last executing test programs:

7.150033992s ago: executing program 1 (id=2071):
r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000001140), 0x20402, 0x0)
write$P9_RXATTRCREATE(r1, 0x0, 0x12)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000019600)='blkio.bfq.empty_time\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000200), 0xfffffd9d)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='htcp\x00', 0x5)
sendmsg$kcm(r0, &(0x7f0000000380)={&(0x7f0000000280)=@in6={0xa, 0x4e22, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000300)="3c4d3cda01b970e34272df6f4f6122ff2eefeccb868d7ebbf7bc089644d75f5245fb896679e0738069e16ee99509ff0ca896ba5823da9f12f30894a5364854dfe4699914b2c8bbcadab51ffe9896516e9298e3b6cbc142a932831d2571eb2476df82e51c0fa1efd7ffbe5164f7d3d320978bb2f3bffe77436e548fa7ebeacfa7", 0x80}], 0x1, &(0x7f0000000540)=[{0x70, 0x108, 0xfe8c, "828050fa20a2354041c5e262c130d3d7c93d19fb44be7b044f7a2afc0680fe0b9792b8fd439758c1203d3f33ba6b97573e5c51e425019e2a9bee51c32262e77379f3389d1b13e04b61b62c17c6a2c6fd47602b693994f3cd6728905363e941b90832d454"}, {0x24, 0x11, 0x9, "42859786b9431927e5d5fe630deb2fed62e941d147"}, {0x100c, 0x11, 0x3, "46165dda5bfe0d8ece9c3a7b586fe8bb7665a57cb7dfee6a0bb454f96866ba80ca5e432eeb8e4692593e936974a8df7f234d1a6e471cd6060eb7c5cce405fe5c992f219017d56c1575ae7a21fe896a60577130f8e752e855ac717216d81a052c1a8a1ba7e90b7b4aefb59f7672a4b66d2dca84a8230856ab2af00071ff7cbcc305580b89c4db6a14251ce4ba9e9052b3cc746df80815d3a6dd4a3d356f6b3ac79fe4247afe6a593706f2425c53c30613c8418ad25248fa3e078552c0c6c87a4d490e22c371c06379a71babda53473380be29f1d2f4efbd96f80df3c5fe6a3ffef1b09d1d0e86d2f99a7d5de65d01bc759baa97696e1cd62ccda4efa1dae3c549bf27e5e24360adc69d0829aa40fc9c167042bc250e87e65ca233e8ecbb16397ecb5137fb3c9ed276b5b5616bac08f79a76318fed3a106c476e274ec8ebad291bcd60271b27b8ff1979ed27142d07052c4b85fba71e959064d17e44bef85ddcb05ce1d7aad95bd351371b5a081fd726aec2d4e23e81881d6e52845bd6bec7839ad7c7de3670dfd331604aef990850eb4f5ce90ed74a07849d98434155a5c2063235b2907c99f8ecd2652eaf3509438cd25251d7e47876adc88b959a2d47236a8cdf234a6aca860840ef6b97450195d8decfca5e1de413f6a3bb6cfd0d9b841a0a4afc43ec16b36ac2e57237efcc7e684a9583699b61a6de931ad8bc91a0c89813b4f8fb7c8e70bb01c8bbf5b2c43dca38c2b26082fd5741f92754354170e2c2995dd16e255ea37ab3c4cac43c50a457f287fe258b9bf783f30df74bab451e560cddfbc816a77d2a942c4426b2d5d6dc167db6a1f9621fbbb4abc1626c8e98c14b43a96057a52c245f000bf99d2de1195315025d8e8ac8c5df068b15c26eda58f10c0603cecdc81a77ade6eecf7f9d47a7e7f236265247e5e2e92616d49e06ad847f7d7a25acb71cfa4b136540df10235ea366ab78cf824e9943d845874f0e6fa75c6ef9c0f0f4c09d7e2b0b0dd2fd91985663cc6e7221313331efdc96c1be59de36db5323f84e281cbfa0279c9dee37e77fb7f44c02e959480c23a8a75b0646072ebafd6705bbdde4865c341054a7db61553fca4ec489afc3861b7cbc7a3e8a1447e575d24360d0e814d32e8888a46381c34ea362151c3a73c1b890c3a68fa348a3241b34126df11d706bdda8ac0293f1b7746437337ea9f7381be501959b209b3e6399e55a10e659bdd56ca3682aae328effce6fde8c89c793e9f8b5b3675fe5a44dfd9a2d5c3e7b9467f7c1cb6574ce239cf33dde390f899ffbafd97ca8b914080f0d5dde52605fcf113b44dba333f9097a2598bb3d1bee7890d25e9ebbc0803f7b1184d3a3d485b49de0655f75bd317b3fac7a480e631321d902cad455986860359a3c4d4653927d2088e5e7ac0db5c845b39e2b7cebc15f01f5cd5fa4216d9a10348e44efbcbf77bc58b2eae8d89859059e76ddb383697a208a7c34be33ba849fa995d4cdc99e2e1e607d51531d5adea6025ae53a038c5511e0ca0ca3afae7e063bba1680de20e6f9a85c410fda38cc0dc07ddaf1010bf62dfc7e70451548e9b3f0f2a8ee7f72b22dcda93e60d4e34e9ee6973c9b0a0eaef217dd862bc40c03fc242d1359404d91572548590b5ae7e3c9d99891b04f4c72df133ce0217251c9ecb29bbb08cd3bcdc5ad84b059be36cbaa09707d9a060c20327dc9dc9def77a26ad2cbc4e09c1cfa722dff3fb70ed6829d0a9b4c9983da11c9604f3fb767c9377e0d7942638510fa0fa981681bfd805b965ced8433283cb894f427ec94318c33426a6055487737d4c442d4dd8203c4d44588041193880097bc43a7c05a8f340752c58f6b9e500194852d5c7ac5578a1e500d1cb70600fb8e0bb4223cab31533532c9faa80e56c32c7cad7eb8448b2f6672533ea46fc8eb438ea10362871608f2ca75c538b8d687682b3e51254ba66a87b401b57b57b2068d2eea48e8c9751bc8c4712af80d831ee1dd7ba081e9ac885ba75f3a494dcc0205221bccd7fc54fe0cfefeeb0582cec0b75088c03e741329c62d23e51965ff0657b3c74320d0f5fc99648f638163f4c4e18cd5e5f48bcf7d7671d9b0574da83005f227e1679f9cb3237f3737f78b141742088b2bb5b4868a662bbcebb352ed250ca9e9262a2130058f68f43b3fe592f84df4d8d0ca208d3b0758da269d7136efc7a622e0909d034340e5ca5ca8e5193d9e7822a21d7d8b0b74b4cd0e9dceb171db975002b2122eb7bfb98d5b620a987d1b17f19bcf4960f998e9d0f47794cfb5c5224a0c22d9b2253f9b01972d612f3fa79c408cec3b20700e91405278bb2250a8f3a7720f59062b0a3049d58245f6e024eeac3b9b052353c1ca1e5664fc99d830c1a7884331982a8f976275ba286db2fbad7f5cdcb135200bcc7cd9dc078ec4edb4cff80554bcfcddb620ccd499d7b133255d05a3f4b3439b7ffccbfe8b72a2b6f9695b10b998d3799b9eec0a989b39882b3a81ecc1867f7cfc17c9e747d887f756456b4c28064f7618c677f4818ebbebba2e997fe857fbaf99d971d646f2b22acbbdb56dba9730a5d9239f073a8d3062f5a661979f7386e04a8017f52bc02a07fec7625a8547c38a822e107223dfac808419b81eb092894d1ca6128e8b475112103edd3001d6943c0349253ceecba47a07f6278f269e876bc79f122bb661c6fcea4301e67c7028c2d420acf1c8bdb7d6d550223766e3257c184c00dc824085ecd911e8e6cd5959858bc4c765babfc655dd3f60cdcf60fe9de2d506e58213b1419cb1e2e4f3ba28ea8092b492b28ff7ef2b05f544acbf44b1de6c9b2386a064e01d6d46ce180f7b080ca9f4d982aa537f3299eb45bd41f37bd8d5e73ad69aa15ca3f8127e41bf927e7be81d4bb6078fd87f1684df5f52cc7d9afee0dcf387e56fb2fd4e6a75e5f1603ffc5bd5ca0ad43f00b0b2403c370da17e8a7bedaf6a932289d60e0134529606188178a20a430333922a7d16e010aeef476de1626048eb556aaa43da4eb522f24157e6f820839445eae009fdbe3cdded162ae69773de934b9ce787c49369de6d352448f844f3ff3f1e8d617f7287e4dc8fe3be7aa33a994e26d70334651ea3de0a73af0b74005c9ddd75e13147c7f14256803c5b357084e89fea623a7ff59f999f7a036714c2ba4d82289e1d0563c8ba2bd30a6fb40337eb979e154e4bd8c974fab4eee11a67c5528c59094bf16cd14626630df0735bda1427badc1cdee8d18bdd4e9010a789954fdbffd4c4b361cb5ffa54c525da7af444a7781cd89c5c2f839d66d379b4a5bb0acdb8a1421eb980705c0bfbe6476dc1cda95cc16cd910b1a9406b941388e9f2be5d0ac3cf87b4cf931ee168bf7a913a5979fe77a51d3086c6b6be6163f01b33a683032a2b324965bccbb32d2