last executing test programs:

27.964457674s ago: executing program 3 (id=764):
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xd50, 0x1300, &(0x7f0000000000)='%', 0x0, 0xd01, 0x700, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

27.804700751s ago: executing program 3 (id=765):
io_uring_setup(0x669, &(0x7f0000000100))
openat$cdrom(0xffffffffffffff9c, &(0x7f0000000500), 0x181982, 0x0)
process_vm_writev(0x0, &(0x7f00000002c0)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000180)=0x2)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x400000, '\x00', 0x0, 0xffffffffffffffff, 0x400000, 0x5, 0x800, 0x0, @void, @value, @void, @value}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = inotify_init1(0x0)
fcntl$setown(r1, 0x8, 0xffffffffffffffff)
fcntl$getownex(r1, 0x10, &(0x7f0000000100)={0x0, <r2=>0x0})
prctl$PR_SET_PTRACER(0x59616d61, r2)
r3 = syz_open_dev$ndb(0x0, 0x0, 0x141802)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r3, 0xab00, r4)
ioctl$NBD_DO_IT(r3, 0xab03)
r5 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)
process_vm_readv(r2, &(0x7f00000002c0)=[{&(0x7f0000000080)=""/237, 0xed}], 0x1, &(0x7f00000003c0)=[{&(0x7f0000000300)=""/177, 0xb1}], 0x1, 0x0)
syz_open_dev$dri(&(0x7f00000005c0), 0x0, 0x800)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000040000000800000008000000000000", @ANYRES8=r4, @ANYBLOB='\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000040000000000000000000d568000000000000214e616f63bde956bb85f5cebeb374a38453e885a6c8bc691ce4b274f75b88796a6db31aa0259240cd4321c747a38db315d2689083b51ef13592f39a0309081560e605ef9cefa915ec33442c7001f697046c1bb4ebbad4c4a6d91e9748c5ce2a7cfe42aad89728c1dcf75748ef99a74ce4dd0e7bed8cfa26d3267b2a5384643777bd830e5d78156f603b4dc75d5e49ed0eab601ac7e2e345cf4344562174f0b67a1fbf5d26599888900baca298660f9a8e31b02003daed4f643ebe1a787cf0d9f44e953e23b98b77d22f62dc374002857998dca6897463117b61bc5cabef30a4fc10759a5468a248b84c77b2b0dc638ea7cd0d04536918bb4f56598070b755531cbe2945138fba6948ab9e453f834f07ba44670200d7daa5be1a31e11761cca10ecc5b7e3a7b5e5ed0af14"], 0x48)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x38}}, 0x0)

24.533048452s ago: executing program 3 (id=776):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
prlimit64(0x0, 0x0, 0x0, 0x0)
getpgrp(r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240), 0x0, 0x100, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000240009000000000000000e0006"], 0x14}}, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, 0x0, <r6=>0x0, 0x0, 0x0, 0x0, 0x0})
r7 = syz_open_dev$dri(&(0x7f0000000000), 0xab, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000200)={r5, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000400)={&(0x7f0000000280), 0x0, r8, r6, 0x0, 0x1, 0x0, 0x7fc, {0x4, 0x1, 0x3, 0x69, 0x200, 0x0, 0x2, 0x5, 0x4cab, 0xe154, 0x1000, 0x0, 0x10, 0xf9, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600))
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004000000e27f00000100000005000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000008000"/28], 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r9, &(0x7f0000000300)="60b06c3d1d6f", 0x20000000}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r9}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)={0x2c, r11, 0xe0ccf0f2d388eeeb, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x4000080)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

15.924636098s ago: executing program 0 (id=805):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x6000, &(0x7f0000000700)={&(0x7f0000005d80)=@newtaction={0x14, 0x76, 0x1}, 0x14}}, 0x0)

15.864833863s ago: executing program 0 (id=806):
ioperm(0x0, 0x3ff, 0x4)
r0 = gettid()
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x3}})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
set_tid_address(0x0)
ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000400)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x30, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x4}}}]}, 0x30}}, 0x0)
setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r4, &(0x7f0000001a40)=[{{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000000140)="53a1b228144d4835415007b390c577cc8a52baa9acba00f1dd7513f66663907dd44196b10d83678ae900d813987c30ec", 0x30}, {&(0x7f0000000540)="0b8b61a9d3983220d21a6c51b2595f671ffd4f674d81bec0e74d44fc1f87c6699a37d7dc912a573f5160648d2dc6dcb9b7fadbfa5f6d0b77afb8e72fc808ca522704d3a40c10a4ec42cef49e0f14cfed658cd906fbfbd5662ad2d46f866d5822", 0x60}, {&(0x7f0000000700)="ecb0cf337e24fac56e2538eeef46cfc55416975a2b339dc2fd50692d3a8701efab83f5d5522b4d66e05b95861dbd39ec103f21789acad70354be14337dee47726ee004957151164ff869fd080c8aba3cbbb98dc6833516bd27cea00e2bcf832865128a661ee2d8bb45952d584728fc7b3d9031f3fca7780d3345a6386a1380b311cbf7dcfcc6f0cc62cef4971d77e32d4df628932e98b716b22833c4f753ae66f24ad52ad704929d72860c28223013a4e9e1f1d0457b2ced6397ba", 0xbb}, {&(0x7f0000000340)="88b1b408f4505cceda1a52bd9275c1cee323958beab018ed3fcfbda5a40856fff0e5775f3964edba0dffc9d6d5781f0cd36e643553f83c877d4abcf0197bdc9e0420107e5ce648500ee9d4e1d6f9b70f882178e1d16aedb5ac18916125c173da0679e5256e3494915f76f31d", 0x6c}, {&(0x7f0000000880)="f3800fa39c041d1b847639be7e710c9d84b36d726fd1c0c270e96d7301800d1474a8eb421e917e4356d41fe994c2f77cbe4d1c995b1457fe265375b93d0921e88a50b1ecd43d26e80ac566f640c663150d78beb087b3b94a4abfe1f4595f787d80ddb07bd31da39d135514a9bb1489bef35ef7a524ce59fcada09cab615172ab3d844b24bb76d2b1443a7942708f845d143499446d609aba4d95531eb7396d6606b9d0e6f559fb04ec9352e6dc104d1f6d89e4157200fea77e", 0xb9}, {&(0x7f00000009c0)="91e63bba648258706160117885363debd7e23684aa6e7c41fd6873ca56f4cffd1550819bdaee6c6d923c1ccd95950a085ca74094eee665b3a23811bb4e193946573ddf786db600d95230e5e4771638575d297fc5d7055a5aac2323a863e69f0843e1978fcf5a8501bf0a587601a0019e315d68a38b2fbbc07016fbc5938551d39b5dafe31a7c50f47d8c9d8b0c152d5bbe2194208c2093faa1447e1bff7f78e8e715b29dc3f4ff086a0570bf519be43633f57dfa1628a5665fd75f78295733525e2952887565d265698c93b1c551e71d5b04074a6af623f6b7142de0f4608c4cfb12e49e17f0d2598ea42337393f690fe4f4f29ae7b31753f769c85387c0f22e28df35968d6353e2f0db11339b7d136bff95efb22dae41c46f2d0046486e2ab1ae862a5fe46f32ce0f40d710ef0ffe579497a49404094f2161d17b4401b85481b2d72001ff", 0x145}, {&(0x7f00000007c0)="3efce8a8cebdc7241cb440f11fea781548d34d5e722a5dba696e4537ea944559f4e059a3fe4330959c11510fa33e1c42452283b13d4c83a23330b6408a9be851c6236b43a9ea7afb34e1a990513670a5c28bc7e3214ef988fed2004e84214e139f098cdd67c5f34c9080698ef5b3624d7da6c42114782f19b032ea52", 0x7c}, {&(0x7f0000000940)="c8", 0x1}, {&(0x7f0000000640)='i', 0x1}], 0x9}}], 0x1, 0x7c9ce320e12db95)
sendfile(r4, r3, 0x0, 0x4000000000010046)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r6 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_opts(r6, 0x29, 0x3b, &(0x7f0000000680)=@dstopts={0x3c, 0x1b, '\x00', [@enc_lim, @pad1, @generic={0x1e, 0xcd, "1f3d425166ba7a1e25900e756aa5a23d01bb84cc1cc7e8b8ed49a3c24822d1a5db8e5215c818fce51b64229252e2537a8e4e0c4b9bbfb2497edfc39277bbd0f8c66a1cfac475a9cbb4b3084f9315d3d1564d2e8304adaa40b5f196d54ce093c0bd2248bf1d41aeb732abc23efdc6274e224b33779a04fc3fd118f591eb3b0d3c4f163071fd245e5b8c72d410cdc3fda5abbe50dcf9898fd486148104914d20c3c959321b3527b7042670024326defba0470e72beceeb9438230928fe63a5b4992db5bcd2322b66a93088623ed9"}, @pad1]}, 0xe0)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0xa, @local, 0x3}, 0x1c)
sendto$inet6(r6, 0x0, 0x0, 0xfffffeffffff7ffe, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

15.594121736s ago: executing program 0 (id=809):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fsopen(0x0, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r1, 0x104, 0x3, 0xffffffffffffffff, &(0x7f0000000080))
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), r0)
sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9400ff00", @ANYRES16=r2, @ANYBLOB="200028bd7000ffdbdf250e00000044000680040002003c00040067636d2861657329000000000000000000000000000000000000000000000000140000004c98eccf719a1206e2874d5a3f3d7e02f3cc34e7100007800c00040088000000000000001c0007800c00040002000000000000000c0003000101000000000000240004800900010073797a30000000001300010062726f6164636173742d6c696e6b0000"], 0xa8}, 0x1, 0x0, 0x0, 0x20000000}, 0x1)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0x58}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha256\x00'}, 0x3c)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d000001d0dbd301e5a74a2f3caa73dcd2a6a370554375a", 0x20)
r6 = accept4(r5, 0x0, 0x0, 0x80800)
openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x200100, 0x58)
sendmsg$nl_route_sched(r6, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f0000000540)=@newqdisc={0x184, 0x24, 0x200, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x6, 0x2c523eb3cee51b08}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x3}, @TCA_STAB={0x158, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x12, 0x3, 0x6, 0x9e0a, 0x0, 0x5321, 0x9, 0x4}}, {0xc, 0x2, [0x8000, 0x2, 0x6, 0x800]}}, {{0x1c, 0x1, {0x9, 0x6, 0x1, 0x7, 0x0, 0x6, 0xc15, 0x9}}, {0x16, 0x2, [0x5, 0x9, 0x23, 0x0, 0xb70e, 0x1000, 0x3, 0xfbff, 0x0]}}, {{0x1c, 0x1, {0x10, 0x1, 0xfff9, 0xb2b55eec, 0x3, 0x0, 0x0, 0xa}}, {0x18, 0x2, [0x0, 0x390, 0x0, 0xb5c2, 0x41b4, 0x6, 0x7, 0x80, 0x5, 0x2]}}, {{0x1c, 0x1, {0x5, 0x7f, 0x8, 0xff, 0x2, 0x10001, 0x8, 0x9}}, {0x16, 0x2, [0x7fff, 0xffff, 0xa, 0x1, 0x1, 0x5, 0x9, 0x9, 0x1]}}, {{0x1c, 0x1, {0x0, 0x6, 0xa7, 0x5, 0x2, 0x80, 0xfffffffa, 0x1}}, {0x6, 0x2, [0x0]}}, {{0x1c, 0x1, {0x9, 0x6, 0x7fff, 0x5, 0x2, 0x5, 0x1}}, {0x4}}, {{0x1c, 0x1, {0x1, 0x2, 0x9, 0x1ff, 0x0, 0x2, 0xe, 0x3}}, {0xa, 0x2, [0x6, 0x5, 0x87]}}, {{0x1c, 0x1, {0xd6, 0x7f, 0x696, 0x7408, 0x0, 0x7f, 0x4, 0x2}}, {0x8, 0x2, [0x8, 0x81a4]}}]}]}, 0x184}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
recvmsg$can_raw(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000100)=""/16, 0xf000}, {&(0x7f00000010c0)=""/4096, 0x1000}], 0x2}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48)
syz_open_dev$tty1(0xc, 0x4, 0x2)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000480)={0x2, [0x0, 0x0]}, &(0x7f00000004c0)=0xc)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]})
socket(0x0, 0x0, 0x0)
r10 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r10, 0x402, 0x26)
fcntl$notify(0xffffffffffffffff, 0x402, 0x2e)
close_range(r9, r7, 0x0)

14.723618428s ago: executing program 0 (id=811):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x0, 0xc9, 0x2}}}, 0x7)
r1 = syz_open_dev$cec(&(0x7f0000000680), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000100)="5713f51c169ef7360ced1ca7d70607f44c85ca0986e68b826318e9ae050ecacb513cea010ae0c47894d6f572cff71815c2f03d6b091a5d98ccbcff5c7cac10a256ae59b3f924a4b946501b9e472c7f966d10", 0x52}, {0x0}], 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
write$binfmt_script(r2, &(0x7f0000000480)={'#! ', '', [], 0xa, "4f9af1658f2a9757e69a804e2e19a4f92890d388c4496d9f410b86f45be366ebb63b8cc755aa72659053cb12faa299e1d3c6e110057fbc0f9f586aef71ff7d90e708fdea6dfbb675c20128342241987cbe52e3ea6acd3b0b4c77900617330df5e1e9f16785435bfa6cb7f310d2ce8ae2da4129324ecab48326c31ba6a9d53d58e175981f99379ba16a89c2d3aaf040004b67dca844f435c01d403c1acfbf87546c8f227f6bbdf7ca426fadcfa6fdb696c3a84ff127177309ce20c00c0d9834fddd6cb1e08975ee8f3f9633ebdc3796aa47c2bd2ea8d2215718837c66581dad53db900af72e57bac102a98442b635b70cc0c2e71002bdbd580587b24d192728c92f3bfc1503b3ef2c308da0874fe48f4fbfa09e912c49ab7c8e4696682d41b7ff425b3a21f9cca4835a3bf27184439c3b95f5eb1b1e507dfcdf86ef373910b470b99ff964a14463ac7cbc70a40e163cc7da4b828f4a08081fb3"}, 0x15d)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r3 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$apparmor_current(r3, &(0x7f0000000180)=ANY=[@ANYBLOB='changeprofile &&'], 0x280)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0xb, 0x400, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
read$char_usb(r4, &(0x7f0000000080)=""/139, 0x8b)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
openat$sequencer(0xffffff9c, &(0x7f00000003c0), 0x44400, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000400)=ANY=[@ANYBLOB="58000000020605000000000000000000030000850c00078008000a400000000205007c24eac117042c6fa4a8c8ec0100070000000900020073797a310000000005000400020000000900020073797a320000000005000400030000000500050000000000"], 0x58}, 0x1, 0x0, 0x0, 0x40850}, 0x4880)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x11, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000001800dd8d000000000000000002000000000000060000000006001500010000001800168014000100800000000000000000001000000011"], 0x3c}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000a0)
sendmmsg(r6, &(0x7f0000000000), 0x400000000000235, 0x0)

11.53406182s ago: executing program 0 (id=819):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000003bd38a9f97cf0000000000000000000000000000000000cb6bbbb9"], 0x48)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCADDRT(r1, 0x8936, &(0x7f0000000000)={@remote, @loopback, @remote, 0xffff6ee7, 0x0, 0x0, 0x0, 0x0, 0x108010})
r2 = gettid()
prctl$PR_SET_PTRACER(0x59616d61, r2)
prctl$PR_SET_PTRACER(0x59616d61, r2)
syz_open_procfs(r2, &(0x7f0000000740)='net/anycast6\x00')
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000540)={'syztnl2\x00', &(0x7f0000000440)={'gretap0\x00', <r3=>0x0, 0x40, 0x1, 0x2, 0x0, {{0x15, 0x4, 0x1, 0x8, 0x54, 0x65, 0x0, 0x4, 0x4, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x44}, {[@generic={0x82, 0x6, "ca138826"}, @timestamp_addr={0x44, 0x1c, 0xe3, 0x1, 0xb, [{@local, 0xffffffff}, {@empty, 0x8eda}, {@multicast2, 0xffffffff}]}, @rr={0x7, 0x1b, 0x10, [@local, @dev={0xac, 0x14, 0x14, 0x39}, @multicast2, @multicast1, @multicast2, @remote]}, @end]}}}}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)=@newchain={0x2c, 0x64, 0x200, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfffa, 0x3}, {0x6, 0xffe0}, {0x5, 0x10}}, [@TCA_CHAIN={0x8, 0xb, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x90}, 0x2810)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000e7000700181100c70000000000000075fbf5b137594c85506724d17edfb0f57248f29ccb4cf895eff830f82d7de399dcb55961555b8e22a460f3a9c4d72acf53c4d22ab05a6e0cde1d32ba58cc76c4abbb2746aa01", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r5 = socket$inet6_dccp(0xa, 0x6, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000300)={@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x20)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x8004700b, &(0x7f0000000040))
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r6, 0x6, 0x3, &(0x7f0000000000)=0x58, 0x5b)
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x4, 0x4, 0x37c, 0xffffffff, 0xc8, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x2b4, 0x2b4, 0x2b4, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@loopback, @remote, [0xffffff00, 0x7f000000, 0x1feffffff, 0xff000000], [0x0, 0x0, 0xff, 0xff], 'bond_slave_1\x00', 'veth1_to_hsr\x00', {}, {0xff}, 0x32, 0x90, 0x5, 0x42}, 0x2f2, 0xa4, 0xc8}, @REJECT={0x24}}, {{@uncond, 0x0, 0xc8, 0x124, 0x0, {}, [@common=@inet=@ecn={{0x24}}]}, @common=@inet=@HMARK={0x5c, 'HMARK\x00', 0x0, {@ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, [0x0, 0xffffffff, 0xff000000], 0x4e22, 0x4e22, 0x4e20, 0x4e23, 0x1, 0x2, 0x4, 0x80000000, 0x6}}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3d8)
r7 = socket$l2tp6(0xa, 0x2, 0x73)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000deb9972f02fb935000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x7, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000100000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='mm_page_alloc\x00', r9}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sendmmsg$inet6(r7, &(0x7f0000003040)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @local}, 0x1c, 0x0}}, {{&(0x7f0000000bc0)={0xa, 0x4e20, 0x7fffffff, @local, 0x66}, 0x1c, 0x0}}], 0x2, 0x24000004)

11.464682222s ago: executing program 0 (id=820):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
prlimit64(0x0, 0x0, 0x0, 0x0)
getpgrp(r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x100, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000240009000300000000000e0006"], 0x14}}, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, 0x0, <r6=>0x0, 0x0, 0x0, 0x0, 0x0})
r7 = syz_open_dev$dri(&(0x7f0000000000), 0xab, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000200)={r5, <r9=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000400)={&(0x7f0000000280)=[r8], 0x1, r9, r6, 0x0, 0x0, 0x0, 0x800, {0x4, 0x1, 0x3, 0x69, 0x200, 0x0, 0x2, 0x5, 0x4cab, 0xe154, 0x1000, 0x0, 0x10, 0xf9, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600))
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r10, &(0x7f0000000300)="60b06c3d1d6f", 0x20000000}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)={0x48, r12, 0xe0ccf0f2d388eeeb, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x1c, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xe, 0x2, 'syzkaller\x00'}]}]}]}]}, 0x48}}, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x4000080)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

11.185708507s ago: executing program 3 (id=813):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fsopen(0x0, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r1, 0x104, 0x3, 0xffffffffffffffff, &(0x7f0000000080))
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), r0)
sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9400ff00", @ANYRES16=r2, @ANYBLOB="200028bd7000ffdbdf250e00000044000680040002003c00040067636d2861657329000000000000000000000000000000000000000000000000140000004c98eccf719a1206e2874d5a3f3d7e02f3cc34e7100007800c00040088000000000000001c0007800c00040002000000000000000c0003000101000000000000240004800900010073797a30000000001300010062726f6164636173742d6c696e6b0000"], 0xa8}, 0x1, 0x0, 0x0, 0x20000000}, 0x1)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha256\x00'}, 0x3c)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d000001d0dbd301e5a74a2f3caa73dcd2a6a370554375a", 0x20)
r6 = accept4(r5, 0x0, 0x0, 0x80800)
openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x200100, 0x58)
sendmsg$nl_route_sched(r6, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f0000000540)=@newqdisc={0x184, 0x24, 0x200, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x6, 0x2c523eb3cee51b08}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x3}, @TCA_STAB={0x158, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x12, 0x3, 0x6, 0x9e0a, 0x0, 0x5321, 0x9, 0x4}}, {0xc, 0x2, [0x8000, 0x2, 0x6, 0x800]}}, {{0x1c, 0x1, {0x9, 0x6, 0x1, 0x7, 0x0, 0x6, 0xc15, 0x9}}, {0x16, 0x2, [0x5, 0x9, 0x23, 0x0, 0xb70e, 0x1000, 0x3, 0xfbff, 0x0]}}, {{0x1c, 0x1, {0x10, 0x1, 0xfff9, 0xb2b55eec, 0x3, 0x0, 0x0, 0xa}}, {0x18, 0x2, [0x0, 0x390, 0x0, 0xb5c2, 0x41b4, 0x6, 0x7, 0x80, 0x5, 0x2]}}, {{0x1c, 0x1, {0x5, 0x7f, 0x8, 0xff, 0x2, 0x10001, 0x8, 0x9}}, {0x16, 0x2, [0x7fff, 0xffff, 0xa, 0x1, 0x1, 0x5, 0x9, 0x9, 0x1]}}, {{0x1c, 0x1, {0x0, 0x6, 0xa7, 0x5, 0x2, 0x80, 0xfffffffa, 0x1}}, {0x6, 0x2, [0x0]}}, {{0x1c, 0x1, {0x9, 0x6, 0x7fff, 0x5, 0x2, 0x5, 0x1}}, {0x4}}, {{0x1c, 0x1, {0x1, 0x2, 0x9, 0x1ff, 0x0, 0x2, 0xe, 0x3}}, {0xa, 0x2, [0x6, 0x5, 0x87]}}, {{0x1c, 0x1, {0xd6, 0x7f, 0x696, 0x7408, 0x0, 0x7f, 0x4, 0x2}}, {0x8, 0x2, [0x8, 0x81a4]}}]}]}, 0x184}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
recvmsg$can_raw(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000100)=""/16, 0xf000}, {&(0x7f00000010c0)=""/4096, 0x1000}], 0x2}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48)
syz_open_dev$tty1(0xc, 0x4, 0x2)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000480)={0x2, [0x0, 0x0]}, &(0x7f00000004c0)=0xc)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]})
socket(0x0, 0x0, 0x0)
r10 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r10, 0x402, 0x26)
fcntl$notify(0xffffffffffffffff, 0x402, 0x2e)
close_range(r9, r7, 0x0)

