: 0018:ffffc900044973c8 EFLAGS: 00010086
[  180.563167][ T6862] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9002f97d000
[  180.565689][ T6862] RDX: 0000000000100000 RSI: ffffffff817ab115 RDI: 0000000000000001
[  180.568158][ T6862] RBP: ffff888044ebf730 R08: 0000000000000001 R09: 0000000000000000
[  180.570655][ T6862] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff92000892e7a
[  180.573127][ T6862] R13: 0000000000000000 R14: ffff888044ebf728 R15: ffffffff8fe66880
[  180.575586][ T6862] FS:  0000000000000000(0000) GS:ffff88809782d000(0000) knlGS:0000000000000000
[  180.578367][ T6862] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  180.580513][ T6862] CR2: 000000002fd1bff8 CR3: 000000006da55000 CR4: 0000000000352ef0
[  180.583062][ T6862] Call Trace:
[  180.584514][ T6862]  <TASK>
[  180.585884][ T6862]  ? __pfx_enable_work+0x10/0x10
[  180.588014][ T6862]  ? __thermal_zone_cdev_unbind+0x6c/0x6a0
[  180.590518][ T6862]  __cancel_work_sync+0xe7/0x130
[  180.592662][ T6862]  thermal_zone_device_unregister+0x239/0x450
[  180.595263][ T6862]  ? __pfx_shield_remove+0x10/0x10
[  180.597527][ T6862]  power_supply_unregister+0x10a/0x150
[  180.599884][ T6862]  shield_remove+0x75/0x130
[  180.601862][ T6862]  ? __pfx_shield_remove+0x10/0x10
[  180.603974][ T6862]  hid_device_remove+0xce/0x260
[  180.605549][ T6862]  ? __pfx_hid_device_remove+0x10/0x10
[  180.607213][ T6862]  device_remove+0xcb/0x170
[  180.608674][ T6862]  device_release_driver_internal+0x44b/0x620
[  180.610557][ T6862]  bus_remove_device+0x22f/0x420
[  180.612097][ T6862]  device_del+0x396/0x9f0
[  180.613473][ T6862]  ? __pfx_device_del+0x10/0x10
[  180.614994][ T6862]  ? do_raw_spin_lock+0x12c/0x2b0
[  180.616589][ T6862]  hid_destroy_device+0x19c/0x240
[  180.618151][ T6862]  usbhid_disconnect+0xa0/0xe0
[  180.619650][ T6862]  usb_unbind_interface+0x1dd/0x9a0
[  180.621316][ T6862]  ? kernfs_remove_by_name_ns+0xbe/0x110
[  180.623058][ T6862]  ? __pfx_usb_unbind_interface+0x10/0x10
[  180.624845][ T6862]  device_remove+0x122/0x170
[  180.626295][ T6862]  device_release_driver_internal+0x44b/0x620
[  180.628237][ T6862]  bus_remove_device+0x22f/0x420
[  180.629797][ T6862]  device_del+0x396/0x9f0
[  180.631147][ T6862]  ? __pfx_device_del+0x10/0x10
[  180.632679][ T6862]  ? kobject_put+0x210/0x5a0
[  180.634117][ T6862]  usb_disable_device+0x355/0x7d0
[  180.635684][ T6862]  usb_disconnect+0x2e1/0x9c0
[  180.637177][ T6862]  hub_event+0x1c81/0x4fe0
[  180.638592][ T6862]  ? __lock_acquire+0xb8a/0x1c90
[  180.640154][ T6862]  ? __pfx_hub_event+0x10/0x10
[  180.641658][ T6862]  ? sm3_block_generic+0x2d00/0x35e0
[  180.643296][ T6862]  ? finish_task_switch.isra.0+0x221/0xc10