dead3ae60039f4dc394eee1b710b6322124a44088f1fe7f2638194a29ed4c1973b86efafe0681e8e6c73612660a9f55e15a4fba1d67dff5b3c7ee6cbf851c013a52c5126cdbbba6e208dc03f58b7bbd2b27d9ea8bdfc77a88d907606739b2a5b9c8dbbfa591840f1a8d2d259ddad7c4d32d6bd90c3cb9d57c317155e2c1fb9070229f539e637440d6a54af25c0bedc8c8b039b1b8548788ac7cdc86b361e333122359cb3201bde4c77edb4c4bf1afe678b4d26a20499cbdc998e00d0def398a5a191885d9781386ba529ac18c1a50e47e909bedf36694a27fadcd8b8a7f28a56bad294695b77088048f1a334a7b3b2d1ec60a6aba6ffdded7f7e9ae21c5969b55ead58ae6a3d16e9f1123a9a4b92689f837be12af10b5e08afba29060418ca3e28bb8c6c95e00ffb378cf1f62aa66ef23b6bba28d288498c8f6752559d4ec02b52a46a424c8aab94369eae0ad166c1421bee70bfc4de5b8641ee5c91a2071123009ba248773668c0df2b874968b82aae9adc81ade33f20481a27109b5809952670dc6b9ffe43fee3b9ad5505f55710705717e3c311444a6889d968c48dd4749fd39342251a2b7c208a11b76252e654b47d5dea64d5b9fdbe92a4795781ffb1f9b7bebbd02be5eeb08a2615508c2dd1ba4c1de6b1132815f782623e0e8ef284158d96aaf15ae43b080677e5869d80f384df4437921958b343c665a792e9f40610799bb4e12338cd67a33266d4c87991050faa5e0589e45148c58919406b0b40dd165f98cbb0bd221ba9bac4cd0ccd59f2bcb7e7724d421cf876847623d4312256ab5f1141b8b9f29b5f97d3cdb18364ff2d15eec2828f2d6ec8dcfa6ac614499fff56d470e9c9ba94d53009cdad0529337d44a431686f28cc4273de162e3a4f56358a8c6215f1bd9cbb7b5d81455d67aadb7c8e421dfd9f2b62a0694d57c56ab59cb83eb18ecba27ae64a18c18c49a7271d724c001181d3f9b0f0283b0d7d31f1423948437d26aba681750e57050e4cf4c0654f8f9bb94da1c7af7431604534e3d44157dcf86735804c31980ebd5b8f0f1928a22049c37ef2d5cee32ba4d0b225ba6c0757adf7953b318b2a66bdd85b815d904dc98aef0556e5a41345c8612f32a687f7f596b25ff6626191dae5694339d6c53edf250ad51cf872736cbf871404d5511142e945d265fa19b91dd797131eb7420ab84186976219ea79f0272b48b39c85c4490fa9692e70f37745fd2eb3cd1be071c58c37d25a4f0e361de6674341ef09b13a11686a60594479f8bc8d2c8ac1efa35efa5f7e4d041dc0fac00578ca5f35bedadcc991d5ca00ab4ab4191786a41d68038fea41f45942dbbac89d7ca7c2bfbab3368a42a325383980e3282bdccdd3d73b72ad6eb5dda2105650aa34cdc13c054dc39aacf75f2ca5699870b58bfbc814691142cfbf69b50615d331fb52a26b4dbc5bb5f3f9149d313601f9953f73a4c0ed019ba637efbae2bc667fc20330197069af799f9f8d0b04af73aa1b6b409d491b1dbca9e258a06020dd698ec0c081c689c35002eb94edf900edb30bf3590ce33a9bac99a8cb91bc9301eda78cba7c332df11eee4aa470bf3269b820486dfa9b4e3d50e22ea79a33d2414e0bca1ca4ac3282ae537c1513db32db306a0009d67c0e8c3e60d0e4df684e39eee3c7e9e3316c18eceacdd4d7db827e34f495d03df8315a0a385aa2b47b716efdb906dd788e41dd4a7f2724631078cff1d0f9fc66f123225f569526f34e67bb328e51574a45ed2d203a2a313b2355a3c845003a4f8e133b62b60f97c879fd3f033652343a79a324c3bdb6097276825f7a5908c4ee6b6f4e2fbfa4e93cc84eb343ead768cbe84e03bd4227bcee01f7baa36482787f991c22fd1b673ef14c64e4a88dffbca86a3172534ce623f0af2d8c5c7897f972b2105d3252e8aa8809ade1afd8c65f5064913230e7cb23e6086a6b6d6f052cf835be1cf675d3fec7c6879398ead6d055e021f08d4754904975293b9487d29f5b73c13d67cb4bee88808ac9ff354f512b1965546e945afa9dfd4fe54d0dab19e4ab82f2b05ef4b85ec7f2adc6e8812ba48707eac328a94e19fa78a012cac4e75f4e0a89bf94ce355a70f6e00333bff3bda1029b8ccfafd990fc0ae4d7cd50310aa9303cab6d3e380225f35b2c829435f91a5adccd38801043033e164689da6fac3e098d76b806f8e53d4f2fdc221bc88fa1a1e980d2d4ed22bdab66df10b8ab40075afb72632fc9cd446291ef6125ce7dbd5ca6cfe47a93d46ad4e5aa2489b7d1018b744212a69b3a06825f77bf1af3373f1dc6412b6775ebbe1b9776df5c6b203d763cd878c78606a26eea2d70af1ead61e527ac95f2def3673"}, {0xf8, 0x118, 0x1, "a7faff4f06a4292ba65586465d5372140436039e7997e3dc5e28e5c4465b501ee076ffcb730ff2d9cd9b8175d129c91e0faf375778131bade0f468bb6e2b458ccf1d04381ec4bc6abece7699381d0b8ed2bb9e2009d5c374a034d967fbc2d410c6da47f31ef25e9c8afb7337266b22d277942160384a4285fc252d23e3a74650527eb348bb4623bdf4d6752edfe1b440c9ddc7a195e0d30f0c62e82b9b2c4013025f9d82b8a68edf52077f2e13d248b359c945afd22f82ad6ffab754c90f8bf6ccf8c330dd199d82bfc68b42174265f22081c2911bc65fca88074095e967d3d85e604944e2a715f824e4"}, {0x64, 0x10e, 0x5, "80e5d024ebff91ea7b984d24313d4f41b685be2bfaeb0e3de5af3512b909390a42de6af1b525ecb267622698428fde843857b1e169c41eeb0d597f5f9b93b55f5219c6c9c9206b04d1b2f9307b4e9bb4c0f24caa5b4dfac6"}, {0xf4, 0x116, 0xdcf8, "c32dd64bf3874391a32629b574b7c896468bfd5109be56768426c81c472e763c99bdf0569628c2c2190ee06326b00e0ee07593615379dbe76053f046484f69434b6a0f877cae8dad326eb004e0074b0b9dc23cc5e50c0efff8ac4367f40ab4561729c2169dff863c49670e08e14ad7b35948fa77dc5f7ecdfcf363bf7d062066c14f23b019d073900f16650ec322ec44903ab00800e106ad33751f99150603af9982fbe69a3969eda0309ea904c73748e66dc046044c6cda7a95ee04e0607395691e569cf4563d23bcda7267d6e5e3645860a344c7394ebaee9a65f2ce1fd62f7621c3702606ec13"}, {0x50, 0x88, 0x4, "23232dc290a83dd228620e3cee118f92d69d79db140168293fb4de23596e2e2081485ff7be46301cbe0c91d3e0ad5b8ce64e6fe9345541f736baf615caf8b16be6"}], 0x1340}, 0x4850)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8002, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000003c0)=0x14)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x2)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x8000002b)
r6 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r6, 0xc05c6104, &(0x7f00000000c0)={"fbffffff", 0x0, 0x6, 0x4, 0x1, 0x0, "000000ff00070000000900", '\x00', "05030400", "e859ad33", ['\x00', "00000008000906000000da00", "0c000004dd372a9000"]})
pipe2$9p(&(0x7f0000001900)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r8, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r9 = dup(r4)
write$FUSE_BMAP(r9, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r9, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r9}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x8c)

6.819968443s ago: executing program 1 (id=2072):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'bridge0\x00'})
socket(0x10, 0x2, 0x0)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000180)=@broute={'broute\x00', 0x9000, 0x0, 0x90, [], 0x0, 0x0, &(0x7f00000000c0)=ANY=[]}, 0x50)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="2c00000010004b0400000000000000007a000000", @ANYRES32=r5, @ANYBLOB="0000aa00b6af00"/20], 0x2c}}, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r9}, 0x10)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)={0x30, 0x1, 0x1, 0x101, 0x0, 0x0, {0xa}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x468}]}, @CTA_TUPLE_ORIG={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}]}]}, 0x30}}, 0x0)