10.234421834s ago: executing program 3 (id=822):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x7, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}, 0xd8)
bind$inet(r1, &(0x7f0000000140)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000040)={0x1, 0x3}, 0x8)
fcntl$setflags(r1, 0x2, 0x1)
sendto$inet(r1, 0x0, 0xffffffffffffff7c, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10)
close(r1)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f00007e8000/0x3000)=nil, 0x930, 0x8, 0x12, r2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x5, 0x3, 0x2, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01001c000000008000001000003c080007000000000818000180140002006e657464657673696d30000000000000080008"], 0x3c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x17)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000b00)={0x1, 0x0, @pic={0x5, 0x9e, 0x4, 0x3, 0x0, 0x6, 0x4c, 0x8, 0x9, 0x2, 0x8, 0x1, 0x2, 0x2, 0x1a, 0x4}})
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r6}, 0x4)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x1d, &(0x7f0000000740)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xba}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = userfaultfd(0x1)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_COPY(r9, 0xc028aa05, &(0x7f0000000080)={&(0x7f0000c15000/0x1000)=nil, &(0x7f0000508000/0x4000)=nil, 0x1000, 0x3f})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r8, 0xfffff000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x5)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0xd8, 0x6, 0xa, 0x301, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0xa4, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_QUEUE_TOTAL={0x6, 0x2, 0x1, 0x0, 0x8}]}}}, {0x1c, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_QUOTA_FLAGS={0x8, 0x2, 0x1, 0x0, 0x6}]}}}, {0x30, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0xfff7}, @NFTA_SYNPROXY_WSCALE={0x5, 0x2, 0x2}, @NFTA_SYNPROXY_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}]}}}, {0x14, 0x1, 0x0, 0x1, @notrack={{0xc}, @val={0x4, 0x2, 0x0, 0x1, ["", "", "", "", "", "", ""]}}}, {0x14, 0x1, 0x0, 0x1, @notrack={{0xc}, @val={0x4, 0x2, 0x0, 0x1, ["", "", ""]}}}, {0x10, 0x1, 0x0, 0x1, @target={{0xb}, @void}}]}]}], {0x14}}, 0x100}}, 0x4008001)

10.179415652s ago: executing program 3 (id=825):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
prlimit64(0x0, 0x0, 0x0, 0x0)
getpgrp(r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x100, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000240009000000000000000e0006"], 0x14}}, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, 0x0, <r6=>0x0, 0x0, 0x0, 0x0, 0x0})
r7 = syz_open_dev$dri(&(0x7f0000000000), 0xab, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000200)={r5, <r9=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000400)={&(0x7f0000000280)=[r8], 0x1, r9, r6, 0x3f000000, 0x0, 0x0, 0x800, {0x4, 0x1, 0x3, 0x69, 0x200, 0x0, 0x2, 0x5, 0x4cab, 0xe154, 0x1000, 0x0, 0x10, 0xf9, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600))
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r10, &(0x7f0000000300)="60b06c3d1d6f", 0x20000000}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)={0x2c, r12, 0xe0ccf0f2d388eeeb, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x4000080)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

6.134074587s ago: executing program 2 (id=842):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000000100)='./bus\x00', 0x40542, 0x1)
ftruncate(r3, 0xee72)
ioctl$TIOCGPGRP(r1, 0x540f, 0x0)
sendfile(r2, r3, 0x0, 0x8000fffffffe)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r5, 0xa6857000)
getrandom(&(0x7f0000000600)=""/274, 0xffffff4f, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
write$tun(r2, 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0xfffffffa)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"})
r6 = syz_open_pts(r0, 0x0)
ioctl$TCFLSH(r6, 0x540b, 0x2)

5.294867422s ago: executing program 2 (id=844):
r0 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r3, @ANYBLOB="0c009900050000006a00000008002600b409000008009f004d"], 0x40}, 0x1, 0x0, 0x0, 0x40004}, 0x0)
close(0xffffffffffffffff)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
getpid()
socket$inet6(0xa, 0x2, 0x8)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r6, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4)
sendmmsg$inet(r6, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close(r7)
socket$nl_route(0x10, 0x3, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r8}, 0x10)
r9 = getpid()
process_vm_readv(r9, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
setsockopt$inet6_IPV6_PKTINFO(r5, 0x29, 0x32, &(0x7f0000000580)={@private1}, 0x14)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_VDPA_SET_CONFIG_CALL(0xffffffffffffffff, 0x4004af77, &(0x7f0000000a00)=0x1)
writev(0xffffffffffffffff, &(0x7f0000000600)=[{&(0x7f0000000280)}], 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1200000007000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/22], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2100, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

4.579661598s ago: executing program 2 (id=845):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x7, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)=[{0x0}], 0x1}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f00000024c0)={0x0, 0x0, &(0x7f0000002480)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000000007010200000000000000000a0000040c0001"], 0x28}, 0x1, 0x0, 0x0, 0x48805}, 0x80)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, 0x0}, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, 0x0, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
bind$ax25(r3, &(0x7f0000000380)={{0x3, @default, 0x1}, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
connect$ax25(r3, &(0x7f0000000000)={{0x3, @null}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast]}, 0x48)
getsockopt$inet_mptcp_buf(r2, 0x11c, 0x2, &(0x7f0000000040)=""/185, &(0x7f0000000100)=0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000007c4b0fa0a5da7e4900180100402020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8)
r4 = openat$pfkey(0xffffff9c, &(0x7f0000000180), 0x40102, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), 0xffffffffffffffff)
write$cgroup_pid(r4, &(0x7f0000000300)=0xffffffffffffffff, 0x12)

4.453997468s ago: executing program 2 (id=846):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000020000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = socket$unix(0x1, 0x5, 0x0)
shutdown(r1, 0x6)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r3, 0x0)
iopl(0x3)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x20003000, 0x0, 0x0, 0x0, 0x0, 0x0)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r2, &(0x7f0000000340)="41000000010001", 0x7)
r4 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r4, 0x29, 0x24, &(0x7f00000000c0), 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="7f0000006800e978000000000000000002000004000b00"], 0x1c}, 0x1, 0xff000000}, 0x0)
getpid()
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x140b43)
syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0)

4.373234134s ago: executing program 2 (id=847):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syncfs(0xffffffffffffffff)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_io_uring_setup(0x10, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000280)=ANY=[@ANYBLOB="01"])
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000040)=ANY=[])

4.143369859s ago: executing program 2 (id=848):
openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
prlimit64(0x0, 0x0, 0x0, 0x0)
getpgrp(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x100, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000240009000000000000000e0006"], 0x14}}, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r3 = syz_open_dev$dri(0x0, 0x1, 0x713c41)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x10, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={0x0, <r4=>0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0})
r6 = syz_open_dev$dri(&(0x7f0000000000), 0xab, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000200)={0x0, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000400)={&(0x7f0000000280)=[r7], 0x1, r8, r5, 0x0, 0x0, 0x0, 0x800, {0x4, 0x1, 0x3, 0x69, 0x200, 0x0, 0x2, 0x5, 0x4cab, 0xe154, 0x1000, 0x0, 0x10, 0xf9, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'team0\x00', <r9=>0x0})
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0100000004ccb015867f00000100000005000000", @ANYRES32, @ANYRES16=r4, @ANYRES32=0x0, @ANYRESHEX=r3, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r10, &(0x7f0000000300)="60b06c3d1d6f", 0x20000000}, 0x20)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095f9ff00000000000dce61"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="11da1f89", @ANYRES16=r13, @ANYBLOB="0002040000000000000008000000180001801400020073797a5f74756e0000000000000000008400018014000200626f6e645f736c6176655f3000000000080008009fde76f3ddd7dedbe7348b896bd9f87061035725e38b6e24ea1fb60f9586a7c27e6dbfd131214844b4e7b65e28581344bbe312535726eef6ae67acf3eca705ccf89f5672349dfef556606422d3fa0b99a5b99bdc2dd9cfaa7e974d44264c7e2ca87f35370d9d244692f58c789f226e135c665c65c15be3b42307067b09064cf29708d0171a3090a7bd00e63c6a1cf9d24e80fef7eb85a6c1bbb589017d0fcf4f1dfc74277ed799", @ANYRESHEX=r11, @ANYBLOB="0800030000000000080003000300000008000100", @ANYRES32=r9, @ANYBLOB="140002007465616d5f736c6176655f31000000000800030002000000080003000200000014000200677265746170300000000000000000001400020074756e6c3000000000000000000000009800028059000400c70621eeb0ff71eae8420a9773e2e90f7731a18be38bdf39740b674da948b3ae0240e8547ee21bd18ed5467b9e616954c82130414ac4b9cef379ab342426771e4158226977425645ed068355d6fb58bde3241e59630000000400010032000400acfd0ce55c52a6a313671387e3576af3ab7af50c04f478e134b0b7ef0d69c6d5ec0c29dd81c69bb1cbea274b2acd0000dc0002805c000400c5d21d3ebb89e0c2a87f387d053138e3ecd4e8d7bd9e22a0788173e078ac0c2ed009b3ffc80c26a313ffcfc3519e67b9173a18f12043633bd35c4309d8f724ca27d1893490aecc04bc66d794e9a313d29b053588a5c45991040001000800020063130000700003801c00018008000100ff0f00000a0002005e5e26290900000004000300300001800800010004000000080001000500000008000100ab00000008000100000000000c00020073797a5f74756e00080001800400030018000180110002007465616d5f736c6176655f3100000000"], 0x224}, 0x1, 0x0, 0x0, 0x4000008}, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x4000080)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

2.574642911s ago: executing program 1 (id=852):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000005c0)={@fallback=r2, 0x2b, 0x0, 0xa315, &(0x7f0000000240)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000500), 0x0, 0x0}, 0x40)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = openat$autofs(0xffffff9c, &(0x7f0000000000), 0x80001, 0x0)
fstatfs(r3, &(0x7f0000000340)=""/4096)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r4 = timerfd_create(0x0, 0x0)
getrandom(&(0x7f0000002080)=""/244, 0xf4, 0x3505b64c3c59dac1)
timerfd_gettime(r4, &(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_io_uring_setup(0x48d4, &(0x7f0000000080)={0x0, 0x1fffff, 0x20, 0x40000004}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
socket$inet_mptcp(0x2, 0x1, 0x106)
r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
syz_open_dev$mouse(&(0x7f0000000000), 0x7, 0x18800)
io_setup(0x3, &(0x7f0000000180)=<r8=>0x0)
openat$mice(0xffffff9c, &(0x7f0000000200), 0x24000)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a84350014060000000000000000000000000000000000fe80000000004e224cb1bf2d70d8722a4bec43207b4bfe2d7100cd7652d3582f5e77990014e21c702d945a934059b7d6073121cf0b774020674ad9d79c1cd2342956acc9892508d6e64f", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="500200009078e300"], 0x0)
r9 = syz_open_procfs(0x0, 0x0)
io_submit(r8, 0x1, &(0x7f0000002340)=[&(0x7f0000000040)={0x0, 0x300, 0x0, 0x5, 0x0, r9, 0x0}])
r10 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
fsopen(&(0x7f00000001c0)='erofs\x00', 0x0)
close_range(r10, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r7, 0xc018937e, &(0x7f0000001040)={{0x1, 0x1, 0x1018}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00'})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)

1.595761728s ago: executing program 1 (id=853):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYRES8=r0], 0x80}, 0x1, 0x0, 0x0, 0x10}, 0x8840)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000180)={<r3=>0x0, 0x25, "1834284f9afef10e47d898d96c01ce902f7b5a829ef2c81e3de16ee34a380a9117a282d18d"}, &(0x7f0000000240)=0x2d)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000280)={r3, 0x7}, 0x8)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@mpls_getnetconf={0x44, 0x52, 0x20, 0x70bd2d, 0x25dfdbfd, {}, [@NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_IFINDEX={0x8}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0xb7b}, @NETCONFA_IFINDEX={0x8}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0xd}]}, 0x44}}, 0x0)
syz_emit_ethernet(0x16, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0004f9f70000af353c4b"], 0x0) (async)
syz_emit_ethernet(0x16, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0004f9f70000af353c4b"], 0x0)
pipe(&(0x7f00000001c0)={<r4=>0xffffffffffffffff})
socket$inet_udp(0x2, 0x2, 0x0) (async)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5) (async)
close(r5)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r4, 0x40405515, &(0x7f00000002c0)={0xa, 0x0, 0x1, 0x7ff, 'syz0\x00', 0x90})
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x161b01, 0x0) (async)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x161b01, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0xd)
write$binfmt_aout(r6, 0x0, 0xff2e)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_DELSET={0x44, 0xb, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x40002}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x33}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x28}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x20}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}]}, @NFT_MSG_NEWSETELEM={0x38, 0xe, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x10}}, 0xe8}}, 0x0)
splice(r4, 0x0, r5, 0x0, 0x4ffe6, 0x0)
bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
pipe(&(0x7f0000000680)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$inet_udp(0x2, 0x2, 0x0)
close(r10) (async)
close(r10)
socket$inet6(0x10, 0x3, 0x0) (async)
r11 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r11, &(0x7f0000000380)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x4001, 0x0, 0xfffffffffffffe48)
recvfrom$inet6(r11, &(0x7f0000000000)=""/45, 0x44, 0x0, 0x0, 0x0)
write$binfmt_misc(r9, &(0x7f0000000000), 0xfffffecc)
splice(r8, 0x0, r10, 0x0, 0x200000000622c, 0x0) (async)
splice(r8, 0x0, r10, 0x0, 0x200000000622c, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xd)

1.467076514s ago: executing program 1 (id=855):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000020000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = socket$unix(0x1, 0x5, 0x0)
shutdown(r1, 0x6)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r3, 0x0)
iopl(0x3)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x20003000, 0x0, 0x0, 0x0, 0x0, 0x0)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r2, &(0x7f0000000340)="41000000010001", 0x7)
r4 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r4, 0x29, 0x24, &(0x7f00000000c0), 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="7f0000006800e978000000000000000002000004000b00"], 0x1c}, 0x1, 0xff000000}, 0x0)
getpid()
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x140b43)
syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0)

1.384564709s ago: executing program 1 (id=856):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000005c0)={@fallback=r2, 0x2b, 0x0, 0xa315, &(0x7f0000000240)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000500), 0x0, 0x0}, 0x40)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = openat$autofs(0xffffff9c, &(0x7f0000000000), 0x80001, 0x0)
fstatfs(r3, &(0x7f0000000340)=""/4096)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r4 = timerfd_create(0x0, 0x0)
getrandom(&(0x7f0000002080)=""/244, 0xf4, 0x3505b64c3c59dac1)
timerfd_gettime(r4, &(0x7f0000000040))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = syz_io_uring_setup(0x48d4, &(0x7f0000000080)={0x0, 0x1fffff, 0x20, 0x40000004}, &(0x7f0000000040)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r5, 0xa3d, 0x0, 0x0, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r8 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
syz_open_dev$mouse(&(0x7f0000000000), 0x7, 0x18800)
io_setup(0x3, &(0x7f0000000180)=<r9=>0x0)
openat$mice(0xffffff9c, &(0x7f0000000200), 0x24000)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a84350014060000000000000000000000000000000000fe80000000004e224cb1bf2d70d8722a4bec43207b4bfe2d7100cd7652d3582f5e77990014e21c702d945a934059b7d6073121cf0b774020674ad9d79c1cd2342956acc9892508d6e64f", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="500200009078e300"], 0x0)
r10 = syz_open_procfs(0x0, 0x0)
io_submit(r9, 0x1, &(0x7f0000002340)=[&(0x7f0000000040)={0x0, 0x300, 0x0, 0x5, 0x0, r10, 0x0}])
r11 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
fsopen(&(0x7f00000001c0)='erofs\x00', 0x0)
close_range(r11, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r8, 0xc018937e, &(0x7f0000001040)={{0x1, 0x1, 0x1018}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00'})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)

378.979324ms ago: executing program 1 (id=857):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fsopen(0x0, 0x0)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), r0) (fail_nth: 14)
sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f00000002c0)={0xa8, r1, 0x20, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "4c98eccf719a1206e2874d5a3f3d7e02f3cc34e7"}}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x88}]}, @TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x101}]}, @TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x20000000}, 0x1)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYBLOB], 0x58}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xchacha20-simd,anubis-generic,nhpoly1305-sse2)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0)=@newqdisc={0x24, 0x24, 0x100}, 0x24}}, 0x0)
recvmsg$can_raw(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000100)=""/16, 0xf000}, {&(0x7f00000010c0)=""/4096, 0x1000}], 0x2}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48)
syz_open_dev$tty1(0xc, 0x4, 0x2)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f0000000480)={0x2, [0x0, 0x0]}, &(0x7f00000004c0)=0xc)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]})
socket(0x0, 0x0, 0x0)
r9 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r9, 0x402, 0x26)
fcntl$notify(0xffffffffffffffff, 0x402, 0x2e)
close_range(r8, r6, 0x0)
openat$sw_sync(0xffffff9c, &(0x7f0000000000), 0x41, 0x0)

