last executing test programs:

8m41.241970393s ago: executing program 3 (id=4):
syz_emit_vhci(0x0, 0x8)
syz_io_uring_setup(0x110, &(0x7f00000004c0)={0x0, 0x2b7a, 0x400, 0x0, 0x4}, 0x0, &(0x7f0000000800))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f00000000c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
r4 = epoll_create1(0x0)
r5 = openat$sndtimer(0xffffff9c, &(0x7f0000000000), 0x101000)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000580)={0x2004})
r6 = geteuid()
quotactl_fd$Q_GETNEXTQUOTA(r3, 0xffffffff80000900, r6, &(0x7f00000002c0))
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000040))
getpeername(r3, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f0000000480)='mm_page_alloc\x00', r8}, 0x10)
unshare(0x40000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000073113a000000000085100000020000008500000005000000950000e27e15f6cf5d431f0004000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc5, &(0x7f0000000840)=""/197, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

8m39.880582476s ago: executing program 3 (id=5):
r0 = epoll_create1(0x0)
r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff)
r2 = fanotify_init(0xcf29e565245472f0, 0x95d1f010ebe42867)
fanotify_mark(r2, 0x1, 0x4000102b, r1, 0x0)
syz_clone3(&(0x7f0000001340)={0x2010c280, &(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000180)=<r3=>0x0, {0x17}, &(0x7f0000000240)=""/104, 0x68, &(0x7f0000000300)=""/4096, &(0x7f0000001300)=[0x0, 0x0, 0x0], 0x3, {r1}}, 0x58)
sched_setaffinity(r3, 0x8, &(0x7f00000013c0)=0x1a)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
userfaultfd(0x80001)
fchdir(0xffffffffffffffff)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140))
r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000200)='nfsd\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)

8m39.389954083s ago: executing program 3 (id=7):
syz_emit_vhci(0x0, 0x8)
syz_io_uring_setup(0x110, &(0x7f00000004c0)={0x0, 0x2b7a, 0x400, 0x0, 0x4}, 0x0, &(0x7f0000000800))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f00000000c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
r4 = epoll_create1(0x0)
r5 = openat$sndtimer(0xffffff9c, &(0x7f0000000000), 0x101000)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000580)={0x2004})
r6 = geteuid()
quotactl_fd$Q_GETNEXTQUOTA(r3, 0xffffffff80000900, r6, &(0x7f00000002c0))
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000040))
getpeername(r3, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f0000000480)='mm_page_alloc\x00', r8}, 0x10)
unshare(0x40000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000073113a000000000085100000020000008500000005000000950000e27e15f6cf5d431f0004000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc5, &(0x7f0000000840)=""/197, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

8m31.61053781s ago: executing program 3 (id=14):
r0 = syz_open_dev$media(&(0x7f0000000280), 0x4, 0x242700)
ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000180)={0x80000000, 0x0, &(0x7f0000000300)=[{}, {{<r1=>0x80000000}, {<r2=>0x80000000}}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r6 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r7, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r7, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
writev(r8, &(0x7f0000000180)=[{&(0x7f0000000080)="390000001300034700bb65e1c3c6ffff01000000010000005600000025000000190004000400000047fd17e5ffff0800040000000000000000", 0x39}], 0x1)
ioctl$SIOCAX25GETINFOOLD(r6, 0x89e9, &(0x7f0000000100))
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r7, 0x84, 0x79, &(0x7f00000000c0)={0x0, 0x100, 0x9f7b}, 0x8)
ioctl$MEDIA_IOC_SETUP_LINK(r0, 0xc0347c03, &(0x7f0000000080)={{}, {r2}, 0x2})
ioctl$MEDIA_IOC_ENUM_ENTITIES(r0, 0xc1007c01, &(0x7f0000000380)={r1})

8m29.824068638s ago: executing program 3 (id=17):
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0x0, [{}, {}, {}, {0x1, 0x3}, {}, {0xfffffffa, 0x6}], 0x0, 0x0, 0x8, 0x0, 0x2}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$caif_stream(0x25, 0x1, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1ff)
socket(0x10, 0x2, 0x0)
socket(0x10, 0x803, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000380)={0x3ff}, 0x0, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000240)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2800000018000109fefffffffcdbdf2502000000fc000000000000000c00090000000810", @ANYRES32=r3, @ANYBLOB="c84414c96bbdb4cfaa211f7115eaf55b6b750b9ce6169fdb776152ff8c8f897a94aa3946ce4fc469d8fd49b0420acb273ba2a3139d8aec02de483eac2810e37e91ac8dfcc4c5ac3af10fb984c2a52a174f14e92d5ed165c6b1980098e1b11aa47d59af6e255a67dadd15bfba12e6117c027f84c9a8dda545e2dfdf3df196789733052e4f53230fbe2b383cfb08ea565ca5e5c5"], 0x28}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000000500)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
capset(0x0, 0x0)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f0000000100)=0xcc7)
ioctl$SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0xec}}, 0x0)

8m14.576108525s ago: executing program 32 (id=17):
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0x0, [{}, {}, {}, {0x1, 0x3}, {}, {0xfffffffa, 0x6}], 0x0, 0x0, 0x8, 0x0, 0x2}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$caif_stream(0x25, 0x1, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1ff)
socket(0x10, 0x2, 0x0)
socket(0x10, 0x803, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000380)={0x3ff}, 0x0, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000240)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2800000018000109fefffffffcdbdf2502000000fc000000000000000c00090000000810", @ANYRES32=r3, @ANYBLOB="c84414c96bbdb4cfaa211f7115eaf55b6b750b9ce6169fdb776152ff8c8f897a94aa3946ce4fc469d8fd49b0420acb273ba2a3139d8aec02de483eac2810e37e91ac8dfcc4c5ac3af10fb984c2a52a174f14e92d5ed165c6b1980098e1b11aa47d59af6e255a67dadd15bfba12e6117c027f84c9a8dda545e2dfdf3df196789733052e4f53230fbe2b383cfb08ea565ca5e5c5"], 0x28}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000000500)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
capset(0x0, 0x0)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f0000000100)=0xcc7)
ioctl$SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0xec}}, 0x0)

7m35.322412396s ago: executing program 2 (id=168):
r0 = epoll_create1(0x0)
r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff)
r2 = fanotify_init(0xcf29e565245472f0, 0x95d1f010ebe42867)
fanotify_mark(r2, 0x1, 0x4000102b, r1, 0x0)
syz_clone3(&(0x7f0000001340)={0x2010c280, &(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000180)=<r3=>0x0, {0x17}, &(0x7f0000000240)=""/104, 0x68, &(0x7f0000000300)=""/4096, &(0x7f0000001300)=[0x0, 0x0], 0x2, {r1}}, 0x58)
sched_setaffinity(r3, 0x8, &(0x7f00000013c0)=0x1a)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
userfaultfd(0x80001)
fchdir(0xffffffffffffffff)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140))
r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000200)='nfsd\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)

7m35.141955317s ago: executing program 2 (id=170):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x10, 0x0, &(0x7f0000000840)=[@request_death], 0x0, 0x0, 0x0})
eventfd(0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x30, 0xffffffffffffffff, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3d64, 0x744a, 0x2, &(0x7f0000000080)={[0x5, 0x9]}, 0x8)
r2 = syz_io_uring_setup(0xa49, &(0x7f0000000480)={0x0, 0xaace, 0x0, 0x2, 0x205}, &(0x7f0000000140)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_POLL_REMOVE={0x7, 0x2})
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)

7m34.722916369s ago: executing program 2 (id=172):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ppoll(&(0x7f00000000c0)=[{r0, 0x1007}], 0x1, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000040)={0xf0f046})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
syz_open_dev$loop(&(0x7f0000000300), 0x7ff, 0x28e6841c5dc2a00c)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0xf6c2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000002c0)={&(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, <r2=>0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x4, 0x7, 0xa, 0x7})
ioctl$DRM_IOCTL_MODE_CURSOR(r1, 0xc01c64a3, &(0x7f0000000280)={0x0, r2, 0x0, 0x8, 0x81, 0xa, 0x3})
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r3 = syz_open_dev$dri(&(0x7f0000000100), 0xffffffff, 0x200)
ioctl$DRM_IOCTL_SET_VERSION(r3, 0xc0106407, &(0x7f0000000000)={0xffffffff, 0x0, 0xffffffff})
socket$alg(0x26, 0x5, 0x0)
r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000080)={0xf0f041})
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

7m29.709629283s ago: executing program 2 (id=190):
socket$nl_route(0x10, 0x3, 0x0)
timerfd_gettime(0xffffffffffffffff, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
r1 = syz_open_dev$hidraw(&(0x7f0000000280), 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000000940), 0x0, 0x0)
ioctl$HIDIOCGFEATURE(r1, 0x4004480c, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x690a, &(0x7f0000000340), &(0x7f0000000140), 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r4, &(0x7f0000000fc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000007440)=[{&(0x7f0000001500)="adf5bd04f01eccec95c1c5ca7fba623735df51cf89844d9bad7429917e03ad4b4cc6ae623ad8c0924b316f0e6d195479b75186ca55315366ef5d0b491b1811e932fb16a15906cab57fa112718bef35405bee39435abc9aa27f44c0fb7d15e1d8dd4b7a59deae296177fe9316e72cbc89f7e7e7c83d3ffae7d847a21894888b3de40826e54e7a0fc7b552c388637004dc3ea210d2c6dfc6283f690afa5b85b25939464a350dcdf1c38d97854aba19593fc884caec78d9c0", 0xb7}], 0x1}}, {{0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}}], 0x3, 0x400c804)
getdents(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="e9070000000000000000010000001c0002800c00018008000100030000000c000180080001000100f000"], 0x30}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x3, 0x0, @empty}}, 0xfffffffc, 0x3, 0x989, 0x0, 0x84, 0x8000}, 0x9c)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000003c0)={0x2020}, 0x2020)
socket$nl_generic(0x10, 0x3, 0x10)

7m28.660660662s ago: executing program 2 (id=193):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000040)={0x0, <r4=>0x0}, 0x8)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=r4, 0x48)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0)=r4, 0x4)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0)=r4, 0x4)
getsockopt$inet6_mreq(r5, 0x29, 0x15, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000003c0)={0x0, r2}, 0x8)
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0xe, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x4d)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r3, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r1, &(0x7f0000000600)={0xa0000010})
epoll_wait(r6, &(0x7f0000000180)=[{}], 0x1, 0x10000400)
close_range(r0, 0xffffffffffffffff, 0x0)

7m27.77054842s ago: executing program 2 (id=200):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0xc0086202, &(0x7f0000000440)=0x2)
r2 = syz_open_dev$vim2m(&(0x7f0000000500), 0x0, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000400000030000000082038851000000600000018000000", @ANYRES32, @ANYBLOB="00000000010300006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r2, 0xc0f8565c, &(0x7f0000000000)={0x0, 0x1000, 0x2, {0x1, @sliced={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x657]}}})
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000040)=0x454e, 0x4)
bind$inet(r1, &(0x7f0000000380)={0x2, 0x0, @local}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)

7m12.63820675s ago: executing program 33 (id=200):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0xc0086202, &(0x7f0000000440)=0x2)
r2 = syz_open_dev$vim2m(&(0x7f0000000500), 0x0, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000400000030000000082038851000000600000018000000", @ANYRES32, @ANYBLOB="00000000010300006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r2, 0xc0f8565c, &(0x7f0000000000)={0x0, 0x1000, 0x2, {0x1, @sliced={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x657]}}})
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000040)=0x454e, 0x4)
bind$inet(r1, &(0x7f0000000380)={0x2, 0x0, @local}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)

6m25.808015636s ago: executing program 5 (id=390):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x19, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000080000000050000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xd, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)

6m25.553645978s ago: executing program 5 (id=392):
syz_open_procfs(0x0, &(0x7f0000000100)='sessionid\x00')
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r1)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000220000000a0001007770616e3000000005002000000004000500200000000000050020000000000009001f"], 0x44}}, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='sys_exit\x00', r3}, 0x10)
r4 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)="bc", 0x1, 0xfffffffffffffffd)
keyctl$setperm(0x5, r4, 0x0)
keyctl$chown(0x11, r4, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r5}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
socket$netlink(0x10, 0x3, 0x9)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61158800000000006113500000000000bfa000000000000007000000ee0016055e15010000000000160500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000150600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

6m25.068078477s ago: executing program 5 (id=394):
r0 = syz_open_dev$media(&(0x7f0000000280), 0x4, 0x242700)
ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000180)={0x80000000, 0x0, &(0x7f0000000300)=[{}, {{<r1=>0x80000000}, {<r2=>0x80000000}}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
userfaultfd(0x801)
r6 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r7, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r7, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
writev(r8, &(0x7f0000000180)=[{&(0x7f0000000080)="390000001300034700bb65e1c3c6ffff01000000010000005600000025000000190004000400000047fd17e5ffff0800040000000000000000", 0x39}], 0x1)
ioctl$SIOCAX25GETINFOOLD(r6, 0x89e9, &(0x7f0000000100))
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r7, 0x84, 0x79, &(0x7f00000000c0)={0x0, 0x100, 0x9f7b}, 0x8)
ioctl$MEDIA_IOC_SETUP_LINK(r0, 0xc0347c03, &(0x7f0000000080)={{}, {r2}, 0x2})
ioctl$MEDIA_IOC_ENUM_ENTITIES(r0, 0xc1007c01, &(0x7f0000000380)={r1})

6m22.725480961s ago: executing program 5 (id=398):
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e300000000000000000000000080003"], 0x58}, 0x1, 0xa000000}, 0x0)

6m22.292671855s ago: executing program 5 (id=401):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, [@call={0x85, 0x0, 0x0, 0x87}]}, &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8042, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
read$FUSE(0xffffffffffffffff, &(0x7f0000000100)={0x2020, 0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
write$P9_RSTATu(r1, &(0x7f0000000880)={0x381, 0x2, 0x0, {{0x500, 0x240, 0x0, 0x0, {0x0, 0x0, 0x200000000000}, 0x4c240000, 0x0, 0xf7, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x165, '\xd2\x99v\x1f\xf8M\x0f\x11\x19\xc5\nA\x80Q\x9cf\xd5_\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9at\x82\xa5$P\xe7\x19\x82G\x0f\x05\xb5\xd3H\xd7\xee\xee9\x9b\xd6\xa7\xcd8QJxZz<\xec\xb53\xe6y\xfa\xcf\xd6\x1e/\xc4$\xfa\x8c\xd0c\xb4\xc4\xf9o\fuO\x11\r\xc4\x8b\x12SJ\xe6\x17\xc0\xe4\b\x8d\xa0\xbb\xd6\x942\xa0\xa9\x90g\x9a\xccw\xd9\xa8q\x0e\xb4\xc8\xbbw}\xbc\xfa\xabRH\xb0\xb7\x1a\xbc\xdb\xbc\xce\xc0_\xc2\xb7\x10A\xf4\x8e5\xf2\xcaK/\x89\a\xc2\x05\xd4\xcf\xf0\x1f1o)\xba\xdd);L\x06\xcai\x8emU\xdb\xedPHb@\xb3y+\x7f\xcf&\xe5\x9f\xa2\x81w|\xc7a\xb0y\xd1\x1a\xc1\x17\xc2\xf2nu\xa5\x89\xb8\xec\xd3\xd9\xdd\x0f\x89\x94%oi\xe9\x98)\xda\xa7Q\xa7\xe5k\x15\xbcMR0\x94\xf0\xcf\x9a\x0eks\xdd\xe8\xa1\x85\xe9\xf6D\xf5e\xaag\x8a(\xefC]D}\aq\b\xc4\xc6\xfe\xec+\x1d\xea\x9cU\xf0B\xae\xd4\x8bG4\xa7\xd7\x92|\xee\xbeR\xec\xb8\xb9\x90G\x1cI\vB\xf4\x13#G\xe3\x0f\xd8\xe5\xc0\xc0\x10\xbd\xc5JDM\x14\x0e\xa5\x19?r6\x1b\xa2\xb3h\xe1\xbd+d\x1a0\xa1L\x83\x88P9\x81W\xed\xc6\x92~\x83\xe1\xbevXJ\xf1\xe6\xac[\xc9\x19\xdf8ZT\'S', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\x00\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0x0, r4}}, 0x381)

6m21.672361019s ago: executing program 5 (id=405):
r0 = msgget(0x1, 0xc94)
msgctl$IPC_STAT(r0, 0x2, &(0x7f00000000c0)=""/76)
socket$kcm(0x10, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000380)="6765f082600a000f20e70f01d13667663664f019a2c73e0000640f792c0f20e06635000020000f22e0260f060f0766b96302000066b80600000066ba000000000f300f01ca", 0x45}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000140)={0x26d})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x1, 0x0, 0x7}, {0x0, 0x3}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x200002)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r4, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
splice(r4, 0x0, r7, 0x0, 0xaf4, 0x0)
ioctl$VIDIOC_G_AUDIO(r6, 0x80345621, &(0x7f0000000000))
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000500)=@gcm_256={{0x303}, "2a4001011f891d5b", "11682d84dd05bb63ae661f051e1e79ceafeaa60a5bd1dc83db142ade2bd907fd", "fd6ed24e", "d4e9e1c90d89691c"}, 0x38)

6m5.844443239s ago: executing program 34 (id=405):
r0 = msgget(0x1, 0xc94)
msgctl$IPC_STAT(r0, 0x2, &(0x7f00000000c0)=""/76)
socket$kcm(0x10, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000380)="6765f082600a000f20e70f01d13667663664f019a2c73e0000640f792c0f20e06635000020000f22e0260f060f0766b96302000066b80600000066ba000000000f300f01ca", 0x45}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000140)={0x26d})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x1, 0x0, 0x7}, {0x0, 0x3}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x200002)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r4, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
splice(r4, 0x0, r7, 0x0, 0xaf4, 0x0)
ioctl$VIDIOC_G_AUDIO(r6, 0x80345621, &(0x7f0000000000))
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000500)=@gcm_256={{0x303}, "2a4001011f891d5b", "11682d84dd05bb63ae661f051e1e79ceafeaa60a5bd1dc83db142ade2bd907fd", "fd6ed24e", "d4e9e1c90d89691c"}, 0x38)

3m49.602094985s ago: executing program 1 (id=1064):
r0 = syz_open_dev$media(&(0x7f0000000280), 0x4, 0x242700)
ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000180)={0x80000000, 0x0, &(0x7f0000000300)=[{}, {{<r1=>0x80000000}, {<r2=>0x80000000}}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
userfaultfd(0x801)
r6 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r7, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r7, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
writev(r8, &(0x7f0000000180)=[{&(0x7f0000000080)="390000001300034700bb65e1c3c6ffff01000000010000005600000025000000190004000400000047fd17e5ffff0800040000000000000000", 0x39}], 0x1)
ioctl$SIOCAX25GETINFOOLD(r6, 0x89e9, &(0x7f0000000100))
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r7, 0x84, 0x79, &(0x7f00000000c0)={0x0, 0x100, 0x9f7b}, 0x8)
ioctl$MEDIA_IOC_SETUP_LINK(r0, 0xc0347c03, &(0x7f0000000080)={{}, {r2}, 0x2})
ioctl$MEDIA_IOC_ENUM_ENTITIES(r0, 0xc1007c01, &(0x7f0000000380)={r1})

3m48.692062391s ago: executing program 1 (id=1074):
syz_emit_vhci(0x0, 0x8)
syz_io_uring_setup(0x110, &(0x7f00000004c0)={0x0, 0x2b7a, 0x400, 0x0, 0x4}, 0x0, &(0x7f0000000800))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f00000000c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
r4 = epoll_create1(0x0)
r5 = openat$sndtimer(0xffffff9c, &(0x7f0000000000), 0x101000)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000580)={0x2004})
r6 = geteuid()
quotactl_fd$Q_GETNEXTQUOTA(r3, 0xffffffff80000900, r6, &(0x7f00000002c0))
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000040))
getpeername(r3, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f0000000480)='mm_page_alloc\x00', r8}, 0x10)
unshare(0x40000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000073113a000000000085100000020000008500000005000000950000e2"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc5, &(0x7f0000000840)=""/197, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

3m47.783050266s ago: executing program 1 (id=1077):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
clock_adjtime(0x2000000, &(0x7f0000000080)={0x7, 0x0, 0x8, 0x1, 0x7, 0x4, 0x0, 0x3, 0x42, 0x1, 0xd, 0x4, 0x6, 0xfff, 0x4, 0x7, 0xfffffffd, 0x9, 0x1a6, 0x38, 0x6, 0xc87, 0x7fff, 0x5, 0x7000, 0x8001})

3m46.852421447s ago: executing program 1 (id=1086):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'syz_tun\x00'}]}]}]}], {0x14}}, 0x80}, 0x1, 0x0, 0x0, 0x40008000}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000a80)={@random="e33110495bfd", @dev, @val={@val={0x88a8, 0x6, 0x0, 0x1}, {0x8864, 0x4, 0x0, 0x4}}, {@ipv6={0x86dd, @udp={0x6, 0x6, "f4c121", 0x8, 0x11, 0xff, @empty, @private1, {[], {0x4e22, 0x4e24, 0x8}}}}}}, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r1, r0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x28, 0x18, &(0x7f0000000440)={@fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0xf}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000200)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0})
r5 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, 0x0, 0x0)
recvmmsg$unix(r5, &(0x7f0000003100)=[{{&(0x7f0000000000), 0x6e, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1, 0x0, 0x28}}], 0x1, 0x0, 0x0)
sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)