6.485094749s ago: executing program 1 (id=2076):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x38, r3, 0x1, 0x0, 0x0, {{}, {}, {0x1c, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'syzkaller0\x00'}}}}}, 0x38}}, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x34, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {{}, {}, {0x18, 0x17, {0xc, 0x0, @l2={'eth', 0x3a, 'syz_tun\x00'}}}}, ["", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x4000080}, 0x40010)
bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0x4}, 0x6)
bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = openat$dlm_control(0xffffff9c, &(0x7f0000000240), 0x60000, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
munmap(&(0x7f0000179000/0x1000)=nil, 0x1000)
r8 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_COPY(r8, 0xc028aa05, &(0x7f00000000c0)={&(0x7f0000179000/0x3000)=nil, &(0x7f0000889000/0x1000)=nil, 0x3000})
sendmsg$NL80211_CMD_GET_WOWLAN(r4, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, r6, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x4}, @void, @val={0xc, 0x99, {0x1, 0x2c}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x4004000)
r9 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r9, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r9, 0x40045612, &(0x7f0000000000)=0x1)
r10 = accept4(r0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r10)

6.319991225s ago: executing program 1 (id=2081):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x82602, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000002000000000000000008500000061000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x0, 0x1000, 0xce, &(0x7f0000001380)="5e676f9b835344ad672fc6bb8bdae48a50b83cfb721f6715259f074724a8f40f04dba068ca916cd5608f9e2743f55da521fba24feb90aa061805b3ee33aca8d8808e07d85f39c5a30d16ee8bb409e59033fe4ddbb1d90a812e8f6ab73aa640719a964e680acfca50ef98703a5bd335760b9760e2d17cf0bd910fdc8b1ac698f563f6f87727a097cde8f46cb1ff44a998be7c4dae50c3ef866537cdb75f9990e41e726e2ae624ee4ed3d9c8ff47abd40b6104da31e02a51b626c9801eaf9097b7ee876f2dc69748b70dc653a9f49ce1d59c0561ee118019cd10abd9c6dd7b57c4d1d82b48743f081d0f6709b12ed396c096cfc1e483fc23d798b24022016c4b57625df8cb6ac15ef157fe2db60686d8f47b5236da2f6d1afe3ee7d824265545e2ddba83a2a8ec0aa36563e17dbeeb10577bb6c0f3a5bd42ca911ba41b21b2be6ff7700d69d1302afa484f517f75d1f5c94cce6ca2a2009b898e54cc2e1c719d62f29d3be17032d627d3e4009bf1e94f6c1f6fa6b5bec0dbfb47a0ecd008421e64e02ecb793d65f6abcab70eb7a063b6268a31eacad22203b7946ec5a80a072d97a8400557439a9f1161cc9e4262b4f9085c77f7fa33e7dd5cca979d8d007662d6e86a23ce02f911d8c97a835ae71608e96664827702af7b2e32a7246a60bf95766f81b1585220b71b6f6595d0c92fc4f393cf3df219d072124e89ab5854529500af21624fa5b7c846ee5af0a161dc627bbcb56e182726a68a2795bb2d7e32953e09e7f23b20d77138c04b96a4292efa89b541eeaecaa196cc56fcda9edb71eb4f1fc8aecbab414a6a2cc8d3acc0f690a626f1c7cc4c356d68709c15469e9f6b5330bc69eff5e6ad03b8540f570901fbed1a2e99ad00d847fcc7da2b2443e5f95448c0d770472b953b8ae5c730c566e74060837db709e86b0eb07da64264493b36b5920a490397c610cd83fa79b1f0976195f51cb6304e1bcda0cb83d9e8a226939eaae002cafd37ccf43bd1f86035ed6d6e494df44bf2b6a3e8a5059d207f0b6be05fdca9179a7d63229f5924af095853f3bd2f011c42a71c523c1df5695a14e36601fa2317071f45ec1788f203295ef7058a52437af76eee0f6e799f31f99350022ce235b070deb4507b3fafc9600832446ad503bb39a582e49911732080f2cc61e08962edd2bfa5345fad09717132821fe0ad32c7ce19e31c6cead4180c4ef3041fbc328eab26c5669d521ccd7694e6a66796995d0fe5ecea917936ac4fe3d9a89ed0419a0b7bad5fa858e910533d750a09b37d2d8af627562f00e8e384d6dfb06dec4fe734e3b35e02fd1b13591288052134ac4a9f21546599b217eb4f528affd0d78ce90775efb1a16675c3380e460344609ec2a5f87f6ce10bda3b7e99cd9c39c28b5a429e815af65da601d7a5969dca29aecc1b5111d1e747642cdda00194f814729bbb5308e8f17f7fa96263705a5dfc2d0bf463eadc89a48869660046612859553d8bcf376993c860b63ae2f9b584a4e5e42b9f105c75e59f6f5fd778b3f6c32824725515e77a6adba3e474859c9fd3a3335fe50d2edfb7025b0772e2a3813052ea9015073e0d0e4cb17a880ba87238e45935354e5a22cbd14e63b59dcd98a2b771ce48a5378035a264a6d8981b964c9ae330d7d2aa3a47335afba35c3db9d45ebe78f522ef29dbc1df742bfdd0783a3984559c534f74489bbb7ead43456f102992f7a2daa975f0bb18e73d6db8987ed76431033dcaddc6aa5abc8c5706dbb5a8ca58e183643312d14123bef95119f0cc73c5504eff0139c1ef3d0d5a28a7142c46922c1e95cb61f955c43e36f7b0af45c0b789f4d46cca6721d0f6011a3b60c62b43c05825ae8204be56d46e8faf1da448f42eb7dd6e31e9dfc2a5c258922ebc7f618ec2b0b59a95a9c7b2ca35e3f8df6acb8fa752056fd436b7c7da8696c2eaaa52a4d125b7d2bb2bbafe776cf6c4aa4a587f2475b7ad404544cb8a378ba7e85537e985c999d294325795fa08a39b5ef116502d3f49f4552357733a79a5f93a6da2d60b315743b8a58d7ec23cebeb9b2dd85c128edafef3cd2d672f1c8daac9e4ab1a03f1a1901612506554aadc086d3978e48d6b22ab9c0bfcc0e50c88da19e2e0de63e522c6d6fe98319660b958e333c08038b2651cf55517026e673e69d8015779af50fd1c4c1b01c6137c5c535ecc68e791b747e24d49a84e3e07ce3d984d36a73b953ae18d9f3016f9467bda236c24c22d393089be82572470a8523a77e6e67689ae3a1532c08558428d8140fbd7d0735fa9f71ac6724ac947c34956949bbed47899d18419379927223882c4cede0e3c805ac9403b212b00609fc54b01361990e8b73e18647a283e800fdc708b14f44845fbaf3941f409cf49f0ccccc0d1462b38a7a925983997dc0fd94d482d9952b005ebe95a9fc0176f21436c3dd52c43e09a209c26af6e553910a1557104fe1af97525bc72df79c7ed32ec4d93793c821d1c0da0c51043e394dc7c5923bd4abab2889e2d5621d2a1f46f503418165c28e36f618d27fb6a8014d2e6a277ee2e9eabc9249999d8cbc8440c828c86e6566e429006a803fa34861506d686a6a2ca507471185be43c4a2c871cd4fc23a47c4ea727614c02cae14151758a991fae3d3734758ae8fc0470cee080e9a2ae878e04ef082b0bf16f8ab180c0f8728e174c24b2a9e56439a6e92d9b425d9849ef119f67622fddcdfe91f59a900fbd6a93f564d16d57e827f8261feb97133e98f0eda2b6f8fb9544e209a6d4042ce9ab378b61ee7e3e177e5b4f017163a59c38f37f3e23d5bdbda48559be8fdb180816872eac685552cedc6cf439e0709b493