0s ago: executing program 1 (id=858):
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x28000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = dup(r3)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r4, 0xc018937d, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r5=>0xffffffffffffffff}, './file0\x00'})
ioctl$I2C_FUNCS(r5, 0x705, &(0x7f0000001180)=0x9)
ioctl$SOUND_MIXER_READ_DEVMASK(r0, 0x80044dfe, &(0x7f00000000c0))
syz_open_dev$dri(&(0x7f0000000040), 0xac5, 0x100000)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
sendto(r6, &(0x7f0000000100)="ab79628490b527487ada82d8e96134416233afcd0c9972ca8f133d8d03e29858882c4b88663f02613de40c6100ccfdea673ff723c7c2d814f486f29c5bdf73967dfdde97a30b9fff7b3f9f9b7ec536d6c7aa6923fc7ef59e3c54a0fd6edaa63181bd973d8958698de8da94bb06ee7d8aac3672d3f023ffc3c6af2ebb2d50d77e3ea95e676abcba61535d089205e5acfd2786b0e82e0de698b323da6a7ce3ea18ee0e92445fcb1d9be5ac8e4d77889643c56459918411939d54400cf96203ac45ed877f1a430ee307d2e2064e86d109b8c232c39ec8d8e0290391ae5f54f95077f6dbdc224540fc721f0b92aa922cd2bc09a91156874060102ecd64230608ebe6a4573ee91faa8e68f89c563a7d467d3cc40f94be9f9a5ee6bdb4fd43d5ddefb51396d8c19a2baaca549c36034d56958fce5cdd81e61e3e0287c8a9ba093aa89ef6cef5306484573b1b3d4923442ab6231784c54b1f894ee81a1780802fcf6f49d0e42161c525c2181102650b3b6a07ba297b55f5b7bc1bd9290febf197538a332db8c11b50a0a88ff1b04637efac3fac4d258675fc0612d614cae19f355cc3c1cc4640242ad22c42d1d660bbefd43333e65c1ff4b74888f5328f50d0c7f558ea78c613f2c629276c6df17a93922d2d58f2c37fd73722f163b133218f0eb066b4782a7ae252cd04f8e2ca65f3490e161f1413a80b37950f1f282da24f79796840861cd8b015134fb57d1d926f0190bb0cb02078e571292bb53293106f374c4bb16c15f5b6b778e82ffb096467b1f19627e5b8a9490209cf8f037398eca95ab208ba0144d3a48d90a19beae48bddf676c2f456871463d81ebbe65641605ee347629d7908560046d1c8c39df069e26310d27d7fb12dfa38ef522b4e8f69edd4c390e67403bc35b91e58bd3670ebbe953ef17225db88de28b59c16e34ca2176242bda92bbc2a809c058d15b46660646b328a6c35693da21f70699671d3cf959506b5f17d9aa84d20d670cfc74b57bf457f0421eb990315c5eded1c9caca7e469ab6b01502ae994f28345c1b9c62675bbae8d3b2913a8ef3966b81cbd35e2d63326042ea65707d65430f4ccb77a1ad810bd2da4dfad5cc1a8b0a4f58917f572add5a993303abcf35530fe9839e1974140050de430b3bd8f98a1ebc1aa68b96002688c03c1daee89fe7cee9a961d2a197c16bbb1cc58cc13049dbe6e000dea94c9dd1a19323fa7bef24117583d90bea6dc200c713138a8f05f2d8f7cc0e1c547d218236856414c58a40243ee6252ddbf836491ecc3f6eadb73bca62166f07a26663334bf68553f0d3664d0da5f0790cccd865a426f77dbb3cf8520a59534952fd4b5036e8d972f626438816bfc7c0f3a9d5030314672516468f9ff80bab8e2aa4978adbce207eaa3be55de9d62d39b532415f99188c627f0a6c99810a359fb82387c7ad37b4d3e7a1c7b388f7c7825b70a670c604d9b0e505e4a63841c87420f30fb36f3b8d27486e9141e95701da922a006c86c120872dee5b9e231b9c9f047a7f57d385e13068b939083b6269db2c777227c9fabcc1284981ea41c3de697a481bc9cd7897d6ddf63ba1bdc016f0f7b4fd58d3b9217b1d0eaa774aa68adc80af18d8c2166e7f020d98e2998e12893b6ddf9fedb119f4355283306b6864ffb37718b1f9231979a776b14579006f2cd709c28288a477cb9182bf14a271bbf6573142f23d44bc57722859748bd95ff17f93fa633831fba916751b663d0fb666ae4fd2d36a43403a80b82c1b735f0a67678e83bead2986be613585b6bc2ea05ebfe96e2bf254db347c3f534de4c7603bd67b5c2e9b03db8ef5deb8512a9634c0ebbbdbf5989faf5e82f27cf1a2bcf7347878f341c218dbbe83a73d731ba42180213ce0c081897fc9c64612a7a9cf7e03eacf53530a64b060240f24cad41ec0973e6ed7b5022f7b2a267b58cea5c9657bea761af617c85e63e159008afa5f4f6e2bd51f968be764e0b0700e83fad8c00ee080fff72bdd4237788c2c550d3019a89951e6afcbfb6002842d216ce9dd4b168774d2d3cebeafdab9f152a83589df186974db7415acaee3aac5a424988b7d966429320a1550cf3b6d7501414099f5b47e912630e89c46b13356a94a5c622d826ed488f1afa9b1fdf1bc728e31d266bccdcab1dfb5228d8781c772936cbca7ad1b885f1242e9c2966164815da74810c32911cb83176476c1b54956df10f267386ac0bedf0a0fc4c5a5129264fd5e3b21e91ff3cf1fe28775fa78f5275938ede6c2629c89d90dfbeec432dfa3b1ef5f36377297009acf489811ebc2adb29b911c07e4ef9dc9dbd060301b1191007e4d867eea297a21a4ffa6c282aae9e20c29d1983c319667bc6e82df1c0e319f9767d4896fe8d37d0d0dbae0a19467c7670b36200b89b09a78cc885c16077320b836b56ea34ea05c56857dc0f59300784c8ad6dd66ddbf3d4727cbf2553ceedb23580e458cf2041073dfc148f6579acf531321125e2103f202908c13b69704b2c151e0f987867214b9235974a2f1eb8e910f4db6805d3a742cfe2f0a40dc250518a30eee5e8a8c56ff4144bebad91d27074980572384f3b5131d8d46c0af93dec75905784d9429225a3a457dc13e05c3f7b5a2a07ccea0f896a0e8ab702fb155f9979dd0208e8edea432682e2780c46b121b25a183a12204665e3e76da4ced33e76c8cd7e3da783d793a6352ad0cb44e07a2b5ff723beb92fd53834e0ff5b69e038c4b1e88fcb32fe78634d8f1c3b7f11d9b5293ecb2f3483d7d31ba157c6876880e4994f7c08bd015a2f2f3a4e4bd3c9634112b89996678baca76d6c1709d5fb7baa6abed0d59a69227e83c00d937c79b22389f45841de162ab485d655b54cae90bbc8308fdfd0f521524a9352370d20de7e965dc5b4530c483dd4ad74b27756da968b2920472e71310a8e4be6574a082bf172820689fed163aaeb9bffc29a72cbbc8218d647d900bc440d3e01b0c060c59b7da013f33d2d4582bf1e05f6fe82ab4736d624c73d3762e22b02e038c6dfd96b3262f32d178a13aa3dcaf75281c7bd544477d06b8867b380377dda96ddfab2fc74d96b2e478023edf75e511fa0279299bc5f3414bde2a734dfc43374eff8bea4ebdab02d5c11bc64a67b89575974053c2c52aed4dc280c59f1d7cb32f0417a4062e74958a57b075d30e1545e52b7a1cb30b5503cb0b68518cf971bb5299899942d2dd8365160524f7043a3278df3f6fbb987818f12aef1d9be9e1dd12cbd61f2bb80cb99865cbea613ab0a8543918b3468ca48cb7abb64254d2edd7b373f03476df805131ba1edf12fe11ad3097f880f4941a247913bcd773a5114acb7cca4dce16429156803087e8077af4cdcd57ed533f608353fcf63dccdef3dbedf0e7686b03ca9cc0a0c19528638c4308a510fc8511b0bb99c0b9e5f95eb5ccac2f660c3c77dc70cbcb94087ed42761882528b09804e1bfe54ea247bc90a3fae5f1b81bda18849439e27f131ece2bf48d388729ba7f3c39e179f383f471e88cf087b2760546664cf1a410cf3c696a69f71660947bea08ecd3039213c8800ac983fcde301c25374096c86eebaf9cff38596625d4a7dbdf80a34c9c3a0de8c7f223966a91f3984b6b613ea810d7a1665a43aada1fb423888889ae08ceee161f7de4ea6d29eec0261af562663d1926437b377b2e96e063dce9f7d3d1f71b13c75964dbca31103a183815dbbef524e9007615a47876c0c7044fa0b89555311d3aebd6cba541432f9ab5b41880d388942a2b415baa502b0d183d83e3c16a79e6d900f39b542814a57a5098a00b689fb95adf63c8db2e2db9dc4a10c79fe4ec5eef2367848ee08a99442582c996de49acf003d310a63b893c650867a000a1c33cd1b8528adf3a5fe9b20da282b4a750a3e700a97c6cf6cd825d1ec36cdc24471a12c839923637e202acfd64d5426199bda204cc0d2669f60f76831ec13bace7e2c43e27e540748252dea541cf12e691c68e4d8973fa3d571e85992df1f4373e4464955e5b4ed04e38c902e03a13ebccf35c04996f07202533c3e1165dc3f3369ae1a614c1047179bde732000cf8d8fb45464028a43b75d998531962f4f95aef16b61341ebb3a43edd709ca57c93069ff1c58f14ef8eebddf7ac42617a6ad5a6667bed9f4190112fab6e49e792c2d4689b841998fc1c58cc3ed9e36445878f1db104164c3e169934705b22ca415f77fc5743bce0cf71d22ffb2c981288f753bd4d88de04ca89114f43d925b9394539155f8fea5d7377544c00954bde6c68bdf6066093300f78996e99f328ea67754af86e7b9afd6242de3cc3c2923c172cff023da887f68428f0828aa3b0658dd45a7b03d75176bf0f0ae3ce8cc01f455307588a437ec53bf9ff73cd5b773d4ec130a0a8ae5babceffcaca47159c16725dec7bc7bcd001779f23556c745aa97549638025c34b0c3a95ac4d493e9a7e9c3706c1c33779d693363f1e24f3c4580b15c10c456109be1bfb77c7b7560a3abe3b712cbf6fba7982196dbbf40291b4c7b7740bf9e1b358cde87074fc95562db999dde83fe4f8f5633d2c92d476efcf233abc781e2719cac4a4d76048b00bdb6f96908527332a889610c4f1baa0d0a0935c7fe7d768da39af1aa42e57816d097a93bf1ffe508375b19b9bf9c6612dfbd9d5086750e5d45c0b3da6533ae413f07a5c51a9e791e32f7c42dd7780e9555bc2e576abf2418ba8accfb23ce7930b50763fa7874cbc39ec55e95ee4a5cc3f42d3ecb3ab4f9afceb2232b771d0ec2ee41973084ab360e7ede1f6d1cd77347a7158d3e79a1ddc88ed27e19532cbef831bd52221465463fb205caf27ff2bee80699182d8cd4000c0fdc0c08d4d93be21b64c42441560dacf650cfc39a080ca46445e99f87478b4091980a23e917fd528ff88caee1eedaff6745d3f522e6c2e9563169295233e701d9d20e906b4e5fdd9d4c88e19c33e3169058e68e3a4e0e555787e7636825ab6580a0781eebcae0d025b0b7902e663c5081bc9b03a5f8ca1690fcc5f0c4a9407f97f821a57cad3b9d5637368e2b97b77320262a47216ae6dbe555fe258a8fd9482b2914e72c894190bde5326a2c424d0464621be0f06160d4c3495af44f7173719ad53ba356f89f1aaabab81e2ca0bd2cafc63cb91517509c69659647b76c65e6e4a30b033a590096091ae57e62542a5c30d0628641fd67c5510f02fad352db5eaaa3f6792e68bec0dc5bc98eb6310ced60ce7c0345aa91afb70778cf2ecb3bc869e64c7b680c61cd0b8923b05c02158b570a8b3f7ab15da8eae48ec5b03e238ac211a098cab6d06ad31aa2d64586ab856a0c36ff73bb8ba45e4fa998a6f3437ff7500f6209b0aeb2003b3ff92e5f2053fda13653dd2cf4fc1da028f84fcc8171dc5f43a3536e4e2cf2299aa473c3f8cfd5cacbead3c31b378f8ae3fd100d08531f6b74a14bad6ba391dfbe0778fec181d18c366402d7964b9af3ac31e7a2cff09f560c5ec66877316c6d854cf33579aacdb48ffb3fbd0a7fd8470b3e943afe03ed63a0a1edc4598fa30f2ab0e5308b97dea9d0e37b49ee565337714f3d866de4e7fdcb8554bb2e1dccb5097b6e9f1579230839e5c38b2cb3ee1b270443afe0dba083faf421536d7ff04f37fd7b65d9baa688546953db5409e299c89d5239cba35ed523de6b38a98f653d06a32bf77dd5908c03208b899ed604eb472faa4692ba6276150bd9ae9ea6092373eaefb3a03acfc614a96a155412f7eadac640b9a0b1ec08c5206adb7e83f4aa", 0x1000, 0x80, &(0x7f0000001100)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x26}}}, 0x80)

0s ago: executing program 1 (id=860):
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@remote, 0x0, 0x2}, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c8, &(0x7f0000000100)) (fail_nth: 10)

kernel console output (not intermixed with test programs):