3m45.711850288s ago: executing program 1 (id=1098):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8042, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10)
read$FUSE(0xffffffffffffffff, &(0x7f0000000100)={0x2020, 0x0, 0x0, <r3=>0x0, <r4=>0x0}, 0x2020)
fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000002140)={{}, {0x1, 0x4}, [{0x2, 0x0, r3}], {}, [{0x8, 0x4, r4}, {0x8, 0x5, r4}, {0x8, 0x1}, {0x8, 0x2, r4}, {0x8, 0x4, r4}, {0x8, 0x4, r4}, {}], {0x10, 0x3}, {0x20, 0x1}}, 0x64, 0x1)
write$P9_RSTATu(r0, &(0x7f0000000880)={0x381, 0x2, 0x0, {{0x500, 0x240, 0x0, 0x0, {0x0, 0x0, 0x200000000000}, 0x4c240000, 0x0, 0xf7, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x165, '\xd2\x99v\x1f\xf8M\x0f\x11\x19\xc5\nA\x80Q\x9cf\xd5_\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9at\x82\xa5$P\xe7\x19\x82G\x0f\x05\xb5\xd3H\xd7\xee\xee9\x9b\xd6\xa7\xcd8QJxZz<\xec\xb53\xe6y\xfa\xcf\xd6\x1e/\xc4$\xfa\x8c\xd0c\xb4\xc4\xf9o\fuO\x11\r\xc4\x8b\x12SJ\xe6\x17\xc0\xe4\b\x8d\xa0\xbb\xd6\x942\xa0\xa9\x90g\x9a\xccw\xd9\xa8q\x0e\xb4\xc8\xbbw}\xbc\xfa\xabRH\xb0\xb7\x1a\xbc\xdb\xbc\xce\xc0_\xc2\xb7\x10A\xf4\x8e5\xf2\xcaK/\x89\a\xc2\x05\xd4\xcf\xf0\x1f1o)\xba\xdd);L\x06\xcai\x8emU\xdb\xedPHb@\xb3y+\x7f\xcf&\xe5\x9f\xa2\x81w|\xc7a\xb0y\xd1\x1a\xc1\x17\xc2\xf2nu\xa5\x89\xb8\xec\xd3\xd9\xdd\x0f\x89\x94%oi\xe9\x98)\xda\xa7Q\xa7\xe5k\x15\xbcMR0\x94\xf0\xcf\x9a\x0eks\xdd\xe8\xa1\x85\xe9\xf6D\xf5e\xaag\x8a(\xefC]D}\aq\b\xc4\xc6\xfe\xec+\x1d\xea\x9cU\xf0B\xae\xd4\x8bG4\xa7\xd7\x92|\xee\xbeR\xec\xb8\xb9\x90G\x1cI\vB\xf4\x13#G\xe3\x0f\xd8\xe5\xc0\xc0\x10\xbd\xc5JDM\x14\x0e\xa5\x19?r6\x1b\xa2\xb3h\xe1\xbd+d\x1a0\xa1L\x83\x88P9\x81W\xed\xc6\x92~\x83\xe1\xbevXJ\xf1\xe6\xac[\xc9\x19\xdf8ZT\'S', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\x00\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0x0, r4}}, 0x381)

3m45.562029921s ago: executing program 1 (id=1099):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000d00000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x0) (async)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r2}}) (async)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01060000000000000000090000002c0004801300010062726f6164636173742d6c696e6b000014000780080043007f0000000800050004"], 0x40}}, 0x0) (async)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0x58, r3, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9eb}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3b}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x44040}, 0x810) (async)
r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000780), 0x4)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)={@map=0x1, r4, 0x2f, 0x0, 0xffffffffffffffff, @void, @value}, 0x20)
bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000080)={@map=0x1, r4, 0x2f, 0x10, 0xffffffffffffffff, @void, @value}, 0x20) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r7, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x54}}, 0x0) (async)
sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x5c, r7, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x48, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}, @TIPC_NLA_NODE_REKEYING={0x8}]}]}, 0x5c}}, 0x0) (async)
write$binfmt_elf64(r0, &(0x7f00000012c0)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00000000000000000000000000400000000000000000000000000000000000000000003800010000000000000003000000000000000000000000000000000000000000000000000000000000000008"], 0x878) (async)
syz_emit_ethernet(0x3a, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @local}, "416f0b8c3d9f7b09328ae38e6093925bbd86200f653dbe4b"}}}}, 0x0) (async)
close(r0) (async)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r8, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}]}, &(0x7f0000000180)=0x10)
r9 = socket$inet(0x2, 0x80001, 0x84)
fchmodat(r0, &(0x7f0000000400)='./file1\x00', 0x10) (async)
getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r10=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000500)={r10, @in={{0x2, 0x4e24, @rand_addr=0x64010100}}, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x9c)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={r10, 0x8000, 0x2, 0x7, 0x10, 0x6c523104}, 0x14) (async)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)

3m30.573416385s ago: executing program 35 (id=1099):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000d00000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x0) (async)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r2}}) (async)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01060000000000000000090000002c0004801300010062726f6164636173742d6c696e6b000014000780080043007f0000000800050004"], 0x40}}, 0x0) (async)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0x58, r3, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9eb}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3b}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x44040}, 0x810) (async)
r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000780), 0x4)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)={@map=0x1, r4, 0x2f, 0x0, 0xffffffffffffffff, @void, @value}, 0x20)
bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000080)={@map=0x1, r4, 0x2f, 0x10, 0xffffffffffffffff, @void, @value}, 0x20) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r7, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x54}}, 0x0) (async)
sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x5c, r7, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x48, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}, @TIPC_NLA_NODE_REKEYING={0x8}]}]}, 0x5c}}, 0x0) (async)
write$binfmt_elf64(r0, &(0x7f00000012c0)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00000000000000000000000000400000000000000000000000000000000000000000003800010000000000000003000000000000000000000000000000000000000000000000000000000000000008"], 0x878) (async)
syz_emit_ethernet(0x3a, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @local}, "416f0b8c3d9f7b09328ae38e6093925bbd86200f653dbe4b"}}}}, 0x0) (async)
close(r0) (async)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r8, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}]}, &(0x7f0000000180)=0x10)
r9 = socket$inet(0x2, 0x80001, 0x84)
fchmodat(r0, &(0x7f0000000400)='./file1\x00', 0x10) (async)
getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r10=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000500)={r10, @in={{0x2, 0x4e24, @rand_addr=0x64010100}}, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x9c)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={r10, 0x8000, 0x2, 0x7, 0x10, 0x6c523104}, 0x14) (async)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)

6.650054293s ago: executing program 7 (id=2632):
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RELOAD(r1, 0x0, 0x80)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$inet(0x2b, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="14000000040000000400000022bf000000000000", @ANYRES32, @ANYBLOB="0000000000000000000003000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000001800000000000000000001800000000000"], 0x48)

5.449901481s ago: executing program 7 (id=2638):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x6c, 0x30, 0xb, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ct={0x54, 0x1, 0x0, 0x0, {{0x7}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x0, 0xfffffffffffffff7}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_PORT_MIN={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
r2 = openat$iommufd(0xffffff9c, &(0x7f0000000100), 0x610042, 0x0)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r2, 0x3b72, &(0x7f0000000180)={0x32, 0x1, 0xd1, 0x5, "bec4f4c48eba7193d76027c422a3c25190796f333e0d894108ef"})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x1204020, 0x1, 0x3}}, 0x50)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbfe, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000840}, 0x24004000)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0xb02c7}]}}}]}, 0x40}}, 0x0)
poll(0x0, 0x0, 0xfffffff3)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={<r7=>0xffffffffffffffff}, 0x111, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r6, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r7, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0x0, @local}, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}}}}, 0x118)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000000414010026bd7000ffdbdf2508000100000000000800"], 0x20}, 0x1, 0x0, 0x0, 0x20048000}, 0x20000000)

4.623100213s ago: executing program 7 (id=2640):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x1, @loopback}, 0x10)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000006380)={0x2020}, 0x2020)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
sendmsg$alg(r0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1000000014010094523a000200000000"], 0x10}, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp512-generic\x00'}, 0x58)
accept4(r2, 0x0, 0x0, 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ocfs2\x00', 0x100000, &(0x7f0000000140)='/dev/midi#\x00')
r4 = syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0x7000000, 0x8281)
readv(r4, &(0x7f0000000540)=[{&(0x7f0000000180)=""/245, 0xf5}, {&(0x7f0000000280)=""/217, 0xd9}, {0x0}, {&(0x7f0000000440)=""/239, 0xef}, {&(0x7f00000005c0)=""/177, 0xb1}, {&(0x7f0000000680)=""/83, 0x53}, {&(0x7f0000000700)=""/235, 0xeb}], 0x7)
syz_usb_disconnect(r3)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'geneve1\x00'})
unshare(0x880)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
ioctl(0xffffffffffffffff, 0x8b2c, &(0x7f0000000040))
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_emit_ethernet(0x7f, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffff00230000000086dd"], 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)

3.940121829s ago: executing program 6 (id=2642):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf051905001201", 0x2e}], 0x1}, 0x0)

3.939743779s ago: executing program 6 (id=2643):
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x842, 0x0)
writev(r0, &(0x7f0000000a40)=[{&(0x7f00000003c0)="ff071d6ce89d96666b08e828be032f55097076e40148c200000000fb0000020000000000000000dd00"/50, 0x32}, {&(0x7f0000000bc0)="d18a876f8f46c153dde8db040cc7e763ba2fab29aca1a1a2e0ab17dfd1fbfa6955b751ed697ff263589987f3de711efae8e2342b2846c1c9d8febaecb3aef2d7650869408a287d92d06f5d660a68f3f0a39e926d8dbd6f8d9de335fe4c520feaffc62c3435ab43a2f77234987d3b1130d31bd78fb28883050a1b8dd4ea2cdc62703eb86600dba7da620ad621c21b75893f334cfc82a3931e8cf3dfa12d31fa32797f5a940475fd8947bde48c8126a44eb9d229126e34e0d8aace15047ccd5bd0932270c88dac48e0bbb2af55a35efca697fe5435b19f827cf2d9337109", 0xdd}, {&(0x7f0000000200)="a9e47d4ed965685b48214fff756364b93155b267f07697b50eede6ed45f973d3da857dba0deed519dc9a7267b99f19a1b405e7d2", 0x34}, {&(0x7f0000000600)="7a91", 0x2}], 0x4)

3.870483897s ago: executing program 6 (id=2644):
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7900216c52d922ba2a"], 0xfdef)
mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000004)
r0 = syz_open_dev$vim2m(0x0, 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r4 = dup2(r3, r3)
socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000180)={@dev={0xfe, 0x80, '\x00', 0x11}, 0x40800, 0x0, 0x0, 0x3}, 0x20)
ioctl$DRM_IOCTL_WAIT_VBLANK(r4, 0xc018643a, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000000206010100000000000000000000fffe16000300686173683a6e65742c706f72742c6e657400000005000400000000000900020073797a3000000000050005000a000000426328ead3c9e8998791211720272f55afffd4cd894af0f47fe03de6879c9f4d65b39d71fc4f8ecee022663e0257134dda2672b5bd"], 0x48}}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_int(r5, &(0x7f0000000040)='hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x2, 0x0)
unshare(0x44040000)
r7 = open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x0)
r8 = open(&(0x7f0000000080)='./bus\x00', 0x145542, 0x0)
ftruncate(r8, 0x2007ffd)
sendfile(r6, r7, 0x0, 0x1000a3)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000200)={0x1000, 0x1, 0x2})
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000002c0)={0x1, @sliced={0x7, [0x0, 0x864, 0x6, 0x6, 0xfffc, 0xfff, 0xe26f, 0x3, 0x22e5, 0x8090, 0x2, 0xfff, 0x9, 0x0, 0x5, 0x120, 0xa, 0x2, 0xb, 0x1, 0xc, 0x101, 0xb, 0x7, 0x0, 0x40, 0x7, 0x3400, 0xfffe, 0x1, 0x369e, 0x3, 0x7f28, 0xf, 0x9, 0xb, 0x8, 0x4, 0xfffa, 0x3ce9, 0x400, 0x6, 0xf022, 0x0, 0x5, 0xb00a, 0x10, 0x9], 0x1}})
getsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x107, 0x18, 0x0, 0x20000002)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r4, 0x7a4, &(0x7f0000000240)={{@host, 0x8}, 0x400, 0x8000000000000000, 0x3, 0x2})

3.680013469s ago: executing program 0 (id=2646):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x401, 0x1f00, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x31}, @NFTA_SET_DATA_TYPE={0x8}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x4}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe8}}, 0x0)

3.610055048s ago: executing program 0 (id=2647):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000690000000000000100000094"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000640)="f3", 0xf000}], 0x1)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4020ae46, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000100000000000000000000020000000002", @ANYRES32])
socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
setsockopt$sock_int(r3, 0x1, 0x31, &(0x7f0000001600), 0x4)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
io_uring_setup(0xb1ba, &(0x7f0000000180)={0x0, 0x884b, 0x8, 0x1, 0xf5})
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x93}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x58}}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x1a9a81)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0f000000040000000400000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000200000000000000000818110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffeda, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r7, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x0, 0x7, 0x3, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x54}, 0x4000010)
r9 = syz_io_uring_setup(0x239, &(0x7f00000003c0)={0x0, 0xffffffff, 0x10100, 0x0, 0x4}, &(0x7f0000000000)=<r10=>0x0, &(0x7f0000000240)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
r12 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r12, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r12, 0x84, 0x6f, &(0x7f0000000100)={<r13=>0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r12, 0x84, 0x9, &(0x7f0000000240)={r13, @in={{0x2, 0x0, @empty}}}, &(0x7f0000000040)=0x9c)
io_uring_enter(r9, 0x2def, 0x800000, 0x14, 0x0, 0x0)

3.530075963s ago: executing program 6 (id=2648):
r0 = syz_open_dev$media(&(0x7f0000000280), 0x4, 0x242700)
ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000180)={0x80000000, 0x0, &(0x7f0000000300)=[{}, {{<r1=>0x80000000}, {<r2=>0x80000000}}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
userfaultfd(0x801)
r6 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r7, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r7, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
writev(r8, &(0x7f0000000180)=[{&(0x7f0000000080)="390000001300034700bb65e1c3c6ffff01000000010000005600000025000000190004000400000047fd17e5ffff0800040000000000000000", 0x39}], 0x1)
ioctl$SIOCAX25GETINFOOLD(r6, 0x89e9, &(0x7f0000000100))
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r7, 0x84, 0x79, 0x0, 0x0)
ioctl$MEDIA_IOC_SETUP_LINK(r0, 0xc0347c03, &(0x7f0000000080)={{}, {r2}, 0x2})
ioctl$MEDIA_IOC_ENUM_ENTITIES(r0, 0xc1007c01, &(0x7f0000000380)={r1})

3.38506906s ago: executing program 0 (id=2650):
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
recvmmsg(0xffffffffffffffff, &(0x7f00000009c0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000013c0)=""/223, 0xdf}], 0x1}, 0x5}, {{0x0, 0x0, 0x0}}], 0x2, 0x1, 0x0)
ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x1)
syslog(0x4, &(0x7f0000002880)=""/4122, 0x101a)

3.288545206s ago: executing program 0 (id=2651):
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7900216c52d922ba2a"], 0xfdef)
mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000004)
syz_open_dev$vim2m(0x0, 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r3 = dup2(r2, r2)
socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000180)={@dev={0xfe, 0x80, '\x00', 0x11}, 0x40800, 0x0, 0x0, 0x3}, 0x20)
ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000000206010100000000000000000000fffe16000300686173683a6e65742c706f72742c6e657400000005000400000000000900020073797a3000000000050005000a000000426328ead3c9e8998791211720272f55afffd4cd894af0f47fe03de6879c9f4d65b39d71fc4f8ecee022663e0257134dda2672b5bd"], 0x48}}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_int(r4, &(0x7f0000000040)='hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x2, 0x0)
unshare(0x44040000)
r6 = open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x0)
r7 = open(&(0x7f0000000080)='./bus\x00', 0x145542, 0x0)
ftruncate(r7, 0x2007ffd)
sendfile(r5, r6, 0x0, 0x1000a3)

2.937488005s ago: executing program 7 (id=2652):
r0 = syz_open_dev$media(&(0x7f0000000280), 0x4, 0x242700)
ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000180)={0x80000000, 0x0, &(0x7f0000000300)=[{}, {{<r1=>0x80000000}}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
userfaultfd(0x801)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r6, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
writev(r7, &(0x7f0000000180)=[{&(0x7f0000000080)="390000001300034700bb65e1c3c6ffff01000000010000005600000025000000190004000400000047fd17e5ffff0800040000000000000000", 0x39}], 0x1)
ioctl$SIOCAX25GETINFOOLD(r5, 0x89e9, &(0x7f0000000100))
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r6, 0x84, 0x79, &(0x7f00000000c0)={0x0, 0x100, 0x9f7b}, 0x8)
ioctl$MEDIA_IOC_SETUP_LINK(r0, 0xc0347c03, 0x0)
ioctl$MEDIA_IOC_ENUM_ENTITIES(r0, 0xc1007c01, &(0x7f0000000380)={r1})

2.25548834s ago: executing program 6 (id=2654):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000640)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes)\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
dup(r1)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$inet(0x2, 0x4, 0x0)
setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000180)=0x2e45, 0x4)
fsetxattr$security_evm(0xffffffffffffffff, 0x0, &(0x7f0000000140)=@md5={0x1, "45985e2b7e468ae2457c69ff1a6cf530"}, 0x11, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000340)='kfree\x00', r3, 0x0, 0x8000000000000000}, 0x18)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
openat$sequencer2(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0xfffffff8, 0x34324152, 0x3, 0xa, [{0x0, 0x800000}, {0x5}, {}, {}, {0x0, 0x200}, {0x0, 0x7ff}, {0x0, 0x3}, {0x0, 0x100}], 0x1, 0x0, 0x6}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
syz_80211_inject_frame(0x0, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)

1.994615651s ago: executing program 7 (id=2655):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x33363248, 0x0, 0xa, [{}, {0x10}], 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = socket(0x1d, 0x80000, 0xffffffff)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$sock_int(r2, 0x1, 0x29, &(0x7f0000000300)=0x20, 0x4)
write$binfmt_misc(r2, &(0x7f0000000300), 0x6)
recvmmsg(r2, &(0x7f0000000600), 0x204083acb88ff8b, 0x2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x5, 0x28011, r3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r4 = fsopen(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='signal_deliver\x00'}, 0x18)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000200)='sour<e', &(0x7f00000002c0)='\\/\xe9\x838\x9d<\f\x91\a\xd4$\xae$\x91&6n @\xf4\x14\xc3\xf2<\xd6A\xdb\xd7\xbeY@g\xcc\xca\n@\x06\xa3\xfe%\x02\x96\xb7b\xa7\x15R.\xa3`fd\xdc\x8b\x18rBl{\x82\xda\xbe\'\x11\x1bZ\x8e\xa1\xc3j$v\xefw\x96/\xff\xa2\xfc\xe3\xb8\v3U\xdc\x98F*T\xd5\xcd4g+\xbd\xd1\xe0R\x9d\x18\x19a:\xa2\xdf\xbe\x8b\x89\x81\x00\x00\x00\x00\x00\x00', 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000700)={&(0x7f00000006c0)=ANY=[@ANYRESHEX], 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x0)
close(0xffffffffffffffff)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000240)=@security={'security\x00', 0xe, 0x4, 0x414, 0xffffffff, 0xd8, 0xd8, 0x22c, 0xffffffff, 0xffffffff, 0x34c, 0x34c, 0x34c, 0xffffffff, 0x4, &(0x7f0000000200), {[{{@uncond, 0x0, 0xa4, 0xd8}, @common=@inet=@SET3={0x34, 'SET\x00', 0x3, {{0x0, 0x5, 0x6}, {0x3, 0x5, 0x3}, {0xffffffffffffffff, 0x3, 0x2}, 0xa, 0x1}}}, {{@uncond, 0x0, 0xf8, 0x154, 0x0, {}, [@common=@ipv6header={{0x24}, {0x40, 0x0, 0x1}}, @common=@frag={{0x30}, {[0x7, 0x6], 0xfff, 0x2b, 0x3}}]}, @common=@inet=@HMARK={0x5c, 'HMARK\x00', 0x0, {@ipv6=@mcast2, [0xffffff00, 0xffffffff, 0xffffff00, 0xffffffff], 0x4e24, 0x4e22, 0x4e23, 0x4e23, 0xfffffff9, 0x1ea1, 0xff, 0x0, 0x1}}}, {{@ipv6={@loopback, @dev={0xfe, 0x80, '\x00', 0x1f}, [0x0, 0xff, 0xff000000, 0xff000000], [0xffffff00, 0xffffffff, 0xff000000, 0xffffff00], 'veth1_to_batadv\x00', 'veth0_to_bridge\x00', {}, {0xff}, 0x22, 0x6, 0x6, 0x10}, 0x0, 0xf8, 0x120, 0x0, {}, [@common=@ah={{0x30}, {[0x4d5, 0x4d3], 0x7, 0x9, 0x2}}, @common=@mh={{0x24}, {'\t}', 0x1}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x3, 0x5, 0x6}, {0x2, 0x3, 0x1}}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x470)