ec73be89fc20ff751a4370fc1f6d688ab848f8daf5d6502f5e868b61d0e817693916021c5e4e0e2e5fbaf5064305a3bd046efb83b71495f81f429d1b0315f916c5c9949a19c6ab5b0ab28301cefe88bf9c05e3bfbadb2b2440ef6f46c218fb19f8883a8b45a94de31e2d47bc3e8d62cdf5664fc865a8d7d4157e1e3b0b8b3f3712005b6e78573a734170637e15cdd3d007aef7595a6500e583a17d8ef878e350bdc4df35f48e3c6f1d9d6ff27e2bd37bcb614d3cda092b89b5056b56642e34934517a6bee80a76c1be77e7f617819543a70c1610260f0155bb72cd2ee974e827d47f560d9874fc231b5f47723a9e56a6a1601bcbf7e9ffdf9c6b15a1f2ea1640a4ca1be941f946a32579433baf04d0cd552bb842d9a72483945ae0658b2c2a2487dcbbbc557078a9a2f7f44c5f65cc9a32ce31126b0cd3a81a6131e72a89d9811fd89cf525b0e700fef4962e25186d1956a7692bec759dd9529731663093d7c0436427c57094d78c388f18bd0e87bb26fe94336315387ea000484c9eb131dee433b7f476be8e8b479abd8f5b6975b2ae1a0bfb07f0b1f0d8000df4b4364e9642357e931059c4f53088cc12ddfc60d34d8d62cc16477a4c8033c055e1cfcdee1db3804bbfb2fed94827d91a72bf0db02f77289afe17968a4718cb55e004b1bc8dbc874b0692d6ce185e568ac93e60add99c96ba809beeb89691be290b981422f597cb6681eee5b6cfc8bbc4ceb2fec0cf7ffb1732bec08bb6359767fcacd2ee5fdc2f4727d2830b62a43ec830a849b6ed9d4deb93a046f85e5ea30f0a76b9294bd226a07e7e36e72c0db64a2f98ab0b32040a9f125a529ebdc03292ad37e9bc498d1531655cdbfaa82cc39350c3992e80194c3f2dabc0c42602b3f0f9a515e0e43cf0a081a12356de6af54e8f9454fee3533f3bab9b54869a8a27d88261528c7867ae9604deac0d0b8a830fc3b2cefe3248292e5deb84f9362ff812d4f6e77adbd5b7fe11cf856d5abd8b8c847f229bd3840348a1688ac2fec63614160dee44d23fd28703455209dbb77c397bbdd881c43cb3d0a57ba3cc51c9dbe5834211b16b9e7bccbf0ed85dd62401b0a7277b9fee56e508309b1a6f7bc5341228ece79205d726ba0f4d35924a3e1d8d8f8e4216856be23f7d36d3e8b6d5716da1b580718b5cf35b7408ac7a13ada61549a8dd5fdabbfde2a8586e16839723584d19beeba00c1fe3e11b9105c427136e31a208b7017545580b1c716f9f031d291e7cedcdb66cc508949e147a772df700405f61b013a27e031b9e84db713facdc69097de61ebbf024616c8255759f20460daade7be32fd0da828a7c855f92cbf930678a8f41967ffeaef2c30121c548b5216ca20e6960092b034a3e357da30a1a3dc64e16df8b788a072fe3c26dbc55917d8bb09c5ede2aea87c5462a09d9bc307fba442ac732dfd43a6a60d4552ddca9d1f4256f4ece5a9214294b68819679e370650589437ea2a4bb2f74628744efb6c1269d17193e7214d195c77cab15940d82413acfd31ca6e8d253f4fc471d604a9c02635a1e221773f762c1330bc1d6a1bd6ddbd2f796128fd18e1f2def3f5be20b3bda7e6bab2352a2b1a7573b5b9f001b0480688320bc7d3a9e17e413cddb4dc16833cb5b044858a8db9662c91a2cf1770988bd924a52fc715285b0e92789cc751414bfea195b128ec40b3025a821cd7de75727f8f85136276e8524b213261cbcd9860a989dc5ad9a6fb6f903e5b6326a475d864b6a109acc36a10c9072e189be92b5216a0ec724256bb67e4c8584e7f2d01829040d643fc933d241b49ce97fe33eb88672e0612dcfcf63a7044d30b1a0b97ef144f6bc7c519996a6161d130e62a2f0d90d56c7540d35f26328bd5905b4bf6b7f46ebc5755a239fa324275f0fbb6ac2ff0c86fd5c64761056b61302e39cadc3cee889eec682cfc097570d827dc938fdba29dc9e531aebed9af3235174def2cde0558265229fe843f19558e91e9e5d2b15c4656039a40e86deb9852b7cf351d9cf285e5fcc614545aa107f3f76aa54695369803d0b54df7909481c8fc6e633ffc4bc0a0d4c3e2fc9cf673916536f769e589d4e506c4298ce1427cf4c4499aa973c776d965a4baeda2e170ae60681cc077138c97d2c295102123c3d4f5a932c78c3ed6a333880a7c12c1d7cdb8282d14bfb48d4e7f6ba35b931e4709629d76dcdfa1cf2df001082d0956c4d02521e42c7e8614e11cfb68fcf0449202750c4b0b9d06485e0ce83e0f8501f7e5ed691754bca4d61c64d4aa05da98ce067ceca0f859a31dc6b37c6c55a657492ccd4d7b21d029d432bf2ffde28523dd0f0f2e2deb24138dc7149829f4e64dfe2da12ab7c09d72ec79736b86754ff0739567b6fd92cfe227b5e428da90acdec29dfb78f56bbe7e13fd2472f2288417be720fcd4762750e98c000e89640d584893fe9b02c0a26b6fef5cbffde587052af6492167ffdf118959bb8b0a5a7cd1d1f30d0dacdd75f230bfc64f25d201a34833fc6d100a7999cb9bb5fe8eaf11eb49b609c46eb7dc52ed487cc1fc9be7e6d43f3a4979e9f944f3aa1b0f553f5a6b551a9d42f36d786697d290697fd77be47b228f6ca97bd9134281e8edf6679c6f773aa9d5e379e223df3baa162a3a6f44e5946641a6a99e5fd7b1919f711cf2024666504b0d8286087a92fa2af72a7c6eb2a5446d9e46b3520959cf7d9c86844e6f40df53a5d3a7cf97f0207e7f84f2672238e89ed216eb40c2e44cf16a580a8926564911d632c839852fc7b2b89dffc0e0ff0d6c655325a471dff65516ffc9df5efe54ea25d230513d77df2aea670ef07b9a18dd9dc0b0f7edd501ec9841d72c5e1414e78e9315a376f9835f9981293666fd70006f869c9e40907c27947b7c122287baa6c1796de319f8970addf7b859f7d98cfff86e7", &(0x7f0000000240)=""/206, 0x8000004f, 0x0, 0xa9, 0xf4, &(0x7f0000000340)="2a9c00842868344065da81343822a915f36fd8a99efc42e3cdc085a0582ef61390138a0ed11eccfbe024f0879c89cc6954cf26c4dcf8e12743abdeb567cb1b126f922f2a4e734bfa85bc53a5ed682dc8037b8cb7ca2fb59a31abdc7bfe8abb50762b0663f14902b19860d6b9add6e8691a4045fb41c5588bea46f67e501e5710f7a042dd138b2992187a1b80187698e2503116bccfa05e0579e7813036453adc3e52e7265b2f79dd2e", &(0x7f0000000400)="1f7b04ff147b8e813693dbeb151ba28dbdee355bcc44997a7dfcf850bca43ed30ee55a48f84b0bb81481ec53c1108a45f155036a50f672b6e8dce12d7ab5a1cbcf80943749f1cf8ca476f19f7107edb5ff0fdf6648fb0aac9dc77b99a729068bb8645791c0aa9af19dbe03edf00a824e5257537af0c14738cdaaf9a7d62ae1a0d4dc6ebce491bb23aa8ad92be3cb150f3b37ea69b03f4cebf3b07fad460c6a5d22abbec0a90d31c4798814fcefd9b1fa5a3f1202f7395213214858bb312f229ac3b0b2b21a0de998971a679191fed99cb1208186c852de67383580f9ee8deceaccaa64bc2b623a27da8ea5428a2a493ca57edc9d", 0x2, 0x0, 0x8}, 0x4c)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0xcf}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8, 0x2, 0x6}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000010}, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r3)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000040)=<r6=>0x0)
sendmsg$NFC_CMD_START_POLL(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r5, 0x0, 0x127, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}]}, 0x24}}, 0x48094)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r3, &(0x7f0000000680)={&(0x7f00000005c0), 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x24, r5, 0x104, 0x70bd2c, 0x3, {}, [@NFC_ATTR_PROTOCOLS={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x20004001}, 0x0)
sendmsg$NLBL_CALIPSO_C_REMOVE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902"], 0x0)