d
[  185.648098][ T7651] 0 pages cma reserved
[  185.724673][ T7653] ptrace attach of "/syz-executor exec"[7397] was attempted by "/syz-executor exec"[7653]
[  187.091328][   T39] audit: type=1326 audit(186.970:3962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7668 comm="syz.3.588" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x0
[  187.411317][ T5385] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  187.576532][ T5385] usb 7-1: Using ep0 maxpacket: 8
[  187.579784][ T5385] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  187.586741][ T5385] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  187.591401][ T5385] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  187.596130][ T5385] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  187.601822][ T5385] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  187.604265][ T5385] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.611367][ T5385] hub 7-1:1.0: bad descriptor, ignoring hub
[  187.618743][ T5385] hub 7-1:1.0: probe with driver hub failed with error -5
[  187.624303][ T5385] cdc_wdm 7-1:1.0: skipping garbage
[  187.625890][ T5385] cdc_wdm 7-1:1.0: skipping garbage
[  187.635482][ T5385] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  187.639436][ T5385] cdc_wdm 7-1:1.0: Unknown control protocol
[  188.216590][ T1443] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  188.378902][ T1443] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  188.381948][ T1443] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  188.385115][ T1443] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  188.397097][ T1443] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  188.406073][ T1443] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  188.409490][ T1443] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  188.412979][ T1443] usb 6-1: Product: syz
[  188.414478][ T1443] usb 6-1: Manufacturer: syz
[  188.429609][ T1443] cdc_wdm 6-1:1.0: skipping garbage
[  188.431021][ T1443] cdc_wdm 6-1:1.0: skipping garbage
[  188.432880][ T1443] cdc_wdm 6-1:1.0: cdc-wdm2: USB WDM device
[  188.434882][ T1443] cdc_wdm 6-1:1.0: Unknown control protocol
[  189.962040][    C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  189.963769][ T5402] usb 7-1: USB disconnect, device number 10
[  189.964290][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  189.967985][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  189.973608][    T8] usb 6-1: USB disconnect, device number 6
[  190.138915][ T7691] netlink: 16 bytes leftover after parsing attributes in process `syz.2.594'.
[  190.321509][ T7697] netlink: 68 bytes leftover after parsing attributes in process `syz.0.597'.
[  190.328372][ T7697] trusted_key: encrypted_key: insufficient parameters specified
[  190.383395][ T7700] fuse: Unknown parameter 'user_i00000000000000000000'
[  190.439649][ T7698] input: syz0 as /devices/virtual/input/input9
[  190.447348][ T7701] fuse: Bad value for 'fd'
[  190.506392][ T5352] Bluetooth: Wrong link type (-71)
[  190.949508][ T7707] mkiss: ax0: crc mode is auto.
[  190.965111][ T7707] binder: 7706:7707 ioctl c0306201 20000480 returned -22
[  190.981584][   T39] audit: type=1326 audit(190.870:3963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.601" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  190.993355][   T39] audit: type=1326 audit(190.870:3964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.601" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  191.008019][   T39] audit: type=1326 audit(190.870:3965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.601" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf749e579 code=0x7ffc0000
[  191.013605][   T39] audit: type=1326 audit(190.870:3966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.601" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  191.033003][   T39] audit: type=1326 audit(190.870:3967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.601" exe="/syz-executor" sig=0 arch=40000003 syscall=355 compat=1 ip=0xf749e579 code=0x7ffc0000
[  191.044796][   T39] audit: type=1326 audit(190.870:3968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.601" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  191.061225][   T39] audit: type=1326 audit(190.870:3969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.601" exe="/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf749e579 code=0x7ffc0000
[  191.076610][   T39] audit: type=1326 audit(190.870:3970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.601" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  191.096570][   T39] audit: type=1326 audit(190.870:3971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.601" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf749e579 code=0x7ffc0000
[  191.103075][   T39] audit: type=1326 audit(190.870:3972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.601" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  193.117060][ T7738] netlink: 4 bytes leftover after parsing attributes in process `syz.1.609'.
[  193.388672][ T7743] fuse: Unknown parameter 'user_i00000000000000000000'
[  193.455731][ T7744] fuse: Bad value for 'fd'
[  193.470626][ T5352] Bluetooth: Unexpected start frame (len 18)
[  193.474436][ T5352] Bluetooth: Wrong link type (-71)
[  193.599308][ T1373] ieee802154 phy0 wpan0: encryption failed: -22
[  193.601020][ T1373] ieee802154 phy1 wpan1: encryption failed: -22
[  193.713233][ T7746] netlink: 'syz.1.611': attribute type 10 has an invalid length.
[  193.720561][ T7746] hsr0: entered promiscuous mode
[  193.730188][ T7746] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  193.733568][ T7746] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  193.737894][ T7746] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  193.741744][ T7746] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  195.474061][ T7767] [U] 
[  195.766939][ T5402] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  195.807186][ T7777] tmpfs: Bad value for 'mpol'
[  195.815160][ T7777] =======================================================
[  195.815160][ T7777] WARNING: The mand mount option has been deprecated and
[  195.815160][ T7777]          and is ignored by this kernel. Remove the mand
[  195.815160][ T7777]          option from the mount to silence this warning.
[  195.815160][ T7777] =======================================================
[  195.815418][ T7774] netlink: 'syz.3.619': attribute type 2 has an invalid length.
[  195.829014][ T7774] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  195.838446][ T7774] netlink: 'syz.3.619': attribute type 2 has an invalid length.
[  195.840802][ T7774] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  195.845144][ T7774] netlink: 'syz.3.619': attribute type 2 has an invalid length.
[  195.849573][ T7774] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  195.862319][ T7774] netlink: 'syz.3.619': attribute type 2 has an invalid length.
[  195.864591][ T7774] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  195.873345][ T7774] netlink: 'syz.3.619': attribute type 2 has an invalid length.
[  195.875688][ T7774] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  195.882995][ T7774] netlink: 'syz.3.619': attribute type 2 has an invalid length.
[  195.886297][ T7774] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  195.894710][ T7774] netlink: 'syz.3.619': attribute type 2 has an invalid length.
[  195.897328][ T7774] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  195.902445][ T7774] netlink: 'syz.3.619': attribute type 2 has an invalid length.
[  195.906130][ T7774] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  195.916557][ T5402] usb 6-1: Using ep0 maxpacket: 16
[  195.928713][ T7774] netlink: 'syz.3.619': attribute type 2 has an invalid length.
[  195.931237][ T5402] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  195.934394][ T5402] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  195.939190][ T7774] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  195.944427][ T5402] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  195.947017][ T5402] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.950488][ T5402] usb 6-1: config 0 descriptor??
[  195.954411][ T7774] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  196.097804][ T7786] netlink: 8 bytes leftover after parsing attributes in process `syz.3.622'.
[  196.321610][ T7795] Cannot find set identified by id 0 to match
[  196.414477][ T7796] autofs: Bad value for 'fd'
[  196.419408][ T7796] overlay: ./bus is not a directory
[  196.423678][   T39] kauditd_printk_skb: 112 callbacks suppressed
[  196.423690][   T39] audit: type=1804 audit(196.310:4085): pid=7796 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.625" name="/newroot/24/file0/file0" dev="9p" ino=36049821 res=1 errno=0
[  196.436179][   T39] audit: type=1326 audit(196.320:4086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7797 comm="syz.0.627" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  196.443772][   T39] audit: type=1326 audit(196.320:4087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7797 comm="syz.0.627" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  196.451378][   T39] audit: type=1326 audit(196.320:4088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7797 comm="syz.0.627" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf749e579 code=0x7ffc0000
[  196.460796][   T39] audit: type=1326 audit(196.320:4089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7797 comm="syz.0.627" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  196.466297][   T39] audit: type=1326 audit(196.320:4090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7797 comm="syz.0.627" exe="/syz-executor" sig=0 arch=40000003 syscall=355 compat=1 ip=0xf749e579 code=0x7ffc0000
[  196.472351][   T39] audit: type=1326 audit(196.320:4091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7797 comm="syz.0.627" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  196.479173][   T39] audit: type=1326 audit(196.320:4092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7797 comm="syz.0.627" exe="/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf749e579 code=0x7ffc0000
[  196.485095][   T39] audit: type=1326 audit(196.320:4093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7797 comm="syz.0.627" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  196.496324][   T39] audit: type=1326 audit(196.320:4094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7797 comm="syz.0.627" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf749e579 code=0x7ffc0000
[  196.790037][ T7803] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  196.799070][ T7803] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  196.810264][ T7803] netlink: 24 bytes leftover after parsing attributes in process `syz.3.628'.
[  196.938352][ T7801] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  196.947131][ T7801] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  197.480619][ T7818] netlink: 8 bytes leftover after parsing attributes in process `syz.0.632'.
[  197.484642][ T7818] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.487867][ T7818] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.469185][ T5402] usbhid 6-1:0.0: can't add hid device: -71
[  198.470816][ T5402] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  198.497981][ T5402] usb 6-1: USB disconnect, device number 7
[  198.676049][ T7828] netlink: 32 bytes leftover after parsing attributes in process `syz.1.635'.
[  198.679341][ T7828] FAULT_INJECTION: forcing a failure.
[  198.679341][ T7828] name failslab, interval 1, probability 0, space 0, times 0
[  198.682607][ T7828] CPU: 2 UID: 0 PID: 7828 Comm: syz.1.635 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  198.685349][ T7828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  198.688167][ T7828] Call Trace:
[  198.689062][ T7828]  <TASK>
[  198.689850][ T7828]  dump_stack_lvl+0x16c/0x1f0
[  198.691084][ T7828]  should_fail_ex+0x497/0x5b0
[  198.692309][ T7828]  ? fs_reclaim_acquire+0xae/0x160
[  198.693666][ T7828]  should_failslab+0xc2/0x120
[  198.694949][ T7828]  kmem_cache_alloc_node_noprof+0x71/0x310
[  198.696461][ T7828]  ? __alloc_skb+0x2b3/0x380
[  198.697686][ T7828]  ? bpf_lsm_capable+0x9/0x10
[  198.698913][ T7828]  __alloc_skb+0x2b3/0x380
[  198.700085][ T7828]  ? __pfx___alloc_skb+0x10/0x10
[  198.701388][ T7828]  ? genl_rcv_msg+0x4e0/0x800
[  198.702612][ T7828]  ? genl_rcv_msg+0x4bd/0x800
[  198.703843][ T7828]  netlink_ack+0x164/0xb20
[  198.705025][ T7828]  netlink_rcv_skb+0x327/0x410
[  198.706304][ T7828]  ? __pfx_genl_rcv_msg+0x10/0x10
[  198.707636][ T7828]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  198.709071][ T7828]  ? down_read+0xc9/0x330
[  198.710273][ T7828]  ? __pfx_down_read+0x10/0x10
[  198.711550][ T7828]  ? netlink_deliver_tap+0x1ae/0xcf0
[  198.712928][ T7828]  genl_rcv+0x28/0x40
[  198.713987][ T7828]  netlink_unicast+0x53c/0x7f0
[  198.715273][ T7828]  ? __pfx_netlink_unicast+0x10/0x10
[  198.716643][ T7828]  ? __phys_addr_symbol+0x30/0x80
[  198.718003][ T7828]  ? __check_object_size+0x488/0x710
[  198.719379][ T7828]  netlink_sendmsg+0x8b8/0xd70
[  198.720629][ T7828]  ? __pfx_netlink_sendmsg+0x10/0x10
[  198.722293][ T7828]  ? lock_acquire+0x2f/0xb0
[  198.723496][ T7828]  ____sys_sendmsg+0x9ae/0xb40
[  198.724765][ T7828]  ? __pfx_____sys_sendmsg+0x10/0x10
[  198.726147][ T7828]  ? get_compat_msghdr+0x11b/0x170
[  198.727485][ T7828]  ? __pfx___lock_acquire+0x10/0x10
[  198.728864][ T7828]  ___sys_sendmsg+0x135/0x1e0
[  198.730030][ T7828]  ? __pfx____sys_sendmsg+0x10/0x10
[  198.731389][ T7828]  ? lock_acquire+0x2f/0xb0
[  198.732577][ T7828]  ? __fget_files+0x40/0x3f0
[  198.733799][ T7828]  ? fdget+0x176/0x210
[  198.734926][ T7828]  __sys_sendmsg+0x117/0x1f0
[  198.736132][ T7828]  ? __pfx___sys_sendmsg+0x10/0x10
[  198.737460][ T7828]  ? __fget_files+0x244/0x3f0
[  198.738685][ T7828]  __do_fast_syscall_32+0x73/0x120
[  198.740014][ T7828]  do_fast_syscall_32+0x32/0x80
[  198.741372][ T7828]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  198.743032][ T7828] RIP: 0023:0xf7f97579
[  198.744113][ T7828] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  198.749211][ T7828] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  198.751356][ T7828] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000180
[  198.753394][ T7828] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  198.755473][ T7828] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  198.757513][ T7828] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  198.759555][ T7828] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  198.761614][ T7828]  </TASK>
[  198.880366][ T7831] netlink: 8 bytes leftover after parsing attributes in process `syz.1.636'.
[  199.384139][ T7834] FAULT_INJECTION: forcing a failure.
[  199.384139][ T7834] name failslab, interval 1, probability 0, space 0, times 0
[  199.389566][ T7834] CPU: 3 UID: 0 PID: 7834 Comm: syz.0.637 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  199.392536][ T7834] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  199.395513][ T7834] Call Trace:
[  199.396438][ T7834]  <TASK>
[  199.397287][ T7834]  dump_stack_lvl+0x16c/0x1f0
[  199.398604][ T7834]  should_fail_ex+0x497/0x5b0
[  199.399871][ T7834]  ? fs_reclaim_acquire+0xae/0x160
[  199.401285][ T7834]  should_failslab+0xc2/0x120
[  199.402576][ T7834]  __kmalloc_cache_noprof+0x6b/0x310
[  199.404109][ T7834]  ? hugetlb_vma_lock_alloc+0xc2/0x1f0
[  199.405599][ T7834]  hugetlb_vma_lock_alloc+0xc2/0x1f0
[  199.407027][ T7834]  hugetlb_vm_op_open+0x27b/0x5c0
[  199.408503][ T7834]  ? __pfx_hugetlb_vm_op_open+0x10/0x10
[  199.410033][ T7834]  __split_vma+0x799/0x1210
[  199.411327][ T7834]  ? __pfx___split_vma+0x10/0x10
[  199.412718][ T7834]  vma_modify.constprop.0+0x156d/0x2440
[  199.414312][ T7834]  ? __pfx_vma_modify.constprop.0+0x10/0x10
[  199.415912][ T7834]  vma_modify_flags+0x209/0x2a0
[  199.417296][ T7834]  ? __pfx_vma_modify_flags+0x10/0x10
[  199.418787][ T7834]  ? may_expand_vm+0xe8/0x430
[  199.420069][ T7834]  mprotect_fixup+0x2c2/0xbe0
[  199.421538][ T7834]  ? __pfx_mprotect_fixup+0x10/0x10
[  199.422938][ T7834]  do_mprotect_pkey+0x986/0xd00
[  199.424302][ T7834]  ? __pfx_do_mprotect_pkey+0x10/0x10
[  199.425746][ T7834]  ? __mutex_unlock_slowpath+0x164/0x650
[  199.427300][ T7834]  ? __fget_files+0x244/0x3f0
[  199.428589][ T7834]  ? __pfx_ksys_write+0x10/0x10
[  199.429918][ T7834]  __ia32_sys_mprotect+0x75/0xb0
[  199.431275][ T7834]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  199.433068][ T7834]  __do_fast_syscall_32+0x73/0x120
[  199.434531][ T7834]  do_fast_syscall_32+0x32/0x80
[  199.435853][ T7834]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  199.437535][ T7834] RIP: 0023:0xf749e579
[  199.438635][ T7834] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  199.443896][ T7834] RSP: 002b:00000000f578656c EFLAGS: 00000296 ORIG_RAX: 000000000000007d
[  199.446129][ T7834] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000800000
[  199.448242][ T7834] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000000
[  199.450492][ T7834] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  199.452596][ T7834] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  199.454736][ T7834] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  199.456846][ T7834]  </TASK>
[  199.474087][ T7834] HugeTLB: unable to allocate vma specific lock
[  199.524022][ T7836] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.638'.
[  200.908686][ T7867] cgroup: No subsys list or none specified
[  200.913570][ T7867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  200.917475][ T7867] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  200.930954][ T7867] validate_nla: 25 callbacks suppressed
[  200.930969][ T7867] netlink: 'syz.3.645': attribute type 10 has an invalid length.
[  200.935137][ T7867] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  200.942161][ T7867] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  200.945506][ T7867] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  200.950548][ T7867] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  200.974225][ T7871] FAULT_INJECTION: forcing a failure.
[  200.974225][ T7871] name failslab, interval 1, probability 0, space 0, times 0
[  200.979172][ T7871] CPU: 1 UID: 0 PID: 7871 Comm: syz.1.647 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  200.982634][ T7871] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  200.986145][ T7871] Call Trace:
[  200.987274][ T7871]  <TASK>
[  200.988276][ T7871]  dump_stack_lvl+0x16c/0x1f0
[  200.989732][ T7871]  should_fail_ex+0x497/0x5b0
[  200.990953][ T7871]  ? fs_reclaim_acquire+0xae/0x160
[  200.992311][ T7871]  should_failslab+0xc2/0x120
[  200.993576][ T7871]  __kmalloc_noprof+0xcb/0x410
[  200.994858][ T7871]  sk_prot_alloc+0x1a8/0x2a0
[  200.996086][ T7871]  sk_alloc+0x36/0xb90
[  200.997186][ T7871]  bpf_prog_test_run_skb+0x335/0x2140
[  200.998595][ T7871]  ? lock_acquire+0x2f/0xb0
[  201.000022][ T7871]  ? __fget_files+0x40/0x3f0
[  201.001606][ T7871]  ? __fget_files+0x244/0x3f0
[  201.003210][ T7871]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  201.005186][ T7871]  ? fput+0x30/0x390
[  201.006520][ T7871]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  201.008482][ T7871]  __sys_bpf+0x1921/0x5780
[  201.009849][ T7871]  ? ksys_write+0x21e/0x260
[  201.011386][ T7871]  ? __pfx___sys_bpf+0x10/0x10
[  201.013014][ T7871]  ? vfs_write+0x14d/0x1140
[  201.014578][ T7871]  ? __mutex_unlock_slowpath+0x164/0x650
[  201.016487][ T7871]  ? fput+0x30/0x390
[  201.017824][ T7871]  ? ksys_write+0x1ad/0x260
[  201.019030][ T7871]  ? __pfx_ksys_write+0x10/0x10
[  201.020302][ T7872] netlink: 8 bytes leftover after parsing attributes in process `syz.0.646'.
[  201.023612][ T7871]  __ia32_sys_bpf+0x76/0xe0
[  201.025168][ T7871]  __do_fast_syscall_32+0x73/0x120
[  201.025197][ T7871]  do_fast_syscall_32+0x32/0x80
[  201.028796][ T7871]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  201.030916][ T7871] RIP: 0023:0xf7f97579
[  201.032300][ T7871] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  201.038953][ T7871] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  201.041734][ T7871] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000240
[  201.044325][ T7871] RDX: 000000000000004c RSI: 0000000000000000 RDI: 0000000000000000
[  201.046925][ T7871] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  201.049526][ T7871] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  201.052104][ T7871] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  201.054699][ T7871]  </TASK>
[  201.143414][ T7876] mkiss: ax0: crc mode is auto.
[  201.154133][ T7876] binder: 7875:7876 ioctl c0306201 20000480 returned -22
[  201.442992][   T39] kauditd_printk_skb: 110 callbacks suppressed
[  201.443004][   T39] audit: type=1326 audit(201.330:4205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7878 comm="syz.1.650" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x0
[  201.603814][ T7882] nbd: device at index 3 is going down
[  201.669658][ T7882] devpts: called with bogus options
[  201.926305][ T7890] xt_CT: No such helper "syz0"
[  202.098515][ T7898] xt_CT: No such helper "syz0"
[  202.193317][    C1] net_ratelimit: 23 callbacks suppressed
[  202.193328][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  202.266761][ T7907] mkiss: ax0: crc mode is auto.
[  202.297717][ T7907] binder: 7905:7907 ioctl c0306201 20000480 returned -22
[  204.469761][ T7934] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  204.484377][ T7934] FAULT_INJECTION: forcing a failure.
[  204.484377][ T7934] name failslab, interval 1, probability 0, space 0, times 0
[  204.495423][ T7934] CPU: 3 UID: 0 PID: 7934 Comm: syz.3.667 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  204.498243][ T7934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  204.501190][ T7934] Call Trace:
[  204.502069][ T7934]  <TASK>
[  204.502849][ T7934]  dump_stack_lvl+0x16c/0x1f0
[  204.504093][ T7934]  should_fail_ex+0x497/0x5b0
[  204.505342][ T7934]  ? fs_reclaim_acquire+0xae/0x160
[  204.506681][ T7934]  should_failslab+0xc2/0x120
[  204.507917][ T7934]  __kmalloc_cache_noprof+0x6b/0x310
[  204.509512][ T7934]  ? p9_fid_create+0x45/0x470
[  204.511024][ T7934]  p9_fid_create+0x45/0x470
[  204.512566][ T7934]  p9_client_walk+0xc7/0x540
[  204.513793][ T7934]  ? __pfx_p9_client_walk+0x10/0x10
[  204.515139][ T7934]  ? v9fs_fid_lookup+0xe9/0xec0
[  204.516559][ T7934]  v9fs_vfs_lookup+0x208/0x520
[  204.518317][ T7934]  ? __pfx_v9fs_vfs_lookup+0x10/0x10
[  204.520214][ T7934]  ? lockdep_init_map_type+0x16d/0x7d0
[  204.522209][ T7934]  __lookup_slow+0x24f/0x460
[  204.523493][ T7934]  ? __pfx___lookup_slow+0x10/0x10
[  204.524826][ T7934]  ? lookup_one_unlocked+0x133/0x160
[  204.526336][ T7934]  ? d_lookup+0xe9/0x180
[  204.527854][ T7934]  lookup_one_unlocked+0x142/0x160
[  204.529724][ T7934]  ? __pfx_lookup_one_unlocked+0x10/0x10
[  204.531371][ T7934]  ovl_lookup_single+0x201/0xf60
[  204.532655][ T7934]  ? __pfx_ovl_lookup_single+0x10/0x10
[  204.534073][ T7934]  ovl_lookup_layer+0x3a9/0x4a0
[  204.535353][ T7934]  ? __pfx_ovl_lookup_layer+0x10/0x10
[  204.536746][ T7934]  ? trace_kmalloc+0x2d/0xe0
[  204.537967][ T7934]  ? __kmalloc_noprof+0x207/0x410
[  204.539325][ T7934]  ovl_lookup+0x13a9/0x21f0
[  204.540624][ T7934]  ? __pfx_ovl_lookup+0x10/0x10
[  204.542316][ T7934]  ? privileged_wrt_inode_uidgid+0xca/0x1d0
[  204.544143][ T7934]  ? __pfx_d_alloc_parallel+0x10/0x10
[  204.545565][ T7934]  ? lockdep_init_map_type+0x16d/0x7d0
[  204.546986][ T7934]  __lookup_slow+0x24f/0x460
[  204.548190][ T7934]  ? __pfx___lookup_slow+0x10/0x10
[  204.549584][ T7934]  ? walk_component+0x342/0x5b0
[  204.550849][ T7934]  ? lookup_fast+0x155/0x540
[  204.552052][ T7934]  walk_component+0x350/0x5b0
[  204.553283][ T7934]  path_lookupat+0x17f/0x770
[  204.554495][ T7934]  filename_lookup+0x1e5/0x5b0
[  204.555738][ T7934]  ? find_held_lock+0x2d/0x110
[  204.556996][ T7934]  ? __pfx_filename_lookup+0x10/0x10
[  204.558378][ T7934]  ? __might_fault+0x13b/0x190
[  204.559845][ T7934]  ? getname_flags.part.0+0x1c5/0x550
[  204.561715][ T7934]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  204.563789][ T7934]  user_path_at+0x3a/0x60
[  204.565298][ T7934]  do_fchownat+0xfa/0x200
[  204.566641][ T7934]  ? __pfx_do_fchownat+0x10/0x10
[  204.567923][ T7934]  ? __pfx_ksys_write+0x10/0x10
[  204.569636][ T7934]  __ia32_sys_lchown16+0xe6/0x120
[  204.571317][ T7934]  __do_fast_syscall_32+0x73/0x120
[  204.572646][ T7934]  do_fast_syscall_32+0x32/0x80
[  204.573920][ T7934]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  204.575556][ T7934] RIP: 0023:0xf7f91579
[  204.576621][ T7934] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  204.582682][ T7934] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000010
[  204.584832][ T7934] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000000000
[  204.586876][ T7934] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  204.589648][ T7934] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  204.592019][ T7934] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  204.594070][ T7934] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  204.596125][ T7934]  </TASK>
[  204.825135][   T39] audit: type=1326 audit(204.710:4206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7936 comm="syz.3.668" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x0
[  205.219140][ T7943] netlink: 32 bytes leftover after parsing attributes in process `syz.1.669'.
[  205.509979][ T7946] bridge0: port 3(syz_tun) entered blocking state
[  205.511956][ T7946] bridge0: port 3(syz_tun) entered disabled state
[  205.513800][ T7946] syz_tun: entered allmulticast mode
[  205.515780][ T7946] syz_tun: entered promiscuous mode
[  205.978909][   T39] audit: type=1326 audit(205.870:4207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7955 comm="syz.1.674" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  205.981854][ T7956] FAULT_INJECTION: forcing a failure.
[  205.981854][ T7956] name failslab, interval 1, probability 0, space 0, times 0
[  205.985769][   T39] audit: type=1326 audit(205.870:4208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7955 comm="syz.1.674" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  205.990495][ T7956] CPU: 1 UID: 0 PID: 7956 Comm: syz.1.674 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  205.995884][   T39] audit: type=1326 audit(205.870:4209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7955 comm="syz.1.674" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  205.999075][ T7956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  205.999090][ T7956] Call Trace:
[  205.999094][ T7956]  <TASK>
[  205.999101][ T7956]  dump_stack_lvl+0x16c/0x1f0
[  206.004435][   T39] audit: type=1326 audit(205.870:4210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7955 comm="syz.1.674" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  206.008043][ T7956]  should_fail_ex+0x497/0x5b0
[  206.008076][ T7956]  ? fs_reclaim_acquire+0xae/0x160
[  206.009002][   T39] audit: type=1326 audit(205.870:4211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7955 comm="syz.1.674" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  206.010032][ T7956]  should_failslab+0xc2/0x120
[  206.011522][   T39] audit: type=1326 audit(205.870:4212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7955 comm="syz.1.674" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  206.018506][ T7956]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  206.018540][ T7956]  ? audit_log_start+0x2bc/0x7e0
[  206.019789][   T39] audit: type=1326 audit(205.870:4213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7955 comm="syz.1.674" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  206.021532][ T7956]  audit_log_start+0x2bc/0x7e0
[  206.027427][   T39] audit: type=1326 audit(205.870:4214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7955 comm="syz.1.674" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  206.028598][ T7956]  ? __pfx_audit_log_start+0x10/0x10
[  206.054753][ T7956]  ? migrate_enable+0x1ef/0x260
[  206.056369][ T7956]  ? __pfx_migrate_enable+0x10/0x10
[  206.058160][ T7956]  audit_seccomp+0x61/0x280
[  206.059714][ T7956]  __seccomp_filter+0x816/0xf40
[  206.061383][ T7956]  ? __pfx___seccomp_filter+0x10/0x10
[  206.063214][ T7956]  __secure_computing+0x26c/0x3f0
[  206.064939][ T7956]  syscall_trace_enter+0x8b/0x240
[  206.066652][ T7956]  __do_fast_syscall_32+0xc2/0x120
[  206.068396][ T7956]  do_fast_syscall_32+0x32/0x80
[  206.070085][ T7956]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  206.072231][ T7956] RIP: 0023:0xf7f97579
[  206.073643][ T7956] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  206.080138][ T7956] RSP: 002b:00000000f57165a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  206.082966][ T7956] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5716620
[  206.085651][ T7956] RDX: 000000000000000f RSI: 00000000f741bff4 RDI: 0000000000000000
[  206.088326][ T7956] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  206.091004][ T7956] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  206.093676][ T7956] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  206.096353][ T7956]  </TASK>
[  206.876600][ T7969] fuse: Unknown parameter 'user_i00000000000000000000'
[  206.988259][ T7970] fuse: Bad value for 'fd'
[  207.005254][ T5352] Bluetooth: Unexpected start frame (len 18)
[  207.008743][ T5352] Bluetooth: Wrong link type (-71)
[  207.214926][   T39] kauditd_printk_skb: 18 callbacks suppressed
[  207.214937][   T39] audit: type=1326 audit(207.100:4231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7971 comm="syz.2.679" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x0
[  207.535466][ T7989] FAULT_INJECTION: forcing a failure.
[  207.535466][ T7989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  207.538991][ T7989] CPU: 0 UID: 0 PID: 7989 Comm: syz.1.682 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  207.541738][ T7989] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  207.544518][ T7989] Call Trace:
[  207.545436][ T7989]  <TASK>
[  207.546223][ T7989]  dump_stack_lvl+0x16c/0x1f0
[  207.547474][ T7989]  should_fail_ex+0x497/0x5b0
[  207.548935][ T7989]  _copy_from_user+0x30/0xf0
[  207.550167][ T7989]  cmsghdr_from_user_compat_to_kern+0x4f0/0x7c0
[  207.551798][ T7989]  ? __pfx_cmsghdr_from_user_compat_to_kern+0x10/0x10
[  207.553569][ T7989]  ? __import_iovec+0x1fd/0x6e0
[  207.554861][ T7989]  ____sys_sendmsg+0x43d/0xb40
[  207.556036][ T7989]  ? __pfx_____sys_sendmsg+0x10/0x10
[  207.557411][ T7989]  ? get_compat_msghdr+0x11b/0x170
[  207.558758][ T7989]  ? __pfx___lock_acquire+0x10/0x10
[  207.560137][ T7989]  ___sys_sendmsg+0x135/0x1e0
[  207.561385][ T7989]  ? __pfx____sys_sendmsg+0x10/0x10
[  207.562761][ T7989]  ? lock_acquire+0x2f/0xb0
[  207.563979][ T7989]  ? __fget_files+0x40/0x3f0
[  207.565222][ T7989]  ? fdget+0x176/0x210
[  207.566305][ T7989]  __sys_sendmmsg+0x2a5/0x450
[  207.567570][ T7989]  ? __pfx___sys_sendmmsg+0x10/0x10
[  207.568954][ T7989]  ? vfs_write+0x14d/0x1140