1.941379042s ago: executing program 4 (id=2656):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = dup(r0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=@getchain={0x34, 0x66, 0x3523ad93bb3d228b, 0x0, 0x0, {}, [{0x8}, {0x7}]}, 0x34}}, 0x0)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000300)={'#! ', '', [{0x20, 'cpuset.memory_pressure_enabled\x00'}, {0x20, 'cpuset.memory_pressure_enabled\x00'}]}, 0x44)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r5, 0x40045402, &(0x7f0000000040)={{}, 0x0, 0x0, 'id1\x00', 'timer0\x00'})
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x6}, 0x4)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={r1, 0x58, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r7=>0x0}}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newchain={0x958, 0x64, 0x4, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r7, {0xfff0, 0x6}, {0x9, 0xffff}, {0x1, 0x9}}, [@TCA_RATE={0x6, 0x5, {0x5}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_route={{0xa}, {0x900, 0x2, [@TCA_ROUTE4_POLICE={0x45c, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x33c2, 0x6, 0x9b, 0xa9, 0xd, {0x0, 0x1, 0x2, 0x9, 0x8001, 0x39d1}, {0xd, 0x1, 0x1, 0x3, 0x6, 0x1}, 0x9, 0x4, 0x1}}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0xe0000000, 0x0, 0x3, 0xb30c, 0xc, 0x377343fb, 0x3, 0x8, 0xe, 0xff, 0x2, 0x7, 0x6, 0x8000004, 0x8, 0xc, 0x1, 0x2f, 0x6, 0x2, 0x9, 0x9, 0x22, 0x8, 0x3, 0x4, 0x5, 0x4, 0x47a8c344, 0x7f, 0x5, 0x0, 0x70, 0x91, 0x0, 0xd2d, 0x7, 0x0, 0x3, 0x40, 0x7, 0x2, 0x3, 0x535fe8e7, 0x73, 0x80000000, 0x400, 0x0, 0x4, 0x8, 0x3, 0x0, 0x1, 0xffffffe6, 0x5ffd, 0x1, 0x9, 0x0, 0x0, 0x3, 0x5, 0x6b, 0x3ff, 0x93, 0xd3, 0x8000, 0x10001, 0x8, 0x2835, 0x1, 0x4, 0x8, 0x6, 0x3, 0x9, 0xf1, 0x0, 0x80000000, 0x8, 0xfffffff9, 0x4, 0x1, 0xcad, 0x954f, 0x8, 0x4000000, 0x9, 0x7, 0x8, 0x4f, 0xea, 0xffff, 0x4, 0x5, 0x1, 0x8, 0xff, 0x2, 0x0, 0x2, 0x4, 0x8, 0x1, 0x2, 0xf8b9, 0x7, 0x9, 0x2, 0x0, 0x2, 0x31, 0xd30, 0x9, 0x5cc, 0x4, 0x3, 0x3, 0x0, 0xfffffffb, 0x4, 0x3, 0x401, 0x100, 0x4d, 0x6, 0x5, 0x0, 0x2, 0x1000, 0x7fff, 0x0, 0x0, 0x5, 0x7, 0x1, 0xfffffffe, 0xe, 0x6, 0x3, 0xe, 0x2, 0x7fff, 0x2, 0x9, 0xa, 0x7fffffff, 0x3, 0x8, 0x9, 0xd7ad, 0x5, 0x63, 0x6, 0xff, 0x8, 0xdefe, 0x40, 0xffff, 0x3, 0x0, 0x10, 0xffffffff, 0x9, 0xcc3, 0x7, 0x5, 0x3, 0x6, 0x398, 0x2, 0x2, 0x0, 0x6, 0x10000, 0x0, 0x2, 0x5, 0xfd01, 0x9, 0x7, 0x7d69, 0x10, 0x0, 0xf, 0x8, 0x5, 0x5, 0x9, 0x4, 0x1ff, 0x7, 0x4, 0x6, 0xa34, 0x6000000, 0xdee, 0x2, 0x9, 0x7, 0x7, 0x5e87, 0x18, 0x2, 0x2, 0x400, 0x6, 0xfc41, 0x9, 0xe811, 0x8, 0x800, 0x200, 0x1, 0x8000, 0x1, 0x6, 0x80, 0x9, 0x6, 0x2, 0xa29, 0x4, 0x8001, 0x9129, 0x5, 0x1, 0x7, 0x8001, 0x0, 0x8, 0x2, 0xfff, 0x7, 0x9, 0x81, 0x0, 0x7f, 0x1, 0x0, 0x1000, 0x800, 0x9, 0x8001, 0x2, 0x0, 0xfffffff8, 0x3, 0x9, 0x6, 0x4, 0xc, 0x1, 0x2, 0x7, 0x4, 0x4]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x8000000000000000}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x4db}]}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0x17, 0xffe0}}, @TCA_ROUTE4_FROM={0x8, 0x3, 0x2}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0x9, 0x5}}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0xffff}}, @TCA_ROUTE4_FROM={0x8, 0x3, 0x86}, @TCA_ROUTE4_TO={0x8, 0x2, 0x16}, @TCA_ROUTE4_FROM={0x8, 0x3, 0x4a}, @TCA_ROUTE4_POLICE={0x468, 0x5, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x48}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x26f, 0x9, 0x10, 0x1, 0xffffffff, 0xba8, 0x9, 0x800, 0xa, 0x6, 0x5, 0x2, 0x2, 0x2, 0x4c8a3138, 0x404, 0xf9, 0x5, 0xbf3c, 0xcde8, 0x0, 0x9, 0xf0cb, 0x7, 0x8, 0xee28, 0x4, 0x7, 0x8, 0x0, 0x5, 0x401, 0x0, 0x1448ec27, 0x665d6a17, 0x1, 0xfffffff8, 0x9f, 0x3, 0x8, 0x1, 0x9, 0x80000001, 0x3, 0x9, 0xffff, 0x7, 0x1ff, 0x10, 0x401, 0x629, 0xbe, 0x3, 0x9e3, 0x3, 0x1, 0x8, 0x10, 0x7, 0x9, 0x6, 0x81, 0x2, 0x2, 0x8000, 0x7, 0xc41, 0x0, 0x5, 0x4, 0x4, 0x400, 0xd, 0x9, 0x6, 0xfa4f, 0x6e323233, 0x2, 0x8, 0x9, 0x3, 0x4, 0x3, 0x3, 0x4, 0x6, 0x4, 0xffffff5c, 0xf583, 0x770, 0x8, 0x7633f759, 0x7, 0x0, 0x2, 0x9072, 0x4, 0x7f, 0x3, 0x9, 0x9, 0x0, 0xb8, 0x407, 0x9, 0x10000, 0xe64c, 0xfffffffa, 0x7, 0xf2, 0x0, 0x6, 0x7, 0xffffffff, 0x1, 0x43d, 0x7, 0x8, 0x1, 0x3, 0x7fff, 0x200, 0x1, 0xd8, 0x1, 0x2, 0xfffffffa, 0x5, 0x1, 0x4d81, 0x2, 0x6, 0x80000000, 0x9, 0x5, 0xa0, 0xfffffff7, 0x9, 0x2, 0x8, 0x2, 0x0, 0x5618, 0x4, 0x0, 0x5, 0x4, 0x7, 0x1, 0x8000, 0x0, 0xfff, 0x9, 0x0, 0x7, 0x2, 0x5, 0x4, 0xacc, 0x6ea5, 0x1, 0x5903a43, 0x2, 0x200, 0x6, 0x5, 0x100, 0x3, 0x7fff, 0x8000, 0x6, 0x6, 0x3997, 0x10, 0x7, 0x6, 0x40, 0x40, 0x8, 0x7fff, 0x4c, 0xd, 0x5, 0x89, 0x100, 0x11, 0x8, 0x5, 0x3, 0xa3a6, 0x1, 0x9, 0x1, 0x0, 0x1, 0x931, 0x420, 0x9, 0x2, 0x8, 0xfffffc11, 0xe8f, 0x1, 0x1, 0x8, 0x3, 0x4, 0x7fffffff, 0x64878000, 0xffffa776, 0x9, 0x0, 0x9, 0x1000, 0x7, 0x5, 0x98dc, 0x2, 0x3, 0x6, 0x5, 0x2, 0x8e, 0x3, 0x7, 0x0, 0x8, 0xc16, 0x2, 0xaf7e, 0x3, 0x10, 0x3, 0x5, 0x0, 0x9, 0xcfb1, 0x2, 0x14, 0xffffff7f, 0x80000001, 0x9, 0x6, 0xec, 0x800, 0x0, 0x7fff, 0x400, 0xb, 0x5, 0x9, 0x6, 0x7, 0x0, 0xfffffffe, 0x7f]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x9, 0x20000000, 0x4, 0x7, 0x6f4, {0x5, 0x0, 0x523a, 0x1ff0, 0x8, 0x5}, {0x6, 0x1, 0xff4a, 0x0, 0xf, 0xf3}, 0x3ff, 0x4, 0x400}}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x8}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x8000000000000001}]}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0x7}}, @TCA_RATE={0x6, 0x5, {0x1, 0xb}}, @TCA_RATE={0x6, 0x5, {0x8e, 0xb2}}]}, 0x958}}, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r1, 0x40603d07, &(0x7f0000000040))

1.722211187s ago: executing program 0 (id=2657):
socket(0x1, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x238, &(0x7f0000000380)={0x0, 0x200000, 0x1, 0x0, 0x3, 0x0, r1}, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc8}}, 0x1c}}, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x13)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000100)={{}, 'syz0\x00'})
ioctl$UI_DEV_CREATE(r4, 0x5501)
r5 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
setsockopt$ax25_int(r5, 0x101, 0x6, &(0x7f0000000000)=0x4, 0x4)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e000000"], 0x54}}, 0x0)
creat(&(0x7f0000000280)='./file0\x00', 0xc2)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0)
read$FUSE(r6, &(0x7f0000000480)={0x2020}, 0x2020)
mount$afs(&(0x7f0000000680)=ANY=[@ANYBLOB='%'], &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r8 = dup(r7)
write$UHID_INPUT(r8, &(0x7f0000001980)={0xf, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b3267078b089b34083b681a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b313b0d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e924afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team_slave_0\x00'})
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

1.126847224s ago: executing program 7 (id=2658):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x1, @loopback}, 0x10)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000006380)={0x2020}, 0x2020)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
sendmsg$alg(r0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1000000014010094523a000200000000"], 0x10}, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp512-generic\x00'}, 0x58)
accept4(r2, 0x0, 0x0, 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ocfs2\x00', 0x100000, &(0x7f0000000140)='/dev/midi#\x00')
r4 = syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0x7000000, 0x8281)
readv(r4, &(0x7f0000000540)=[{&(0x7f0000000180)=""/245, 0xf5}, {&(0x7f0000000280)=""/217, 0xd9}, {&(0x7f0000000380)=""/173, 0xad}, {&(0x7f0000000440)=""/239, 0xef}, {&(0x7f00000005c0)=""/177, 0xb1}, {&(0x7f0000000680)=""/83, 0x53}, {0x0}], 0x7)
syz_usb_disconnect(r3)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'geneve1\x00'})
unshare(0x880)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
ioctl(0xffffffffffffffff, 0x8b2c, &(0x7f0000000040))
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_emit_ethernet(0x7f, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffff00230000000086dd"], 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)

1.126373538s ago: executing program 4 (id=2659):
r0 = syz_open_dev$cec(&(0x7f00000011c0), 0x0, 0x80)
ioctl$CEC_ADAP_G_LOG_ADDRS(r0, 0x805c6103, &(0x7f0000001200))
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x13, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000001500)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x1f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48)
r3 = syz_open_dev$evdev(&(0x7f0000001140), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = dup(0xffffffffffffffff)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000001280)=ANY=[@ANYBLOB="0100000000000000e100000078d6671af8e90ff25fff17c0000003000000000000000000ec1633671071fd1cb1d65eed4f695ffdd25221e2251a970d14d1dc8bf7bc8a0bfbe95ceb9217a9a09a59e30ee10f80df7284cbcb8f7395aed4b3c6525ba8"])
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001840)=@newlink={0x68, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'veth1_virt_wifi\x00'}, @IFLA_IFNAME={0x14, 0x3, 'xfrm0\x00'}, @IFLA_MAP={0x20}]}, 0x68}}, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r6, 0x40089413, &(0x7f0000001300)=0x407)
r8 = add_key$fscrypt_v1(&(0x7f0000001480), &(0x7f0000000280)={'fscrypt:', @desc2}, &(0x7f0000001400)={0x0, "f1a1173fb9462d3509e67197f90be6e423ceb0ab4912f9f6a318546a0982f8938caa52dd8d39af14c31ed56ad59300", 0x8}, 0x48, 0xffffffffffffffff)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x4, r8, r8, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000208060001080006"], 0x0)
r9 = socket$packet(0x11, 0x3, 0x300)
mknod$loop(&(0x7f0000000100)='./file0\x00', 0x0, 0x1)
mount(&(0x7f0000000000)=@sr0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='zonefs\x00', 0x0, 0x0)
mount(&(0x7f0000000040)=@sr0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='ntfs3\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000003c0)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x5e98e3de3684b603}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0x8c, 0x0, 0x20, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_WIPHY_FREQ_HINT={0x8, 0xc9, @random=0x97b}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x4571725c10e0bbe0, 0x1, 0x4, 0x0, {0x0, 0x4, 0x0, 0x80, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x300, 0x5, 0x3}}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x2, 0x1, 0x1, 0x0, {0x2, 0x81, 0x0, 0xc4, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x8, 0x8, 0x7}}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0xc, 0x2, 0x1, 0x0, {0x4, 0x4, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x1, 0x9, 0xc}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20040000}, 0x20040001)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000000080))
setsockopt$netrom_NETROM_N2(r5, 0x103, 0x3, &(0x7f0000000040)=0xffffff7f, 0x4)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000001340)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB="49d77cfce4d6ffbc16070000e15215cc5c9dc0e4a5cb2a42f594c2573245eef41d41e8bd9d5d0cb2db781b7c3114f394dca8f4ba2c7af8b928a6c3821281fa2c5efaad23bf4337a2bc6f87b005f1b25eb88735becc08a491886ea12c21c09000fb3a0a664568df55c6f8a4566bc0fbd8b58b6d91eb", @ANYRES32, @ANYRES64=0x0], 0x10)
ioctl$EVIOCGBITKEY(r3, 0x80404521, &(0x7f0000001180)=""/39)
close(0x3)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000380)={&(0x7f00000000c0)="1163db8b5f6daa72ab8bc3297d111a87bb1b19243c582c8d71dcf6bb40611edf28aac3deb0e7d7d5053ad078056ba009a7e45a1fdcf19a82eb553e5dee6f196b320e53e48667c7aee32a540aa13e8d5eabf1921ec8ce64a1cddf985205892225ffa3650fa40b1a9b65c130c1", &(0x7f0000000140)=""/69, &(0x7f0000000280), 0x0, 0xd644, r2, 0x4}, 0x38)

865.608611ms ago: executing program 0 (id=2660):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x1, @loopback}, 0x10)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000006380)={0x2020}, 0x2020)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
sendmsg$alg(r0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1000000014010094523a000200000000"], 0x10}, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp512-generic\x00'}, 0x58)
accept4(r2, 0x0, 0x0, 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ocfs2\x00', 0x100000, &(0x7f0000000140)='/dev/midi#\x00')
r4 = syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0x7000000, 0x8281)
readv(r4, &(0x7f0000000540)=[{&(0x7f0000000180)=""/245, 0xf5}, {&(0x7f0000000280)=""/217, 0xd9}, {0x0}, {&(0x7f0000000440)=""/239, 0xef}, {&(0x7f00000005c0)=""/177, 0xb1}, {&(0x7f0000000680)=""/83, 0x53}, {&(0x7f0000000700)=""/235, 0xeb}], 0x7)
syz_usb_disconnect(r3)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'geneve1\x00'})
unshare(0x880)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
ioctl(0xffffffffffffffff, 0x8b2c, &(0x7f0000000040))
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_emit_ethernet(0x7f, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffff00230000000086dd"], 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)

832.01962ms ago: executing program 4 (id=2661):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280))
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f0000000080)={0x1, 'vlan1\x00', {}, 0x2})
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffffff7}]}}}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x84, 0x0, {0x0, 0x84}}}, 0xe0}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r4=>0x0})
r5 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@bridge_setlink={0x34, 0x13, 0xa29, 0x0, 0x25dfdbfd, {0x7, 0x0, 0x0, r4}, [@IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x4, 0x0, 0x1, {0xc, 0x5, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x0, 0x7}]}}]}]}, 0x34}}, 0x8800)
bind$can_j1939(r2, &(0x7f0000000200)={0x1d, r4, 0x0, {0x2, 0x1, 0x4}, 0x2}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', <r6=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2002}, [@IFLA_IFNAME={0x14, 0x3, 'bond0\x00'}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x3c}}, 0x0)

670.390648ms ago: executing program 4 (id=2662):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x30d281, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000000000001"])
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
unlinkat(r3, &(0x7f0000000280)='./file0\x00', 0x200)
getcwd(0x0, 0x0)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000005, 0x30, 0xffffffffffffffff, 0xffc49000)
madvise(&(0x7f0000ab0000/0x3000)=nil, 0x3000, 0x13)
preadv(0xffffffffffffffff, &(0x7f00000015c0), 0x0, 0x0, 0x0)
socket$kcm(0x21, 0x2, 0x2)
fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, &(0x7f0000000100)='lazytime\x00', 0x0, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x8541)
ioctl$USBDEVFS_ALLOW_SUSPEND(r5, 0x5522)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x128a877, &(0x7f00000001c0)=ANY=[@ANYBLOB="73697a653d382c6e725f696e6f6465733d382c0078df88a429d8ed5b479dfc6f4004e2934fee4eae614ada415472571c9c56f5073c0c619fce13716c51db6f58a15c2844cdb3a29c1224eb9ffb81543ca33882bdacc6b6c1163357c631d83feef378383bfbba286e82819bc3f30464"])
ioctl$USBDEVFS_BULK(r5, 0x5523, 0x0)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r6, 0x5522, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0x541b, 0x0)
ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000140)={r2, 0x5, 0x6})
ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
ioctl$USBDEVFS_ALLOW_SUSPEND(r4, 0x5522)
socket$unix(0x1, 0x2, 0x0)
ioctl$USBDEVFS_SETINTERFACE(r4, 0x80045510, &(0x7f0000000000))
socket(0xa, 0x3, 0xba)

670.141688ms ago: executing program 6 (id=2663):
socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x4, r0, 0x2, &(0x7f00000000c0))
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
sendto$inet(r4, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$tipc(r5, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x40, 0x1, 0x4}}, 0x10)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r6, 0x84, 0x12, &(0x7f00000002c0)=0x2, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32, 0x0, 0xfe}, 0x9c)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_open_dev$vim2m(&(0x7f0000000100), 0x7, 0x2)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r6, 0x84, 0x13, &(0x7f0000000000)=0x8, 0x4)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0xf403000000000000}}, 0x1c)

623.619923ms ago: executing program 4 (id=2664):
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7900216c52d922ba2a"], 0xfdef)
mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000004)
r0 = syz_open_dev$vim2m(0x0, 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r4 = dup2(r3, r3)
socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000180)={@dev={0xfe, 0x80, '\x00', 0x11}, 0x40800, 0x0, 0x0, 0x3}, 0x20)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000000206010100000000000000000000fffe16000300686173683a6e65742c706f72742c6e657400000005000400000000000900020073797a3000000000050005000a000000426328ead3c9e8998791211720272f55afffd4cd894af0f47fe03de6879c9f4d65b39d71fc4f8ecee022663e0257134dda2672b5bd"], 0x48}}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_int(r5, &(0x7f0000000040)='hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x2, 0x0)
unshare(0x44040000)
r7 = open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x0)
r8 = open(&(0x7f0000000080)='./bus\x00', 0x145542, 0x0)
ftruncate(r8, 0x2007ffd)
sendfile(r6, r7, 0x0, 0x1000a3)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000200)={0x1000, 0x1, 0x2})
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000002c0)={0x1, @sliced={0x7, [0x0, 0x864, 0x6, 0x6, 0xfffc, 0xfff, 0xe26f, 0x3, 0x22e5, 0x8090, 0x2, 0xfff, 0x9, 0x0, 0x5, 0x120, 0xa, 0x2, 0xb, 0x1, 0xc, 0x101, 0xb, 0x7, 0x0, 0x40, 0x7, 0x3400, 0xfffe, 0x1, 0x369e, 0x3, 0x7f28, 0xf, 0x9, 0xb, 0x8, 0x4, 0xfffa, 0x3ce9, 0x400, 0x6, 0xf022, 0x0, 0x5, 0xb00a, 0x10, 0x9], 0x1}})
getsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x107, 0x18, 0x0, 0x20000002)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r4, 0x7a4, &(0x7f0000000240)={{@host, 0x8}, 0x400, 0x8000000000000000, 0x3, 0x2})

0s ago: executing program 4 (id=2665):
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
r2 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x0)
ioctl$NBD_SET_FLAGS(r2, 0xab0a, 0xffffffffffffffff)
ioctl$NBD_SET_SOCK(r2, 0xab00, r1)
ioctl$NBD_DO_IT(r0, 0xab03)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x0)
rename(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000f00)='./file0\x00')
rename(&(0x7f0000000200)='./file0\x00', &(0x7f0000000f00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

kernel console output (not intermixed with test programs):