r7 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(r7, 0xc0286405, &(0x7f0000001d00)={0x0, 0x0, {}, {0xffffffffffffffff}})
r8 = socket(0x10, 0x3, 0x0)
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$sock_int(r9, 0x1, 0x3c, &(0x7f0000002140)=0x7, 0x4)
r10 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_LIMIT={0x8}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xbe0b}]}}]}, 0x44}}, 0x0)
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r12 = socket$kcm(0x29, 0x2, 0x0)
r13 = syz_open_procfs(0x0, 0x0)
r14 = dup(r12)
sendmsg$kcm(r14, 0x0, 0x44004)
preadv(r13, 0x0, 0x0, 0x1ee, 0x0)

4.948129198s ago: executing program 1 (id=2085):
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef42b000000e3bd6efb010511000b0002000d000000ba8000001241", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x0)
r1 = getpid()
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r1, &(0x7f00000000c0), 0x0, &(0x7f0000008640), 0x0, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)
ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000300), 0x11, 0x0, &(0x7f0000000640), 0x3, 0x0, &(0x7f00000005c0)=[{}, {}, {0x0, <r5=>0x80000000}], 0x0, 0x0, &(0x7f00000000c0)})
ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc01c7c02, &(0x7f0000000980)={r5, &(0x7f0000000300), &(0x7f0000000900)=[{}, {{0x80000000, <r6=>0x0}, {<r7=>0x80000000}}]})
ioctl$USBDEVFS_CONNECTINFO(r4, 0x80045520, 0x0)
capset(&(0x7f0000000080)={0x20080522, r1}, &(0x7f0000000040)={0xffffffff, 0x10, 0x4df8, 0x0, 0x1})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r8, 0x6, 0x19, &(0x7f0000000040)=0xb7, 0x4)
bind$inet(r8, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10)
connect$inet(r8, &(0x7f0000000480)={0x2, 0x4e24, @empty}, 0x10)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'erspan0\x00', 0x0})
sendto$inet(r8, &(0x7f0000000100)="f4188a9876a9431deeb98e3edfaafa03a11300e3aebb4102000000000034c5d2af03a5f261a35c07d07d371a4402394549d78c3f511bb4793daf4b4e28410e598769487fb27044ece0b4e738bcc7e1ce3aa7a3df2572a082809f406467bc0f0b47872a2ecc399861b90da1ffcfb35a8f5579b72e3cde817a2a78ff205c6fee57f9177bbeeb2f3d121b9c508660c2d90b0dc3f2412b62e7d99a7dfa6960b663bb8e14764efb33f9465c242b84b75a436ef9af2492b19a15bb9108656d828553e1719de91aa29cb5bf187a0162d50e234b6207725486c9e828d756ff9b6d4f5c4960469dd3a48b4e525f0cbf7158f95d603a37c272f874ee3b5c6e56", 0xfffffffffffffdb0, 0x4040004, 0x0, 0xfffffffb)
close(0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000001020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x20008000)
sendmsg$NFT_BATCH(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYRESDEC=r3, @ANYRES64, @ANYBLOB="35628afa087a06db326cb5779540b723ea493b67d4a2709aa2d13ecec35df9364ca68e6acbf5fd3d28b94af00ddcc5d6535669c3ef2ceb3c52ac2de60860f65716dee80cd8e885f1be019211b86d30a91e9229ba51a9785823cef2c10dd72bdd973cc05344acbc9c01824538d8e36a90a2836263df58156350adc7be16e684478e123a8acd222d4dad7c228079bceeb84e37984d958bc6285281e2e457bf350f98eac4f902f47e48f4f41bca432e521c4867b1fddc7642", @ANYRES32, @ANYRESDEC=r7, @ANYRESOCT=r7, @ANYRESDEC=r7, @ANYRESOCT=r9, @ANYRES32=r6, @ANYBLOB="bd89ca684f939142b55ba75b01ef07dfa270ad591e7236b54fcc5a760cffc5de412f1ccdfb6a51a16591529648aab992f92036dcaf7b3692b63f0137ff0dd6313b76366787b487901ecaf2a2e5fcf3db327a2bb0a1cda14f21e461c63e8e059c02ce1937a527481a2ccb1457", @ANYRES8], 0x94}}, 0x20000041)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)

4.211289016s ago: executing program 3 (id=2090):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r0)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x3c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_PORT={0x5}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x3}]}, 0x3c}}, 0x0)

4.112301624s ago: executing program 3 (id=2091):
r0 = open(&(0x7f0000000040)='./file0\x00', 0x60840, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000002000000b70843a356f74c0000000000007b8af8ff00000000b7080000000200007b8af0ff00000000bfa100e9ffffffff06010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000016c0)=[r0], 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, &(0x7f00000015c0)="89ef1284c86555bfe69b541fc18b8f329814f57bd00b1b3a660bb38d58430a051059c1c370b570890937")
kcmp(r1, 0x0, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000"], 0x7c}}, 0x0)
unshare(0x8020000)
fcntl$setlease(r0, 0x400, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x141003, 0x0)
r6 = fsopen(&(0x7f0000000000)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
fsmount(r6, 0x0, 0x0)

3.370132141s ago: executing program 0 (id=2095):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, r1, 0x1, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4180}, 0xc000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x1804)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000006c0)=@mpls_delroute={0x85, 0x19, 0x800, 0x70bd27, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x3, 0x0, 0x1}}, 0x30}}, 0x1)
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000100081046881f782db44b904021d080b01000000e8fe55a11800150006001400000000120800040043000000a80016000a20014006000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a", 0xd5}], 0x1}, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000200), 0x5, 0x103382)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000000c00)={r6, 0x7f, {0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0x6, 0x1, 0x8, "e7be1a9edff60f0a961a1d5f33079eb98000c1378f4832ac567602f7abe07131f47c6fe1c3aa31aaa97985a5a70ea788ebcd71d18aa07ed069b1cb79ac7c2dc9", "8085d0df4f7469a6f582b4955c0a3a7bbde6aa0aa4f18c8070568bd06b392ff4ad96169d39485545b41e4cb871267dc8e94faf71143b589ac9dd000000000002", "c8366410c80ad1bbbf9fd978d55fa79ce0707d9ec20a1464dcb3a5554d49a3cf", [0x5, 0x4]}})
close(r5)
write$binfmt_misc(r3, &(0x7f0000000000), 0xfffffecc)
r7 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1}, 0x0)
ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfffffffe, "00207d2000000000201b14700c1e0ac74f000000001200000000000900"})
r8 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io(r8, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000400)={0x0, <r9=>0x0})
ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000580)=<r10=>0x0)
r11 = fcntl$getown(r7, 0x9)
r12 = getpid()
r13 = getpgrp(r12)
tkill(r13, 0x3c)
syz_clone3(&(0x7f0000000600)={0xc0000, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000240), {0x1c}, &(0x7f0000000280)=""/59, 0x3b, &(0x7f0000000380)=""/123, &(0x7f00000005c0)=[r9, 0x0, 0x0, r10, r11, r13], 0x6, {r3}}, 0x58)
r14 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r14, 0xc0145b0e, &(0x7f0000000040))

3.239972413s ago: executing program 3 (id=2096):
r0 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000000, 0x8010, 0xffffffffffffffff, 0x8000000)
r1 = syz_io_uring_setup(0x6208, &(0x7f0000000000)={0x0, 0x4326, 0x4, 0x0, 0x97}, &(0x7f0000000080), &(0x7f00000000c0)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r0, r2, &(0x7f0000000100)=@IORING_OP_POLL_REMOVE={0x7, 0x60, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, {0x0, r3}})
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r4, 0x84, 0xc, &(0x7f0000000140)=0x3, 0x4)
r5 = openat$full(0xffffff9c, &(0x7f0000000180), 0x20a80, 0x0)
io_uring_register$IORING_UNREGISTER_PBUF_RING(r5, 0x17, &(0x7f0000001540)={&(0x7f0000002000)={[{&(0x7f00000001c0)="32c7c0dcdcb99df99e6f9febc74430f6e12495a65f6f7ddeae30768403433a35f3913aed60e78138deec2317ff64bb1e00e89b0f4b2b72209664d198f17f2f0935701314b32d0650115fa559e7fef5ecc2c7f4dd52af51cb001cb0f9bef91b0c7d75c594af5421ceda3abbec7eafc0635d7e4ec3a0128094d53cf2df1ac63006e3c213b7792764ff3f5341c05a3cc2b4e82c912ea227491f6a89504141496e49f63b910b09bf47abd5cadbe7142f9e973f8e94016a6065e803321b91905fcf875309a65cfc694cacae8c09758ac7dcb8b3ff96eed32cd2cd15160995177aa27bb45ce53be74b5efa856fe77201310ac71bdc917fc0eba4", 0xf7}, {&(0x7f00000002c0)="12f43f7a729f34c9758dc3bd7827aef65fab181681b89cfee5eaadf8cb4d8cfa20e8e9dea0882314c6e7c8f8cf8f11461d3967ec6af31388b2d555943958bda6fa9cdfc1cfc93f220771e56622710cd17bfbc2e709ce5417a15e8414bb5bd2e1758cb8360d0999dcd667db4e0ed41098eb5ab3a487b33c1156cfc2ae692a0d7ad70b2d0a38127c5745c9147851572be3123b1e6729b73b2bb4ac40043c60c8a235b8899fbf6b1f92a5fcc27576c16dda5f6b8be5d95efe3d016d6d772a0c1bd4dae6aa799dffe6ab1f0c26f757e3f8f7d97898210a302eed703ed32c6facca46bec7de65847aed8a6826c4632c6871158aeac6cede572fa205aa4ac2b9dc85c3d06e42396227bd7abd1cedaa100e4529c279f0826b3d304db54ae724c20e68a542183a2a66037119cfa6d4b8a98ed57c0729b912a5d4db5a696a54b6d542cf9d80f2eb9369ceeba173f38a85ab6068b09e23ac10aa93a1abaea6b44a5d5438cdae57b45fe0a73ef40269a3b50a9d7f6888d5fc3614bc3a1060daaa168401664a864b4234dc66a05f2856337dcd6912a88a2337a02ace774ef03749438287c73ef8c66824b73b16e1859cab36f1ff28bc808767da6ac088d08c64f5dd81f437326e0ec0acb4b398b929801d2eda888b69977af82a0d723cd88b3ad256fd3aa50bae52a0fd20498370adcb7a96e158d95c7460ee2884ef043dccaa7032ac23a3032093aa0d7ab4220b891ad9e95af86b19c53bcfa7226659d80c4d7cbc316418eb86bee33d2f19c939c24011c3dc760dff9415440df87b1a7baee72077335debbab7ef75170d2a43c2cd6a9c5f7df01f601d41de9026b6769605d614dc302a317aa5dd9d1fafde5d163871632d720b4b9878c66d36177da523deb0626e029797a05072b39cbe37d000f729d379a696478383ee38ac28f0ee52357eea6cd68a0f0c4469e4076969f07fbfd69d6bb58f58423abaad71f20c52b74009b16691c3e09d4938bd75e4049c5f3768b303b2928d228d22b34760f0c4ef89ec2e8658e8026375c584313d8aca82a29fb324ad281eb846cdbac9b45c75381ceed0b7f6a9fb0e14fe00ae93a382aa3a8e20e7f41afd036fab79836c78f12479f69204f575cc45006fb46ca6081279e43244d3a0295bf2641edfed6d5d073a77966d8170a7bccbc6737bc987e50683a2734b4cdfa57375a57dbe536f3dcc496d172d553b02b4efce607b41b7e33134b3f38025eb7553f3f49560085cdf2b12612095263bdab18db0b2f1d33a899775c9b3680bfdd8139fca0a8558719991396b4cdfa8bc7633c8766f81a17b13926246c00396cd3e3bad2ff17a8e9b0a159f257321fbc0ed5c0699ef1a8e1831015421e3bebc03112c6972456fd2311f14fd39e27f380518dd136ed05690ae0150ed45bc69fcf06b918d86ac65afffb4d8bab9ebe336ab7467167eaff17105ca3efad5c824c2b61f667b967cd86a6e1c740e0e2f6ca2db2b4c6c122f582d3704311aa497256d8c80df64bff899c1dfe3e19db4b688420e45340a45041bff36f1cdb506f22d4eda4903312cb59bffb88c23d32d12a6f87083a89309508b3807914956634600874ea61c792b9e079da811bb3d812fb0b1890461d9b1d7d28f222519ee5372e3729c49d945a3f5c0e94f5404465de92b9c69e892ca8f3f229383b45c5ea308ab5d99dbd6510955ffa858f2aa97385a9c33c0feb9e08bcd10296df8214e1089a193060b86d4cd0725320cbe54e0048351c1539bb27cdb26e22d0a01200b260c5c25ce4d9c6102a67c7e809d53866b2f2940870077d6f76ab4cf18f0339790565798c503b7a1d12c20e47e57827e04862eb68697bcafb454f1bd6f0b7bab76c2331f34694eda8ec577b91efbf4ba06d31d7d558ee35429442ad74ca965833c67db356b2cfd7bd7ffcecf5bab29eaa3d7a924f8d558182f2c632ea33a365d614ef99a126d86183f82d4f7b0f8b5c24df64bf6fd1aeb1ce9df0aaea6ba8ba070c60350dbe5f6c5f891c440ed2a609185c0f4541959159fb81ebe48ce56d7a7b9a8360a42dc5e38474d9392d04ffdc976d05ee6604dcba5b18496b78b8a265d8ab87f87a913f2ad75ecd66d09990b826ea6afdc6db7993787bedb5fbca3341e936d8f4f99663b7c87617f53c69b3a8b5805b5189b021612d08347f89112ff9a466fc6f67ec2aea7c771f94fda2d8f590bb1511786220a5090ebba39157faca362c34232c8b2012ff5242622dd8308b48ef5fa3937117dbcaae55525ba6fe9397770cf0ee9e71b6a018ff3298c24631e6f1f9d86aad3427c2ac971d39a99a6feb2c89960435e51ee940897d24b1749458ccef0d5c65fda984798b00bfce21359597263d777dc7fab1583a1e99187583f56f809119610ef3bca1490fb31bbdf6683b20ece9d1d8a4155531e76d4f12905b95fa0a68dea706889d3869b2319a561107658ac8d7cc7f643b9223fc947c8a88d3a6a098b0aeda485487bf89223875ef552184c2646fd3c2c48a72ab4c1e99108be0af8382c30cbbcaaf4020723fade9403624ef372531f67cf2ba0ea3baa38f4e2a386f538a23a75d89b6647fc7ca0e2ad4558230cf7d758b61dc7f86a5fb027b48495ce7a2fdd56d7513123fd8f2fc1ea1bc887d3727f632763d6c20ef55569a1b0560e61bd12d5b55f0c19c0bcf475c6b7638a617513a84badef2b1c18aa85e17e20f8ff0e064386c506dec6c3c007c0ed253e143a695ebf52ce07f09d1a2d77f0b9665b31a8f03f5aed93f60b95a6322e743d938bc73b98e3eca65ba6823e2dd706a4f535b96eb882c1b10b4e8a53b3fab3141403b0eb5dcb3794d9dcf2575b6d56c77999b0d54e67c8fa54e8386e908b46ee82d0e6354a896922f3b40d1ee9a632a63be6b65bea9076808c68a33a3fc94cd4966578184f3cc45205ec71aff2eac29cbf1805a4fe87b72a119935f1746a4c9ae7e618264b45a500527fea46928ab210bc