[  207.570166][ T7989]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  207.571752][ T7989]  ? fput+0x30/0x390
[  207.572790][ T7989]  ? ksys_write+0x1ad/0x260
[  207.574000][ T7989]  ? __pfx_ksys_write+0x10/0x10
[  207.575293][ T7989]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  207.576773][ T7989]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  207.578509][ T7989]  __do_fast_syscall_32+0x73/0x120
[  207.579866][ T7989]  do_fast_syscall_32+0x32/0x80
[  207.581160][ T7989]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  207.582818][ T7989] RIP: 0023:0xf7f97579
[  207.583893][ T7989] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  207.588925][ T7989] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  207.591118][ T7989] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020005000
[  207.593190][ T7989] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  207.595258][ T7989] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  207.597396][ T7989] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  207.599369][ T7989] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  207.601385][ T7989]  </TASK>
[  207.740084][   T39] audit: type=1326 audit(207.630:4232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7990 comm="syz.1.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  207.754443][   T39] audit: type=1326 audit(207.630:4233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7990 comm="syz.1.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  207.770744][   T39] audit: type=1326 audit(207.650:4234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7990 comm="syz.1.683" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  207.776884][   T39] audit: type=1326 audit(207.650:4235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7990 comm="syz.1.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  207.782365][   T39] audit: type=1326 audit(207.650:4236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7990 comm="syz.1.683" exe="/syz-executor" sig=0 arch=40000003 syscall=355 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  207.791109][   T39] audit: type=1326 audit(207.650:4237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7990 comm="syz.1.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  207.801341][   T39] audit: type=1326 audit(207.650:4238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7990 comm="syz.1.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  207.818945][   T39] audit: type=1326 audit(207.650:4239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7990 comm="syz.1.683" exe="/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  207.833173][   T39] audit: type=1326 audit(207.650:4240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7990 comm="syz.1.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f97579 code=0x7ffc0000
[  208.362539][ T8003] x_tables: (null)_tables: IDLETIMER.0 target: invalid size 40 (kernel) != (user) 96
[  208.774980][ T8012] netlink: 8 bytes leftover after parsing attributes in process `syz.1.688'.
[  209.364791][ T8021] FAULT_INJECTION: forcing a failure.
[  209.364791][ T8021] name failslab, interval 1, probability 0, space 0, times 0
[  209.368492][ T8021] CPU: 0 UID: 0 PID: 8021 Comm: syz.2.690 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  209.371303][ T8021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  209.374081][ T8021] Call Trace:
[  209.375049][ T8021]  <TASK>
[  209.376138][ T8021]  dump_stack_lvl+0x16c/0x1f0
[  209.377484][ T8021]  should_fail_ex+0x497/0x5b0
[  209.378735][ T8021]  should_failslab+0xc2/0x120
[  209.379981][ T8021]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  209.381402][ T8021]  ? dst_alloc+0x99/0x1a0
[  209.382544][ T8021]  dst_alloc+0x99/0x1a0
[  209.383637][ T8021]  rt_dst_alloc+0x35/0x3a0
[  209.384854][ T8021]  ip_route_output_key_hash_rcu+0x8a5/0x2770
[  209.386491][ T8021]  ip_route_output_key_hash+0x138/0x2e0
[  209.387929][ T8021]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  209.389541][ T8021]  ? arp_ioctl+0x5b8/0xce0
[  209.390715][ T8021]  ? trace_contention_end+0xea/0x140
[  209.392110][ T8021]  ip_route_output_flow+0x27/0x150
[  209.393458][ T8021]  arp_req_dev+0x16a/0x260
[  209.394636][ T8021]  ? __pfx_arp_req_dev+0x10/0x10
[  209.395972][ T8021]  arp_ioctl+0x5cb/0xce0
[  209.397096][ T8021]  ? __pfx_arp_ioctl+0x10/0x10
[  209.398361][ T8021]  inet_ioctl+0x365/0x3f0
[  209.399502][ T8021]  ? __pfx_inet_ioctl+0x10/0x10
[  209.400780][ T8021]  ? find_held_lock+0x2d/0x110
[  209.402022][ T8021]  ? tomoyo_path_number_perm+0x292/0x5b0
[  209.403482][ T8021]  ? __pfx_lock_release+0x10/0x10
[  209.404843][ T8021]  ? tomoyo_path_number_perm+0x190/0x5b0
[  209.406324][ T8021]  sock_do_ioctl+0x116/0x280
[  209.407544][ T8021]  ? __pfx_sock_do_ioctl+0x10/0x10
[  209.408940][ T8021]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  209.410402][ T8021]  compat_sock_ioctl+0x318/0x7e0
[  209.411701][ T8021]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  209.413149][ T8021]  ? __fget_files+0x244/0x3f0
[  209.414397][ T8021]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  209.415897][ T8021]  __do_compat_sys_ioctl+0x259/0x2b0
[  209.417294][ T8021]  __do_fast_syscall_32+0x73/0x120
[  209.418635][ T8021]  do_fast_syscall_32+0x32/0x80
[  209.419920][ T8021]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  209.421577][ T8021] RIP: 0023:0xf741e579
[  209.422649][ T8021] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  209.427634][ T8021] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  209.429794][ T8021] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008955
[  209.432002][ T8021] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 0000000000000000
[  209.434057][ T8021] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  209.436123][ T8021] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  209.438174][ T8021] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  209.440223][ T8021]  </TASK>
[  209.473129][ T8023] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  210.967062][ T8050] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  210.969057][ T8050] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  210.971266][ T8050] vhci_hcd vhci_hcd.0: Device attached
[  211.156846][ T5150] vhci_hcd: vhci_device speed not set
[  211.217820][ T5150] usb 13-1: new full-speed USB device number 2 using vhci_hcd
[  211.380752][ T8069] fuse: Unknown parameter 'user_i00000000000000000000'
[  211.405825][ T8070] netlink: 4 bytes leftover after parsing attributes in process `syz.2.704'.
[  211.473371][ T8071] fuse: Bad value for 'fd'
[  211.484761][ T5352] Bluetooth: Unexpected start frame (len 18)
[  211.493725][ T5352] Bluetooth: Wrong link type (-71)
[  211.520257][ T8051] vhci_hcd: connection reset by peer
[  211.525293][   T75] vhci_hcd: stop threads
[  211.530465][   T75] vhci_hcd: release socket
[  211.536539][   T75] vhci_hcd: disconnect device
[  211.704218][ T8078] x_tables: (null)_tables: IDLETIMER.0 target: invalid size 40 (kernel) != (user) 96
[  213.356501][   T39] kauditd_printk_skb: 111 callbacks suppressed
[  213.356512][   T39] audit: type=1326 audit(213.240:4352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8094 comm="syz.2.713" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x0
[  213.522704][   T39] audit: type=1326 audit(213.410:4353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8092 comm="syz.3.712" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x0
[  214.076966][ T8105] usb 2-1: USB disconnect, device number 2
[  214.162576][ T8110] fuse: Unknown parameter 'user_i00000000000000000000'
[  214.189173][ T8104] /dev/sr0: Can't open blockdev
[  214.207436][   T39] audit: type=1326 audit(214.100:4354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.3.715" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x0
[  214.222593][ T8113] fuse: Bad value for 'fd'
[  214.225300][ T5352] Bluetooth: Unexpected start frame (len 18)
[  214.237130][ T5352] Bluetooth: Wrong link type (-71)
[  214.351425][ T8108] hub 2-0:1.0: USB hub found
[  214.364328][ T8108] hub 2-0:1.0: 6 ports detected
[  214.637075][   T57] usb 2-1: new high-speed USB device number 3 using ehci-pci
[  214.840637][   T57] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  214.847087][   T57] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  214.863967][ T8120] mkiss: ax0: crc mode is auto.
[  214.864357][   T57] usb 2-1: Product: QEMU USB Tablet
[  214.871462][ T8120] binder: 8119:8120 ioctl c0306201 20000480 returned -22
[  214.880179][   T57] usb 2-1: Manufacturer: QEMU
[  214.882164][   T57] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[  214.928265][   T57] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0003/input/input10
[  215.020682][   T57] hid-generic 0003:0627:0001.0003: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  215.078993][   T39] audit: type=1326 audit(214.960:4355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8123 comm="syz.2.720" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  215.105732][   T39] audit: type=1326 audit(214.980:4356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8123 comm="syz.2.720" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf741e579 code=0x7ffc0000
[  215.146134][   T39] audit: type=1326 audit(214.980:4357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8123 comm="syz.2.720" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  215.169377][   T39] audit: type=1326 audit(214.980:4358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8123 comm="syz.2.720" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  215.185982][   T39] audit: type=1326 audit(214.990:4359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8123 comm="syz.2.720" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf741e579 code=0x7ffc0000
[  215.201030][   T39] audit: type=1326 audit(214.990:4360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8123 comm="syz.2.720" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  215.212148][   T39] audit: type=1326 audit(214.990:4361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8123 comm="syz.2.720" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  215.841709][ T5352] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci7/hci7:201'
[  215.845040][ T5352] CPU: 1 UID: 0 PID: 5352 Comm: kworker/u33:5 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  215.848879][ T5352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  215.852152][ T5352] Workqueue: hci7 hci_rx_work
[  215.853425][ T5352] Call Trace:
[  215.854310][ T5352]  <TASK>
[  215.855235][ T5352]  dump_stack_lvl+0x16c/0x1f0
[  215.857003][ T5352]  sysfs_warn_dup+0x7f/0xa0
[  215.858698][ T5352]  sysfs_create_dir_ns+0x24d/0x2b0
[  215.860588][ T5352]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  215.862304][ T5352]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  215.863775][ T5352]  ? kobject_add_internal+0x12d/0x990
[  215.865490][ T5352]  ? do_raw_spin_unlock+0x172/0x230
[  215.867226][ T5352]  kobject_add_internal+0x2c8/0x990
[  215.868627][ T5352]  kobject_add+0x16f/0x240
[  215.869835][ T5352]  ? __pfx_kobject_add+0x10/0x10
[  215.871151][ T5352]  ? class_to_subsys+0x3e/0x160
[  215.872446][ T5352]  ? do_raw_spin_unlock+0x172/0x230
[  215.873839][ T5352]  ? kobject_put+0xab/0x5a0
[  215.875127][ T5352]  device_add+0x289/0x1a70
[  215.876317][ T5352]  ? __pfx_dev_set_name+0x10/0x10
[  215.877653][ T5352]  ? __pfx_device_add+0x10/0x10
[  215.878936][ T5352]  ? mgmt_send_event_skb+0x2f2/0x460
[  215.880333][ T5352]  hci_conn_add_sysfs+0x17e/0x230
[  215.881667][ T5352]  le_conn_complete_evt+0xfc7/0x1cf0
[  215.883443][ T5352]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  215.885366][ T5352]  ? trace_contention_end+0xea/0x140
[  215.887304][ T5352]  ? __mutex_lock+0x1a6/0x9c0
[  215.888810][ T5352]  hci_le_enh_conn_complete_evt+0x23d/0x380
[  215.890598][ T5352]  ? skb_pull_data+0x166/0x210
[  215.892017][ T5352]  hci_le_meta_evt+0x2e2/0x5d0
[  215.893385][ T5352]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[  215.895338][ T5352]  hci_event_packet+0x666/0x1190
[  215.897084][ T5352]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  215.899106][ T5352]  ? __pfx_hci_event_packet+0x10/0x10
[  215.901064][ T5352]  ? mark_held_locks+0x9f/0xe0
[  215.902768][ T5352]  ? kcov_remote_start+0x3cf/0x6e0
[  215.904577][ T5352]  ? lockdep_hardirqs_on+0x7c/0x110
[  215.906402][ T5352]  hci_rx_work+0x2c6/0x16c0
[  215.907920][ T5352]  ? lock_acquire+0x2f/0xb0
[  215.909468][ T5352]  ? process_one_work+0x8bb/0x1b30
[  215.911235][ T5352]  process_one_work+0x958/0x1b30
[  215.912948][ T5352]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  215.914935][ T5352]  ? __pfx_process_one_work+0x10/0x10
[  215.916795][ T5352]  ? assign_work+0x1a0/0x250
[  215.918361][ T5352]  worker_thread+0x6c8/0xf00
[  215.920004][ T5352]  ? __pfx_worker_thread+0x10/0x10
[  215.921822][ T5352]  kthread+0x2c1/0x3a0
[  215.923233][ T5352]  ? _raw_spin_unlock_irq+0x23/0x50
[  215.925022][ T5352]  ? __pfx_kthread+0x10/0x10
[  215.926465][ T5352]  ret_from_fork+0x45/0x80
[  215.928009][ T5352]  ? __pfx_kthread+0x10/0x10
[  215.929579][ T5352]  ret_from_fork_asm+0x1a/0x30
[  215.931200][ T5352]  </TASK>
[  215.933865][ T5352] kobject: kobject_add_internal failed for hci7:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  215.939103][ T5352] Bluetooth: hci7: failed to register connection device
[  216.316601][ T5150] vhci_hcd: vhci_device speed not set
[  216.908171][ T8143] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  217.003361][ T8148] mkiss: ax0: crc mode is auto.
[  217.023517][ T8148] binder: 8147:8148 ioctl c0306201 20000480 returned -22
[  217.196538][ T5385] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  217.327029][ T5385] usb 5-1: device descriptor read/64, error -71
[  217.398766][ T8154] x_tables: (null)_tables: IDLETIMER.0 target: invalid size 40 (kernel) != (user) 96
[  217.576525][ T5385] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  217.716486][ T5385] usb 5-1: device descriptor read/64, error -71
[  217.827320][ T5385] usb usb5-port1: attempt power cycle
[  217.986630][ T5352] Bluetooth: hci7: command tx timeout
[  218.176547][ T5385] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  218.197741][ T5385] usb 5-1: device descriptor read/8, error -71
[  218.446522][ T5385] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  218.477026][ T5385] usb 5-1: device descriptor read/8, error -71
[  218.601621][ T5385] usb usb5-port1: unable to enumerate USB device
[  218.642079][ T8164] netlink: 'syz.2.733': attribute type 11 has an invalid length.
[  218.656587][ T8164] netlink: 'syz.2.733': attribute type 11 has an invalid length.
[  218.814222][   T39] kauditd_printk_skb: 155 callbacks suppressed
[  218.814233][   T39] audit: type=1326 audit(218.700:4517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.2.734" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  218.836393][   T39] audit: type=1326 audit(218.710:4518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.2.734" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  218.841904][   T39] audit: type=1326 audit(218.710:4519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.2.734" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf741e579 code=0x7ffc0000
[  218.860374][   T39] audit: type=1326 audit(218.710:4520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.2.734" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  218.876022][   T39] audit: type=1326 audit(218.710:4521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.2.734" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  218.891964][   T39] audit: type=1326 audit(218.710:4522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.2.734" exe="/syz-executor" sig=0 arch=40000003 syscall=355 compat=1 ip=0xf741e579 code=0x7ffc0000
[  218.907149][   T39] audit: type=1326 audit(218.710:4523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.2.734" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  218.921261][   T39] audit: type=1326 audit(218.720:4524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.2.734" exe="/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf741e579 code=0x7ffc0000
[  218.935520][   T39] audit: type=1326 audit(218.720:4525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.2.734" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  218.952307][   T39] audit: type=1326 audit(218.720:4526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.2.734" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  219.488307][ T8192] mkiss: ax0: crc mode is auto.
[  219.515773][ T8192] binder: BINDER_SET_CONTEXT_MGR already set
[  219.520724][ T8192] binder: 8189:8192 ioctl 4018620d 20000000 returned -16
[  219.525356][ T8192] binder: 8189:8192 ioctl c0306201 20000480 returned -22
[  219.930598][ T8201] netlink: 'syz.1.740': attribute type 11 has an invalid length.
[  219.937091][ T8201] netlink: 'syz.1.740': attribute type 11 has an invalid length.
[  219.939731][ T8201] FAULT_INJECTION: forcing a failure.
[  219.939731][ T8201] name failslab, interval 1, probability 0, space 0, times 0
[  219.943526][ T8201] CPU: 1 UID: 0 PID: 8201 Comm: syz.1.740 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  219.947057][ T8201] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  219.950650][ T8201] Call Trace:
[  219.951783][ T8201]  <TASK>
[  219.952788][ T8201]  dump_stack_lvl+0x16c/0x1f0
[  219.954402][ T8201]  should_fail_ex+0x497/0x5b0
[  219.956006][ T8201]  ? fs_reclaim_acquire+0xae/0x160
[  219.957490][ T8201]  should_failslab+0xc2/0x120
[  219.959085][ T8201]  kmem_cache_alloc_node_noprof+0x71/0x310
[  219.961058][ T8201]  ? __alloc_skb+0x2b3/0x380
[  219.962634][ T8201]  __alloc_skb+0x2b3/0x380
[  219.964147][ T8201]  ? __pfx___alloc_skb+0x10/0x10
[  219.965840][ T8201]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  219.967835][ T8201]  nl80211_new_interface+0x4d7/0xfd0
[  219.969658][ T8201]  ? __pfx_nl80211_new_interface+0x10/0x10
[  219.971630][ T8201]  ? nl80211_pre_doit+0x1b0/0xb10
[  219.973348][ T8201]  genl_family_rcv_msg_doit+0x202/0x2f0
[  219.975219][ T8201]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  219.977284][ T8201]  ? bpf_lsm_capable+0x9/0x10
[  219.978884][ T8201]  ? security_capable+0x7e/0x260
[  219.980562][ T8201]  ? ns_capable+0xd7/0x110
[  219.982031][ T8201]  genl_rcv_msg+0x565/0x800
[  219.983549][ T8201]  ? __pfx_genl_rcv_msg+0x10/0x10
[  219.985184][ T8201]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  219.986896][ T8201]  ? __pfx_nl80211_new_interface+0x10/0x10
[  219.988878][ T8201]  ? __pfx_nl80211_post_doit+0x10/0x10
[  219.990763][ T8201]  netlink_rcv_skb+0x165/0x410
[  219.992311][ T8201]  ? __pfx_genl_rcv_msg+0x10/0x10
[  219.993950][ T8201]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  219.995677][ T8201]  ? down_read+0xc9/0x330
[  219.997028][ T8201]  ? __pfx_down_read+0x10/0x10
[  219.998318][ T8201]  ? netlink_deliver_tap+0x1ae/0xcf0
[  219.999731][ T8201]  genl_rcv+0x28/0x40
[  220.000804][ T8201]  netlink_unicast+0x53c/0x7f0
[  220.002072][ T8201]  ? __pfx_netlink_unicast+0x10/0x10
[  220.003472][ T8201]  ? __phys_addr_symbol+0x30/0x80
[  220.004642][ T8201]  ? __check_object_size+0x488/0x710
[  220.006030][ T8201]  netlink_sendmsg+0x8b8/0xd70
[  220.007313][ T8201]  ? __pfx_netlink_sendmsg+0x10/0x10
[  220.008688][ T8201]  ? lock_acquire+0x2f/0xb0
[  220.009901][ T8201]  ____sys_sendmsg+0x9ae/0xb40
[  220.011157][ T8201]  ? __pfx_____sys_sendmsg+0x10/0x10
[  220.012530][ T8201]  ? get_compat_msghdr+0x11b/0x170
[  220.013877][ T8201]  ? __pfx___lock_acquire+0x10/0x10
[  220.015127][ T8201]  ___sys_sendmsg+0x135/0x1e0
[  220.016267][ T8201]  ? __pfx____sys_sendmsg+0x10/0x10
[  220.017535][ T8201]  ? lock_acquire+0x2f/0xb0
[  220.018654][ T8201]  ? __fget_files+0x40/0x3f0
[  220.020043][ T8201]  ? fdget+0x176/0x210
[  220.021093][ T8201]  __sys_sendmsg+0x117/0x1f0
[  220.022263][ T8201]  ? __pfx___sys_sendmsg+0x10/0x10
[  220.024003][ T8201]  ? __fget_files+0x244/0x3f0
[  220.025581][ T8201]  __do_fast_syscall_32+0x73/0x120
[  220.027061][ T8201]  do_fast_syscall_32+0x32/0x80
[  220.028316][ T8201]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  220.030243][ T8201] RIP: 0023:0xf7f97579
[  220.031286][ T8201] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  220.035912][ T8201] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  220.037926][ T8201] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000400
[  220.039847][ T8201] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  220.041786][ T8201] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  220.043725][ T8201] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  220.045665][ T8201] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  220.047614][ T8201]  </TASK>
[  220.207568][ T8207] FAULT_INJECTION: forcing a failure.
[  220.207568][ T8207] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  220.211750][ T8207] CPU: 0 UID: 0 PID: 8207 Comm: syz.1.742 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  220.214699][ T8207] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  220.217763][ T8207] Call Trace:
[  220.218629][ T8207]  <TASK>
[  220.219411][ T8207]  dump_stack_lvl+0x16c/0x1f0
[  220.220684][ T8207]  should_fail_ex+0x497/0x5b0
[  220.221978][ T8207]  _copy_from_user+0x30/0xf0
[  220.223222][ T8207]  ucma_write+0x129/0x330
[  220.224457][ T8207]  ? __pfx_ucma_write+0x10/0x10
[  220.225963][ T8207]  ? bpf_lsm_file_permission+0x9/0x10
[  220.227424][ T8207]  ? security_file_permission+0x71/0x210
[  220.228933][ T8207]  ? __pfx_ucma_write+0x10/0x10
[  220.230237][ T8207]  vfs_write+0x28e/0x1140
[  220.231404][ T8207]  ? __fget_files+0x23a/0x3f0
[  220.232667][ T8207]  ? __pfx_lock_release+0x10/0x10
[  220.234001][ T8207]  ? trace_lock_acquire+0x14a/0x1d0
[  220.235396][ T8207]  ? __pfx_vfs_write+0x10/0x10
[  220.236683][ T8207]  ? lock_acquire+0x2f/0xb0
[  220.238358][ T8207]  ? __fget_files+0x40/0x3f0
[  220.239643][ T8207]  ? __fget_files+0x244/0x3f0
[  220.240945][ T8207]  ksys_write+0x1fa/0x260
[  220.242138][ T8207]  ? __pfx_ksys_write+0x10/0x10
[  220.243466][ T8207]  __do_fast_syscall_32+0x73/0x120
[  220.244910][ T8207]  do_fast_syscall_32+0x32/0x80
[  220.246239][ T8207]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  220.248115][ T8207] RIP: 0023:0xf7f97579
[  220.249263][ T8207] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  220.254651][ T8207] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  220.256859][ T8207] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000080
[  220.258989][ T8207] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000
[  220.261097][ T8207] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  220.263197][ T8207] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  220.265319][ T8207] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  220.267819][ T8207]  </TASK>
[  220.793090][ T8222] fuse: Unknown parameter 'user_i00000000000000000000'
[  220.848801][ T8223] fuse: Bad value for 'fd'
[  220.860017][ T5352] Bluetooth: Unexpected start frame (len 18)
[  220.862337][ T5352] Bluetooth: Wrong link type (-71)
[  220.876180][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  221.068151][ T8226] fuse: Unknown parameter 'fd
0x0000000000000006'
[  223.159462][ T8251] usb 2-1: USB disconnect, device number 3
[  223.195113][ T8251] hub 2-0:1.0: USB hub found
[  223.202276][ T8251] hub 2-0:1.0: 6 ports detected
[  223.237482][ T8250] /dev/sr0: Can't open blockdev
[  223.293494][ T8253] fuse: Unknown parameter 'user_i00000000000000000000'
[  223.363540][ T8254] fuse: Bad value for 'fd'
[  223.367666][ T5352] Bluetooth: Unexpected start frame (len 18)
[  223.369396][ T5352] Bluetooth: Wrong link type (-71)
[  223.377011][ T5384] usb 2-1: new high-speed USB device number 4 using ehci-pci
[  223.561358][ T5384] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  223.569049][ T5384] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  223.571916][ T5384] usb 2-1: Product: QEMU USB Tablet
[  223.574175][ T5384] usb 2-1: Manufacturer: QEMU
[  223.580260][ T5384] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[  223.630647][ T5384] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0004/input/input11
[  223.724799][ T5384] hid-generic 0003:0627:0001.0004: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  223.819309][ T8260] FAULT_INJECTION: forcing a failure.
[  223.819309][ T8260] name failslab, interval 1, probability 0, space 0, times 0
[  223.851177][ T8260] CPU: 2 UID: 0 PID: 8260 Comm: syz.3.757 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  223.853979][ T8260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  223.856646][ T8260] Call Trace:
[  223.857474][ T8260]  <TASK>
[  223.858205][ T8260]  dump_stack_lvl+0x16c/0x1f0
[  223.859663][ T8260]  should_fail_ex+0x497/0x5b0
[  223.860928][ T8260]  should_failslab+0xc2/0x120
[  223.862545][ T8260]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  223.864343][ T8260]  ? skb_clone+0x190/0x3f0
[  223.865556][ T8260]  skb_clone+0x190/0x3f0
[  223.866680][ T8260]  netlink_deliver_tap+0xb26/0xcf0
[  223.867930][ T8260]  netlink_unicast+0x6b4/0x7f0
[  223.869143][ T8260]  ? __pfx_netlink_unicast+0x10/0x10
[  223.870460][ T8260]  ? genl_rcv_msg+0x4bd/0x800
[  223.871602][ T8260]  netlink_ack+0x6a5/0xb20
[  223.872682][ T8260]  netlink_rcv_skb+0x327/0x410
[  223.873866][ T8260]  ? __pfx_genl_rcv_msg+0x10/0x10
[  223.875118][ T8260]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  223.876406][ T8260]  ? down_read+0xc9/0x330
[  223.877542][ T8260]  ? __pfx_down_read+0x10/0x10
[  223.878806][ T8260]  ? netlink_deliver_tap+0x1ae/0xcf0
[  223.880497][ T8260]  genl_rcv+0x28/0x40
[  223.881575][ T8260]  netlink_unicast+0x53c/0x7f0
[  223.882836][ T8260]  ? __pfx_netlink_unicast+0x10/0x10
[  223.884217][ T8260]  ? __phys_addr_symbol+0x30/0x80
[  223.885569][ T8260]  ? __check_object_size+0x4a1/0x710
[  223.886954][ T8260]  netlink_sendmsg+0x8b8/0xd70
[  223.888213][ T8260]  ? __pfx_netlink_sendmsg+0x10/0x10
[  223.889797][ T8260]  ? lock_acquire+0x2f/0xb0
[  223.891016][ T8260]  ____sys_sendmsg+0x9ae/0xb40
[  223.892309][ T8260]  ? __pfx_____sys_sendmsg+0x10/0x10
[  223.893701][ T8260]  ? get_compat_msghdr+0x11b/0x170
[  223.895006][ T8260]  ? __pfx___lock_acquire+0x10/0x10
[  223.896311][ T8260]  ___sys_sendmsg+0x135/0x1e0
[  223.897553][ T8260]  ? __pfx____sys_sendmsg+0x10/0x10
[  223.899288][ T8260]  ? lock_acquire+0x2f/0xb0
[  223.900701][ T8260]  ? __fget_files+0x40/0x3f0
[  223.902230][ T8260]  ? fdget+0x176/0x210
[  223.903308][ T8260]  __sys_sendmsg+0x117/0x1f0
[  223.904544][ T8260]  ? __pfx___sys_sendmsg+0x10/0x10
[  223.905924][ T8260]  ? __fget_files+0x244/0x3f0
[  223.907075][ T8260]  __do_fast_syscall_32+0x73/0x120
[  223.908411][ T8260]  do_fast_syscall_32+0x32/0x80
[  223.909848][ T8260]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  223.911361][ T8260] RIP: 0023:0xf7f91579
[  223.912409][ T8260] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  223.918361][ T8260] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  223.921072][ T8260] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100
[  223.923930][ T8260] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  223.926466][ T8260] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  223.928451][ T8260] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  223.930572][ T8260] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  223.932609][ T8260]  </TASK>
[  224.965502][   T39] kauditd_printk_skb: 173 callbacks suppressed
[  224.965513][   T39] audit: type=1326 audit(224.850:4700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8271 comm="syz.2.761" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x0
[  225.239715][ T8283] ptrace attach of "/syz-executor exec"[7129] was attempted by "/syz-executor exec"[8283]
[  225.790342][ T8285] netlink: 4 bytes leftover after parsing attributes in process `syz.2.766'.
[  225.939859][ T8290] netlink: 8 bytes leftover after parsing attributes in process `syz.2.768'.
[  226.790399][   T39] audit: type=1326 audit(226.680:4701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8294 comm="syz.2.769" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  226.836248][   T39] audit: type=1326 audit(226.680:4702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8294 comm="syz.2.769" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  226.860611][   T39] audit: type=1326 audit(226.700:4703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8294 comm="syz.2.769" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf741e579 code=0x7ffc0000
[  226.891485][   T39] audit: type=1326 audit(226.700:4704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8294 comm="syz.2.769" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  226.926860][   T39] audit: type=1326 audit(226.700:4705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8294 comm="syz.2.769" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  226.952620][   T39] audit: type=1326 audit(226.700:4706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8294 comm="syz.2.769" exe="/syz-executor" sig=0 arch=40000003 syscall=355 compat=1 ip=0xf741e579 code=0x7ffc0000
[  226.984596][   T39] audit: type=1326 audit(226.700:4707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8294 comm="syz.2.769" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  226.994991][   T39] audit: type=1326 audit(226.700:4708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8294 comm="syz.2.769" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf741e579 code=0x7ffc0000
[  227.010477][   T39] audit: type=1326 audit(226.700:4709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8294 comm="syz.2.769" exe="/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf741e579 code=0x7ffc0000
[  227.952448][ T8305] FAULT_INJECTION: forcing a failure.
[  227.952448][ T8305] name failslab, interval 1, probability 0, space 0, times 0
[  227.958788][ T8305] CPU: 2 UID: 0 PID: 8305 Comm: syz.1.771 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  227.962510][ T8305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  227.966260][ T8305] Call Trace:
[  227.967423][ T8305]  <TASK>
[  227.968440][ T8305]  dump_stack_lvl+0x16c/0x1f0
[  227.970105][ T8305]  should_fail_ex+0x497/0x5b0
[  227.971698][ T8305]  ? fs_reclaim_acquire+0xae/0x160
[  227.973399][ T8305]  should_failslab+0xc2/0x120
[  227.974941][ T8305]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  227.976712][ T8305]  ? alloc_empty_file+0x73/0x1e0
[  227.978338][ T8305]  alloc_empty_file+0x73/0x1e0
[  227.979980][ T8305]  path_openat+0xe1/0x2d60
[  227.981473][ T8305]  ? trace_kmem_cache_alloc+0x2d/0xe0
[  227.983231][ T8305]  ? __pfx_path_openat+0x10/0x10
[  227.984876][ T8305]  do_file_open_root+0x2dd/0x5b0
[  227.986510][ T8305]  ? __pfx_do_file_open_root+0x10/0x10
[  227.988279][ T8305]  ? alloc_fd+0x2d7/0x6c0
[  227.989724][ T8305]  ? __pfx_lock_release+0x10/0x10
[  227.991410][ T8305]  file_open_root+0x2a8/0x450
[  227.992957][ T8305]  ? __pfx_file_open_root+0x10/0x10
[  227.994680][ T8305]  ? alloc_fd+0x2d7/0x6c0
[  227.996117][ T8305]  do_handle_open+0x55d/0x8f0
[  227.997688][ T8305]  ? __fget_files+0x244/0x3f0