2.871445][T12792] Dev loop6: unable to read RDB block 0
[  502.873787][T12792]  loop6: unable to read partition table
[  502.875810][T12792] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  504.107607][T12807] AppArmor: change_hat: Invalid input '0'
[  504.283788][T12819] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  504.411423][   T57] usb 12-1: new low-speed USB device number 5 using dummy_hcd
[  504.467355][T12822] netlink: 'syz.6.1907': attribute type 4 has an invalid length.
[  504.541376][   T57] usb 12-1: device descriptor read/64, error -71
[  504.791469][   T57] usb 12-1: new low-speed USB device number 6 using dummy_hcd
[  504.870878][T12826] geneve0 speed is unknown, defaulting to 1000
[  504.921385][   T57] usb 12-1: device descriptor read/64, error -71
[  505.034955][   T57] usb usb12-port1: attempt power cycle
[  505.371431][   T57] usb 12-1: new low-speed USB device number 7 using dummy_hcd
[  505.395823][   T57] usb 12-1: device descriptor read/8, error -71
[  505.631736][   T57] usb 12-1: new low-speed USB device number 8 using dummy_hcd
[  505.652528][   T57] usb 12-1: device descriptor read/8, error -71
[  505.766461][   T57] usb usb12-port1: unable to enumerate USB device
[  506.140039][T12841] netlink: 2048 bytes leftover after parsing attributes in process `syz.6.1912'.
[  506.145791][T12841] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1912'.
[  506.965883][T12847] AppArmor: change_hat: Invalid input '0'
[  507.557650][T12868] netlink: 'syz.6.1919': attribute type 4 has an invalid length.
[  508.625090][T12883] netlink: 168 bytes leftover after parsing attributes in process `syz.7.1923'.
[  508.654583][T12883] loop9: detected capacity change from 0 to 6
[  508.657066][T12883] Dev loop9: unable to read RDB block 6
[  508.661360][T12883]  loop9: unable to read partition table
[  508.666116][T12883] loop9: partition table beyond EOD, truncated
[  508.667748][T12883] loop_reread_partitions: partition scan of loop9 (žč¢«xüŸŃų éŚ¬§½dʤ“ą–ƒŻ”Æ؝ā·ū
[  508.667748][T12883] 
) failed (rc=-5)
[  509.132419][T12889] could not allocate digest TFM handle sha1-asm
[  509.201478][T12893] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1925'.
[  509.208540][T12893] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1925'.
[  510.324306][T12916] autofs: Unknown parameter 'O‚-0W®“¤yjQsu<ŠHA·RÉvăŅln¼a0"#ņ (åśs¾€eö𼓣'
[  510.562672][T12924] netlink: 'syz.4.1930': attribute type 4 has an invalid length.
[  510.630272][T12925] fuse: Bad value for 'rootmode'
[  511.059855][T12930] tipc: Started in network mode
[  511.068429][T12930] tipc: Node identity ac1414aa, cluster identity 4711
[  511.071027][T12930] tipc: Enabled bearer <udp:s>, priority 10
[  511.190814][T12933] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1933'.
[  511.585289][T12943] geneve0 speed is unknown, defaulting to 1000
[  511.978490][T12950] geneve0 speed is unknown, defaulting to 1000
[  512.181422][    T8] tipc: Node number set to 2886997162
[  512.571336][T12961] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1938'.
[  512.652707][ T1411] ieee802154 phy0 wpan0: encryption failed: -22
[  512.654430][ T1411] ieee802154 phy1 wpan1: encryption failed: -22
[  513.260584][ T5761] kernel write not supported for file /cpu/0/msr (pid: 5761 comm: kworker/2:3)
[  513.834215][T12981] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  514.146262][T12993] 9pnet_virtio: no channels available for device 
[  514.169305][T12992] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  514.605039][   T75] tipc: Subscription rejected, illegal request
[  515.242278][T13017] geneve0 speed is unknown, defaulting to 1000
[  515.660469][T13024] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1954'.
[  515.660491][T13025] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1954'.
[  515.781445][ T5988] Bluetooth: hci2: command 0x0419 tx timeout
[  515.893578][T13029] 9pnet_fd: Insufficient options for proto=fd
[  516.204493][T13039] loop6: detected capacity change from 0 to 524287999
[  516.227883][    C0] blk_print_req_error: 7 callbacks suppressed
[  516.227965][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  516.233194][    C0] buffer_io_error: 7 callbacks suppressed
[  516.233240][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.241572][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  516.244720][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.254196][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  516.257834][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.275807][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  516.278528][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.288227][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  516.291492][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.298748][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  516.302032][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.305103][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  516.308116][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.311178][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  516.314605][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.317513][T13039] ldm_validate_partition_table(): Disk read failed.
[  516.361331][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  516.364360][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.428637][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  516.431906][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  516.504556][T13039] Dev loop6: unable to read RDB block 0
[  516.511997][T13039]  loop6: unable to read partition table
[  516.513518][T13039] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  516.532545][    T8] kernel write not supported for file /cpu/0/msr (pid: 8 comm: kworker/0:0)
[  517.216701][T13063] netlink: 'syz.4.1963': attribute type 4 has an invalid length.
[  518.087924][T13077] bond0: (slave caif0): Error: Device type is different from other slaves
[  518.662135][T10594] Bluetooth: hci2: command 0x0419 tx timeout
[  518.742419][T13086] geneve0 speed is unknown, defaulting to 1000
[  518.989834][   T40] audit: type=1326 audit(1732648601.779:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.0.1972" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd8579 code=0x7ffc0000
[  518.997424][   T40] audit: type=1326 audit(1732648601.779:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.0.1972" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fd8579 code=0x7ffc0000
[  519.003055][   T40] audit: type=1326 audit(1732648601.779:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.0.1972" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd8579 code=0x7ffc0000
[  519.009512][   T40] audit: type=1326 audit(1732648601.779:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.0.1972" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd8579 code=0x7ffc0000
[  519.015329][   T40] audit: type=1326 audit(1732648601.779:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.0.1972" exe="/syz-executor" sig=0 arch=40000003 syscall=179 compat=1 ip=0xf7fd8579 code=0x7ffc0000
[  519.021111][   T40] audit: type=1326 audit(1732648601.779:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.0.1972" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd8579 code=0x7ffc0000
[  519.027665][   T40] audit: type=1326 audit(1732648601.779:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.0.1972" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd8579 code=0x7ffc0000
[  519.033198][   T40] audit: type=1326 audit(1732648601.779:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.0.1972" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd8579 code=0x7ffc0000
[  519.051343][   T40] audit: type=1326 audit(1732648601.839:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.0.1972" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd8579 code=0x7ffc0000
[  519.057162][   T40] audit: type=1326 audit(1732648601.839:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.0.1972" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd8579 code=0x7ffc0000
[  519.381536][    T8] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  519.511693][    T8] usb 5-1: device descriptor read/64, error -71
[  519.782147][    T8] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  519.921451][    T8] usb 5-1: device descriptor read/64, error -71
[  520.042042][    T8] usb usb5-port1: attempt power cycle
[  520.692643][    T8] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  520.773465][    T8] usb 5-1: device descriptor read/8, error -71
[  520.994816][T10594] Bluetooth: hci2: Unknown advertising packet type: 0x74
[  521.022137][    T8] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  521.056140][    T8] usb 5-1: device descriptor read/8, error -71
[  521.174598][    T8] usb usb5-port1: unable to enumerate USB device
[  521.836614][T13127] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  521.839373][T13127] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  522.254959][T13140] netlink: 'syz.6.1987': attribute type 11 has an invalid length.
[  522.488118][T13145] netlink: 'syz.0.1986': attribute type 4 has an invalid length.
[  522.767349][T13149] geneve0 speed is unknown, defaulting to 1000
[  522.967642][T13148] geneve0 speed is unknown, defaulting to 1000
[  523.018532][T13157] netlink: 260 bytes leftover after parsing attributes in process `syz.0.1991'.
[  523.021656][T13155] input: syz0 as /devices/virtual/input/input38
[  523.028205][T13155] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1990'.
[  523.119264][T13161] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  523.128475][T13161] CIFS mount error: No usable UNC path provided in device string!
[  523.128475][T13161] 
[  523.135824][T13161] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  523.454692][T13164] FAULT_INJECTION: forcing a failure.
[  523.454692][T13164] name failslab, interval 1, probability 0, space 0, times 0
[  523.458800][T13164] CPU: 3 UID: 0 PID: 13164 Comm: syz.0.1993 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  523.461830][T13164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  523.464703][T13164] Call Trace:
[  523.465611][T13164]  <TASK>
[  523.466392][T13164]  dump_stack_lvl+0x16c/0x1f0
[  523.467707][T13164]  should_fail_ex+0x497/0x5b0
[  523.469010][T13164]  ? fs_reclaim_acquire+0xae/0x150
[  523.470405][T13164]  should_failslab+0xc2/0x120
[  523.471713][T13164]  __kmalloc_node_noprof+0xd1/0x520
[  523.473109][T13164]  ? __vmalloc_node_range_noprof+0x3d8/0x1530
[  523.474792][T13164]  __vmalloc_node_range_noprof+0x3d8/0x1530
[  523.476365][T13164]  ? kernel_clone+0xfd/0x960
[  523.477639][T13164]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  523.479408][T13164]  ? rcu_is_watching+0x12/0xc0
[  523.480749][T13164]  ? trace_kmem_cache_alloc+0x2d/0xd0
[  523.482572][T13164]  ? kmem_cache_alloc_node_noprof+0x219/0x3b0
[  523.484823][T13164]  ? copy_process+0x49c/0x6f20
[  523.486651][T13164]  ? kernel_clone+0xfd/0x960
[  523.488437][T13164]  copy_process+0x29b3/0x6f20
[  523.490208][T13164]  ? kernel_clone+0xfd/0x960
[  523.491840][T13164]  ? get_pid_task+0xfc/0x250
[  523.493142][T13164]  ? __pfx_lock_release+0x10/0x10
[  523.494382][T13164]  ? trace_lock_acquire+0x146/0x1e0
[  523.495702][T13164]  ? __pfx_copy_process+0x10/0x10
[  523.497285][T13164]  ? find_held_lock+0x2d/0x110
[  523.499035][T13164]  kernel_clone+0xfd/0x960
[  523.500617][T13164]  ? __pfx_kernel_clone+0x10/0x10
[  523.502425][T13164]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  523.504589][T13164]  __do_compat_sys_ia32_clone+0xb7/0x100
[  523.506057][T13164]  ? __pfx___do_compat_sys_ia32_clone+0x10/0x10
[  523.507632][T13164]  __do_fast_syscall_32+0x73/0x120
[  523.509005][T13164]  do_fast_syscall_32+0x32/0x80
[  523.510259][T13164]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  523.511963][T13164] RIP: 0023:0xf7fd8579
[  523.512987][T13164] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  523.519067][T13164] RSP: 002b:00000000f515650c EFLAGS: 00000246 ORIG_RAX: 0000000000000078
[  523.521871][T13164] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[  523.523950][T13164] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  523.525979][T13164] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  523.528033][T13164] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  523.530601][T13164] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  523.532990][T13164]  </TASK>
[  523.533848][    C3] vkms_vblank_simulate: vblank timer overrun
[  523.538013][T13164] syz.0.1993: vmalloc error: size 32768, failed to allocated page array size 64, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  523.544152][T13164] CPU: 3 UID: 0 PID: 13164 Comm: syz.0.1993 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  523.547653][T13164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  523.551531][T13164] Call Trace:
[  523.552659][T13164]  <TASK>
[  523.553604][T13164]  dump_stack_lvl+0x16c/0x1f0
[  523.555090][T13164]  warn_alloc+0x24d/0x3a0
[  523.556438][T13164]  ? __pfx_warn_alloc+0x10/0x10
[  523.557939][T13164]  ? dump_stack_lvl+0x1a1/0x1f0
[  523.559477][T13164]  ? rcu_is_watching+0x12/0xc0
[  523.560992][T13164]  ? trace_kmalloc+0x2d/0xd0
[  523.562532][T13164]  ? __kmalloc_node_noprof+0x23d/0x520
[  523.564233][T13164]  __vmalloc_node_range_noprof+0x1105/0x1530
[  523.566056][T13164]  ? kernel_clone+0xfd/0x960
[  523.567484][T13164]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  523.569406][T13164]  ? rcu_is_watching+0x12/0xc0
[  523.570896][T13164]  ? trace_kmem_cache_alloc+0x2d/0xd0
[  523.572558][T13164]  ? kmem_cache_alloc_node_noprof+0x219/0x3b0
[  523.574426][T13164]  ? copy_process+0x49c/0x6f20
[  523.575874][T13164]  ? kernel_clone+0xfd/0x960
[  523.577292][T13164]  copy_process+0x29b3/0x6f20
[  523.578768][T13164]  ? kernel_clone+0xfd/0x960
[  523.580213][T13164]  ? get_pid_task+0xfc/0x250
[  523.581637][T13164]  ? __pfx_lock_release+0x10/0x10
[  523.583205][T13164]  ? trace_lock_acquire+0x146/0x1e0
[  523.584816][T13164]  ? __pfx_copy_process+0x10/0x10
[  523.586383][T13164]  ? find_held_lock+0x2d/0x110
[  523.587869][T13164]  kernel_clone+0xfd/0x960
[  523.589253][T13164]  ? __pfx_kernel_clone+0x10/0x10
[  523.590893][T13164]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  523.592776][T13164]  __do_compat_sys_ia32_clone+0xb7/0x100
[  523.594505][T13164]  ? __pfx___do_compat_sys_ia32_clone+0x10/0x10
[  523.596429][T13164]  __do_fast_syscall_32+0x73/0x120
[  523.598019][T13164]  do_fast_syscall_32+0x32/0x80
[  523.599547][T13164]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  523.601522][T13164] RIP: 0023:0xf7fd8579
[  523.602949][T13164] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  523.608966][T13164] RSP: 002b:00000000f515650c EFLAGS: 00000246 ORIG_RAX: 0000000000000078
[  523.611566][T13164] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[  523.613999][T13164] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  523.616401][T13164] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  523.618820][T13164] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  523.621227][T13164] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  523.623609][T13164]  </TASK>
[  523.624654][    C3] vkms_vblank_simulate: vblank timer overrun
[  523.629633][T13164] Mem-Info:
[  523.630703][T13164] active_anon:7081 inactive_anon:0 isolated_anon:0
[  523.630703][T13164]  active_file:10665 inactive_file:17942 isolated_file:0
[  523.630703][T13164]  unevictable:1768 dirty:214 writeback:0
[  523.630703][T13164]  slab_reclaimable:7508 slab_unreclaimable:74507
[  523.630703][T13164]  mapped:31638 shmem:3786 pagetables:790
[  523.630703][T13164]  sec_pagetables:307 bounce:0
[  523.630703][T13164]  kernel_misc_reclaimable:0
[  523.630703][T13164]  free:45815 free_pcp:1406 free_cma:0
[  523.650760][T13164] Node 0 active_anon:1828kB inactive_anon:0kB active_file:12908kB inactive_file:0kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:5492kB dirty:4kB writeback:0kB shmem:3696kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9008kB pagetables:580kB sec_pagetables:1104kB all_unreclaimable? yes
[  523.662923][T13164] Node 1 active_anon:26596kB inactive_anon:0kB active_file:29752kB inactive_file:71768kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:120860kB dirty:852kB writeback:0kB shmem:11448kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4428kB pagetables:2580kB sec_pagetables:124kB all_unreclaimable? no
[  523.681434][T13164] Node 0 DMA free:2948kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:1180kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:488kB local_pcp:132kB free_cma:0kB
[  523.691985][T13164] lowmem_reserve[]: 0 270 0 0 0
[  523.693827][T13164] Node 0 DMA32 free:30576kB boost:12288kB min:26076kB low:29520kB high:32964kB reserved_highatomic:4096KB active_anon:1800kB inactive_anon:0kB active_file:11728kB inactive_file:0kB unevictable:3536kB writepending:4kB present:1032196kB managed:304016kB mlocked:0kB bounce:0kB free_pcp:2496kB local_pcp:460kB free_cma:0kB
[  523.706318][T13164] lowmem_reserve[]: 0 0 0 0 0
[  523.707988][T13164] Node 1 DMA32 free:150776kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:6144KB active_anon:26672kB inactive_anon:0kB active_file:29752kB inactive_file:71768kB unevictable:3536kB writepending:852kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:1800kB local_pcp:16kB free_cma:0kB
[  523.721732][T13164] lowmem_reserve[]: 0 0 0 0 0
[  523.724191][T13164] Node 0 DMA: 29*4kB (UM) 52*8kB (UM) 23*16kB (UM) 36*32kB (UM) 6*64kB (U) 0*128kB 0*256kB 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 2948kB
[  523.729387][T13164] Node 0 DMA32: 828*4kB (UEH) 220*8kB (UMEH) 64*16kB (UMEH) 217*32kB (UMEH) 104*64kB (UMEH) 25*128kB (UME) 8*256kB (UM) 7*512kB (UME) 0*1024kB 1*2048kB (M) 0*4096kB = 30576kB
[  523.749248][T13164] Node 1 DMA32: 1*4kB (H) 765*8kB (UMEH) 351*16kB (UMEH) 333*32kB (UMEH) 202*64kB (UMEH) 73*128kB (UMEH) 43*256kB (UMEH) 27*512kB (UMH) 21*1024kB (UMEH) 15*2048kB (UMEH) 7*4096kB (UM) = 150396kB
[  523.756207][T13164] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  523.759409][T13164] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  523.762610][T13164] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  523.765826][T13164] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  523.768948][T13164] 32382 total pagecache pages
[  523.770529][T13164] 0 pages in swap cache
[  523.772220][T13164] Free swap  = 124064kB
[  523.773651][T13164] Total swap = 124996kB
[  523.775077][T13164] 524155 pages RAM
[  523.776356][T13164] 0 pages HighMem/MovableOnly
[  523.777950][T13164] 207248 pages reserved
[  523.779371][T13164] 0 pages cma reserved
[  523.813701][T13178] FAULT_INJECTION: forcing a failure.
[  523.813701][T13178] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  523.820380][T13178] CPU: 3 UID: 0 PID: 13178 Comm: syz.4.1998 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  523.824079][T13178] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  523.827944][T13178] Call Trace:
[  523.829137][T13178]  <TASK>
[  523.830217][T13178]  dump_stack_lvl+0x16c/0x1f0
[  523.831932][T13178]  should_fail_ex+0x497/0x5b0
[  523.833540][T13178]  _copy_from_user+0x2e/0xd0
[  523.834877][T13178]  snd_rawmidi_kernel_write1+0x35e/0x860
[  523.836687][T13178]  ? _raw_spin_unlock_irq+0x23/0x50
[  523.838578][T13178]  snd_rawmidi_write+0x267/0xbe0
[  523.840400][T13178]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  523.842450][T13178]  ? __pfx_default_wake_function+0x10/0x10
[  523.844525][T13178]  ? bpf_lsm_file_permission+0x9/0x10
[  523.845892][T13178]  ? security_file_permission+0x71/0x210
[  523.847283][T13178]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  523.848837][T13178]  vfs_writev+0x6da/0xdd0
[  523.849929][T13178]  ? find_held_lock+0x2d/0x110
[  523.851165][T13178]  ? __pfx_vfs_writev+0x10/0x10
[  523.852361][T13178]  ? find_held_lock+0x2d/0x110
[  523.853661][T13178]  ? __pfx_lock_release+0x10/0x10
[  523.855066][T13178]  ? trace_lock_acquire+0x146/0x1e0
[  523.856423][T13178]  ? __fget_files+0x206/0x3a0
[  523.857702][T13178]  ? do_writev+0x297/0x340
[  523.858908][T13178]  do_writev+0x297/0x340
[  523.860046][T13178]  ? __pfx_do_writev+0x10/0x10
[  523.861273][T13178]  __do_fast_syscall_32+0x73/0x120
[  523.862571][T13178]  do_fast_syscall_32+0x32/0x80
[  523.863863][T13178]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  523.865517][T13178] RIP: 0023:0xf73fe579
[  523.866603][T13178] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  523.871564][T13178] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[  523.874102][T13178] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000840
[  523.876687][T13178] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  523.878772][T13178] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  523.880830][T13178] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  523.882832][T13178] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  523.884883][T13178]  </TASK>
[  523.885803][    C3] vkms_vblank_simulate: vblank timer overrun
[  524.504967][T13203] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2003'.
[  524.751433][T13219] FAULT_INJECTION: forcing a failure.
[  524.751433][T13219] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  524.755203][T13219] CPU: 1 UID: 0 PID: 13219 Comm: syz.0.2010 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  524.757892][T13219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  524.760654][T13219] Call Trace:
[  524.761538][T13219]  <TASK>
[  524.762444][T13219]  dump_stack_lvl+0x16c/0x1f0
[  524.763803][T13219]  should_fail_ex+0x497/0x5b0
[  524.765030][T13219]  _copy_from_user+0x2e/0xd0
[  524.766238][T13219]  snd_rawmidi_kernel_write1+0x35e/0x860
[  524.767698][T13219]  ? _raw_spin_unlock_irq+0x23/0x50
[  524.769036][T13219]  snd_rawmidi_write+0x267/0xbe0
[  524.770325][T13219]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  524.772121][T13219]  ? __pfx_default_wake_function+0x10/0x10
[  524.773683][T13219]  ? bpf_lsm_file_permission+0x9/0x10
[  524.775078][T13219]  ? security_file_permission+0x71/0x210
[  524.776535][T13219]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  524.777967][T13219]  vfs_writev+0x6da/0xdd0
[  524.779117][T13219]  ? find_held_lock+0x2d/0x110
[  524.780384][T13219]  ? __pfx_vfs_writev+0x10/0x10
[  524.781661][T13219]  ? find_held_lock+0x2d/0x110
[  524.782916][T13219]  ? __pfx_lock_release+0x10/0x10
[  524.784385][T13219]  ? trace_lock_acquire+0x146/0x1e0
[  524.785712][T13219]  ? __fget_files+0x206/0x3a0
[  524.786961][T13219]  ? do_writev+0x297/0x340
[  524.788285][T13219]  do_writev+0x297/0x340
[  524.789655][T13219]  ? __pfx_do_writev+0x10/0x10
[  524.790923][T13219]  __do_fast_syscall_32+0x73/0x120
[  524.792438][T13219]  do_fast_syscall_32+0x32/0x80
[  524.794095][T13219]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  524.796222][T13219] RIP: 0023:0xf7fd8579
[  524.797600][T13219] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  524.803789][T13219] RSP: 002b:00000000f515655c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[  524.806609][T13219] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000840
[  524.809188][T13219] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  524.811740][T13219] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  524.814516][T13219] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  524.816781][T13219] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  524.818855][T13219]  </TASK>
[  525.198233][T13236] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2015'.
[  525.206113][T13236] bridge0: port 1(vlan1) entered blocking state
[  525.207985][T13236] bridge0: port 1(vlan1) entered disabled state
[  525.209734][T13236] vlan1: entered allmulticast mode
[  525.215820][T13236] vlan1: left allmulticast mode
[  525.524048][T13239] netlink: 'syz.4.2016': attribute type 1 has an invalid length.
[  525.531201][T13241] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2017'.
[  525.554024][T13239] 8021q: adding VLAN 0 to HW filter on device bond5
[  525.569357][T13239] 8021q: adding VLAN 0 to HW filter on device bond5
[  525.571895][T13239] bond5: (slave ip6tnl2): The slave device specified does not support setting the MAC address
[  525.576311][T13239] bond5: (slave ip6tnl2): Error -95 calling set_mac_address
[  526.918028][T13283] bridge7: entered promiscuous mode
[  526.919462][T13283] bridge7: entered allmulticast mode
[  527.020517][T13288] geneve0 speed is unknown, defaulting to 1000
[  528.338163][T13319] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2043'.
[  528.517910][T13324] geneve0 speed is unknown, defaulting to 1000
[  528.991331][ T6039] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  529.063049][T13333] netlink: 100 bytes leftover after parsing attributes in process `syz.7.2048'.
[  529.256524][ T6039] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  529.259673][ T6039] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  529.262975][ T6039] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  529.265439][ T6039] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.269932][T13330] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  529.274329][ T6039] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  529.535284][ T5761] usb 5-1: USB disconnect, device number 46
[  530.222297][T13363] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2055'.
[  530.277224][T13366] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2057'.
[  530.413165][T13383] geneve0 speed is unknown, defaulting to 1000
[  530.425650][T13384] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  530.712054][ T6034] usb 12-1: new high-speed USB device number 9 using dummy_hcd
[  530.865967][ T6034] usb 12-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  530.869310][ T6034] usb 12-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  530.875316][ T6034] usb 12-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  530.877665][ T6034] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.884655][T13387] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  530.889714][ T6034] usb 12-1: Quirk or no altset; falling back to MIDI 1.0
[  531.123393][   T57] usb 12-1: USB disconnect, device number 9
[  531.981385][T13422] bond0: (slave caif0): Error: Device type is different from other slaves
[  533.206763][T13429] 9pnet_fd: Insufficient options for proto=fd
[  533.247561][T13433] 9pnet_fd: Insufficient options for proto=fd
[  533.266178][T13435] netlink: 76 bytes leftover after parsing attributes in process `syz.7.2078'.
[  533.601377][ T6034] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  533.755596][ T6034] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  533.758672][ T6034] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  533.763232][ T6034] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  533.765750][ T6034] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  533.833539][T13445] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  533.836994][ T6034] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  534.065886][   T35] usb 5-1: USB disconnect, device number 47
[  534.298233][T13462] bond0: (slave caif0): Error: Device type is different from other slaves
[  534.430894][T13467] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  534.435003][T13467] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  534.527702][   T40] kauditd_printk_skb: 35 callbacks suppressed
[  534.527713][   T40] audit: type=1326 audit(1732648617.319:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13470 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000
[  534.536754][   T40] audit: type=1326 audit(1732648617.319:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13470 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000
[  534.542415][   T40] audit: type=1326 audit(1732648617.329:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13470 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf73fe579 code=0x7ffc0000
[  534.548566][   T40] audit: type=1326 audit(1732648617.329:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13470 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000
[  534.555001][   T40] audit: type=1326 audit(1732648617.329:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13470 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000
[  534.560566][   T40] audit: type=1326 audit(1732648617.329:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13470 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf73fe579 code=0x7ffc0000
[  534.566601][   T40] audit: type=1326 audit(1732648617.329:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13470 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000
[  534.572269][   T40] audit: type=1326 audit(1732648617.329:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13470 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000
[  534.577576][   T40] audit: type=1326 audit(1732648617.329:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13470 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf73fe579 code=0x7ffc0000
[  534.582962][   T40] audit: type=1326 audit(1732648617.329:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13470 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7ffc0000
[  535.200388][T13476] geneve0 speed is unknown, defaulting to 1000
[  535.416796][T13482] netlink: 260 bytes leftover after parsing attributes in process `syz.4.2094'.
[  535.618352][T13489] input: syz0 as /devices/virtual/input/input40
[  535.754008][T13485] syz.4.2096: vmalloc error: size 4096, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  535.758119][T13485] CPU: 0 UID: 0 PID: 13485 Comm: syz.4.2096 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  535.760800][T13485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  535.763607][T13485] Call Trace:
[  535.764499][T13485]  <TASK>
[  535.765281][T13485]  dump_stack_lvl+0x16c/0x1f0
[  535.766519][T13485]  warn_alloc+0x24d/0x3a0
[  535.767668][T13485]  ? __pfx_warn_alloc+0x10/0x10
[  535.768908][T13485]  ? policy_nodemask+0xea/0x4e0
[  535.770158][T13485]  ? alloc_pages_mpol_noprof+0x315/0x610
[  535.771563][T13485]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  535.773061][T13485]  ? trace_kmalloc+0x2d/0xd0
[  535.774240][T13485]  ? __pfx___might_resched+0x10/0x10
[  535.775573][T13485]  __vmalloc_node_range_noprof+0x12c0/0x1530
[  535.777102][T13485]  ? kernel_clone+0xfd/0x960
[  535.778283][T13485]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  535.779891][T13485]  ? rcu_is_watching+0x12/0xc0
[  535.781097][T13485]  ? trace_kmem_cache_alloc+0x2d/0xd0
[  535.782549][T13485]  ? kmem_cache_alloc_node_noprof+0x219/0x3b0
[  535.784087][T13485]  ? copy_process+0x49c/0x6f20
[  535.785298][T13485]  ? kernel_clone+0xfd/0x960
[  535.786490][T13485]  copy_process+0x29b3/0x6f20
[  535.787687][T13485]  ? kernel_clone+0xfd/0x960
[  535.788875][T13485]  ? get_pid_task+0xfc/0x250
[  535.790062][T13485]  ? __pfx_lock_release+0x10/0x10
[  535.791321][T13485]  ? trace_lock_acquire+0x146/0x1e0
[  535.792765][T13485]  ? __pfx_copy_process+0x10/0x10
[  535.794131][T13485]  ? find_held_lock+0x2d/0x110
[  535.795359][T13485]  kernel_clone+0xfd/0x960
[  535.796504][T13485]  ? __pfx_kernel_clone+0x10/0x10
[  535.797817][T13485]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  535.799339][T13485]  __do_compat_sys_ia32_clone+0xb7/0x100
[  535.800745][T13485]  ? __pfx___do_compat_sys_ia32_clone+0x10/0x10
[  535.802308][T13485]  __do_fast_syscall_32+0x73/0x120
[  535.803639][T13485]  do_fast_syscall_32+0x32/0x80
[  535.804866][T13485]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  535.806456][T13485] RIP: 0023:0xf73fe579
[  535.807484][T13485] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  535.812218][T13485] RSP: 002b:00000000f50e650c EFLAGS: 00000246 ORIG_RAX: 0000000000000078