[  180.645105][ T6862]  ? rcu_is_watching+0x12/0xc0
[  180.646604][ T6862]  process_one_work+0x9cf/0x1b70
[  180.648174][ T6862]  ? __pfx_process_one_work+0x10/0x10
[  180.649865][ T6862]  ? assign_work+0x1a0/0x250
[  180.651313][ T6862]  worker_thread+0x6c8/0xf10
[  180.652793][ T6862]  ? __pfx_worker_thread+0x10/0x10
[  180.654402][ T6862]  kthread+0x3c2/0x780
[  180.655687][ T6862]  ? __pfx_kthread+0x10/0x10
[  180.657159][ T6862]  ? rcu_is_watching+0x12/0xc0
[  180.658676][ T6862]  ? __pfx_kthread+0x10/0x10
[  180.660145][ T6862]  ret_from_fork+0x5d4/0x6f0
[  180.661602][ T6862]  ? __pfx_kthread+0x10/0x10
[  180.663043][ T6862]  ret_from_fork_asm+0x1a/0x30
[  180.664555][ T6862]  </TASK>
[  180.665532][ T6862] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  180.667776][ T6862] CPU: 3 UID: 0 PID: 6862 Comm: kworker/3:16 Not tainted 6.16.0-rc7-syzkaller-00093-g94ce1ac2c9b4 #0 PREEMPT(full) 
[  180.671481][ T6862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  180.674840][ T6862] Workqueue: usb_hub_wq hub_event
[  180.676441][ T6862] Call Trace:
[  180.677530][ T6862]  <TASK>
[  180.678467][ T6862]  dump_stack_lvl+0x3d/0x1f0
[  180.679900][ T6862]  panic+0x71c/0x800
[  180.681149][ T6862]  ? __pfx_panic+0x10/0x10
[  180.682549][ T6862]  ? show_trace_log_lvl+0x29b/0x3e0
[  180.684184][ T6862]  ? enable_work+0x2f8/0x340
[  180.685630][ T6862]  check_panic_on_warn+0xab/0xb0
[  180.687180][ T6862]  __warn+0xf6/0x3c0
[  180.688435][ T6862]  ? enable_work+0x2f8/0x340
[  180.689895][ T6862]  report_bug+0x3c3/0x580
[  180.691252][ T6862]  ? enable_work+0x2f8/0x340
[  180.692744][ T6862]  handle_bug+0x184/0x210
[  180.694099][ T6862]  exc_invalid_op+0x17/0x50
[  180.695501][ T6862]  asm_exc_invalid_op+0x1a/0x20
[  180.697039][ T6862] RIP: 0010:enable_work+0x2f8/0x340
[  180.698697][ T6862] Code: 89 ee e8 3b c0 37 00 45 84 ed 0f 85 29 fe ff ff e8 4d c5 37 00 c6 05 bd 16 0e 0f 01 90 48 c7 c7 40 08 ac 8b e8 d9 1f f7 ff 90 <0f> 0b 90 90 e9 06 fe ff ff 48 89 ef e8 27 21 9c 00 e9 aa fe ff ff
[  180.704578][ T6862] RSP: 0018:ffffc900044973c8 EFLAGS: 00010086
[  180.706469][ T6862] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9002f97d000
[  180.708922][ T6862] RDX: 0000000000100000 RSI: ffffffff817ab115 RDI: 0000000000000001
[  180.711362][ T6862] RBP: ffff888044ebf730 R08: 0000000000000001 R09: 0000000000000000
[  180.713821][ T6862] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff92000892e7a
[  180.716302][ T6862] R13: 0000000000000000 R14: ffff888044ebf728 R15: ffffffff8fe66880
[  180.718745][ T6862]  ? __warn_printk+0x1a5/0x350
[  180.720252][ T6862]  ? enable_work+0x2f7/0x340