[  227.999264][ T8305]  ? __pfx_do_handle_open+0x10/0x10
[  228.000993][ T8305]  ? __pfx_native_tss_update_io_bitmap+0x10/0x10
[  228.003026][ T8305]  ? ksys_write+0x1ad/0x260
[  228.004503][ T8305]  ? __do_fast_syscall_32+0x73/0x120
[  228.006198][ T8305]  __do_fast_syscall_32+0x73/0x120
[  228.007845][ T8305]  do_fast_syscall_32+0x32/0x80
[  228.009461][ T8305]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  228.011545][ T8305] RIP: 0023:0xf7f97579
[  228.012887][ T8305] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  228.019042][ T8305] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000156
[  228.021731][ T8305] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000280
[  228.024303][ T8305] RDX: 0000000000009e0a RSI: 0000000000000000 RDI: 0000000000000000
[  228.026875][ T8305] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  228.029416][ T8305] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  228.031902][ T8305] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  228.034432][ T8305]  </TASK>
[  228.112251][ T8309] fuse: Unknown parameter 'user_i00000000000000000000'
[  228.209546][ T8311] fuse: Bad value for 'fd'
[  228.221430][ T5352] Bluetooth: Unexpected start frame (len 18)
[  228.223555][ T5352] Bluetooth: Wrong link type (-71)
[  228.225361][ T5352] Bluetooth: hci7: link tx timeout
[  228.228254][ T5352] Bluetooth: hci7: killing stalled connection 10:aa:aa:aa:aa:aa
[  229.252768][ T8329] netlink: 8 bytes leftover after parsing attributes in process `syz.0.778'.
[  230.242912][ T4779] Bluetooth: hci7: Malformed HCI Event: 0x22
[  230.306758][ T4779] Bluetooth: hci7: command 0x0406 tx timeout
[  230.315199][ T8339] x_tables: (null)_tables: IDLETIMER.0 target: invalid size 40 (kernel) != (user) 96
[  230.815668][ T8346] netfs: Couldn't get user pages (rc=-14)
[  231.652001][ T4779] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  231.656859][ T4779] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  231.659548][ T4779] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  231.664149][ T4779] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  231.671749][ T4779] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  231.676483][ T4779] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  231.820013][ T8349] chnl_net:caif_netlink_parms(): no params data found
[  231.912168][ T8349] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.914122][ T8349] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.930940][ T8349] bridge_slave_0: entered allmulticast mode
[  231.933055][ T8349] bridge_slave_0: entered promiscuous mode
[  231.936945][ T8349] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.938844][ T8349] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.940737][ T8349] bridge_slave_1: entered allmulticast mode
[  231.942755][ T8349] bridge_slave_1: entered promiscuous mode
[  231.981795][ T8349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  231.985293][ T8349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  232.031259][ T8349] team0: Port device team_slave_0 added
[  232.053552][   T39] kauditd_printk_skb: 33 callbacks suppressed
[  232.053568][   T39] audit: type=1326 audit(231.940:4743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8357 comm="syz.0.785" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x0
[  232.080872][ T8349] team0: Port device team_slave_1 added
[  232.123291][ T8349] batman_adv: batadv0: Adding interface: batadv_slave_0
[  232.125152][ T8349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  232.131963][ T8349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  232.136288][ T8349] batman_adv: batadv0: Adding interface: batadv_slave_1
[  232.142247][ T8349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  232.151095][ T8349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  232.181075][ T8349] hsr_slave_0: entered promiscuous mode
[  232.183893][ T8349] hsr_slave_1: entered promiscuous mode
[  232.186111][ T8349] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  232.188532][ T8349] Cannot create hsr debugfs directory
[  232.299819][ T8349] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.412872][ T8349] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.502768][ T8349] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.577343][ T8349] bond0: (slave netdevsim0): Releasing backup interface
[  232.581060][ T8349] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.686766][ T8349] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  232.690433][ T8349] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  232.693591][ T8349] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  232.697676][ T8349] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  232.777818][ T8349] 8021q: adding VLAN 0 to HW filter on device bond0
[  232.802582][ T8349] 8021q: adding VLAN 0 to HW filter on device team0
[  232.807502][ T8179] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.810153][ T8179] bridge0: port 1(bridge_slave_0) entered forwarding state
[  232.831715][ T8179] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.833626][ T8179] bridge0: port 2(bridge_slave_1) entered forwarding state
[  232.860684][ T8349] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  232.863403][ T8349] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  232.909974][ T8363] xt_CT: You must specify a L4 protocol and not use inversions on it
[  232.918645][   T39] audit: type=1326 audit(232.810:4744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8362 comm="syz.0.786" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  232.923508][   T39] audit: type=1326 audit(232.810:4745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8362 comm="syz.0.786" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  232.931973][   T39] audit: type=1326 audit(232.810:4746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8362 comm="syz.0.786" exe="/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf749e579 code=0x7ffc0000
[  232.938587][   T39] audit: type=1326 audit(232.810:4747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8362 comm="syz.0.786" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  232.943850][   T39] audit: type=1326 audit(232.810:4748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8362 comm="syz.0.786" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  232.952379][   T39] audit: type=1326 audit(232.810:4749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8362 comm="syz.0.786" exe="/syz-executor" sig=0 arch=40000003 syscall=232 compat=1 ip=0xf749e579 code=0x7ffc0000
[  232.958856][   T39] audit: type=1326 audit(232.810:4750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8362 comm="syz.0.786" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  232.965381][   T39] audit: type=1326 audit(232.810:4751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8362 comm="syz.0.786" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  232.970839][ T8349] 8021q: adding VLAN 0 to HW filter on device batadv0
[  232.973989][   T39] audit: type=1326 audit(232.810:4752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8362 comm="syz.0.786" exe="/syz-executor" sig=0 arch=40000003 syscall=146 compat=1 ip=0xf749e579 code=0x7ffc0000
[  232.992267][ T8349] veth0_vlan: entered promiscuous mode
[  232.998485][ T8363] autofs4:pid:8363:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e)
[  233.002502][ T8349] veth1_vlan: entered promiscuous mode
[  233.024701][ T8349] veth0_macvtap: entered promiscuous mode
[  233.057476][ T8349] veth1_macvtap: entered promiscuous mode
[  233.064631][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  233.068826][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.072467][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  233.075613][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.078384][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  233.081122][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.083718][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  233.089949][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.093965][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  233.097768][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.100669][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  233.103706][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.107379][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  233.110888][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.113455][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  233.116123][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.120536][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  233.123262][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.128742][ T8349] batman_adv: batadv0: Interface activated: batadv_slave_0
[  233.132819][ T8370] netlink: 4 bytes leftover after parsing attributes in process `syz.0.788'.
[  233.141498][ T8370] FAULT_INJECTION: forcing a failure.
[  233.141498][ T8370] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  233.145757][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.145862][ T8370] CPU: 2 UID: 0 PID: 8370 Comm: syz.0.788 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  233.149105][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.151364][ T8370] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  233.153906][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.156666][ T8370] Call Trace:
[  233.156678][ T8370]  <TASK>
[  233.156684][ T8370]  dump_stack_lvl+0x16c/0x1f0
[  233.156707][ T8370]  should_fail_ex+0x497/0x5b0
[  233.156726][ T8370]  _copy_from_iter+0x29b/0x13e0
[  233.156741][ T8370]  ? __pfx__copy_from_iter+0x10/0x10
[  233.156751][ T8370]  ? __virt_addr_valid+0x1a4/0x590
[  233.156791][ T8370]  ? __virt_addr_valid+0x5e/0x590
[  233.156803][ T8370]  ? __phys_addr_symbol+0x30/0x80
[  233.156814][ T8370]  ? __check_object_size+0x488/0x710
[  233.156834][ T8370]  netlink_sendmsg+0x813/0xd70
[  233.156851][ T8370]  ? __pfx_netlink_sendmsg+0x10/0x10
[  233.159765][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.160455][ T8370]  ? lock_acquire+0x2f/0xb0
[  233.161244][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.162458][ T8370]  ____sys_sendmsg+0x9ae/0xb40
[  233.163665][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.164975][ T8370]  ? __pfx_____sys_sendmsg+0x10/0x10
[  233.166249][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.167594][ T8370]  ? get_compat_msghdr+0x11b/0x170
[  233.167615][ T8370]  ? __pfx___lock_acquire+0x10/0x10
[  233.167633][ T8370]  ___sys_sendmsg+0x135/0x1e0
[  233.167650][ T8370]  ? __pfx____sys_sendmsg+0x10/0x10
[  233.167670][ T8370]  ? lock_acquire+0x2f/0xb0
[  233.167687][ T8370]  ? __fget_files+0x40/0x3f0
[  233.167703][ T8370]  ? fdget+0x176/0x210
[  233.167714][ T8370]  __sys_sendmsg+0x117/0x1f0
[  233.167729][ T8370]  ? __pfx___sys_sendmsg+0x10/0x10
[  233.167743][ T8370]  ? __fget_files+0x244/0x3f0
[  233.167761][ T8370]  __do_fast_syscall_32+0x73/0x120
[  233.167779][ T8370]  do_fast_syscall_32+0x32/0x80
[  233.167793][ T8370]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  233.167810][ T8370] RIP: 0023:0xf749e579
[  233.167819][ T8370] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  233.167829][ T8370] RSP: 002b:00000000f578656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  233.167840][ T8370] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000140
[  233.167847][ T8370] RDX: 0000000020004000 RSI: 0000000000000000 RDI: 0000000000000000
[  233.167853][ T8370] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  233.167860][ T8370] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  233.167866][ T8370] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  233.167878][ T8370]  </TASK>
[  233.169247][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.195587][ T8372] FAULT_INJECTION: forcing a failure.
[  233.195587][ T8372] name failslab, interval 1, probability 0, space 0, times 0
[  233.196194][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.200305][ T8372] CPU: 1 UID: 0 PID: 8372 Comm: syz.0.789 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  233.201309][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.202556][ T8372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  233.204008][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.205254][ T8372] Call Trace:
[  233.205264][ T8372]  <TASK>
[  233.207265][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.208183][ T8372]  dump_stack_lvl+0x16c/0x1f0
[  233.214035][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.216088][ T8372]  should_fail_ex+0x497/0x5b0
[  233.218216][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.219880][ T8372]  ? fs_reclaim_acquire+0xae/0x160
[  233.221846][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.223769][ T8372]  should_failslab+0xc2/0x120
[  233.225702][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.226458][ T8372]  __kmalloc_node_track_caller_noprof+0xcf/0x440
[  233.226478][ T8372]  ? vfs_parse_fs_string+0xc4/0x150
[  233.226490][ T8372]  kmemdup_nul+0x34/0xb0
[  233.226504][ T8372]  vfs_parse_fs_string+0xc4/0x150
[  233.226514][ T8372]  ? __pfx_vfs_parse_fs_string+0x10/0x10
[  233.226526][ T8372]  ? __kasan_kmalloc+0xaa/0xb0
[  233.226539][ T8372]  ? shmem_init_fs_context+0x1f7/0x280
[  233.226551][ T8372]  shmem_parse_options+0x158/0x230
[  233.226569][ T8372]  path_mount+0x69a/0x1f10
[  233.226581][ T8372]  ? kmem_cache_free+0x152/0x4b0
[  233.226594][ T8372]  ? __pfx_path_mount+0x10/0x10
[  233.226607][ T8372]  ? putname+0x12e/0x170
[  233.226622][ T8372]  __ia32_sys_mount+0x292/0x310
[  233.226634][ T8372]  ? __pfx___ia32_sys_mount+0x10/0x10
[  233.226649][ T8372]  __do_fast_syscall_32+0x73/0x120
[  233.226669][ T8372]  do_fast_syscall_32+0x32/0x80
[  233.229311][ T8349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.232311][ T8372]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  233.234850][ T8349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.237414][ T8372] RIP: 0023:0xf749e579
[  233.237433][ T8372] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  233.237443][ T8372] RSP: 002b:00000000f578656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  233.237455][ T8372] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000080
[  233.237463][ T8372] RDX: 0000000020000280 RSI: 0000000000000000 RDI: 00000000200000c0
[  233.237469][ T8372] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  233.237476][ T8372] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  233.237482][ T8372] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  233.237494][ T8372]  </TASK>
[  233.319993][ T8349] batman_adv: batadv0: Interface activated: batadv_slave_1
[  233.323489][ T8349] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  233.326385][ T8349] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  233.330126][ T8349] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  233.332776][ T8349] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  233.337863][ T8376] netlink: 'syz.0.791': attribute type 11 has an invalid length.
[  233.353192][ T8376] team0: entered promiscuous mode
[  233.354555][ T8376] team_slave_0: entered promiscuous mode
[  233.356124][ T8376] team_slave_1: entered promiscuous mode
[  233.358274][ T8376] batadv0: entered promiscuous mode
[  233.381974][ T8376] netlink: 'syz.0.791': attribute type 11 has an invalid length.
[  233.392994][ T8186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  233.395046][ T8186] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  233.403909][ T8375] team0: left promiscuous mode
[  233.405348][ T8375] team_slave_0: left promiscuous mode
[  233.407266][ T8375] team_slave_1: left promiscuous mode
[  233.408824][ T8375] batadv0: left promiscuous mode
[  233.443702][ T8378] fuse: Unknown parameter 'user_i00000000000000000000'
[  233.448577][ T8204] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  233.450617][ T8204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  233.512392][ T5352] Bluetooth: Unexpected start frame (len 18)
[  233.514562][ T5352] Bluetooth: Wrong link type (-71)
[  233.726141][ T8385] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  233.727910][ T8385] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  233.731402][ T8385] vhci_hcd vhci_hcd.0: Device attached
[  233.740605][ T8385] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  233.742362][ T8385] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  233.745343][ T8385] vhci_hcd vhci_hcd.0: Device attached
[  233.747942][ T8388] usbip_core: unknown command
[  233.748245][ T5352] Bluetooth: hci7: command tx timeout
[  233.749234][ T8388] vhci_hcd: unknown pdu 4239494039
[  233.749242][ T8388] usbip_core: unknown command
[  233.755705][ T8185] vhci_hcd: stop threads
[  233.757671][ T8185] vhci_hcd: release socket
[  233.758837][ T8185] vhci_hcd: disconnect device
[  233.839592][ T8386] vhci_hcd: connection closed
[  233.840877][ T8179] vhci_hcd: stop threads
[  233.843246][ T8179] vhci_hcd: release socket
[  233.844417][ T8179] vhci_hcd: disconnect device
[  234.392366][ T8391] netlink: 8 bytes leftover after parsing attributes in process `syz.1.794'.
[  234.509013][ T8397] netdevsim netdevsim1 : renamed from netdevsim0 (while UP)
[  235.057192][ T8409] x_tables: (null)_tables: IDLETIMER.0 target: invalid size 40 (kernel) != (user) 96
[  235.353094][ T8413] fuse: Unknown parameter 'user_i00000000000000000000'
[  235.418611][ T5352] Bluetooth: Unexpected start frame (len 18)
[  235.422442][ T5352] Bluetooth: Wrong link type (-71)
[  235.827151][ T5352] Bluetooth: hci7: command tx timeout
[  236.722109][ T8425] netlink: 8 bytes leftover after parsing attributes in process `syz.1.804'.
[  237.138212][   T39] kauditd_printk_skb: 117 callbacks suppressed
[  237.138225][   T39] audit: type=1326 audit(237.031:4870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8431 comm="syz.0.806" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  237.145146][   T39] audit: type=1326 audit(237.031:4871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8431 comm="syz.0.806" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  237.166490][   T39] audit: type=1326 audit(237.031:4872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8431 comm="syz.0.806" exe="/syz-executor" sig=0 arch=40000003 syscall=258 compat=1 ip=0xf749e579 code=0x7ffc0000
[  237.176870][   T39] audit: type=1326 audit(237.031:4873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8431 comm="syz.0.806" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  237.182141][   T39] audit: type=1326 audit(237.031:4874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8431 comm="syz.0.806" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  237.188049][   T39] audit: type=1326 audit(237.031:4875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8431 comm="syz.0.806" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf749e579 code=0x7ffc0000
[  237.193342][   T39] audit: type=1326 audit(237.031:4876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8431 comm="syz.0.806" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  237.200308][   T39] audit: type=1326 audit(237.031:4877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8431 comm="syz.0.806" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  237.206117][   T39] audit: type=1326 audit(237.031:4878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8431 comm="syz.0.806" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf749e579 code=0x7ffc0000
[  237.212131][   T39] audit: type=1326 audit(237.031:4879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8431 comm="syz.0.806" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x7ffc0000
[  237.243125][ T8435] mkiss: ax0: crc mode is auto.
[  237.640328][ T8446] netlink: 8 bytes leftover after parsing attributes in process `syz.1.810'.
[  237.917725][ T5352] Bluetooth: hci7: command tx timeout
[  238.417430][ T4779] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  238.420804][ T4779] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  238.425753][ T4779] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  238.431665][ T4779] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  238.434408][ T4779] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[  238.437571][ T4779] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  238.442495][ T8451] netlink: 48 bytes leftover after parsing attributes in process `syz.0.811'.
[  238.563171][ T8452] chnl_net:caif_netlink_parms(): no params data found
[  238.635554][ T8452] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.638260][ T8452] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.640462][ T8452] bridge_slave_0: entered allmulticast mode
[  238.643158][ T8452] bridge_slave_0: entered promiscuous mode
[  238.646229][ T8452] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.648416][ T8452] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.650339][ T8452] bridge_slave_1: entered allmulticast mode
[  238.652305][ T8452] bridge_slave_1: entered promiscuous mode
[  238.681049][ T8452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  238.684822][ T8452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  238.697682][    T8] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  238.714004][ T8452] team0: Port device team_slave_0 added
[  238.718080][ T8452] team0: Port device team_slave_1 added
[  238.786168][ T8452] batman_adv: batadv0: Adding interface: batadv_slave_0
[  238.788165][ T8452] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.797889][ T8452] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  238.802424][ T8452] batman_adv: batadv0: Adding interface: batadv_slave_1
[  238.808029][ T8452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.815535][ T8452] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  238.881781][    T8] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  238.887027][ T8452] hsr_slave_0: entered promiscuous mode
[  238.887041][    T8] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  238.893738][    T8] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  238.894748][ T8452] hsr_slave_1: entered promiscuous mode
[  238.897234][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.907694][ T8452] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  238.910100][ T8452] Cannot create hsr debugfs directory
[  238.911681][ T8451] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  238.920363][    T8] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  238.934871][ T4779] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  238.939441][ T4779] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  238.942405][ T4779] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  238.951038][ T4779] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  238.953752][ T4779] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3
[  238.956059][ T4779] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  239.166342][ T8452] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.202571][ T8474] netlink: 8 bytes leftover after parsing attributes in process `syz.1.815'.
[  239.260294][ T8452] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.269529][ T8461] chnl_net:caif_netlink_parms(): no params data found
[  239.349576][ T8452] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.469189][ T8452] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.474221][ T8461] bridge0: port 1(bridge_slave_0) entered blocking state
[  239.477471][ T8461] bridge0: port 1(bridge_slave_0) entered disabled state
[  239.479867][ T8461] bridge_slave_0: entered allmulticast mode
[  239.482382][ T8461] bridge_slave_0: entered promiscuous mode
[  239.493779][ T8461] bridge0: port 2(bridge_slave_1) entered blocking state
[  239.497586][ T8461] bridge0: port 2(bridge_slave_1) entered disabled state
[  239.526101][ T8461] bridge_slave_1: entered allmulticast mode
[  239.537948][ T8461] bridge_slave_1: entered promiscuous mode
[  239.584897][ T8461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  239.672060][ T8461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  239.761030][ T8452] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  239.776179][ T8461] team0: Port device team_slave_0 added
[  239.779617][ T8452] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  239.794672][ T8461] team0: Port device team_slave_1 added
[  239.797994][ T8452] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  239.827400][ T8452] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  239.880666][ T8461] batman_adv: batadv0: Adding interface: batadv_slave_0
[  239.883211][ T8461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  239.892273][ T8461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  239.905270][ T8461] batman_adv: batadv0: Adding interface: batadv_slave_1
[  239.910590][ T8461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  239.917728][ T8461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  239.964035][ T8461] hsr_slave_0: entered promiscuous mode
[  239.971732][ T8461] hsr_slave_1: entered promiscuous mode
[  239.973815][ T8461] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  239.976118][ T8461] Cannot create hsr debugfs directory
[  239.986754][ T5352] Bluetooth: hci7: command tx timeout
[  240.029698][ T8484] mkiss: ax0: crc mode is auto.
[  240.085141][ T8452] 8021q: adding VLAN 0 to HW filter on device bond0
[  240.145081][ T8461] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.161175][ T8452] 8021q: adding VLAN 0 to HW filter on device team0
[  240.182308][ T8204] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.184281][ T8204] bridge0: port 1(bridge_slave_0) entered forwarding state
[  240.240591][ T8461] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.258444][ T8203] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.260437][ T8203] bridge0: port 2(bridge_slave_1) entered forwarding state
[  240.358360][ T8461] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.468012][ T5352] Bluetooth: hci9: command tx timeout
[  240.475317][ T8461] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.574621][ T8452] 8021q: adding VLAN 0 to HW filter on device batadv0
[  240.617127][ T8452] veth0_vlan: entered promiscuous mode
[  240.621705][ T8452] veth1_vlan: entered promiscuous mode
[  240.649244][ T8461] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  240.665520][ T8452] veth0_macvtap: entered promiscuous mode
[  240.670026][ T8461] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  240.678648][ T8461] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  240.703685][ T8452] veth1_macvtap: entered promiscuous mode
[  240.713150][ T8461] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  240.771050][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.774514][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.782923][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.788928][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.806741][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.809823][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.812272][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.815402][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.821743][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.826510][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.830284][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.833117][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.835659][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.846923][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.849577][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.852300][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.854940][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.858445][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.861084][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.862201][ T2790] usb 5-1: USB disconnect, device number 12
[  240.863832][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.864830][ T8452] batman_adv: batadv0: Interface activated: batadv_slave_0
[  240.875724][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  240.879173][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.883129][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  240.888681][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.891610][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  240.894342][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.897388][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  240.900061][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.902559][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  240.905253][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.908087][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  240.910818][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.913285][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  240.917016][ T5385] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  240.919879][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.923791][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  240.927030][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.929562][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  240.932275][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.934886][ T8452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  240.938227][ T8452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.942700][ T8452] batman_adv: batadv0: Interface activated: batadv_slave_1
[  240.976392][ T8452] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  240.978806][ T8452] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  240.980958][ T8452] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  241.001090][ T8452] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  241.027557][ T5352] Bluetooth: hci10: command tx timeout
[  241.054695][ T8461] 8021q: adding VLAN 0 to HW filter on device bond0
[  241.065269][ T8461] 8021q: adding VLAN 0 to HW filter on device team0
[  241.078883][ T5385] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  241.081077][ T5385] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  241.083214][ T8203] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  241.083596][ T5385] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  241.083616][ T5385] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  241.083629][ T5385] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  241.085593][ T8203] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  241.095661][ T8179] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.097506][ T8179] bridge0: port 1(bridge_slave_0) entered forwarding state
[  241.097809][ T5385] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  241.101989][ T5385] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  241.104815][ T5385] usb 6-1: Product: syz
[  241.106365][ T5385] usb 6-1: Manufacturer: syz
[  241.122450][ T5385] cdc_wdm 6-1:1.0: skipping garbage
[  241.125323][ T5385] cdc_wdm 6-1:1.0: skipping garbage
[  241.127171][ T8203] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.129079][ T8203] bridge0: port 2(bridge_slave_1) entered forwarding state