[  535.814285][T13485] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[  535.816239][T13485] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  535.818131][T13485] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  535.820104][T13485] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  535.821925][T13485] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  535.823927][T13485]  </TASK>
[  535.825324][T13485] Mem-Info:
[  535.826078][T13485] active_anon:9797 inactive_anon:0 isolated_anon:0
[  535.826078][T13485]  active_file:10665 inactive_file:17948 isolated_file:0
[  535.826078][T13485]  unevictable:1768 dirty:262 writeback:0
[  535.826078][T13485]  slab_reclaimable:7498 slab_unreclaimable:74174
[  535.826078][T13485]  mapped:31581 shmem:3777 pagetables:779
[  535.826078][T13485]  sec_pagetables:307 bounce:0
[  535.826078][T13485]  kernel_misc_reclaimable:0
[  535.826078][T13485]  free:41313 free_pcp:3654 free_cma:0
[  535.841740][T13485] Node 0 active_anon:1828kB inactive_anon:0kB active_file:12908kB inactive_file:0kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:5440kB dirty:4kB writeback:0kB shmem:3696kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9008kB pagetables:580kB sec_pagetables:1104kB all_unreclaimable? yes
[  535.849916][T13485] Node 1 active_anon:37460kB inactive_anon:0kB active_file:29752kB inactive_file:71792kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:120884kB dirty:1044kB writeback:0kB shmem:11412kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4576kB pagetables:2540kB sec_pagetables:124kB all_unreclaimable? no
[  535.862041][T13485] Node 0 DMA free:2948kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:1180kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:492kB local_pcp:60kB free_cma:0kB
[  535.869394][T13485] lowmem_reserve[]: 0 270 0 0 0
[  535.870735][T13485] Node 0 DMA32 free:28408kB boost:12288kB min:26076kB low:29520kB high:32964kB reserved_highatomic:4096KB active_anon:1800kB inactive_anon:0kB active_file:11728kB inactive_file:0kB unevictable:3536kB writepending:4kB present:1032196kB managed:304016kB mlocked:0kB bounce:0kB free_pcp:4828kB local_pcp:128kB free_cma:0kB
[  535.878555][T13485] lowmem_reserve[]: 0 0 0 0 0
[  535.879916][T13485] Node 1 DMA32 free:132960kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:6144KB active_anon:37360kB inactive_anon:0kB active_file:29752kB inactive_file:71792kB unevictable:3536kB writepending:1044kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:10200kB local_pcp:6740kB free_cma:0kB
[  535.895782][T13485] lowmem_reserve[]: 0 0 0 0 0
[  535.897075][T13485] Node 0 DMA: 29*4kB (UM) 52*8kB (UM) 23*16kB (UM) 36*32kB (UM) 6*64kB (U) 0*128kB 0*256kB 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 2948kB
[  535.900787][T13485] Node 0 DMA32: 828*4kB (UEH) 213*8kB (UMEH) 64*16kB (UMEH) 215*32kB (UMEH) 104*64kB (UMEH) 25*128kB (UME) 8*256kB (UM) 7*512kB (UME) 0*1024kB 0*2048kB 0*4096kB = 28408kB
[  535.905315][T13485] Node 1 DMA32: 1*4kB (H) 137*8kB (UEH) 83*16kB (UEH) 140*32kB (UEH) 221*64kB (UMEH) 81*128kB (UMEH) 42*256kB (UMEH) 31*512kB (UMH) 19*1024kB (UMEH) 13*2048kB (UMEH) 7*4096kB (UM) = 132796kB
[  535.910415][T13485] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  535.919804][T13485] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  535.922401][T13485] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  535.924864][T13485] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  535.927884][T13485] 32380 total pagecache pages
[  535.929147][T13485] 0 pages in swap cache
[  535.930232][T13485] Free swap  = 124064kB
[  535.931442][T13485] Total swap = 124996kB
[  535.932857][T13485] 524155 pages RAM
[  535.941168][T13485] 0 pages HighMem/MovableOnly
[  535.942849][T13485] 207248 pages reserved
[  535.946190][T13485] 0 pages cma reserved
[  537.147554][T13514] FAULT_INJECTION: forcing a failure.
[  537.147554][T13514] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  537.151017][T13514] CPU: 1 UID: 0 PID: 13514 Comm: syz.7.2106 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  537.153232][T13515] bond0: (slave caif0): The slave device specified does not support setting the MAC address
[  537.153689][T13514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  537.156383][T13515] bond0: (slave caif0): Error -95 calling set_mac_address
[  537.159078][T13514] Call Trace:
[  537.159086][T13514]  <TASK>
[  537.159092][T13514]  dump_stack_lvl+0x16c/0x1f0
[  537.159109][T13514]  should_fail_ex+0x497/0x5b0
[  537.159126][T13514]  _copy_from_user+0x2e/0xd0
[  537.159143][T13514]  snd_rawmidi_kernel_write1+0x35e/0x860
[  537.167761][T13514]  ? _raw_spin_unlock_irq+0x23/0x50
[  537.169117][T13514]  snd_rawmidi_write+0x267/0xbe0
[  537.170421][T13514]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  537.171846][T13514]  ? __pfx_default_wake_function+0x10/0x10
[  537.173366][T13514]  ? bpf_lsm_file_permission+0x9/0x10
[  537.174782][T13514]  ? security_file_permission+0x71/0x210
[  537.176262][T13514]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  537.177698][T13514]  vfs_writev+0x6da/0xdd0
[  537.178814][T13514]  ? find_held_lock+0x2d/0x110
[  537.180056][T13514]  ? __pfx_vfs_writev+0x10/0x10
[  537.181335][T13514]  ? find_held_lock+0x2d/0x110
[  537.182585][T13514]  ? __pfx_lock_release+0x10/0x10
[  537.183892][T13514]  ? trace_lock_acquire+0x146/0x1e0
[  537.185240][T13514]  ? __fget_files+0x206/0x3a0
[  537.186470][T13514]  ? do_writev+0x297/0x340
[  537.187647][T13514]  do_writev+0x297/0x340
[  537.188766][T13514]  ? __pfx_do_writev+0x10/0x10
[  537.190034][T13514]  __do_fast_syscall_32+0x73/0x120
[  537.191367][T13514]  do_fast_syscall_32+0x32/0x80
[  537.192637][T13514]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  537.194293][T13514] RIP: 0023:0xf73fe579
[  537.195374][T13514] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  537.200261][T13514] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[  537.202422][T13514] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000840
[  537.204435][T13514] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  537.206461][T13514] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  537.208470][T13514] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  537.210511][T13514] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  537.212525][T13514]  </TASK>
[  537.284473][T13523] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2109'.
[  537.378541][T13526] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(9)
[  537.380278][T13526] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  537.384045][T13526] vhci_hcd vhci_hcd.0: Device attached
[  537.425572][T13527] vhci_hcd: connection closed
[  537.427719][   T12] vhci_hcd: stop threads
[  537.429998][   T12] vhci_hcd: release socket
[  537.431691][   T12] vhci_hcd: disconnect device
[  539.376048][T13550] 8021q: adding VLAN 0 to HW filter on device bond0
[  539.380456][T13550] bond0: (slave rose0): Enslaving as an active interface with an up link
[  539.529233][T13563] netlink: 'syz.4.2117': attribute type 39 has an invalid length.
[  540.364798][T13576] bridge1: entered promiscuous mode
[  540.366370][T13576] bridge1: entered allmulticast mode
[  540.491468][T13583] geneve0 speed is unknown, defaulting to 1000
[  540.726987][T13586] bond0: (slave caif0): The slave device specified does not support setting the MAC address
[  540.752041][T13586] bond0: (slave caif0): Error -95 calling set_mac_address
[  541.309919][T13599] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2125'.
[  541.688642][T13609] netlink: 'syz.7.2127': attribute type 4 has an invalid length.
[  542.663205][T13622] netlink: 132 bytes leftover after parsing attributes in process `syz.6.2131'.
[  542.665933][T13622] netlink: 'syz.6.2131': attribute type 10 has an invalid length.
[  542.804409][T13628] geneve0 speed is unknown, defaulting to 1000
[  544.171524][  T833] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  544.321347][  T833] usb 5-1: Using ep0 maxpacket: 32
[  544.326723][  T833] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  544.345272][  T833] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  544.347629][  T833] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  544.349784][  T833] usb 5-1: Product: syz
[  544.350913][  T833] usb 5-1: Manufacturer: syz
[  544.352215][  T833] usb 5-1: SerialNumber: syz
[  544.362114][  T833] usb 5-1: config 0 descriptor??
[  544.365994][T13648] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  544.660325][ T6034] usb 5-1: USB disconnect, device number 48
[  544.907633][T13660] bond0: (slave caif0): The slave device specified does not support setting the MAC address
[  544.910457][T13660] bond0: (slave caif0): Error -95 calling set_mac_address
[  545.157397][T13664] netlink: 'syz.6.2143': attribute type 1 has an invalid length.
[  545.192350][T13664] bond5: (slave ipip0): The slave device specified does not support setting the MAC address
[  545.194934][T13664] bond5: (slave ipip0): Setting fail_over_mac to active for active-backup mode
[  545.201386][T13664] bond5: (slave ipip0): making interface the new active one
[  545.206953][T13664] bond5: (slave ipip0): Enslaving as an active interface with an up link
[  545.757782][T13675] geneve0 speed is unknown, defaulting to 1000
[  546.883915][T13702] ax25_connect(): syz.0.2153 uses autobind, please contact jreuter@yaina.de
[  546.977775][T13705] pimreg: entered allmulticast mode
[  547.345040][T13713] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2156'.
[  547.503012][T13717] bond0: (slave caif0): The slave device specified does not support setting the MAC address
[  547.506130][T13717] bond0: (slave caif0): Error -95 calling set_mac_address
[  547.681098][T13719] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  547.687991][T13719] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  549.091489][T13748] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2168'.
[  549.094033][T13748] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2168'.
[  549.525040][T13760] 8021q: adding VLAN 0 to HW filter on device bond0
[  549.535804][T13760] bond0: (slave caif0): The slave device specified does not support setting the MAC address
[  549.545489][T13760] bond0: (slave caif0): Error -95 calling set_mac_address
[  549.637250][T13767] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  549.941481][ T5761] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  550.095559][ T5761] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  550.099234][ T5761] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  550.102048][ T5761] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  550.104367][ T5761] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  550.108588][T13771] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  550.113112][ T5761] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  550.395336][   T35] usb 5-1: USB disconnect, device number 49
[  550.571503][ T5988] Bluetooth: hci2: command 0x0419 tx timeout
[  550.576268][T13743] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  550.578051][T13743] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  550.633007][T13778] FAULT_INJECTION: forcing a failure.
[  550.633007][T13778] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  550.636569][T13778] CPU: 0 UID: 0 PID: 13778 Comm: syz.7.2176 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  550.639311][T13778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  550.642273][T13778] Call Trace:
[  550.643327][T13778]  <TASK>
[  550.644250][T13778]  dump_stack_lvl+0x16c/0x1f0
[  550.645714][T13778]  should_fail_ex+0x497/0x5b0
[  550.647199][T13778]  _copy_from_user+0x2e/0xd0
[  550.648643][T13778]  get_compat_msghdr+0xa8/0x170
[  550.650177][T13778]  ? __pfx_get_compat_msghdr+0x10/0x10
[  550.651863][T13778]  ___sys_recvmsg+0x193/0x1a0
[  550.653322][T13778]  ? __pfx____sys_recvmsg+0x10/0x10
[  550.654949][T13778]  ? __fget_files+0x1fc/0x3a0
[  550.656411][T13778]  ? trace_lock_acquire+0x146/0x1e0
[  550.658031][T13778]  ? __fget_files+0x206/0x3a0
[  550.659499][T13778]  ? __pfx___might_resched+0x10/0x10
[  550.661150][T13778]  do_recvmmsg+0x55d/0x740
[  550.662565][T13778]  ? __pfx_do_recvmmsg+0x10/0x10
[  550.664100][T13778]  ? vfs_write+0x306/0x1150
[  550.665526][T13778]  ? __fget_files+0x206/0x3a0
[  550.666998][T13778]  __sys_recvmmsg+0x21e/0x280
[  550.668473][T13778]  ? __pfx___sys_recvmmsg+0x10/0x10
[  550.670091][T13778]  ? __pfx_ksys_write+0x10/0x10
[  550.671635][T13778]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  550.673543][T13778]  ? lockdep_hardirqs_on+0x7c/0x110
[  550.675159][T13778]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  550.677197][T13778]  __do_fast_syscall_32+0x73/0x120
[  550.678791][T13778]  do_fast_syscall_32+0x32/0x80
[  550.680302][T13778]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  550.682250][T13778] RIP: 0023:0xf73fe579
[  550.683514][T13778] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  550.689328][T13778] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  550.691909][T13778] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000600
[  550.694305][T13778] RDX: 00000000cb88ff8b RSI: 0000000000000002 RDI: 0000000000000000
[  550.696728][T13778] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  550.699162][T13778] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  550.701577][T13778] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  550.704017][T13778]  </TASK>
[  551.462012][T13794] FAULT_INJECTION: forcing a failure.
[  551.462012][T13794] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  551.465404][T13794] CPU: 2 UID: 0 PID: 13794 Comm: syz.4.2182 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  551.468075][T13794] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  551.470876][T13794] Call Trace:
[  551.471749][T13794]  <TASK>
[  551.472518][T13794]  dump_stack_lvl+0x16c/0x1f0
[  551.473742][T13794]  should_fail_ex+0x497/0x5b0
[  551.474985][T13794]  _copy_from_user+0x2e/0xd0
[  551.476128][T13794]  snd_rawmidi_kernel_write1+0x35e/0x860
[  551.477640][T13794]  ? _raw_spin_unlock_irq+0x23/0x50
[  551.479011][T13794]  snd_rawmidi_write+0x267/0xbe0
[  551.480304][T13794]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  551.481721][T13794]  ? __pfx_default_wake_function+0x10/0x10
[  551.483251][T13794]  ? bpf_lsm_file_permission+0x9/0x10
[  551.484637][T13794]  ? security_file_permission+0x71/0x210
[  551.486070][T13794]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  551.487508][T13794]  vfs_writev+0x6da/0xdd0
[  551.488638][T13794]  ? find_held_lock+0x2d/0x110
[  551.489903][T13794]  ? __pfx_vfs_writev+0x10/0x10
[  551.491238][T13794]  ? find_held_lock+0x2d/0x110
[  551.492496][T13794]  ? __pfx_lock_release+0x10/0x10
[  551.493820][T13794]  ? trace_lock_acquire+0x146/0x1e0
[  551.495204][T13794]  ? __fget_files+0x206/0x3a0
[  551.496437][T13794]  ? do_writev+0x297/0x340
[  551.497621][T13794]  do_writev+0x297/0x340
[  551.498735][T13794]  ? __pfx_do_writev+0x10/0x10
[  551.499987][T13794]  __do_fast_syscall_32+0x73/0x120
[  551.501332][T13794]  do_fast_syscall_32+0x32/0x80
[  551.502632][T13794]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  551.504285][T13794] RIP: 0023:0xf73fe579
[  551.505347][T13794] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  551.510307][T13794] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[  551.512522][T13794] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000840
[  551.514570][T13794] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  551.516605][T13794] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  551.518675][T13794] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  551.520717][T13794] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  551.522774][T13794]  </TASK>
[  551.732190][T13806] bond0: (slave caif0): Error: Device type is different from other slaves
[  551.961102][T13809] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2186'.
[  553.071311][T13827] FAULT_INJECTION: forcing a failure.
[  553.071311][T13827] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  553.074855][T13827] CPU: 3 UID: 0 PID: 13827 Comm: syz.0.2194 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  553.077536][T13827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  553.080332][T13827] Call Trace:
[  553.081217][T13827]  <TASK>
[  553.081990][T13827]  dump_stack_lvl+0x16c/0x1f0
[  553.083240][T13827]  should_fail_ex+0x497/0x5b0
[  553.084486][T13827]  _copy_from_user+0x2e/0xd0
[  553.085698][T13827]  snd_rawmidi_kernel_write1+0x35e/0x860
[  553.087172][T13827]  ? _raw_spin_unlock_irq+0x23/0x50
[  553.088526][T13827]  snd_rawmidi_write+0x267/0xbe0
[  553.089824][T13827]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  553.091355][T13827]  ? __pfx_default_wake_function+0x10/0x10
[  553.092865][T13827]  ? bpf_lsm_file_permission+0x9/0x10
[  553.094258][T13827]  ? security_file_permission+0x71/0x210
[  553.095723][T13827]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  553.097151][T13827]  vfs_writev+0x6da/0xdd0
[  553.098280][T13827]  ? find_held_lock+0x2d/0x110
[  553.099530][T13827]  ? __pfx_vfs_writev+0x10/0x10
[  553.100800][T13827]  ? find_held_lock+0x2d/0x110
[  553.102352][T13827]  ? __pfx_lock_release+0x10/0x10
[  553.104214][T13827]  ? trace_lock_acquire+0x146/0x1e0
[  553.106130][T13827]  ? __fget_files+0x206/0x3a0
[  553.107411][T13827]  ? do_writev+0x297/0x340
[  553.108570][T13827]  do_writev+0x297/0x340
[  553.109673][T13827]  ? __pfx_do_writev+0x10/0x10
[  553.110936][T13827]  __do_fast_syscall_32+0x73/0x120
[  553.112630][T13827]  do_fast_syscall_32+0x32/0x80
[  553.113932][T13827]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  553.115644][T13827] RIP: 0023:0xf7fd8579
[  553.116704][T13827] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  553.121627][T13827] RSP: 002b:00000000f515655c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[  553.124076][T13827] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000840
[  553.126130][T13827] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  553.128163][T13827] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  553.129034][T13836] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2197'.
[  553.130159][T13827] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  553.134538][T13827] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  553.136588][T13827]  </TASK>
[  553.137585][    C3] vkms_vblank_simulate: vblank timer overrun
[  553.475663][T13852] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2201'.
[  553.507329][T13852] geneve0 speed is unknown, defaulting to 1000
[  554.767605][T13900] bridge8: entered promiscuous mode
[  554.890989][T13911] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.2214'.
[  554.894937][T13907] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.2214'.
[  555.049211][T13919] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2221'.
[  555.064940][T13919] input: syz1 as /devices/virtual/input/input41
[  555.097123][T13921] bridge6: entered promiscuous mode
[  555.098522][T13921] bridge6: entered allmulticast mode
[  555.163424][ T6034] usb 12-1: new high-speed USB device number 10 using dummy_hcd
[  555.348517][ T6034] usb 12-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  555.351528][ T6034] usb 12-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  555.354173][ T6034] usb 12-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  555.356575][ T6034] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  555.392938][T13910] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  555.423717][   T35] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  555.436905][ T6034] usb 12-1: Quirk or no altset; falling back to MIDI 1.0
[  555.551339][   T35] usb 5-1: device descriptor read/64, error -71
[  555.657020][ T6034] usb 12-1: USB disconnect, device number 10
[  555.791517][   T35] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  555.908336][T13950] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2231'.
[  555.921454][   T35] usb 5-1: device descriptor read/64, error -71
[  556.031628][   T35] usb usb5-port1: attempt power cycle
[  556.065655][T13954] bond0: (slave caif0): Error: Device type is different from other slaves
[  556.371483][   T35] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  556.402142][   T35] usb 5-1: device descriptor read/8, error -71
[  556.651623][   T35] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  556.692052][   T35] usb 5-1: device descriptor read/8, error -71
[  556.742112][T13965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  556.761635][T13965] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  556.801676][   T35] usb usb5-port1: unable to enumerate USB device
[  557.983504][T13987] geneve0 speed is unknown, defaulting to 1000
[  558.559354][T14003] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2245'.
[  558.874260][T13999] bond0: (slave caif0): The slave device specified does not support setting the MAC address
[  558.877051][T13999] bond0: (slave caif0): Error -95 calling set_mac_address
[  558.880259][T14013] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  558.892996][T14016] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  558.901199][T14016] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  559.687237][T14054] random: crng reseeded on system resumption
[  559.851902][T14060] bond0: (slave caif0): The slave device specified does not support setting the MAC address
[  559.855386][T14060] bond0: (slave caif0): Error -95 calling set_mac_address
[  562.012311][ T5761] usb 12-1: new high-speed USB device number 11 using dummy_hcd
[  562.175275][ T5761] usb 12-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  562.178491][ T5761] usb 12-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  562.181030][ T5761] usb 12-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  562.183505][ T5761] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  562.186999][T14083] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  562.191077][ T5761] usb 12-1: Quirk or no altset; falling back to MIDI 1.0
[  562.230827][T14093] 9pnet_fd: Insufficient options for proto=fd
[  562.466146][ T6039] usb 12-1: USB disconnect, device number 11
[  563.615045][T14102] netlink: 'syz.4.2280': attribute type 10 has an invalid length.
[  564.119244][T14113] FAULT_INJECTION: forcing a failure.
[  564.119244][T14113] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  564.123882][T14113] CPU: 1 UID: 0 PID: 14113 Comm: syz.7.2284 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  564.127253][T14113] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  564.130653][T14113] Call Trace:
[  564.131721][T14113]  <TASK>
[  564.132699][T14113]  dump_stack_lvl+0x16c/0x1f0
[  564.134263][T14113]  should_fail_ex+0x497/0x5b0
[  564.135844][T14113]  _copy_from_user+0x2e/0xd0
[  564.137436][T14113]  get_compat_msghdr+0xa8/0x170
[  564.139219][T14113]  ? __pfx_get_compat_msghdr+0x10/0x10
[  564.141090][T14113]  ___sys_recvmsg+0x193/0x1a0
[  564.142877][T14113]  ? __pfx____sys_recvmsg+0x10/0x10
[  564.144751][T14113]  ? __fget_files+0x1fc/0x3a0
[  564.146396][T14113]  ? trace_lock_acquire+0x146/0x1e0
[  564.148190][T14113]  ? __fget_files+0x206/0x3a0
[  564.149788][T14113]  ? __pfx___might_resched+0x10/0x10
[  564.151509][T14113]  do_recvmmsg+0x55d/0x740
[  564.152966][T14113]  ? __pfx_do_recvmmsg+0x10/0x10
[  564.154562][T14113]  ? vfs_write+0x306/0x1150
[  564.155604][T14113]  ? __fget_files+0x206/0x3a0
[  564.157074][T14113]  __sys_recvmmsg+0x21e/0x280
[  564.158651][T14113]  ? __pfx___sys_recvmmsg+0x10/0x10
[  564.160381][T14113]  ? __pfx_ksys_write+0x10/0x10
[  564.161973][T14113]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  564.163972][T14113]  ? lockdep_hardirqs_on+0x7c/0x110
[  564.165727][T14113]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  564.167963][T14113]  __do_fast_syscall_32+0x73/0x120
[  564.169687][T14113]  do_fast_syscall_32+0x32/0x80
[  564.171356][T14113]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  564.173486][T14113] RIP: 0023:0xf73fe579
[  564.174792][T14113] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  564.180904][T14113] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  564.183599][T14113] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000600
[  564.185925][T14113] RDX: 00000000cb88ff8b RSI: 0000000000000002 RDI: 0000000000000000
[  564.187885][T14113] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  564.189790][T14113] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  564.191709][T14113] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  564.193711][T14113]  </TASK>
[  564.821433][   T35] usb 9-1: new high-speed USB device number 35 using dummy_hcd
[  564.992955][T14130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  564.997945][T14130] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  565.015158][   T35] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  565.019105][   T35] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  565.022756][   T35] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  565.025987][   T35] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  565.031574][T14124] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  565.036348][   T35] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  565.323696][   T35] usb 9-1: USB disconnect, device number 35
[  565.564853][T14138] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2293'.
[  565.681387][T14140] FAULT_INJECTION: forcing a failure.
[  565.681387][T14140] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  565.684661][T14140] CPU: 2 UID: 0 PID: 14140 Comm: syz.6.2294 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  565.687394][T14140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  565.690133][T14140] Call Trace:
[  565.691001][T14140]  <TASK>
[  565.691771][T14140]  dump_stack_lvl+0x16c/0x1f0
[  565.693003][T14140]  should_fail_ex+0x497/0x5b0
[  565.694252][T14140]  _copy_from_user+0x2e/0xd0
[  565.695481][T14140]  snd_rawmidi_kernel_write1+0x35e/0x860
[  565.696980][T14140]  ? _raw_spin_unlock_irq+0x23/0x50
[  565.698677][T14140]  snd_rawmidi_write+0x267/0xbe0
[  565.699967][T14140]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  565.701363][T14140]  ? __pfx_default_wake_function+0x10/0x10
[  565.702832][T14140]  ? bpf_lsm_file_permission+0x9/0x10
[  565.704182][T14140]  ? security_file_permission+0x71/0x210
[  565.705637][T14140]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  565.707112][T14140]  vfs_writev+0x6da/0xdd0
[  565.708238][T14140]  ? find_held_lock+0x2d/0x110
[  565.709494][T14140]  ? __pfx_vfs_writev+0x10/0x10
[  565.710770][T14140]  ? find_held_lock+0x2d/0x110
[  565.712032][T14140]  ? __pfx_lock_release+0x10/0x10
[  565.713360][T14140]  ? trace_lock_acquire+0x146/0x1e0
[  565.714724][T14140]  ? __fget_files+0x206/0x3a0
[  565.715973][T14140]  ? do_writev+0x297/0x340
[  565.717321][T14140]  do_writev+0x297/0x340
[  565.718490][T14140]  ? __pfx_do_writev+0x10/0x10
[  565.719758][T14140]  __do_fast_syscall_32+0x73/0x120
[  565.721166][T14140]  do_fast_syscall_32+0x32/0x80
[  565.722553][T14140]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  565.724238][T14140] RIP: 0023:0xf7f25579
[  565.725322][T14140] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  565.730516][T14140] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[  565.732781][T14140] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000840
[  565.735062][T14140] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  565.737212][T14140] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  565.739291][T14140] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  565.741328][T14140] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  565.743380][T14140]  </TASK>
[  565.896987][T14144] geneve0 speed is unknown, defaulting to 1000
[  566.376588][T14155] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[  566.454621][   T35] libceph: connect (1)[c::]:6789 error -22
[  566.456986][   T35] libceph: mon0 (1)[c::]:6789 connect error
[  566.602125][T14160] ceph: No mds server is up or the cluster is laggy
[  566.944068][   T35] libceph: connect (1)[c::]:6789 error -22
[  566.945632][   T35] libceph: mon0 (1)[c::]:6789 connect error
[  566.994686][T14160] 9pnet_fd: Insufficient options for proto=fd
[  567.197729][T14183] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  567.201519][T14183] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  567.658684][T14193] /dev/sr0: Can't open blockdev
[  567.764775][T14196] /dev/sr0: Can't open blockdev
[  567.897716][T14204] geneve0 speed is unknown, defaulting to 1000
[  567.968802][T14210] bridge9: entered promiscuous mode
[  567.970170][T14210] bridge9: entered allmulticast mode
[  568.009982][   T40] kauditd_printk_skb: 26 callbacks suppressed
[  568.009997][   T40] audit: type=1326 audit(1732648650.799:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14212 comm="syz.6.2313" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  568.019422][   T40] audit: type=1326 audit(1732648650.809:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14212 comm="syz.6.2313" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  568.031316][   T40] audit: type=1326 audit(1732648650.809:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14212 comm="syz.6.2313" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  568.036696][   T40] audit: type=1326 audit(1732648650.809:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14212 comm="syz.6.2313" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  568.058361][   T40] audit: type=1326 audit(1732648650.809:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14212 comm="syz.6.2313" exe="/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  568.066113][   T40] audit: type=1326 audit(1732648650.809:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14212 comm="syz.6.2313" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  568.075252][   T40] audit: type=1326 audit(1732648650.809:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14212 comm="syz.6.2313" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  568.080465][   T40] audit: type=1326 audit(1732648650.809:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14212 comm="syz.6.2313" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  568.085814][   T40] audit: type=1326 audit(1732648650.809:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14212 comm="syz.6.2313" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  568.090960][   T40] audit: type=1326 audit(1732648650.829:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14212 comm="syz.6.2313" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  568.530105][T14222] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR
[  569.051811][T14239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  569.056634][T14239] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  569.799260][T14249] netlink: 'syz.0.2322': attribute type 39 has an invalid length.
[  569.907296][T14255] program syz.0.2324 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  569.956173][T14254] geneve0 speed is unknown, defaulting to 1000
[  570.377978][T14268] netlink: 'syz.4.2326': attribute type 4 has an invalid length.
[  572.021333][T13772] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  572.179964][T13772] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  572.182768][T13772] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  572.185152][T13772] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  572.187638][T13772] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.202381][T14283] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  572.213310][T13772] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  572.299969][T14288] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2333'.
[  572.506560][T14293] Bluetooth: MGMT ver 1.23
[  572.532652][T13772] usb 5-1: USB disconnect, device number 54
[  572.635409][T14295] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2334'.
[  573.156610][T14300] geneve0 speed is unknown, defaulting to 1000
[  573.423481][   T40] kauditd_printk_skb: 7 callbacks suppressed