[  180.721691][ T6862]  ? __pfx_enable_work+0x10/0x10
[  180.723231][ T6862]  ? __thermal_zone_cdev_unbind+0x6c/0x6a0
[  180.725058][ T6862]  __cancel_work_sync+0xe7/0x130
[  180.726615][ T6862]  thermal_zone_device_unregister+0x239/0x450
[  180.728523][ T6862]  ? __pfx_shield_remove+0x10/0x10
[  180.730126][ T6862]  power_supply_unregister+0x10a/0x150
[  180.731717][ T6862]  shield_remove+0x75/0x130
[  180.733115][ T6862]  ? __pfx_shield_remove+0x10/0x10
[  180.734742][ T6862]  hid_device_remove+0xce/0x260
[  180.736404][ T6862]  ? __pfx_hid_device_remove+0x10/0x10
[  180.738155][ T6862]  device_remove+0xcb/0x170
[  180.739690][ T6862]  device_release_driver_internal+0x44b/0x620
[  180.741609][ T6862]  bus_remove_device+0x22f/0x420
[  180.743194][ T6862]  device_del+0x396/0x9f0
[  180.744577][ T6862]  ? __pfx_device_del+0x10/0x10
[  180.746134][ T6862]  ? do_raw_spin_lock+0x12c/0x2b0
[  180.747728][ T6862]  hid_destroy_device+0x19c/0x240
[  180.749360][ T6862]  usbhid_disconnect+0xa0/0xe0
[  180.750873][ T6862]  usb_unbind_interface+0x1dd/0x9a0
[  180.752514][ T6862]  ? kernfs_remove_by_name_ns+0xbe/0x110
[  180.754247][ T6862]  ? __pfx_usb_unbind_interface+0x10/0x10
[  180.755852][ T6862]  device_remove+0x122/0x170
[  180.757352][ T6862]  device_release_driver_internal+0x44b/0x620
[  180.759233][ T6862]  bus_remove_device+0x22f/0x420
[  180.760792][ T6862]  device_del+0x396/0x9f0
[  180.762144][ T6862]  ? __pfx_device_del+0x10/0x10
[  180.763656][ T6862]  ? kobject_put+0x210/0x5a0
[  180.765123][ T6862]  usb_disable_device+0x355/0x7d0
[  180.766717][ T6862]  usb_disconnect+0x2e1/0x9c0
[  180.768222][ T6862]  hub_event+0x1c81/0x4fe0
[  180.769664][ T6862]  ? __lock_acquire+0xb8a/0x1c90
[  180.771213][ T6862]  ? __pfx_hub_event+0x10/0x10
[  180.772761][ T6862]  ? sm3_block_generic+0x2d00/0x35e0
[  180.774413][ T6862]  ? finish_task_switch.isra.0+0x221/0xc10
[  180.776269][ T6862]  ? rcu_is_watching+0x12/0xc0
[  180.777800][ T6862]  process_one_work+0x9cf/0x1b70
[  180.779360][ T6862]  ? __pfx_process_one_work+0x10/0x10
[  180.781086][ T6862]  ? assign_work+0x1a0/0x250
[  180.782551][ T6862]  worker_thread+0x6c8/0xf10
[  180.783998][ T6862]  ? __pfx_worker_thread+0x10/0x10
[  180.785610][ T6862]  kthread+0x3c2/0x780
[  180.786904][ T6862]  ? __pfx_kthread+0x10/0x10
[  180.788430][ T6862]  ? rcu_is_watching+0x12/0xc0
[  180.789999][ T6862]  ? __pfx_kthread+0x10/0x10
[  180.791486][ T6862]  ret_from_fork+0x5d4/0x6f0
[  180.792970][ T6862]  ? __pfx_kthread+0x10/0x10
[  180.794421][ T6862]  ret_from_fork_asm+0x1a/0x30
[  180.795918][ T6862]  </TASK>
[  180.797612][ T6862] Kernel Offset: disabled
[  180.798967][ T6862] Rebooting in 86400 seconds..