[  241.135571][ T8186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  241.136545][ T5385] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  241.138076][ T8186] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  241.171089][ T5385] cdc_wdm 6-1:1.0: Unknown control protocol
[  241.357690][ T8461] 8021q: adding VLAN 0 to HW filter on device batadv0
[  241.382977][ T8504] tmpfs: Unknown parameter 'ind:0-NN'
[  241.418507][ T8461] veth0_vlan: entered promiscuous mode
[  241.423244][ T8461] veth1_vlan: entered promiscuous mode
[  241.437678][ T8461] veth0_macvtap: entered promiscuous mode
[  241.443473][ T8461] veth1_macvtap: entered promiscuous mode
[  241.451491][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.454749][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.458635][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.461550][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.464179][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.467402][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.470011][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.473052][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.475670][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.479123][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.481820][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.485194][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.488086][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.490703][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.493116][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.496073][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.499146][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.501829][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.504363][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.507193][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.509457][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.512338][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.521490][ T8461] batman_adv: batadv0: Interface activated: batadv_slave_0
[  241.532135][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.534987][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.539540][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.542718][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.545367][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.553521][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.557997][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.560709][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.563299][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.566116][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.569385][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.572098][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.575052][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.580637][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.584012][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.589185][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.591621][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.594220][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.597433][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.600185][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.602668][ T8461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.605516][ T8461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.610126][ T8461] batman_adv: batadv0: Interface activated: batadv_slave_1
[  241.621007][ T8461] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  241.624277][ T8461] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  241.634635][ T8461] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  241.638194][ T8461] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  241.768017][ T8186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  241.771343][ T8186] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  241.789528][   T89] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  241.792435][   T89] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.067117][ T5352] Bluetooth: hci7: command tx timeout
[  242.157539][    T9] usb 6-1: USB disconnect, device number 8
[  242.337145][ T8520] x_tables: (null)_tables: IDLETIMER.0 target: invalid size 40 (kernel) != (user) 96
[  242.547158][ T5352] Bluetooth: hci9: command tx timeout
[  242.863564][   T39] kauditd_printk_skb: 62 callbacks suppressed
[  242.863574][   T39] audit: type=1326 audit(242.751:4942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.1.824" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  242.893195][   T39] audit: type=1326 audit(242.761:4943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.1.824" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  242.932339][   T39] audit: type=1326 audit(242.761:4944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.1.824" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  242.942998][   T39] audit: type=1326 audit(242.761:4945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.1.824" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  242.949770][   T39] audit: type=1326 audit(242.761:4946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.1.824" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  242.956362][   T39] audit: type=1326 audit(242.771:4947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.1.824" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  242.963866][   T39] audit: type=1326 audit(242.771:4948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.1.824" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  242.972634][   T39] audit: type=1326 audit(242.771:4949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.1.824" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  242.980840][   T39] audit: type=1326 audit(242.771:4950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.1.824" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  242.987006][   T39] audit: type=1326 audit(242.771:4951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.1.824" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  243.106657][ T5352] Bluetooth: hci10: command tx timeout
[  244.636562][ T5352] Bluetooth: hci9: command tx timeout
[  245.196736][ T5352] Bluetooth: hci10: command tx timeout
[  245.464093][ T8559] fuse: Unknown parameter 'user_i00000000000000000000'
[  245.544961][ T8560] fuse: Bad value for 'fd'
[  245.555317][ T5352] Bluetooth: Unexpected start frame (len 18)
[  245.558157][ T5352] Bluetooth: Wrong link type (-71)
[  245.792132][ T8562] netlink: 8 bytes leftover after parsing attributes in process `syz.1.835'.
[  245.804742][ T5352] Bluetooth: hci7: Unknown advertising packet type: 0x40
[  246.014053][ T8570] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.018520][ T8570] batadv_slave_0: entered promiscuous mode
[  246.707799][ T5352] Bluetooth: hci9: command tx timeout
[  247.266712][ T5352] Bluetooth: hci10: command tx timeout
[  247.766942][ T8623] netlink: 8 bytes leftover after parsing attributes in process `syz.2.844'.
[  248.489375][ T8627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.845'.
[  248.500293][ T5352] Bluetooth: hci9: Unknown advertising packet type: 0x40
[  250.465631][   T39] kauditd_printk_skb: 88 callbacks suppressed
[  250.465643][   T39] audit: type=1326 audit(250.351:5040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8646 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  250.476845][   T39] audit: type=1326 audit(250.351:5041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8646 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  250.483128][   T39] audit: type=1326 audit(250.351:5042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8646 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  250.492022][   T39] audit: type=1326 audit(250.351:5043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8646 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  250.498746][   T39] audit: type=1326 audit(250.351:5044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8646 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  250.504143][   T39] audit: type=1326 audit(250.351:5045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8646 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=355 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  250.510077][   T39] audit: type=1326 audit(250.351:5046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8646 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  250.515347][   T39] audit: type=1326 audit(250.351:5047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8646 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  250.522829][   T39] audit: type=1326 audit(250.351:5048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8646 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  250.529068][   T39] audit: type=1326 audit(250.351:5049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8646 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f25579 code=0x7ffc0000
[  251.639596][ T5349] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  251.643850][ T5349] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  251.646375][ T5349] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  251.652322][ T5349] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  251.657305][ T5349] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3
[  251.659814][ T5349] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  251.660956][ T8185] bridge_slave_1: left allmulticast mode
[  251.663719][ T8185] bridge_slave_1: left promiscuous mode
[  251.668819][ T8185] bridge0: port 2(bridge_slave_1) entered disabled state
[  251.699991][ T8185] bridge_slave_0: left allmulticast mode
[  251.701955][ T8185] bridge_slave_0: left promiscuous mode
[  251.703835][ T8185] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.986568][ T4779] Bluetooth: hci4: command 0x0406 tx timeout
[  252.458593][ T8185] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  252.470864][ T8185] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  252.475123][ T8185] bond0 (unregistering): Released all slaves
[  252.572499][ T8661] chnl_net:caif_netlink_parms(): no params data found
[  252.597549][ T8185] IPVS: stopping backup sync thread 7558 ...
[  252.664297][ T8672] FAULT_INJECTION: forcing a failure.
[  252.664297][ T8672] name failslab, interval 1, probability 0, space 0, times 0
[  252.670101][ T8672] CPU: 1 UID: 0 PID: 8672 Comm: syz.1.857 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  252.673625][ T8672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  252.677149][ T8672] Call Trace:
[  252.678225][ T8672]  <TASK>
[  252.679220][ T8672]  dump_stack_lvl+0x16c/0x1f0
[  252.680764][ T8672]  should_fail_ex+0x497/0x5b0
[  252.682424][ T8672]  should_failslab+0xc2/0x120
[  252.684017][ T8672]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  252.685696][ T8672]  ? skb_clone+0x190/0x3f0
[  252.686874][ T8672]  skb_clone+0x190/0x3f0
[  252.687970][ T8672]  netlink_deliver_tap+0xb26/0xcf0
[  252.689604][ T8672]  netlink_unicast+0x6b4/0x7f0
[  252.691305][ T8672]  ? __pfx_netlink_unicast+0x10/0x10
[  252.693028][ T8672]  ? genl_rcv_msg+0x4bd/0x800
[  252.694283][ T8672]  netlink_ack+0x6a5/0xb20
[  252.695672][ T8672]  netlink_rcv_skb+0x327/0x410
[  252.697363][ T8672]  ? __pfx_genl_rcv_msg+0x10/0x10
[  252.698991][ T8672]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  252.700571][ T8672]  ? down_read+0xc9/0x330
[  252.701757][ T8672]  ? __pfx_down_read+0x10/0x10
[  252.703022][ T8672]  ? netlink_deliver_tap+0x1ae/0xcf0
[  252.704407][ T8672]  genl_rcv+0x28/0x40
[  252.705639][ T8672]  netlink_unicast+0x53c/0x7f0
[  252.707248][ T8672]  ? __pfx_netlink_unicast+0x10/0x10
[  252.709014][ T8672]  ? __phys_addr_symbol+0x30/0x80
[  252.710715][ T8672]  ? __check_object_size+0x488/0x710
[  252.712136][ T8672]  netlink_sendmsg+0x8b8/0xd70
[  252.713427][ T8672]  ? __pfx_netlink_sendmsg+0x10/0x10
[  252.715074][ T8672]  __sys_sendto+0x479/0x4d0
[  252.716371][ T8672]  ? __pfx___sys_sendto+0x10/0x10
[  252.717782][ T8672]  ? __might_fault+0x13b/0x190
[  252.719071][ T8672]  ? __pfx_lock_release+0x10/0x10
[  252.720606][ T8672]  __do_compat_sys_socketcall+0x5e2/0x700
[  252.722594][ T8672]  ? __fget_files+0x244/0x3f0
[  252.724164][ T8672]  ? __pfx___do_compat_sys_socketcall+0x10/0x10
[  252.726085][ T8672]  ? fput+0x30/0x390
[  252.727127][ T8672]  __do_fast_syscall_32+0x73/0x120
[  252.728779][ T8672]  do_fast_syscall_32+0x32/0x80
[  252.730454][ T8672]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  252.732551][ T8672] RIP: 0023:0xf7f25579
[  252.733872][ T8672] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  252.739523][ T8672] RSP: 002b:00000000f56a5440 EFLAGS: 00000293 ORIG_RAX: 0000000000000066
[  252.742249][ T8672] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f56a5454
[  252.744755][ T8672] RDX: 0000000000000000 RSI: 00000000f56a5570 RDI: 00000000f73abff4
[  252.747517][ T8672] RBP: 00000000f56a5570 R08: 0000000000000000 R09: 0000000000000000
[  252.750137][ T8672] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  252.752637][ T8672] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  252.755391][ T8672]  </TASK>
[  252.814762][ T8661] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.817005][ T8661] bridge0: port 1(bridge_slave_0) entered disabled state
[  252.818977][ T8661] bridge_slave_0: entered allmulticast mode
[  252.821517][ T8661] bridge_slave_0: entered promiscuous mode
[  252.840805][ T8661] bridge0: port 2(bridge_slave_1) entered blocking state
[  252.843182][ T8661] bridge0: port 2(bridge_slave_1) entered disabled state
[  252.845638][ T8661] bridge_slave_1: entered allmulticast mode
[  252.862201][ T8661] bridge_slave_1: entered promiscuous mode
[  252.974842][ T8661] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  252.979999][ T8661] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  253.071275][ T8661] team0: Port device team_slave_0 added
[  253.191989][ T8185] hsr_slave_0: left promiscuous mode
[  253.234375][ T8185] hsr_slave_1: left promiscuous mode
[  253.357507][ T8185] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  253.360089][ T8185] batman_adv: batadv0: Removing interface: batadv_slave_0
[  253.379725][ T8185] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  253.382190][ T8185] batman_adv: batadv0: Removing interface: batadv_slave_1
[  253.461610][ T8185] veth1_macvtap: left promiscuous mode
[  253.463456][ T8185] veth0_macvtap: left promiscuous mode
[  253.464914][ T8185] veth1_vlan: left promiscuous mode
[  253.466341][ T8185] veth0_vlan: left promiscuous mode
[  253.579210][ T4779] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  253.582723][ T4779] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  253.585293][ T4779] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  253.588271][ T4779] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  253.591615][ T4779] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3
[  253.593649][ T4779] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  253.727519][ T8685] 
[  253.728425][ T8685] ======================================================
[  253.731017][ T8685] WARNING: possible circular locking dependency detected
[  253.733441][ T8685] 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0 Not tainted
[  253.736361][ T8685] ------------------------------------------------------
[  253.739783][ T8685] syz.1.860/8685 is trying to acquire lock:
[  253.741673][ T8685] ffffffff8fd521e8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_exists+0x5f/0x1a0
[  253.744612][ T8685] 
[  253.744612][ T8685] but task is already holding lock:
[  253.747070][ T8685] ffffffff8fd571a8 (rfcomm_ioctl_mutex){+.+.}-{3:3}, at: rfcomm_dev_ioctl+0x9db/0x1e70
[  253.747680][ T4779] Bluetooth: hci11: command tx timeout
[  253.750264][ T8685] 
[  253.750264][ T8685] which lock already depends on the new lock.
[  253.750264][ T8685] 
[  253.750271][ T8685] 
[  253.750271][ T8685] the existing dependency chain (in reverse order) is:
[  253.758914][ T8685] 
[  253.758914][ T8685] -> #3 (rfcomm_ioctl_mutex){+.+.}-{3:3}:
[  253.761611][ T8685]        __mutex_lock+0x175/0x9c0
[  253.763324][ T8685]        rfcomm_dev_ioctl+0x9db/0x1e70
[  253.765189][ T8685]        rfcomm_sock_compat_ioctl+0xba/0xe0
[  253.767261][ T8685]        compat_sock_ioctl+0x17b/0x7e0
[  253.769224][ T8685]        __do_compat_sys_ioctl+0x259/0x2b0
[  253.771269][ T8685]        __do_fast_syscall_32+0x73/0x120
[  253.773250][ T8685]        do_fast_syscall_32+0x32/0x80
[  253.775131][ T8685]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  253.777611][ T8685] 
[  253.777611][ T8685] -> #2 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}:
[  253.780922][ T8685]        lock_sock_nested+0x3a/0xf0
[  253.782759][ T8685]        rfcomm_sk_state_change+0x6d/0x3b0
[  253.784831][ T8685]        __rfcomm_dlc_close+0x28c/0x700
[  253.786739][ T8685]        rfcomm_dlc_close+0x1eb/0x240
[  253.788670][ T8685]        __rfcomm_sock_close+0xa7/0x230
[  253.790660][ T8685]        rfcomm_sock_shutdown+0xd5/0x230
[  253.792697][ T8685]        rfcomm_sock_release+0x5d/0x140
[  253.794683][ T8685]        __sock_release+0xb0/0x270
[  253.796483][ T8685]        sock_close+0x1c/0x30
[  253.798146][ T8685]        __fput+0x3f6/0xb60
[  253.799785][ T8685]        task_work_run+0x14e/0x250
[  253.801613][ T8685]        get_signal+0x1d3/0x26d0
[  253.803416][ T8685]        arch_do_signal_or_restart+0x90/0x7e0
[  253.805607][ T8685]        syscall_exit_to_user_mode+0x150/0x2a0
[  253.807762][ T8685]        __do_fast_syscall_32+0x80/0x120
[  253.809784][ T8685]        do_fast_syscall_32+0x32/0x80
[  253.811678][ T8685]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  253.814143][ T8685] 
[  253.814143][ T8685] -> #1 (&d->lock){+.+.}-{3:3}:
[  253.816535][ T8685]        __mutex_lock+0x175/0x9c0
[  253.818265][ T8685]        __rfcomm_dlc_close+0x235/0x700
[  253.820209][ T8685]        rfcomm_dlc_close+0x1eb/0x240
[  253.822165][ T8685]        __rfcomm_sock_close+0xa7/0x230
[  253.823678][ T8685]        rfcomm_sock_shutdown+0xd5/0x230
[  253.825226][ T8685]        rfcomm_sock_release+0x5d/0x140
[  253.827045][ T8685]        __sock_release+0xb0/0x270
[  253.828711][ T8685]        sock_close+0x1c/0x30
[  253.830228][ T8685]        __fput+0x3f6/0xb60
[  253.831713][ T8685]        task_work_run+0x14e/0x250
[  253.833277][ T8685]        get_signal+0x1d3/0x26d0
[  253.834766][ T8685]        arch_do_signal_or_restart+0x90/0x7e0
[  253.836507][ T8685]        syscall_exit_to_user_mode+0x150/0x2a0
[  253.838454][ T8685]        __do_fast_syscall_32+0x80/0x120
[  253.840408][ T8685]        do_fast_syscall_32+0x32/0x80
[  253.842277][ T8685]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  253.844665][ T8685] 
[  253.844665][ T8685] -> #0 (rfcomm_mutex){+.+.}-{3:3}:
[  253.847270][ T8685]        __lock_acquire+0x250b/0x3ce0
[  253.849201][ T8685]        lock_acquire.part.0+0x11b/0x380
[  253.851154][ T8685]        __mutex_lock+0x175/0x9c0
[  253.852937][ T8685]        rfcomm_dlc_exists+0x5f/0x1a0
[  253.854689][ T8685]        rfcomm_dev_ioctl+0xabc/0x1e70
[  253.856465][ T8685]        rfcomm_sock_compat_ioctl+0xba/0xe0
[  253.858527][ T8685]        compat_sock_ioctl+0x17b/0x7e0
[  253.860435][ T8685]        __do_compat_sys_ioctl+0x259/0x2b0
[  253.862505][ T8685]        __do_fast_syscall_32+0x73/0x120
[  253.864482][ T8685]        do_fast_syscall_32+0x32/0x80
[  253.866453][ T8685]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  253.868837][ T8685] 
[  253.868837][ T8685] other info that might help us debug this:
[  253.868837][ T8685] 
[  253.872252][ T8685] Chain exists of:
[  253.872252][ T8685]   rfcomm_mutex --> sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_ioctl_mutex
[  253.872252][ T8685] 
[  253.877301][ T8685]  Possible unsafe locking scenario:
[  253.877301][ T8685] 
[  253.879916][ T8685]        CPU0                    CPU1
[  253.881793][ T8685]        ----                    ----
[  253.883563][ T8685]   lock(rfcomm_ioctl_mutex);
[  253.885168][ T8685]                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM);
[  253.887670][ T8685]                                lock(rfcomm_ioctl_mutex);
[  253.890092][ T8685]   lock(rfcomm_mutex);
[  253.891488][ T8685] 
[  253.891488][ T8685]  *** DEADLOCK ***
[  253.891488][ T8685] 
[  253.894159][ T8685] 2 locks held by syz.1.860/8685:
[  253.895820][ T8685]  #0: ffff88805fada258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_compat_ioctl+0xac/0xe0
[  253.899904][ T8685]  #1: ffffffff8fd571a8 (rfcomm_ioctl_mutex){+.+.}-{3:3}, at: rfcomm_dev_ioctl+0x9db/0x1e70
[  253.903391][ T8685] 
[  253.903391][ T8685] stack backtrace:
[  253.905456][ T8685] CPU: 2 UID: 0 PID: 8685 Comm: syz.1.860 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  253.909049][ T8685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  253.912581][ T8685] Call Trace:
[  253.913768][ T8685]  <TASK>
[  253.914818][ T8685]  dump_stack_lvl+0x116/0x1f0
[  253.916294][ T8685]  print_circular_bug+0x419/0x5d0
[  253.917993][ T8685]  check_noncircular+0x31a/0x400
[  253.919477][ T8685]  ? __pfx_check_noncircular+0x10/0x10
[  253.921056][ T8685]  ? __kernel_text_address+0xd/0x40
[  253.922699][ T8685]  ? lockdep_lock+0xc6/0x200
[  253.924161][ T8685]  ? __pfx_lockdep_lock+0x10/0x10
[  253.925789][ T8685]  __lock_acquire+0x250b/0x3ce0
[  253.927433][ T8685]  ? __pfx___lock_acquire+0x10/0x10
[  253.929365][ T8685]  ? add_lock_to_list+0x17d/0x390
[  253.931086][ T8685]  lock_acquire.part.0+0x11b/0x380
[  253.932821][ T8685]  ? rfcomm_dlc_exists+0x5f/0x1a0
[  253.934081][ T8685]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  253.935564][ T8685]  ? rcu_is_watching+0x12/0xc0
[  253.936845][ T8685]  ? trace_lock_acquire+0x14a/0x1d0
[  253.938226][ T8685]  ? rfcomm_dlc_exists+0x5f/0x1a0
[  253.939562][ T8685]  ? lock_acquire+0x2f/0xb0
[  253.940778][ T8685]  ? rfcomm_dlc_exists+0x5f/0x1a0
[  253.942107][ T8685]  __mutex_lock+0x175/0x9c0
[  253.943311][ T8685]  ? rfcomm_dlc_exists+0x5f/0x1a0
[  253.944668][ T8685]  ? find_held_lock+0x2d/0x110
[  253.945932][ T8685]  ? rfcomm_dlc_exists+0x5f/0x1a0
[  253.947259][ T8685]  ? __pfx___mutex_lock+0x10/0x10
[  253.948606][ T8685]  ? __pfx_lock_release+0x10/0x10
[  253.949938][ T8685]  ? trace_lock_acquire+0x14a/0x1d0
[  253.951301][ T8685]  ? apparmor_capable+0x114/0x1d0
[  253.952651][ T8685]  ? rfcomm_dlc_exists+0x5f/0x1a0
[  253.953985][ T8685]  rfcomm_dlc_exists+0x5f/0x1a0
[  253.955274][ T8685]  rfcomm_dev_ioctl+0xabc/0x1e70
[  253.956591][ T8685]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  253.957998][ T8685]  ? __pfx_lock_release+0x10/0x10
[  253.959318][ T8685]  ? mark_held_locks+0x9f/0xe0
[  253.960597][ T8685]  ? rfcomm_sock_compat_ioctl+0xac/0xe0
[  253.962051][ T8685]  ? __local_bh_enable_ip+0xa4/0x120
[  253.963441][ T8685]  rfcomm_sock_compat_ioctl+0xba/0xe0
[  253.964869][ T8685]  compat_sock_ioctl+0x17b/0x7e0
[  253.966064][ T8685]  ? __pfx_rfcomm_sock_compat_ioctl+0x10/0x10
[  253.967621][ T8685]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  253.969066][ T8685]  ? __fget_files+0x244/0x3f0
[  253.970303][ T8685]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  253.971730][ T8685]  __do_compat_sys_ioctl+0x259/0x2b0
[  253.973119][ T8685]  __do_fast_syscall_32+0x73/0x120
[  253.974460][ T8685]  do_fast_syscall_32+0x32/0x80
[  253.975738][ T8685]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  253.977393][ T8685] RIP: 0023:0xf7f25579
[  253.978461][ T8685] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  253.983439][ T8685] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  253.985648][ T8685] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000400452c8
[  253.987721][ T8685] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000
[  253.989797][ T8685] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  253.991864][ T8685] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  253.993935][ T8685] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  253.995982][ T8685]  </TASK>
[  253.998548][ T8685] FAULT_INJECTION: forcing a failure.
[  253.998548][ T8685] name failslab, interval 1, probability 0, space 0, times 0
[  254.001989][ T8685] CPU: 0 UID: 0 PID: 8685 Comm: syz.1.860 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0
[  254.004836][ T8685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  254.007917][ T8685] Call Trace:
[  254.008845][ T8685]  <TASK>
[  254.009645][ T8685]  dump_stack_lvl+0x16c/0x1f0
[  254.010917][ T8685]  should_fail_ex+0x497/0x5b0
[  254.012177][ T8685]  ? fs_reclaim_acquire+0xae/0x160
[  254.013581][ T8685]  should_failslab+0xc2/0x120
[  254.014910][ T8685]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  254.016395][ T8685]  ? __kernfs_new_node+0xd3/0x890
[  254.017766][ T8685]  ? kstrdup+0x5c/0x80
[  254.018869][ T8685]  __kernfs_new_node+0xd3/0x890
[  254.020172][ T8685]  ? rcu_is_watching+0x12/0xc0
[  254.021498][ T8685]  ? lock_release+0x4f6/0x6f0
[  254.022755][ T8685]  ? __pfx___kernfs_new_node+0x10/0x10
[  254.024189][ T8685]  ? __pfx_lock_release+0x10/0x10
[  254.025596][ T8685]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  254.027032][ T8685]  ? rcu_is_watching+0x12/0xc0
[  254.028332][ T8685]  ? trace_irq_enable.constprop.0+0xe4/0x130
[  254.029937][ T8685]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  254.031473][ T8685]  ? stack_depot_save_flags+0x31b/0x900
[  254.032931][ T8685]  kernfs_new_node+0x186/0x240
[  254.034183][ T8685]  ? kasan_save_stack+0x42/0x60
[  254.035500][ T8685]  kernfs_create_dir_ns+0x4c/0x150
[  254.036881][ T8685]  sysfs_create_dir_ns+0x13b/0x2b0
[  254.038159][ T8685]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  254.039538][ T8685]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  254.040941][ T8685]  ? kobject_add_internal+0x12d/0x990
[  254.042336][ T8685]  ? class_dir_child_ns_type+0xd/0x60
[  254.043731][ T8685]  kobject_add_internal+0x2c8/0x990
[  254.045108][ T8685]  kobject_add+0x16f/0x240
[  254.046273][ T8685]  ? __pfx_kobject_add+0x10/0x10
[  254.047921][ T8685]  ? lock_acquire+0x2f/0xb0
[  254.049198][ T8685]  ? get_device_parent+0x11f/0x4e0
[  254.050532][ T8685]  ? kobject_put+0xab/0x5a0
[  254.051699][ T8685]  ? device_add+0xc02/0x1a70
[  254.052924][ T8685]  device_add+0x289/0x1a70
[  254.054116][ T8685]  ? __pfx_device_add+0x10/0x10
[  254.055478][ T8685]  ? __init_waitqueue_head+0xca/0x150
[  254.056971][ T8685]  tty_register_device_attr+0x38f/0x7c0
[  254.058482][ T8685]  ? __pfx_tty_register_device_attr+0x10/0x10
[  254.060072][ T8685]  rfcomm_dev_ioctl+0x1849/0x1e70
[  254.061348][ T8685]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  254.062704][ T8685]  ? __pfx_lock_release+0x10/0x10
[  254.064046][ T8685]  ? mark_held_locks+0x9f/0xe0
[  254.065559][ T8685]  ? rfcomm_sock_compat_ioctl+0xac/0xe0
[  254.067368][ T8685]  ? __local_bh_enable_ip+0xa4/0x120
[  254.069103][ T8685]  rfcomm_sock_compat_ioctl+0xba/0xe0
[  254.070811][ T8685]  compat_sock_ioctl+0x17b/0x7e0
[  254.072241][ T8685]  ? __pfx_rfcomm_sock_compat_ioctl+0x10/0x10
[  254.073916][ T8685]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  254.075396][ T8685]  ? __fget_files+0x244/0x3f0
[  254.076724][ T8685]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  254.078526][ T8685]  __do_compat_sys_ioctl+0x259/0x2b0
[  254.079990][ T8685]  __do_fast_syscall_32+0x73/0x120
[  254.081344][ T8685]  do_fast_syscall_32+0x32/0x80
[  254.082618][ T8685]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  254.084251][ T8685] RIP: 0023:0xf7f25579
[  254.085375][ T8685] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  254.090394][ T8685] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  254.092553][ T8685] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000400452c8
[  254.094639][ T8685] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000
[  254.097156][ T8685] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  254.099986][ T8685] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  254.102743][ T8685] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  254.105599][ T8685]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  254.112647][ T8685] kobject: kobject_add_internal failed for rfcomm0 (error: -12 parent: tty)
[  255.029268][ T1373] ieee802154 phy0 wpan0: encryption failed: -22
[  255.031422][ T1373] ieee802154 phy1 wpan1: encryption failed: -22
[  255.047374][ T8185] team0 (unregistering): Port device team_slave_1 removed
[  255.175978][ T8185] team0 (unregistering): Port device team_slave_0 removed
[  255.666802][ T4779] Bluetooth: hci12: command tx timeout
[  255.827296][ T4779] Bluetooth: hci11: command tx timeout
[  255.978068][ T8661] team0: Port device team_slave_1 added
[  256.482763][ T8185] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.545410][ T8185] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.603370][ T8185] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.665686][ T8185] netdevsim netdevsim1  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.769760][ T8185] bridge_slave_1: left allmulticast mode
[  256.774354][ T8185] bridge_slave_1: left promiscuous mode
[  256.776312][ T8185] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.779915][ T8185] bridge_slave_0: left allmulticast mode
[  256.781785][ T8185] bridge_slave_0: left promiscuous mode
[  256.783734][ T8185] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.788851][ T8185] bridge_slave_1: left allmulticast mode
[  256.790711][ T8185] bridge_slave_1: left promiscuous mode
[  256.792658][ T8185] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.795746][ T8185] bridge_slave_0: left allmulticast mode
[  256.798242][ T8185] bridge_slave_0: left promiscuous mode
[  256.800153][ T8185] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.959876][ T8185] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  256.963509][ T8185] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  256.967633][ T8185] bond0 (unregistering): Released all slaves
[  256.973583][ T8185] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  256.987462][ T8185] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  256.990799][ T8185] bond0 (unregistering): Released all slaves
[  257.253147][ T8185] hsr_slave_0: left promiscuous mode
[  257.254836][ T8185] hsr_slave_1: left promiscuous mode
[  257.257352][ T8185] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  257.259307][ T8185] batman_adv: batadv0: Removing interface: batadv_slave_0
[  257.261593][ T8185] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  257.263529][ T8185] batman_adv: batadv0: Removing interface: batadv_slave_1
[  257.272715][ T8185] veth1_macvtap: left promiscuous mode
[  257.274186][ T8185] veth0_macvtap: left promiscuous mode
[  257.275611][ T8185] veth1_vlan: left promiscuous mode
[  257.277485][ T8185] veth0_vlan: left promiscuous mode
[  257.316091][ T8185] team0 (unregistering): Port device team_slave_1 removed
[  257.322610][ T8185] team0 (unregistering): Port device team_slave_0 removed
[  257.620782][ T8185] team0 (unregistering): Port device team_slave_1 removed
[  257.677473][ T8185] team0 (unregistering): Port device team_slave_0 removed