[  573.423492][   T40] audit: type=1326 audit(1732648656.219:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14308 comm="syz.7.2338" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73fe579 code=0x0
[  573.576651][T14314] geneve0 speed is unknown, defaulting to 1000
[  573.873742][T14319] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  574.102402][ T1411] ieee802154 phy0 wpan0: encryption failed: -22
[  574.104456][ T1411] ieee802154 phy1 wpan1: encryption failed: -22
[  575.351669][ T5761] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  575.533067][ T5761] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  575.536009][ T5761] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  575.538548][ T5761] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  575.540912][ T5761] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  575.554221][T14346] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  575.562717][ T5761] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  575.845259][    T8] usb 5-1: USB disconnect, device number 55
[  576.133267][T14355] geneve0 speed is unknown, defaulting to 1000
[  576.825621][T14362] 9pnet_fd: Insufficient options for proto=fd
[  576.832757][T14362] 8021q: adding VLAN 0 to HW filter on device bond0
[  576.835337][T14362] team0: Port device bond0 added
[  576.872766][T14369] netlink: 'syz.0.2354': attribute type 10 has an invalid length.
[  576.915188][T14369] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  576.920079][T14371] geneve0 speed is unknown, defaulting to 1000
[  577.291456][    T8] usb 9-1: new high-speed USB device number 36 using dummy_hcd
[  577.341786][T14391] syz.6.2362 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  577.444416][    T8] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  577.448630][    T8] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  577.461551][    T8] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  577.464891][    T8] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  577.477158][T14379] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  577.483926][    T8] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  577.779449][ T6034] usb 9-1: USB disconnect, device number 36
[  578.441397][T14416] FAULT_INJECTION: forcing a failure.
[  578.441397][T14416] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  578.444804][T14416] CPU: 3 UID: 0 PID: 14416 Comm: syz.6.2372 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  578.447563][T14416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  578.450337][T14416] Call Trace:
[  578.451214][T14416]  <TASK>
[  578.451990][T14416]  dump_stack_lvl+0x16c/0x1f0
[  578.453218][T14416]  should_fail_ex+0x497/0x5b0
[  578.454447][T14416]  _copy_from_user+0x2e/0xd0
[  578.455660][T14416]  snd_rawmidi_kernel_write1+0x35e/0x860
[  578.457231][T14416]  ? _raw_spin_unlock_irq+0x23/0x50
[  578.458623][T14416]  snd_rawmidi_write+0x267/0xbe0
[  578.459929][T14416]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  578.461373][T14416]  ? __pfx_default_wake_function+0x10/0x10
[  578.462918][T14416]  ? bpf_lsm_file_permission+0x9/0x10
[  578.464334][T14416]  ? security_file_permission+0x71/0x210
[  578.465799][T14416]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  578.467238][T14416]  vfs_writev+0x6da/0xdd0
[  578.468368][T14416]  ? find_held_lock+0x2d/0x110
[  578.469624][T14416]  ? __pfx_vfs_writev+0x10/0x10
[  578.470916][T14416]  ? find_held_lock+0x2d/0x110
[  578.472174][T14416]  ? __pfx_lock_release+0x10/0x10
[  578.473490][T14416]  ? trace_lock_acquire+0x146/0x1e0
[  578.474853][T14416]  ? __fget_files+0x206/0x3a0
[  578.476099][T14416]  ? do_writev+0x297/0x340
[  578.477284][T14416]  do_writev+0x297/0x340
[  578.478397][T14416]  ? __pfx_do_writev+0x10/0x10
[  578.479655][T14416]  __do_fast_syscall_32+0x73/0x120
[  578.481013][T14416]  do_fast_syscall_32+0x32/0x80
[  578.482295][T14416]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  578.483945][T14416] RIP: 0023:0xf7f25579
[  578.485011][T14416] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  578.490082][T14416] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[  578.492237][T14416] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000840
[  578.494281][T14416] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  578.496488][T14416] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  578.498584][T14416] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  578.500638][T14416] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  578.502695][T14416]  </TASK>
[  578.503570][    C3] vkms_vblank_simulate: vblank timer overrun
[  578.524704][T14419] UHID_CREATE from different security context by process 1921 (syz.0.2370), this is not allowed.
[  580.391421][T13772] usb 12-1: new high-speed USB device number 12 using dummy_hcd
[  580.567179][T13772] usb 12-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  580.570022][T13772] usb 12-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  580.573341][T13772] usb 12-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  580.576530][T13772] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  580.592822][T14449] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  580.602542][T13772] usb 12-1: Quirk or no altset; falling back to MIDI 1.0
[  580.725521][ T5988] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  580.729482][ T5988] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  580.740233][ T5988] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  580.769220][ T5988] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  580.772010][ T5988] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  580.774291][ T5988] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  580.793273][T10594] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  580.809131][T10594] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  580.821827][T10594] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  580.835894][T10594] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  580.839018][ T5984] bond0: (slave syz_tun): Releasing backup interface
[  580.840611][T10594] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  580.846982][T10594] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  580.881085][ T6034] usb 12-1: USB disconnect, device number 12
[  580.895249][T14465] geneve0 speed is unknown, defaulting to 1000
[  581.056804][T14465] chnl_net:caif_netlink_parms(): no params data found
[  581.175978][T14465] bridge0: port 1(bridge_slave_0) entered blocking state
[  581.181424][T14465] bridge0: port 1(bridge_slave_0) entered disabled state
[  581.183337][T14465] bridge_slave_0: entered allmulticast mode
[  581.186310][T14465] bridge_slave_0: entered promiscuous mode
[  581.211644][T14465] bridge0: port 2(bridge_slave_1) entered blocking state
[  581.213532][T14465] bridge0: port 2(bridge_slave_1) entered disabled state
[  581.215733][T14465] bridge_slave_1: entered allmulticast mode
[  581.217797][T14465] bridge_slave_1: entered promiscuous mode
[  581.282429][T14465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  581.287791][T14465] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  581.337605][T14465] team0: Port device team_slave_0 added
[  581.341156][T14465] team0: Port device team_slave_1 added
[  581.411364][T14465] batman_adv: batadv0: Adding interface: batadv_slave_0
[  581.414112][T14465] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  581.431505][T14465] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  581.435817][T14465] batman_adv: batadv0: Adding interface: batadv_slave_1
[  581.437627][T14465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  581.461367][T14465] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  581.515042][T14465] hsr_slave_0: entered promiscuous mode
[  581.518565][T14465] hsr_slave_1: entered promiscuous mode
[  581.520615][T14465] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  581.523178][T14465] Cannot create hsr debugfs directory
[  581.632377][T14465] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.764373][T14465] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.845425][T14465] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.930314][T14465] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  582.056473][T14465] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  582.062947][T14465] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  582.066116][T14465] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  582.083570][T14465] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  582.135165][T14465] 8021q: adding VLAN 0 to HW filter on device bond0
[  582.147030][T14465] 8021q: adding VLAN 0 to HW filter on device team0
[  582.153356][ T1134] bridge0: port 1(bridge_slave_0) entered blocking state
[  582.155487][ T1134] bridge0: port 1(bridge_slave_0) entered forwarding state
[  582.174859][   T64] bridge0: port 2(bridge_slave_1) entered blocking state
[  582.176820][   T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[  582.279366][T14465] 8021q: adding VLAN 0 to HW filter on device batadv0
[  582.298376][T14465] veth0_vlan: entered promiscuous mode
[  582.302772][T14465] veth1_vlan: entered promiscuous mode
[  582.313344][T14465] veth0_macvtap: entered promiscuous mode
[  582.316264][T14465] veth1_macvtap: entered promiscuous mode
[  582.325422][T14465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  582.328164][T14465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.331893][T14465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  582.334572][T14465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.337420][T14465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  582.340192][T14465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.348053][T14465] batman_adv: batadv0: Interface activated: batadv_slave_0
[  582.361365][T14465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  582.364282][T14465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.366783][T14465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  582.372033][T14465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.377497][T14465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  582.380815][T14465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.384877][T14465] batman_adv: batadv0: Interface activated: batadv_slave_1
[  582.392808][T14465] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  582.395643][T14465] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  582.398432][T14465] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  582.402253][T14465] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  582.502081][ T1134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  582.504476][ T1134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  582.527301][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  582.529412][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  582.607565][T14495] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2388'.
[  582.682822][T14504] netlink: 'syz.6.2396': attribute type 39 has an invalid length.
[  582.810086][T14509] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2398'.
[  582.901412][ T5988] Bluetooth: hci5: command tx timeout
[  582.933051][T14515] netlink: 'syz.7.2394': attribute type 4 has an invalid length.
[  583.151942][T14518] geneve0 speed is unknown, defaulting to 1000
[  584.177019][T14528] capability: warning: `syz.4.2403' uses 32-bit capabilities (legacy support in use)
[  584.971365][ T5988] Bluetooth: hci5: command tx timeout
[  586.171961][T14548] geneve0 speed is unknown, defaulting to 1000
[  586.205944][   T40] audit: type=1326 audit(1732648668.999:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14543 comm="syz.6.2408" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f25579 code=0x0
[  586.989760][T14559] netlink: 260 bytes leftover after parsing attributes in process `syz.0.2412'.
[  587.051587][ T5988] Bluetooth: hci5: command tx timeout
[  587.335270][T14567] geneve0 speed is unknown, defaulting to 1000
[  589.114868][T14594] geneve0 speed is unknown, defaulting to 1000
[  589.131663][ T5988] Bluetooth: hci5: command tx timeout
[  589.430467][T14607] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2426'.
[  589.890839][T14619] netlink: 'syz.0.2428': attribute type 39 has an invalid length.
[  590.329831][   T40] audit: type=1326 audit(1732648673.119:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14622 comm="syz.0.2430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x7fc00000
[  590.512573][T14628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  590.515671][T14628] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  591.030154][   T40] audit: type=1326 audit(1732648673.819:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14622 comm="syz.0.2430" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fe5579 code=0x7fc00000
[  591.108678][T14641] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2435'.
[  591.112744][T14641] netlink: 'syz.0.2435': attribute type 10 has an invalid length.
[  591.125972][T14641] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  591.209676][T14645] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2438'.
[  591.660506][T14652] bridge0: port 2(bridge_slave_1) entered disabled state
[  592.461636][T10594] Bluetooth: hci5: command 0x0405 tx timeout
[  593.263275][   T40] audit: type=1804 audit(1732648676.059:618): pid=14689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.2450" name="/newroot/323/file0/file0" dev="9p" ino=37617899 res=1 errno=0
[  593.441304][   T35] usb 9-1: new high-speed USB device number 37 using dummy_hcd
[  593.479564][T14696] ip6gretap0: entered promiscuous mode
[  593.482861][T14696] ip6gretap0: left promiscuous mode
[  593.487029][T14692] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  593.602964][   T35] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  593.606479][   T35] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  593.609719][   T35] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  593.612865][   T35] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  593.617376][T14687] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  593.622175][   T35] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  593.909361][   T35] usb 9-1: USB disconnect, device number 37
[  594.398452][T14713] FAULT_INJECTION: forcing a failure.
[  594.398452][T14713] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  594.402097][T14713] CPU: 1 UID: 0 PID: 14713 Comm: syz.7.2456 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  594.404738][T14713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  594.407723][T14713] Call Trace:
[  594.408590][T14713]  <TASK>
[  594.409368][T14713]  dump_stack_lvl+0x16c/0x1f0
[  594.410621][T14713]  should_fail_ex+0x497/0x5b0
[  594.411863][T14713]  _copy_from_user+0x2e/0xd0
[  594.413072][T14713]  get_compat_msghdr+0xa8/0x170
[  594.414383][T14713]  ? __pfx_get_compat_msghdr+0x10/0x10
[  594.415804][T14713]  ___sys_recvmsg+0x193/0x1a0
[  594.417111][T14713]  ? __pfx____sys_recvmsg+0x10/0x10
[  594.418718][T14713]  ? __fget_files+0x1fc/0x3a0
[  594.419936][T14713]  ? trace_lock_acquire+0x146/0x1e0
[  594.421282][T14713]  ? __fget_files+0x206/0x3a0
[  594.422507][T14713]  ? __pfx___might_resched+0x10/0x10
[  594.423901][T14713]  do_recvmmsg+0x55d/0x740
[  594.425113][T14713]  ? __pfx_do_recvmmsg+0x10/0x10
[  594.426473][T14713]  ? vfs_write+0x306/0x1150
[  594.427715][T14713]  ? __fget_files+0x206/0x3a0
[  594.428942][T14713]  __sys_recvmmsg+0x21e/0x280
[  594.430323][T14713]  ? __pfx___sys_recvmmsg+0x10/0x10
[  594.431832][T14713]  ? __pfx_ksys_write+0x10/0x10
[  594.433083][T14713]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  594.434692][T14713]  ? lockdep_hardirqs_on+0x7c/0x110
[  594.436038][T14713]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  594.437760][T14713]  __do_fast_syscall_32+0x73/0x120
[  594.439088][T14713]  do_fast_syscall_32+0x32/0x80
[  594.440341][T14713]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  594.441968][T14713] RIP: 0023:0xf73fe579
[  594.443278][T14713] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  594.448263][T14713] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  594.450411][T14713] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000600
[  594.452502][T14713] RDX: 00000000cb88ff8b RSI: 0000000000000002 RDI: 0000000000000000
[  594.454610][T14713] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  594.456647][T14713] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  594.458761][T14713] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  594.460805][T14713]  </TASK>
[  594.981302][T14725] netlink: 'syz.4.2458': attribute type 4 has an invalid length.
[  595.247102][T14728] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2460'.
[  595.249365][T14728] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2460'.
[  595.736397][T10594] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  595.740448][T10594] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  595.744050][T10594] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  595.746737][T10594] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  595.748796][T10594] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  595.750736][T10594] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  595.764992][T14742] geneve0 speed is unknown, defaulting to 1000
[  595.870420][T14742] chnl_net:caif_netlink_parms(): no params data found
[  595.959860][T14742] bridge0: port 1(bridge_slave_0) entered blocking state
[  595.965612][T14742] bridge0: port 1(bridge_slave_0) entered disabled state
[  595.967595][T14742] bridge_slave_0: entered allmulticast mode
[  595.969746][T14742] bridge_slave_0: entered promiscuous mode
[  595.972851][T14742] bridge0: port 2(bridge_slave_1) entered blocking state
[  595.974745][T14742] bridge0: port 2(bridge_slave_1) entered disabled state
[  595.976697][T14742] bridge_slave_1: entered allmulticast mode
[  595.979181][T14742] bridge_slave_1: entered promiscuous mode
[  596.006349][T14742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  596.009830][T14742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  596.044736][T14742] team0: Port device team_slave_0 added
[  596.047521][T14742] team0: Port device team_slave_1 added
[  596.070013][T14742] batman_adv: batadv0: Adding interface: batadv_slave_0
[  596.072438][T14742] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  596.078998][T14742] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  596.084585][T14742] batman_adv: batadv0: Adding interface: batadv_slave_1
[  596.086435][T14742] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  596.095284][T14742] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  596.154485][T14742] hsr_slave_0: entered promiscuous mode
[  596.158290][T14742] hsr_slave_1: entered promiscuous mode
[  596.161698][T14742] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  596.165955][T14742] Cannot create hsr debugfs directory
[  596.275988][T14742] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.327494][T14742] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.351395][  T833] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  596.404255][T14742] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.463731][T14742] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.502951][  T833] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  596.505869][  T833] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  596.508642][  T833] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  596.512201][  T833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.520704][T14751] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  596.525728][  T833] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  596.592332][T14742] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  596.805347][  T833] usb 5-1: USB disconnect, device number 56
[  597.245181][T14742] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  597.256494][T14742] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  597.262465][T14742] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  597.323808][T14742] 8021q: adding VLAN 0 to HW filter on device bond0
[  597.339194][T14742] 8021q: adding VLAN 0 to HW filter on device team0
[  597.346293][ T1135] bridge0: port 1(bridge_slave_0) entered blocking state
[  597.348337][ T1135] bridge0: port 1(bridge_slave_0) entered forwarding state
[  597.358261][ T1135] bridge0: port 2(bridge_slave_1) entered blocking state
[  597.360902][ T1135] bridge0: port 2(bridge_slave_1) entered forwarding state
[  597.511938][T14742] 8021q: adding VLAN 0 to HW filter on device batadv0
[  597.742444][T14742] veth0_vlan: entered promiscuous mode
[  597.752769][T14742] veth1_vlan: entered promiscuous mode
[  597.766333][T14742] veth0_macvtap: entered promiscuous mode
[  597.770147][T14742] veth1_macvtap: entered promiscuous mode
[  597.772084][T10594] Bluetooth: hci3: command tx timeout
[  597.785237][T14742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  597.788241][T14742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  597.809878][T14742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  597.817395][T14742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  597.839227][T14742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  597.855307][T14742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  597.930836][T14742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  597.944190][T14742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  597.968662][T14742] batman_adv: batadv0: Interface activated: batadv_slave_0
[  598.010233][T14742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  598.022887][T14742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  598.026277][T14742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  598.044111][T14742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  598.051073][T14742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  598.059619][T14742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  598.068324][T14742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  598.078231][T14742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  598.098503][T14742] batman_adv: batadv0: Interface activated: batadv_slave_1
[  598.111861][T14742] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  598.114824][T14742] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  598.119794][T14742] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  598.125139][T14742] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  598.283097][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  598.283114][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  598.308093][ T4568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  598.308112][ T4568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  598.709437][T14799] netlink: 'syz.4.2475': attribute type 1 has an invalid length.
[  598.711714][T14799] netlink: 'syz.4.2475': attribute type 3 has an invalid length.
[  598.713824][T14799] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2475'.
[  598.720004][T14799] syz.4.2475 (14799): /proc/14797/oom_adj is deprecated, please use /proc/14797/oom_score_adj instead.
[  599.627409][T14812] netlink: 'syz.4.2480': attribute type 7 has an invalid length.
[  599.629524][T14812] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2480'.
[  599.660788][T14814] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  599.851511][ T6017] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  599.851670][T10594] Bluetooth: hci3: command tx timeout
[  600.105482][ T6017] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  600.108377][ T6017] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  600.111115][ T6017] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  600.113592][ T6017] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  600.155470][T14810] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  600.167605][ T6017] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  600.492252][ T6017] usb 5-1: USB disconnect, device number 57
[  601.912268][T14849] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  601.931365][T10594] Bluetooth: hci3: command tx timeout
[  602.861982][   T57] usb 9-1: new high-speed USB device number 38 using dummy_hcd
[  603.044620][   T57] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  603.047509][   T57] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  603.050313][   T57] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  603.052838][   T57] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  603.058025][T14863] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  603.062442][   T57] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  603.201567][T14880] FAULT_INJECTION: forcing a failure.
[  603.201567][T14880] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  603.205014][T14880] CPU: 0 UID: 0 PID: 14880 Comm: syz.0.2499 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  603.207625][T14880] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  603.210528][T14880] Call Trace:
[  603.211389][T14880]  <TASK>
[  603.212158][T14880]  dump_stack_lvl+0x16c/0x1f0
[  603.213343][T14880]  should_fail_ex+0x497/0x5b0
[  603.214666][T14880]  _copy_from_user+0x2e/0xd0
[  603.215923][T14880]  snd_rawmidi_kernel_write1+0x35e/0x860
[  603.217402][T14880]  ? _raw_spin_unlock_irq+0x23/0x50
[  603.218754][T14880]  snd_rawmidi_write+0x267/0xbe0
[  603.220049][T14880]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  603.221454][T14880]  ? __pfx_default_wake_function+0x10/0x10
[  603.222945][T14880]  ? bpf_lsm_file_permission+0x9/0x10
[  603.224284][T14880]  ? security_file_permission+0x71/0x210
[  603.225882][T14880]  ? __pfx_snd_rawmidi_write+0x10/0x10
[  603.227310][T14880]  vfs_writev+0x6da/0xdd0
[  603.228433][T14880]  ? find_held_lock+0x2d/0x110
[  603.229805][T14880]  ? __pfx_vfs_writev+0x10/0x10
[  603.231157][T14880]  ? find_held_lock+0x2d/0x110
[  603.232386][T14880]  ? __pfx_lock_release+0x10/0x10
[  603.233625][T14880]  ? trace_lock_acquire+0x146/0x1e0
[  603.234941][T14880]  ? __fget_files+0x206/0x3a0
[  603.236139][T14880]  ? do_writev+0x297/0x340
[  603.237287][T14880]  do_writev+0x297/0x340
[  603.238437][T14880]  ? __pfx_do_writev+0x10/0x10
[  603.239865][T14880]  __do_fast_syscall_32+0x73/0x120
[  603.241479][T14880]  do_fast_syscall_32+0x32/0x80
[  603.242813][T14880]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  603.244423][T14880] RIP: 0023:0xf7fe5579
[  603.245445][T14880] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  603.250485][T14880] RSP: 002b:00000000f516655c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[  603.253371][T14880] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000840
[  603.256245][T14880] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  603.258731][T14880] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  603.260699][T14880] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  603.263031][T14880] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  603.265147][T14880]  </TASK>
[  603.352843][  T833] usb 9-1: USB disconnect, device number 38
[  603.452946][T14884] tipc: Started in network mode
[  603.454287][T14884] tipc: Node identity ac1414aa, cluster identity 4711
[  603.457640][T14884] tipc: Enabled bearer <udp:s>, priority 10
[  603.617323][T14892] 9pnet_fd: Insufficient options for proto=fd
[  603.635207][T14892] vlan2 (unregistering): left allmulticast mode
[  603.637217][T14892] vlan2 (unregistering): left promiscuous mode
[  603.641019][T14892] bridge0: port 1(vlan2) entered disabled state
[  603.677063][T14893] 8021q: adding VLAN 0 to HW filter on device bond0
[  603.679938][T14893] team0: Port device bond0 added
[  603.919697][T14901] netlink: 'syz.7.2505': attribute type 10 has an invalid length.
[  603.922632][T14901] bridge0: port 2(bridge_slave_1) entered disabled state
[  603.924638][T14901] bridge0: port 1(bridge_slave_0) entered disabled state
[  603.928380][T14901] bridge0: port 2(bridge_slave_1) entered blocking state
[  603.930237][T14901] bridge0: port 2(bridge_slave_1) entered forwarding state
[  603.932523][T14901] bridge0: port 1(bridge_slave_0) entered blocking state
[  603.934486][T14901] bridge0: port 1(bridge_slave_0) entered forwarding state
[  603.938303][T14901] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  603.974658][T14904] FAULT_INJECTION: forcing a failure.
[  603.974658][T14904] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  603.978171][T14904] CPU: 0 UID: 0 PID: 14904 Comm: syz.7.2506 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  603.980909][T14904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  603.983664][T14904] Call Trace:
[  603.984538][T14904]  <TASK>
[  603.985310][T14904]  dump_stack_lvl+0x16c/0x1f0
[  603.986507][T14904]  should_fail_ex+0x497/0x5b0
[  603.987823][T14904]  _copy_from_user+0x2e/0xd0
[  603.988979][T14904]  get_compat_msghdr+0xa8/0x170
[  603.990228][T14904]  ? __pfx_get_compat_msghdr+0x10/0x10
[  603.991586][T14904]  ___sys_recvmsg+0x193/0x1a0
[  603.992783][T14904]  ? __pfx____sys_recvmsg+0x10/0x10
[  603.994109][T14904]  ? __fget_files+0x1fc/0x3a0
[  603.995290][T14904]  ? trace_lock_acquire+0x146/0x1e0
[  603.996617][T14904]  ? __fget_files+0x206/0x3a0
[  603.997801][T14904]  ? __pfx___might_resched+0x10/0x10
[  603.999113][T14904]  do_recvmmsg+0x55d/0x740
[  604.000258][T14904]  ? __pfx_do_recvmmsg+0x10/0x10
[  604.001503][T14904]  ? vfs_write+0x306/0x1150
[  604.002669][T14904]  ? __fget_files+0x206/0x3a0
[  604.003838][T14904]  __sys_recvmmsg+0x21e/0x280
[  604.005034][T14904]  ? __pfx___sys_recvmmsg+0x10/0x10
[  604.006371][T14904]  ? __pfx_ksys_write+0x10/0x10
[  604.007558][T14904]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  604.009100][T14904]  ? lockdep_hardirqs_on+0x7c/0x110
[  604.010406][T14904]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  604.012118][T14904]  __do_fast_syscall_32+0x73/0x120
[  604.013355][T14904]  do_fast_syscall_32+0x32/0x80
[  604.014564][T14904]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  604.016176][T14904] RIP: 0023:0xf73fe579
[  604.017191][T14904] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  604.022040][T14904] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  604.024089][T14904] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000600
[  604.026013][T14904] RDX: 00000000cb88ff8b RSI: 0000000000000002 RDI: 0000000000000000
[  604.028041][T14904] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  604.029990][T14904] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  604.032027][T14904] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  604.034025][T14904]  </TASK>
[  604.035668][T10594] Bluetooth: hci3: command tx timeout
[  604.584205][   T57] tipc: Node number set to 2886997162
[  604.616743][T14924] bridge10: entered promiscuous mode
[  604.618360][T14924] bridge10: entered allmulticast mode
[  604.778169][T14926] FAULT_INJECTION: forcing a failure.
[  604.778169][T14926] name failslab, interval 1, probability 0, space 0, times 0
[  604.782322][T14926] CPU: 2 UID: 0 PID: 14926 Comm: syz.6.2513 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  604.785823][T14926] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  604.788604][T14926] Call Trace:
[  604.789476][T14926]  <TASK>
[  604.790310][T14926]  dump_stack_lvl+0x16c/0x1f0
[  604.791603][T14926]  should_fail_ex+0x497/0x5b0
[  604.792830][T14926]  ? fs_reclaim_acquire+0xae/0x150
[  604.794176][T14926]  should_failslab+0xc2/0x120
[  604.795403][T14926]  kmem_cache_alloc_noprof+0x6e/0x3b0
[  604.796806][T14926]  ? copy_mm+0x2c2/0x2410
[  604.797934][T14926]  copy_mm+0x2c2/0x2410
[  604.799029][T14926]  ? lock_acquire.part.0+0x11b/0x380
[  604.800419][T14926]  ? __pfx_copy_mm+0x10/0x10
[  604.801711][T14926]  ? copy_process+0x3ca7/0x6f20
[  604.803019][T14926]  ? __pfx_lock_release+0x10/0x10
[  604.804327][T14926]  ? lockdep_init_map_type+0x16d/0x7d0
[  604.805747][T14926]  ? __raw_spin_lock_init+0x3a/0x110
[  604.807128][T14926]  copy_process+0x3e6d/0x6f20
[  604.808308][T14926]  ? __pfx_copy_process+0x10/0x10