VM DIAGNOSIS:
06:57:12  Registers:
info registers vcpu 0

CPU#0
RAX=00000002000008fd RBX=ffff8880226aa440 RCX=0000000000000830 RDX=0000000000000002
RSI=00000000000000fd RDI=0000000000000002 RBP=0000000000000008 RSP=ffffc90002d775a0
R8 =0000000000000000 R9 =fffffbfff2152b8a R10=ffffffff90a95c57 R11=0000000000000001
R12=0000000000000003 R13=1ffff920005aeeb5 R14=0000000000000001 R15=ffffc90002d775c8
RIP=ffffffff81693ef8 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809752d000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c29b36a CR3=00000000584a9000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=dffffc0000000000 RBX=000000000000000a RCX=ffffc90007a81000 RDX=1ffff920006e4f03
RSI=ffffc900037277f8 RDI=ffff888023adc898 RBP=fffff520006e4ef9 RSP=ffffc900037277c8
R8 =0000000000000000 R9 =fffffbfff2152b8a R10=ffffffff90a95c57 R11=0000000000000001
R12=7fffffffffffffff R13=ffff88806b90ea00 R14=000000000000000b R15=ffff88806b90e9a8
RIP=ffffffff8a276483 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809762d000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c2aa9de CR3=00000000584a9000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=ffff88806e6f2d05 RBX=dffffc0000000000 RCX=0000000000000004 RDX=0000000000000000
RSI=0000000000000010 RDI=ffff88806e6f2d00 RBP=ffff88806e6f2d10 RSP=ffffc900036a6fa0
R8 =0000000000000006 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000001
R12=ffff88806e6f2d00 R13=dffffc0000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8b7ec1c2 RFL=00000287 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809772d000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000056020ef01f40 CR3=000000006da55000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=51475efb1aa8d1e8 828c3e59a5129079 51475efb1aa8d1e8 828c3e59a5129079 51475efb1aa8d1e8 828c3e59a5129079 51475efb1aa8d1e8 828c3e59a5129079
ZMM18=06d234365534f1e1 6f15151699203373 06d234365534f1e1 6f15151699203373 06d234365534f1e1 6f15151699203373 06d234365534f1e1 6f15151699203373
ZMM19=ac06000000000000 0000000000000004 ac06000000000000 0000000000000003 ac06000000000000 0000000000000002 ac06000000000000 0000000000000001
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 76a6000000020806 0599fed803408080 8080808808000599 fed0034208000599
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fec8030008000599 fec00300020dc200 0800002080808088 0002800206007592
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00236365632f7665 642f01ffffffffff ffffffeb08028003 0408000608001e08
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000031 6e616c7601ffffff ffffffffffdf0800 0320080001800222
ZMM25=6f1515166f151516 6f1515166f151516 6f1515166f151516 6f1515166f151516 6f1515166f151516 6f1515166f151516 6f1515166f151516 6f1515166f151516
ZMM26=5534f1e15534f1e1 5534f1e15534f1e1 5534f1e15534f1e1 5534f1e15534f1e1 5534f1e15534f1e1 5534f1e15534f1e1 5534f1e15534f1e1 5534f1e15534f1e1
ZMM27=06d2343606d23436 06d2343606d23436 06d2343606d23436 06d2343606d23436 06d2343606d23436 06d2343606d23436 06d2343606d23436 06d2343606d23436
ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=ab060000ab060000 ab060000ab060000 ab060000ab060000 ab060000ab060000 ab060000ab060000 ab060000ab060000 ab060000ab060000 ab060000ab060000
info registers vcpu 3

CPU#3
RAX=0000000000000072 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8556cf05 RDI=ffffffff9b09f540 RBP=ffffffff9b09f500 RSP=ffffc90004496d30
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=0000000000000072 R14=ffffffff9b09f500 R15=ffffffff8556cea0
RIP=ffffffff8556cf2f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809782d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002fd1bff8 CR3=000000006da55000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000