VM DIAGNOSIS:
16:30:28  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000001 RBX=0000000000000000 RCX=ffffffff816947be RDX=fffffbfff2039a4a
RSI=ffffffff8bb12360 RDI=ffffffff8bb123a0 RBP=0000000000000000 RSP=ffffc90000eafa08
R8 =0000000000000000 R9 =fffffbfff2039a49 R10=ffffffff901cd24f R11=ffff88802b428a7c
R12=0000000000000000 R13=0000000000000002 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8b1321c0 RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7353044 CR3=000000006b638000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000c2133c RBX=0000000000000001 RCX=ffffffff8b131a39 RDX=ffffed10056a7026
RSI=ffffffff8bb12360 RDI=ffffffff816418fc RBP=ffffed10036eb910 RSP=ffffc90000477e08
R8 =0000000000000000 R9 =ffffed10056a7025 R10=ffff88802b53812b R11=0000000000000001
R12=0000000000000001 R13=ffff88801b75c880 R14=ffffffff901cd248 R15=0000000000000000
RIP=ffffffff8b132e1f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000056043f8b845f CR3=000000001bfea000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000044000001 Opmask01=000000000000001f Opmask02=000000000000ffdf Opmask03=8200002022100080
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff32d759a0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ff00000000 00ff000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffffffffffffff
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfe37091fd325807 737326ab59cb4ddc
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737142 7373737373737373
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6d25203a7325206b 6e696c6d79732065 7461657263206f74 2064656c69614600
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4800051f5600054e 4b4c49485c560540 5144405746054a51 054140494c444600
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000201 0000000000000000 31706f6f6c2f6b63 6f6c622f6c617574
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 cc9003e28e412b74 000000055dd776f0 0000000000000061 0000000030336c6c
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1f0517305e24657e 21216330273f2b6d 7837256062757464 0875780e2f7d6641
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7f777f7f7e75777f 6f7f7f7f6f7f3f7f 7f7f3f7f7777756e 3f777e2f2f7f7f77
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 26483b3a3a264b3b 3a0a00307f617930 3a2433273f397b27 697a787c69303b7e
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3530353332003038 313d454f00304d00 632d6364623d453d 414554454400303d
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3530323000003000 3130303000304d00 302d45300030303d 3530304144003000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff850374c5 RDI=ffffffff9a63a220 RBP=ffffffff9a63a1e0 RSP=ffffc900312a7278
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=000000000000005b R14=ffffffff85037460 R15=0000000000000000
RIP=ffffffff850374ef RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f56a5fbc CR3=00000000796bc000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=ffff88801bbe6958 RBX=ffffffff8172d392 RCX=0000000000000000 RDX=0000000000000000
RSI=0000000000000000 RDI=ffff88801bbe6958 RBP=0000000000000000 RSP=ffffc90035b27a78
R8 =0000000000000001 R9 =0000000000000000 R10=ffffc90035b27bf8 R11=000000000000004f
R12=0000000000000000 R13=0000000000000000 R14=0000000000000001 R15=0000000000000000
RIP=ffffffff816a47b9 RFL=00000296 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f3f5fe6f5ee CR3=0000000051ede000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fec0ffd0 Opmask01=0000000000004211 Opmask02=000000000000ffdf Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff32d755c0 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a2a2a2a2a2a2a2a 2a2a2a2a2a2a2a2a
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffff00000000ff
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfe37091fd325807 737326ab59cb4ddc
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737142 737373435c021e73
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 656c696620732520 6465746165726300 0a73253a47000a73 253d73253a45000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 40494c4305560005 4140514440574600 0a56001f47000a56 001856001f45000a
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 cc9003e28e412b74 000000055dd776e9 00000000000001f1 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000231 0033690031336c6c 696b66722f383179 68702f3131323038
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055dd776f2c60 000055dd776e0790 000055dd77704d20 000055dd776e8bb0
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055dd776fdb50 000055dd776ea8a0 000055dd776ebd90 000055dd776fb360
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 26483b3a3a264b3b 3a0a00307f617930 3a2433273f397b27 697a787c69303b7e
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f3832313d003631 3100323600323331 32323d4652455145 49003938312f3631
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f3132313d003631 3100003000323331 30303d3233353045 3a003938312f3631
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000