[  604.809570][T14926]  kernel_clone+0xfd/0x960
[  604.810754][T14926]  ? __pfx_kernel_clone+0x10/0x10
[  604.812177][T14926]  ? __schedule+0xe60/0x5ad0
[  604.813414][T14926]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  604.814998][T14926]  __do_compat_sys_ia32_clone+0xb7/0x100
[  604.816487][T14926]  ? __pfx___do_compat_sys_ia32_clone+0x10/0x10
[  604.818145][T14926]  __do_fast_syscall_32+0x73/0x120
[  604.819485][T14926]  do_fast_syscall_32+0x32/0x80
[  604.820775][T14926]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  604.822432][T14926] RIP: 0023:0xf7f25579
[  604.823503][T14926] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  604.828463][T14926] RSP: 002b:00000000f50a650c EFLAGS: 00000246 ORIG_RAX: 0000000000000078
[  604.830843][T14926] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[  604.832967][T14926] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  604.835030][T14926] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  604.837085][T14926] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  604.839122][T14926] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  604.841158][T14926]  </TASK>
[  604.940098][T14931] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2514'.
[  604.943642][T14931] netlink: 'syz.6.2514': attribute type 6 has an invalid length.
[  605.291567][T14790] usb 9-1: new high-speed USB device number 39 using dummy_hcd
[  605.442535][T14790] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  605.445881][T14790] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  605.451126][T14790] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  605.461217][T14790] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.464893][T14935] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  605.467974][T14790] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  605.747076][   T40] audit: type=1326 audit(1732648688.539:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14955 comm="syz.6.2522" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x0
[  605.754680][ T6017] usb 9-1: USB disconnect, device number 39
[  606.143202][T14951] orangefs_mount: mount request failed with -4
[  606.283209][T14967] fuse: Unknown parameter 'ūd”'
[  606.957546][T14963] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  607.107027][T14975] hub 5-0:1.0: USB hub found
[  607.108514][T14975] hub 5-0:1.0: 1 port detected
[  607.605312][   T75] Bluetooth: (null): Too short H5 packet
[  607.607652][   T75] Bluetooth: (null): Invalid header checksum
[  607.609277][   T75] Bluetooth: (null): Invalid header checksum
[  607.706149][T14990] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2533'.
[  607.738117][T14992] dlm: no locking on control device
[  608.071340][   T57] usb 9-1: new high-speed USB device number 40 using dummy_hcd
[  608.222629][   T57] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  608.225801][   T57] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  608.228635][   T57] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  608.231552][   T57] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.235184][T14995] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  608.238571][   T57] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  608.320019][T15005] 9pnet_fd: Insufficient options for proto=fd
[  608.354072][T15007] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2540'.
[  608.385457][T15010] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  608.387444][T15010] IPv6: NLM_F_CREATE should be set when creating new route
[  608.389315][T15010] IPv6: NLM_F_CREATE should be set when creating new route
[  608.395408][T15010] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  608.529205][ T6017] usb 9-1: USB disconnect, device number 40
[  608.829151][T15021] Cannot find del_set index 0 as target
[  609.486789][ T4568] tipc: Subscription rejected, illegal request
[  610.692240][T15056] netlink: 'syz.0.2555': attribute type 4 has an invalid length.
[  610.714087][T15056] syzkaller1: entered promiscuous mode
[  610.719581][T15056] syzkaller1: entered allmulticast mode
[  610.736286][T15056] evm: overlay not supported
[  610.757494][   T40] audit: type=1804 audit(1732648693.549:620): pid=15056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2555" name="/newroot/49/bus/file0" dev="overlay" ino=294 res=1 errno=0
[  611.057920][T15060] netlink: 'syz.6.2557': attribute type 10 has an invalid length.
[  611.062619][T15060] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  611.180022][T15063] geneve0 speed is unknown, defaulting to 1000
[  611.201427][ T6017] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  611.340386][T15067] geneve0 speed is unknown, defaulting to 1000
[  611.353370][ T6017] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  611.356220][ T6017] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  611.358784][ T6017] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  611.361105][ T6017] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.372123][T15058] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  611.377002][ T6017] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  611.532442][T15072] tipc: Started in network mode
[  611.536866][T15072] tipc: Node identity ac1414aa, cluster identity 4711
[  611.545289][T15072] tipc: Enabled bearer <udp:s>, priority 10
[  611.674617][   T57] usb 5-1: USB disconnect, device number 58
[  612.414670][T15091] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2566'.
[  612.446677][T15096] fuse: Unknown parameter 'rootmoBe'
[  612.551458][   T57] tipc: Node number set to 2886997162
[  612.607259][T15102] geneve0 speed is unknown, defaulting to 1000
[  612.949489][   T40] audit: type=1326 audit(1732648695.739:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15114 comm="syz.0.2573" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x0
[  612.951911][T15118] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  612.960865][T15118] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  613.025639][   T40] audit: type=1326 audit(1732648695.819:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15124 comm="syz.4.2575" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  613.031844][   T40] audit: type=1326 audit(1732648695.819:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15124 comm="syz.4.2575" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  613.037990][   T40] audit: type=1326 audit(1732648695.819:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15124 comm="syz.4.2575" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  613.044522][   T40] audit: type=1326 audit(1732648695.819:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15124 comm="syz.4.2575" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  613.050566][   T40] audit: type=1326 audit(1732648695.819:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15124 comm="syz.4.2575" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  613.060482][   T40] audit: type=1326 audit(1732648695.819:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15124 comm="syz.4.2575" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  613.066658][   T40] audit: type=1326 audit(1732648695.819:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15124 comm="syz.4.2575" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  613.077668][   T40] audit: type=1326 audit(1732648695.819:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15124 comm="syz.4.2575" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  613.268726][T15133] 9pnet_fd: Insufficient options for proto=fd
[  613.556369][T15139] 9pnet_fd: Insufficient options for proto=fd
[  613.817274][T15142] nfs4: Unknown parameter 'u	'
[  613.831403][T10594] Bluetooth: hci5: unexpected Set CIG Parameters response data
[  613.834801][T10594] Bluetooth: hci5: unexpected event for opcode 0x2062
[  614.013754][T15152] geneve0 speed is unknown, defaulting to 1000
[  614.414707][T15165] syzkaller1: entered promiscuous mode
[  614.416656][T15165] syzkaller1: entered allmulticast mode
[  614.769169][T15178] No source specified
[  614.825412][T15182] Cannot find del_set index 0 as target
[  615.099208][T15189] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer.
[  616.245353][T15215] netlink: 'syz.7.2600': attribute type 4 has an invalid length.
[  616.555548][T15220] netlink: 'syz.0.2602': attribute type 10 has an invalid length.
[  616.558376][T15220] bridge0: port 1(bridge_slave_0) entered disabled state
[  616.565373][T15220] bridge0: port 1(bridge_slave_0) entered blocking state
[  616.567248][T15220] bridge0: port 1(bridge_slave_0) entered forwarding state
[  616.573776][T15220] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  616.641822][T15222] bridge1: entered promiscuous mode
[  616.643372][T15222] bridge1: entered allmulticast mode
[  617.760786][T15262] geneve0 speed is unknown, defaulting to 1000
[  617.779762][T15264] netlink: 'syz.4.2624': attribute type 39 has an invalid length.
[  617.864279][T10594] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  617.866751][T10594] Bluetooth: hci5: Injecting HCI hardware error event
[  617.870644][T10594] Bluetooth: hci5: hardware error 0x00
[  618.185176][T15273] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2618'.
[  618.188684][T15273] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2618'.
[  618.551386][  T833] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  618.713969][  T833] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  618.717800][  T833] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  618.721133][  T833] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  618.746777][  T833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.762134][T15275] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  618.767871][  T833] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  619.056765][T15297] geneve0 speed is unknown, defaulting to 1000
[  619.063218][    T9] usb 5-1: USB disconnect, device number 59
[  619.951740][T15312] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2633'.
[  620.015532][   T40] kauditd_printk_skb: 56 callbacks suppressed
[  620.015543][   T40] audit: type=1326 audit(1732648702.809:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15314 comm="syz.4.2634" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  620.021370][T10594] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  620.023708][   T40] audit: type=1326 audit(1732648702.809:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15314 comm="syz.4.2634" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  620.031386][   T40] audit: type=1326 audit(1732648702.809:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15314 comm="syz.4.2634" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  620.037553][   T40] audit: type=1326 audit(1732648702.809:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15314 comm="syz.4.2634" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  620.045941][   T40] audit: type=1326 audit(1732648702.809:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15314 comm="syz.4.2634" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  620.071554][   T40] audit: type=1326 audit(1732648702.839:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15314 comm="syz.4.2634" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  620.077184][   T40] audit: type=1326 audit(1732648702.839:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15314 comm="syz.4.2634" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  620.083136][   T40] audit: type=1326 audit(1732648702.839:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15314 comm="syz.4.2634" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  620.088631][   T40] audit: type=1326 audit(1732648702.839:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15314 comm="syz.4.2634" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  620.094246][   T40] audit: type=1326 audit(1732648702.839:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15314 comm="syz.4.2634" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f98579 code=0x7ffc0000
[  620.254960][ T6017] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  620.672008][ T6017] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  620.675251][ T6017] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  620.678232][ T6017] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  620.680872][ T6017] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  620.684445][ T6017] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  620.686982][ T6017] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.692030][ T6017] usb 5-1: config 0 descriptor??
[  621.103134][ T6017] plantronics 0003:047F:FFFF.0004: ignoring exceeding usage max
[  621.106335][ T6017] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  621.122863][ T6017] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  621.183501][T15327] infiniband syz0: set down
[  621.185183][T15327] infiniband syz0: added bond0
[  621.198469][T15327] RDS/IB: syz0: added
[  621.199893][T15327] smc: adding ib device syz0 with port count 1
[  621.202160][T15327] smc:    ib device syz0 port 1 has pnetid 
[  621.821446][ T6017] usb 9-1: new high-speed USB device number 41 using dummy_hcd
[  621.996627][ T6017] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  622.006021][ T6017] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  622.008583][ T6017] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  622.010942][ T6017] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  622.023606][T15338] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  622.032788][ T6017] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  622.211391][  T832] usb 12-1: new high-speed USB device number 13 using dummy_hcd
[  622.334395][  T833] usb 9-1: USB disconnect, device number 41
[  622.363157][  T832] usb 12-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  622.368286][  T832] usb 12-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  622.370924][  T832] usb 12-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  622.374280][  T832] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  622.378471][T15340] raw-gadget.3 gadget.7: fail, usb_ep_enable returned -22
[  622.382458][  T832] usb 12-1: Quirk or no altset; falling back to MIDI 1.0
[  622.602077][T15346] netlink: 'syz.6.2642': attribute type 39 has an invalid length.
[  622.665141][T13772] usb 12-1: USB disconnect, device number 13
[  622.745974][T15352] geneve0 speed is unknown, defaulting to 1000
[  623.118275][   T57] usb 5-1: USB disconnect, device number 60
[  623.448798][T15375] netlink: 'syz.6.2648': attribute type 4 has an invalid length.
[  623.578523][T15377] geneve0 speed is unknown, defaulting to 1000
[  623.932562][T15386] netlink: 'syz.7.2652': attribute type 4 has an invalid length.
[  624.835134][T15399] netlink: 'syz.4.2656': attribute type 11 has an invalid length.
[  625.092834][T15403] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2657'.
[  625.101551][T15402] input: syz0 as /devices/virtual/input/input45
[  625.328568][T15387] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  625.605260][T15409] /dev/sr0: Can't open blockdev
[  625.702628][T15410] /dev/sr0: Can't open blockdev
[  625.731464][ T6017] usb 12-1: new high-speed USB device number 14 using dummy_hcd
[  625.745790][T15415] 9pnet_fd: Insufficient options for proto=fd
[  625.816538][T15415] 8021q: adding VLAN 0 to HW filter on device bond0
[  625.819857][T15415] team0: Port device bond0 added
[  625.893205][ T6017] usb 12-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  625.897172][ T6017] usb 12-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  625.900763][ T6017] usb 12-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  625.904666][ T6017] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  625.910413][T15408] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  625.915604][ T6017] usb 12-1: Quirk or no altset; falling back to MIDI 1.0
[  625.961446][   T30] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  626.046937][T15425] geneve0 speed is unknown, defaulting to 1000
[  626.125638][   T30] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  626.128771][   T30] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  626.131439][   T30] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  626.133770][   T30] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.209237][   T57] usb 12-1: USB disconnect, device number 14
[  626.240265][T15413] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  626.264480][   T30] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  626.532810][   T57] usb 5-1: USB disconnect, device number 61
[  626.757446][T15435] 
[  626.758134][T15435] ======================================================
[  626.760104][T15435] WARNING: possible circular locking dependency detected
[  626.762422][T15435] 6.12.0-syzkaller-09567-g7eef7e306d3c #0 Not tainted
[  626.764890][T15435] ------------------------------------------------------
[  626.768067][T15435] syz.4.2665/15435 is trying to acquire lock:
[  626.770094][T15435] ffff888023ce58b8 (&eq->sysfs_lock){+.+.}-{4:4}, at: elevator_disable+0xb5/0x490
[  626.773281][T15435] 
[  626.773281][T15435] but task is already holding lock:
[  626.775635][T15435] ffff8880416e9968 (&q->sysfs_lock){+.+.}-{4:4}, at: __blk_mq_update_nr_hw_queues+0x446/0x1460
[  626.779085][T15435] 
[  626.779085][T15435] which lock already depends on the new lock.
[  626.779085][T15435] 
[  626.782422][T15435] 
[  626.782422][T15435] the existing dependency chain (in reverse order) is:
[  626.785445][T15435] 
[  626.785445][T15435] -> #5 (&q->sysfs_lock){+.+.}-{4:4}:
[  626.788059][T15435]        __mutex_lock+0x19b/0xa60
[  626.789362][T15435]        __blk_mq_update_nr_hw_queues+0x446/0x1460
[  626.791043][T15435]        blk_mq_update_nr_hw_queues+0x2a/0x40
[  626.792607][T15435]        nbd_start_device+0x15b/0xd70
[  626.794003][T15435]        nbd_ioctl+0x21a/0xfd0
[  626.795240][T15435]        compat_blkdev_ioctl+0x2f7/0x750
[  626.796784][T15435]        __do_compat_sys_ioctl+0x1cb/0x2c0
[  626.798612][T15435]        __do_fast_syscall_32+0x73/0x120
[  626.800491][T15435]        do_fast_syscall_32+0x32/0x80
[  626.802304][T15435]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  626.804459][T15435] 
[  626.804459][T15435] -> #4 (&q->q_usage_counter(io)#49){++++}-{0:0}:
[  626.806760][T15435]        blk_mq_submit_bio+0x1fb6/0x24c0
[  626.808394][T15435]        __submit_bio+0x384/0x540
[  626.809696][T15435]        submit_bio_noacct_nocheck+0x698/0xd70
[  626.811344][T15435]        submit_bio_noacct+0x93a/0x1e20
[  626.812761][T15435]        block_read_full_folio+0x812/0xa50
[  626.814272][T15435]        filemap_read_folio+0xc6/0x2a0
[  626.815677][T15435]        filemap_get_pages+0x155f/0x1be0
[  626.817239][T15435]        filemap_read+0x3ca/0xd70
[  626.818806][T15435]        blkdev_read_iter+0x187/0x480
[  626.820170][T15435]        vfs_read+0x87f/0xbe0
[  626.821379][T15435]        ksys_read+0x12b/0x250
[  626.822617][T15435]        do_syscall_64+0xcd/0x250
[  626.823931][T15435]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.825607][T15435] 
[  626.825607][T15435] -> #3 (mapping.invalidate_lock#2){++++}-{4:4}:
[  626.827920][T15435]        down_read+0x9a/0x330
[  626.829258][T15435]        page_cache_ra_unbounded+0x173/0x750
[  626.830811][T15435]        page_cache_ra_order+0x7d9/0xc90
[  626.832247][T15435]        filemap_fault+0x1497/0x2820
[  626.833603][T15435]        __do_fault+0x10a/0x490
[  626.834984][T15435]        do_pte_missing+0x99f/0x3e00
[  626.836928][T15435]        __handle_mm_fault+0x103c/0x2a40
[  626.838605][T15435]        handle_mm_fault+0x3fa/0xaa0
[  626.839972][T15435]        __get_user_pages+0x8d9/0x3b50
[  626.841379][T15435]        __gup_longterm_locked+0x5ff/0x1870
[  626.842909][T15435]        pin_user_pages+0x13f/0x160
[  626.844250][T15435]        xdp_umem_create+0x73c/0x1270
[  626.845684][T15435]        xsk_setsockopt+0x7e7/0xac0
[  626.847036][T15435]        do_sock_setsockopt+0x222/0x480
[  626.848462][T15435]        __sys_setsockopt+0x1a0/0x230
[  626.849847][T15435]        __ia32_sys_setsockopt+0xbc/0x160
[  626.851307][T15435]        __do_fast_syscall_32+0x73/0x120
[  626.852761][T15435]        do_fast_syscall_32+0x32/0x80
[  626.854132][T15435]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  626.855936][T15435] 
[  626.855936][T15435] -> #2 (&mm->mmap_lock){++++}-{4:4}:
[  626.857895][T15435]        __might_fault+0x11b/0x190
[  626.859213][T15435]        _copy_from_user+0x29/0xd0
[  626.860527][T15435]        __blk_trace_setup+0xa8/0x180
[  626.861914][T15435]        blk_trace_setup+0x47/0x70
[  626.863233][T15435]        sg_ioctl+0x7a3/0x26b0
[  626.864459][T15435]        compat_ptr_ioctl+0x6b/0xa0
[  626.865819][T15435]        __do_compat_sys_ioctl+0x1cb/0x2c0
[  626.867604][T15435]        __do_fast_syscall_32+0x73/0x120
[  626.869219][T15435]        do_fast_syscall_32+0x32/0x80
[  626.870596][T15435]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  626.872343][T15435] 
[  626.872343][T15435] -> #1 (&q->debugfs_mutex){+.+.}-{4:4}:
[  626.874343][T15435]        __mutex_lock+0x19b/0xa60
[  626.875634][T15435]        blk_mq_exit_sched+0xd1/0x310
[  626.877045][T15435]        elevator_exit+0x58/0x80
[  626.878363][T15435]        del_gendisk+0x568/0xae0
[  626.879630][T15435]        nbd_dev_remove+0x3b/0xe0
[  626.880919][T15435]        process_one_work+0x958/0x1b30
[  626.882323][T15435]        worker_thread+0x6c8/0xf00
[  626.883676][T15435]        kthread+0x2c1/0x3a0
[  626.884868][T15435]        ret_from_fork+0x45/0x80
[  626.886148][T15435]        ret_from_fork_asm+0x1a/0x30
[  626.887507][T15435] 
[  626.887507][T15435] -> #0 (&eq->sysfs_lock){+.+.}-{4:4}:
[  626.889654][T15435]        __lock_acquire+0x249e/0x3c40
[  626.891041][T15435]        lock_acquire.part.0+0x11b/0x380
[  626.892484][T15435]        __mutex_lock+0x19b/0xa60
[  626.893784][T15435]        elevator_disable+0xb5/0x490
[  626.895137][T15435]        __blk_mq_update_nr_hw_queues+0x3bb/0x1460
[  626.896723][T15435]        blk_mq_update_nr_hw_queues+0x2a/0x40
[  626.898231][T15435]        nbd_start_device+0x15b/0xd70
[  626.899562][T15435]        nbd_ioctl+0x21a/0xfd0
[  626.900727][T15435]        compat_blkdev_ioctl+0x2f7/0x750
[  626.902092][T15435]        __do_compat_sys_ioctl+0x1cb/0x2c0
[  626.903504][T15435]        __do_fast_syscall_32+0x73/0x120
[  626.904896][T15435]        do_fast_syscall_32+0x32/0x80
[  626.906200][T15435]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  626.907853][T15435] 
[  626.907853][T15435] other info that might help us debug this:
[  626.907853][T15435] 
[  626.910409][T15435] Chain exists of:
[  626.910409][T15435]   &eq->sysfs_lock --> &q->q_usage_counter(io)#49 --> &q->sysfs_lock
[  626.910409][T15435] 
[  626.913698][T15435]  Possible unsafe locking scenario:
[  626.913698][T15435] 
[  626.915582][T15435]        CPU0                    CPU1
[  626.916958][T15435]        ----                    ----
[  626.918244][T15435]   lock(&q->sysfs_lock);
[  626.919329][T15435]                                lock(&q->q_usage_counter(io)#49);
[  626.921859][T15435]                                lock(&q->sysfs_lock);
[  626.923607][T15435]   lock(&eq->sysfs_lock);
[  626.924769][T15435] 
[  626.924769][T15435]  *** DEADLOCK ***
[  626.924769][T15435] 
[  626.926794][T15435] 5 locks held by syz.4.2665/15435:
[  626.928329][T15435]  #0: ffff888024085998 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x151/0xfd0
[  626.931091][T15435]  #1: ffff8880240858d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0x20/0x40
[  626.933927][T15435]  #2: ffff8880416e9438 (&q->q_usage_counter(io)#53){+.+.}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x1fc/0x1460
[  626.936906][T15435]  #3: ffff8880416e9470 (&q->q_usage_counter(queue)#37){+.+.}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x1fc/0x1460
[  626.940016][T15435]  #4: ffff8880416e9968 (&q->sysfs_lock){+.+.}-{4:4}, at: __blk_mq_update_nr_hw_queues+0x446/0x1460
[  626.943229][T15435] 
[  626.943229][T15435] stack backtrace:
[  626.945078][T15435] CPU: 2 UID: 0 PID: 15435 Comm: syz.4.2665 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[  626.947715][T15435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  626.950436][T15435] Call Trace:
[  626.951288][T15435]  <TASK>
[  626.952097][T15435]  dump_stack_lvl+0x116/0x1f0
[  626.953263][T15435]  print_circular_bug+0x41c/0x610
[  626.954579][T15435]  check_noncircular+0x31a/0x400
[  626.955826][T15435]  ? __pfx_check_noncircular+0x10/0x10
[  626.957218][T15435]  ? lockdep_lock+0xc6/0x200
[  626.958397][T15435]  ? __pfx_lockdep_lock+0x10/0x10
[  626.959647][T15435]  ? __lock_acquire+0xcc5/0x3c40
[  626.960855][T15435]  __lock_acquire+0x249e/0x3c40
[  626.962076][T15435]  ? __pfx___lock_acquire+0x10/0x10
[  626.963481][T15435]  ? find_held_lock+0x2d/0x110
[  626.964703][T15435]  lock_acquire.part.0+0x11b/0x380
[  626.966010][T15435]  ? elevator_disable+0xb5/0x490
[  626.967298][T15435]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  626.968684][T15435]  ? rcu_is_watching+0x12/0xc0
[  626.969907][T15435]  ? trace_lock_acquire+0x146/0x1e0
[  626.971248][T15435]  ? elevator_disable+0xb5/0x490
[  626.972535][T15435]  ? lock_acquire+0x2f/0xb0
[  626.973707][T15435]  ? elevator_disable+0xb5/0x490
[  626.974998][T15435]  __mutex_lock+0x19b/0xa60
[  626.976193][T15435]  ? elevator_disable+0xb5/0x490
[  626.977460][T15435]  ? elevator_disable+0xb5/0x490
[  626.978718][T15435]  ? __pfx___mutex_lock+0x10/0x10
[  626.980014][T15435]  ? __pfx_blk_mq_sched_free_rqs+0x10/0x10
[  626.981433][T15435]  ? mark_held_locks+0x9f/0xe0
[  626.982682][T15435]  ? elevator_disable+0xb5/0x490
[  626.983951][T15435]  elevator_disable+0xb5/0x490
[  626.985203][T15435]  __blk_mq_update_nr_hw_queues+0x3bb/0x1460
[  626.986748][T15435]  ? lock_acquire.part.0+0x11b/0x380
[  626.988104][T15435]  ? __mutex_trylock_common+0xea/0x250
[  626.989504][T15435]  ? __pfx___mutex_trylock_common+0x10/0x10
[  626.991032][T15435]  ? blk_mq_update_nr_hw_queues+0x20/0x40
[  626.992493][T15435]  ? rcu_is_watching+0x12/0xc0
[  626.993736][T15435]  ? __pfx___blk_mq_update_nr_hw_queues+0x10/0x10
[  626.995384][T15435]  ? blk_mq_update_nr_hw_queues+0x20/0x40
[  626.996858][T15435]  ? __pfx___mutex_lock+0x10/0x10
[  626.998160][T15435]  ? lockdep_hardirqs_on+0x7c/0x110
[  626.999502][T15435]  ? __mutex_lock+0x1cc/0xa60
[  627.000719][T15435]  ? nbd_ioctl+0x151/0xfd0
[  627.001878][T15435]  ? __pfx___mutex_lock+0x10/0x10
[  627.003144][T15435]  blk_mq_update_nr_hw_queues+0x2a/0x40
[  627.004544][T15435]  nbd_start_device+0x15b/0xd70
[  627.005784][T15435]  ? bpf_lsm_capable+0x9/0x10
[  627.006990][T15435]  nbd_ioctl+0x21a/0xfd0
[  627.008064][T15435]  ? __pfx_nbd_ioctl+0x10/0x10
[  627.009287][T15435]  ? __pfx_lock_release+0x10/0x10
[  627.010580][T15435]  ? trace_lock_acquire+0x146/0x1e0
[  627.011878][T15435]  ? __pfx_lock_release+0x10/0x10
[  627.013170][T15435]  ? __pfx_nbd_ioctl+0x10/0x10
[  627.014381][T15435]  compat_blkdev_ioctl+0x2f7/0x750
[  627.015689][T15435]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  627.017118][T15435]  ? __fget_files+0x206/0x3a0
[  627.018312][T15435]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  627.019728][T15435]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  627.021077][T15435]  __do_fast_syscall_32+0x73/0x120
[  627.022406][T15435]  do_fast_syscall_32+0x32/0x80
[  627.023667][T15435]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  627.025205][T15435] RIP: 0023:0xf7f98579
[  627.026218][T15435] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  627.031127][T15435] RSP: 002b:00000000f50f555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  627.033247][T15435] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000ab03
[  627.035253][T15435] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  627.037313][T15435] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  627.039511][T15435] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  627.041526][T15435] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  627.043503][T15435]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  627.153345][  T833] usb 11-1: USB disconnect, device number 9
[  627.385937][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.463925][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.534796][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.594844][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.649132][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  627.654345][   T12] bridge_slave_0: left allmulticast mode
[  627.656127][   T12] bridge_slave_0: left promiscuous mode
[  627.658290][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  627.700956][   T12] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  627.813021][T15435] block nbd4: shutting down sockets
[  627.903854][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  627.907258][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  627.910714][   T12] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  627.913822][   T12] bond0 (unregistering): Released all slaves
[  627.916782][   T12] bond1 (unregistering): Released all slaves
[  627.987990][   T12] tipc: Disabling bearer <udp:s>
[  627.989890][   T12] tipc: Left network mode
[  628.174026][   T12] hsr_slave_0: left promiscuous mode
[  628.175721][   T12] hsr_slave_1: left promiscuous mode
[  628.177457][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  628.179377][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  628.182287][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  628.184552][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  628.188208][   T12] veth1_macvtap: left promiscuous mode
[  628.189707][   T12] veth0_macvtap: left promiscuous mode
[  628.191182][   T12] veth1_vlan: left promiscuous mode
[  628.193296][   T12] veth0_vlan: left promiscuous mode
[  628.416352][   T12] team0 (unregistering): Port device team_slave_1 removed
[  628.486566][   T12] team0 (unregistering): Port device team_slave_0 removed
[  629.094286][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  629.161939][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  629.234388][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  629.293498][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  629.352575][   T12] bridge_slave_1: left allmulticast mode
[  629.354122][   T12] bridge_slave_1: left promiscuous mode
[  629.355652][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  629.358463][   T12] bridge_slave_0: left allmulticast mode
[  629.359991][   T12] bridge_slave_0: left promiscuous mode
[  629.362257][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  629.542714][   T12] team0: Port device bond0 removed
[  629.545359][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  629.548386][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  629.551443][   T12] bond0 (unregistering): Released all slaves
[  629.633329][   T12] tipc: Disabling bearer <udp:s>
[  629.635286][   T12] tipc: Left network mode
[  629.877004][   T12] hsr_slave_0: left promiscuous mode
[  629.879888][   T12] hsr_slave_1: left promiscuous mode
[  629.884378][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  629.886954][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  629.890003][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  629.894101][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  629.898330][   T12] veth1_macvtap: left promiscuous mode
[  629.900223][   T12] veth0_macvtap: left promiscuous mode
[  629.902820][   T12] veth1_vlan: left promiscuous mode
[  629.904597][   T12] veth0_vlan: left promiscuous mode
[  630.109378][   T12] team0 (unregistering): Port device team_slave_1 removed
[  630.160828][   T12] team0 (unregistering): Port device team_slave_0 removed
[  635.532610][    C3] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  635.536402][ T1411] ieee802154 phy0 wpan0: encryption failed: -22
[  635.538042][ T1411] ieee802154 phy1 wpan1: encryption failed: -22

VM DIAGNOSIS:
19:18:30  Registers:
info registers vcpu 0

CPU#0
RAX=1ffff110094f0020 RBX=0000000000000001 RCX=ffffffff89848f95 RDX=ffff888022f1a440
RSI=ffffffff89848fa3 RDI=0000000000000004 RBP=ffff88804a7800f8 RSP=ffffc9000ffbfac8
R8 =0000000000000004 R9 =000000000007ffff R10=0000000000070020 R11=000000000000004f
R12=ffff88804e6c5ac0 R13=0000000000070020 R14=dffffc0000000000 R15=000000000007ffff
RIP=ffffffff89848fb7 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020001000 CR3=000000005e232000 CR4=00352ef0
DR0=0000000000000000 DR1=000000000000000a DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000188eac4 RBX=0000000000000001 RCX=ffffffff8b1fbdc9 RDX=ffffed10056a6fee
RSI=ffffffff8bd15860 RDI=ffffffff8164d9b9 RBP=ffffed10039dd910 RSP=ffffc9000047fe08
R8 =0000000000000000 R9 =ffffed10056a6fed R10=ffff88802b537f6b R11=0000000000000001
R12=0000000000000001 R13=ffff88801ceec880 R14=ffffffff903e29d0 R15=0000000000000000
RIP=ffffffff8b1fd1af RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f50f5da4 CR3=000000005e232000 CR4=00352ef0
DR0=0000000000000000 DR1=000000000000000a DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a800000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85090125 RDI=ffffffff9a89b100 RBP=ffffffff9a89b0c0 RSP=ffffc90007c0efd0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=000000000000005b R14=ffffffff850900c0 R15=0000000000000000
RIP=ffffffff8509014f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=000000005e232000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=ffffffff90df0ceb RBX=0000000000000001 RCX=ffffffff90df0cea RDX=dffffc0000000000
RSI=0000000000000000 RDI=ffffffff90df0ceb RBP=ffffc90007b47018 RSP=ffffc90007b46f60
R8 =ffffffff90df0d20 R9 =ffffffff90df0cee R10=ffffc90007b46fd0 R11=0000000000010a89
R12=ffffc90007b47020 R13=ffffc90007b46fd0 R14=0000000000000005 R15=ffffc90007b479c8
RIP=ffffffff813db46e RFL=00000a02 [-O-----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000030000ffc CR3=000000000dd7e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a800000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000