447e963316d96b2c89f31eb6031efb0af6b63ed52a18cd5e88e7357702b7ca9de64302ab20f5e9c2a83bc42f972f18bd088484ce04393aa919c8a6c7de3e8594b206ff6384c36fd7c07a6ec71447d2f92f032a6aa8a28ae77b51b602f92536bcd1e44eb4e50c3df02a158bfc86d9a081c53238e369e612f6147ab544b8d848800fb590ac6c7e864d59584bd88d1a65f5e4cac2068bcdd9fa50db594389c012efac4b489b68c719a7333665ba32e4334624ae337638f94f52933f3177a22156debe9afac645ba25025a38c02db84350307d3b0a79616568a9912203dae6573744ffee4c9fea5fdef766fce7089e773f63b55bbec73e50fff2b927705b7ef557888b6b60a143d8c888b1743c5fdfb0f90ef970c73e5dcb9a55be91b229ae3b4a2cd5b36132d7323bc73d1ceb98c5f6291ebd4e132e4b0a3193fa9d1d68b68d68bbf77d5c1f354c35b649fb75eb1f014a7c6b0abc1d2a7d2ecf88e72ef25de3c101d785db7c9bcca019163d3bd1ca80f9a93b340cb28aa81a324694b63b52953a5d949ae797f083a6cfea89406da7423abd94b8003e9c979a9ef7df3ac9f8861a74fc2750880d69949cba589b4768c8d54c580b0a9b6a6fb8b7c260ae5574984064ef15ee8d64cbef5ae83a715fecdfb4e1a6f933deb2ec15cb84986597345c3986eaecf48d3a1270b734e5d5fd8efa6b3af5ea4b17d67f39bbeabe57555f65f0d8148baa268f38a4e72a27b7fba16d78276ec1b6e90b66cb7d95d05ee29285ece0c4545b57b4de5703f8f8d17b7583d2afa5ee029df729372738ed0ed55b61b54123614d9ae6751bcbc9eb1287b450744ed31dc8a2c4359fb5a0908d009d30be8efb023dd3f795aab7c2a69d321159edb8b8155b0594682b28014bb43e89951edfed3de02ca8736ac36e0ac34e6b6b5243e21969ecd02a2cbf9890501fab2dd7ecc3931b85010c6e5b1966a64f11ca804a772691f92b97500fee705a956c9f84a631a7bfefa7a860e3cc4d5c352e141a059627f9577477c204d49d7f29383560c49636a69f5c39396f24cf70f3b299521e50acf2805b130dc1928e295fbea0ea18853e86b3dfef266cf24f798a3a92ac15874702e21fdf8b38265b9f591cf84b37c16887fba4316825b555fd1726e2b6691ccecdbdbc1c87e925fbd3b7d2acc8d19df18dedfdd5219e2420f5ad4d9ac56b9de2288beae668d5f23947907d0cd800ba34bf0c7a8dbe5029ddf06db0973eb8ffc2409a9e92ea684975cf4c6d5b86c36b1a473338d0306845ece37935b2b3db2e006c2b37d90765608b737adbd3274ac03f389f3906e176bb0e7c7021f5a943f680b0460230dbf64248590432d2cc57d052a22dc5cbb1674c2a4225166549bfdb3e594997c2dba6778289afca6972afa07ebee9da1b46ac8e150a276c72f2f47d97744337f7d8304e5f996879cc0d4e46a13500e9efb0c8192ed5922793ed422390d9f02398a7e9cda0a4ed227af69b2b76d566ae0f39737398bb8c39d1d9f230f5463ae7bafcedbe1aed31735f69a056115b08d02cd4bccffaf961b13ee7bdbbe908646c36910c5c7b7654133e73d9f74709b8c48fcd92fdaa34e9fdf63347c2701ecb73450a532088c082f29c77020d5a19f478f695e3611af045cf400b2bb16eb73e5d6ff7685554c13edbebf4d73c7c9a52a153a5d050721327ca4f22fa6789e1fdd5d8bb8107490e19a0e084a4453454a7dbade79e9de07b6a5d208b856c2b583795f0f3b2b20168cbbb344537fdbb6a01bd028549b13bd0f41b1dac54c8096b8f1407dbde3ddf35b554435fb687981d764fa652f197f5aeab33fa168575d79a60973aff9e3974c44132ab3a1eeae27f8098847b73362ad5d3013d7f8dc224ce4ade70130e10f2c1f3c199967028d794a273202921bd2f0e9fcbc67eba4d4991b71cdded664af85ab7029b566dfb429de85493a3835cd606b0e6bf53fb21f92a29974fc7f4ee9c0450e1492df5af496bc2fcdb6bc0a91e9fe665a80694d1db17d61100e0badf35d1c3f29711a91c3f5cb4147f0e1c894b020ed9a05792ba650784380928970a98039134a350dc2f26965b8a9329e55ff7b6beb1df98846785cef339c61631136d2de8c6e4e3f79fb45e9007c559399e967a9e7e6e0f743769e6a2dbc567e6d424b5acc842676c9301a9a496f57d96ecb94f56abfd86563738de1fa62a9d953af0fae07dff51e6d81804602b48a14cc87b9adba77c6b155c432c1743732bf2f6bfd9a03c73ec200c810da965241da2241a192d66b48d13089d1acc994b5178805797876cd914c45b82497ba6cda507951f8b814befde7afdd432c080fb7d712301c3282add5b7e72f660d938d0c23b8ca9293d22bb3b5eeaf584537df8c929db97501346cf495da52de3e703e5bdafb5d8978301d955cd9225a3c8eba58b6b98ff9f154c4d7a4edac31ecb14069c25413e81008767ea124c4df109a095e64a6e1f7aa95b28e2a5de807a47e9cfaa774b04b3fd28d10f946556f3bc00ff2eaf8e60d5568973464cf0d1bc88f58096b859e84c7ffcea3dcef674fe7e7d527785dffad3f0362fa2cb8a8be0bacd8ec93a76b55a58000984be1231509a511ffb544d3147550fedb368d0c745ea19c9bcdc2ec7b4f5bde8c8b42a771021b040035b8159cf6e71c56a15ac25136a72ec3de86e2e02cb81835f8a9cf5e3e1b5a56bdf7c5a61bd2d850ec85d7d55cb44fb6eb39bf9d4c565aa6b1da340403e494cdfd32d4e9cebd7b82b63357f98f773a7198659e9371cd9c48997a636e400c5f14c07a70f90991f5847500f2f", 0x1000, 0x2}, {&(0x7f00000012c0), 0x0, 0x2}, {&(0x7f0000001300)="1bdbfb8ac2458f634ab55d995cb810eee50c5590680d06df5162bdb480f6578b48c98989ac1cc8a5943a7b2cd4c10b073b0f1bb8fa906faff7e00500b2f856f4921e18a0505c7980234cc76cf58dd08911a638d67c96b984d0cfb30950597e1a81e3bfdca8a39e203ce300247371c2575faa589aeac7cfc5c41f61ead2b76a21af81af9101e3737d3724555bb5d31ba7162ed6ef15d1b07b6bf71ca24e8a45ba940f8177d8680e80cad36a38a3a0560e2a57f1345a", 0xb5, 0x1}, {&(0x7f00000013c0)="3e70ee64737499113852ca779eb1e9a56267ee04ed477c039f65cb3301504c3243c51f9addf070a3f5ee88e41af0b28bce6bf8e2273391db89fed2442542f08df3d9004ce805c6da64301fbb91a8de2586dd168833ec83b11e8513488fe00b8de6ae363027b8214cae9bbf62e164de5a7105783e6243a0ca7fea080d51788af7acc67bb3b79aa6bcfc712fdfc4d0c36afb2e445aded25d01e8", 0x99, 0x1}, {&(0x7f0000001480)="f6f63f15adb274928acba068e92b5a0ae15ba0c7f14b78657b662dc3578d5ae7fac01e59390a6b51bc8e4060a14539097a4e636f6875f34cd0b45298f98eb3b6eae9c2e6aa0ec3a62d2f4512485d4af72d32c10f894f927c69f33ba72d25ab3e66a26b44f5ec016b335274af62fb4c1c2b286a57fa0106f4efafd29ae666c2705dbdb5edc90a7a775915babe1e80ad8ec8e0bcf227557825dafdd167303a4a743c89f0be6198", 0xa6, 0x1}]}, 0x6, 0x3}, 0x1)
io_uring_register$IORING_REGISTER_RING_FDS(r1, 0x14, &(0x7f0000005580)=[{0x8, 0x1, 0x0, &(0x7f0000001940)=[{&(0x7f0000001580)=""/73, 0x49}, {&(0x7f0000001600)=""/216, 0xd8}, {&(0x7f0000001700)}, {&(0x7f0000001740)=""/25, 0x19}, {&(0x7f0000003000)=""/4096, 0x1000}, {&(0x7f0000001780)=""/51, 0x33}, {&(0x7f00000017c0)=""/198, 0xc6}, {&(0x7f00000018c0)=""/76, 0x4c}], &(0x7f0000001980)=[0x53d4acbb]}, {0x8, 0x1, 0x0, &(0x7f0000001f40)=[{&(0x7f00000019c0)=""/174, 0xae}, {&(0x7f0000001a80)=""/103, 0x67}, {&(0x7f0000001b00)=""/93, 0x5d}, {&(0x7f0000001b80)=""/119, 0x77}, {&(0x7f0000001c00)=""/133, 0x85}, {&(0x7f0000001cc0)=""/247, 0xf7}, {&(0x7f0000001dc0)=""/160, 0xa0}, {&(0x7f0000001e80)=""/167, 0xa7}], &(0x7f0000001f80)=[0x7, 0x1, 0x303e, 0x6, 0x1000, 0x2, 0x0]}, {0x4, 0x1, 0x0, &(0x7f0000005100)=[{&(0x7f0000004000)=""/84, 0x54}, {&(0x7f0000004080)=""/111, 0x6f}, {&(0x7f0000001fc0)=""/62, 0x3e}, {&(0x7f0000004100)=""/4096, 0x1000}], &(0x7f0000005140)=[0xe9, 0x4]}, {0x2, 0x0, 0x0, &(0x7f0000005200)=[{&(0x7f0000005180)=""/63, 0x3f}, {&(0x7f00000051c0)=""/48, 0x30}], &(0x7f0000005240)=[0x0, 0x0, 0x5, 0x1, 0x3c57, 0x2, 0x40, 0x66]}, {0x4, 0x0, 0x0, &(0x7f0000005500)=[{&(0x7f0000005280)=""/158, 0x9e}, {&(0x7f0000005340)=""/123, 0x7b}, {&(0x7f00000053c0)=""/188, 0xbc}, {&(0x7f0000005480)=""/86, 0x56}], &(0x7f0000005540)=[0x9, 0x1000, 0x5]}], 0x5)
getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000005640)={@mcast1, <r6=>0x0}, &(0x7f0000005680)=0x14)
r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000056c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x7fff, '\x00', r6, r5, 0x3, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
ioctl$BTRFS_IOC_LOGICAL_INO(r5, 0xc0389424, &(0x7f0000005780)={0x80, 0x10, '\x00', 0x0, &(0x7f0000005740)=[0x0, 0x0]})
read$msr(0xffffffffffffffff, &(0x7f00000057c0)=""/4096, 0x1000)
getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f00000067c0)={{{@in=@local, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6=@mcast2}}}, &(0x7f00000068c0)=0xe4)
fstat(r5, &(0x7f0000006900)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
stat(&(0x7f0000006980)='./file0\x00', &(0x7f00000069c0)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
fstat(r1, &(0x7f0000006a40)={0x0, 0x0, 0x0, 0x0, <r11=>0x0, <r12=>0x0})
r13 = getpid()
r14 = getpid()
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000006ac0)={{0x2, r8, r9, r10, r12, 0x3, 0xe}, 0x0, 0x0, 0x40000000, 0xa, 0xe113, 0x914c, 0x0, 0x1ff, 0x7a, 0x5, r13, r14})
io_uring_enter(r5, 0x5e22, 0xb17f, 0x9, &(0x7f0000006b40)={[0x9, 0x3]}, 0x8)
r15 = openat$mice(0xffffff9c, &(0x7f0000006b80), 0x4000)
renameat2(0xffffffffffffffff, &(0x7f0000006bc0)='./file0\x00', r5, &(0x7f0000006c00)='./file0\x00', 0x1)
ioctl$SNDCTL_FM_4OP_ENABLE(r5, 0x4004510f, &(0x7f0000006c40)=0x1)
rt_tgsigqueueinfo(r14, 0xffffffffffffffff, 0x2d, &(0x7f0000006c80)={0x21, 0x1, 0x10001})
io_setup(0x6, &(0x7f0000006d00)=<r16=>0x0)
io_cancel(r16, &(0x7f0000006e00)={0x0, 0x0, 0x0, 0x7, 0x4, r7, &(0x7f0000006d40)="fb6ce9ca3df95776cead7ee381dcadc0e42f96aa4246bb8a86420ea520e70c31f20cb5d9734a5efc23599c29c0e002670baf261adfee2c8bd59a513788d4409490cf1cb21961410c42f330481b052912d5946325822e04b075cfa4a1189577da3a53c344bbad7d8527572372a4dcfe454e506ef62b0358df25efb209ee8b4f3247", 0x81, 0x9, 0x0, 0x0, r5}, &(0x7f0000006e40))
r17 = socket$inet6_udp(0xa, 0x2, 0x0)
r18 = openat$dma_heap(0xffffff9c, &(0x7f00000070c0), 0x440280, 0x0)
sendmsg$unix(r15, &(0x7f00000071c0)={&(0x7f0000006e80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000007080)=[{&(0x7f0000006f00)="7be61699598a1174cd91a7974501b13200c65780a921f5a4bdd853e598758c7373e8bf62184274979a62a0824a6954f57be2c0fe78f159bfa30237d18f9f2c8a7ec8f3f4b2103b6cf0034b32c134fe13dd0023633640e4134f44f0247de5809527e6e009db135a37d34d9e4bdcd533e89a2a9b7601f633025c6c8551ff45623aca1712fbc4d52f9b598c9b5060ea88818eefd3b0baa0a4dbddf79edd3421b58eb227e743a8c58f46ea16ca7893cd0e08fdf825e751bbafbb3093", 0xba}, {&(0x7f0000006fc0)="9dc9a48b87ff9144de05b1463c05d8864f933a7f0d2c66f9fb827c79ac7eec934959d684fb6048ffcc7aa46870ea2dc3796ef402023d342d8dc5ba67fec73bd11ab5d1f81b64e161758804ef647f078fcab12195e24a8d5ea8ac79c859d66eed3f41ada306b1a0f316c34b618856dd84b089e2d3e83f4c1f798532a78032fb3fa907ba033bee498474bc5ac8cc8ace19e9c1e5b3b461f7e48f1b", 0x9a}], 0x2, &(0x7f0000007100)=[@rights={{0x20, 0x1, 0x1, [r5, 0xffffffffffffffff, r15, r4, r17]}}, @rights={{0x20, 0x1, 0x1, [r1, r1, r1, r15, r5]}}, @rights={{0x28, 0x1, 0x1, [r5, r1, r7, r7, r1, r15, r1]}}, @rights={{0x30, 0x1, 0x1, [r7, r7, r1, r5, r4, r7, r18, r4, r1]}}, @cred={{0x18, 0x1, 0x2, {r13, r11, r9}}}], 0xb0, 0x48011}, 0x1)

3.012605857s ago: executing program 3 (id=2097):
socket$nl_route(0x10, 0x3, 0x0) (async)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000006, 0x31, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prlimit64(0x0, 0x8, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) (async, rerun: 32)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async, rerun: 32)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xed72c98e75313515, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
close(r3) (async, rerun: 64)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) (rerun: 64)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) (async)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) (async)
ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @broadcast}) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async, rerun: 64)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) (async, rerun: 64)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000800000000000000000", @ANYRESOCT=r4, @ANYRESDEC=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x66, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) (async, rerun: 64)
mprotect(&(0x7f0000371000/0x3000)=nil, 0x3000, 0x2) (rerun: 64)
r6 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r6, 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="000000001f0000005a007f", @ANYRES64]) (async)
syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0) (async)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

2.949596616s ago: executing program 2 (id=2099):
syz_open_dev$video4linux(&(0x7f0000000000), 0xffff, 0x400)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r2 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x5, &(0x7f0000000340)=ANY=[@ANYRES8=r1, @ANYRESOCT=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r5, @ANYBLOB="e48af8047de7f93488d50c000280060001"], 0x24}}, 0x0)
socket(0x10, 0x2, 0x0)
socket(0x11, 0x800000003, 0x0)
socket$netlink(0x10, 0x3, 0x13)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
io_uring_setup(0x30d3, &(0x7f0000000000))
syz_io_uring_setup(0x9cc, &(0x7f0000000240)={0x0, 0x0, 0x200, 0x3, 0x0, 0x0, r3}, &(0x7f0000000100), &(0x7f0000000140))
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x20000000, 0x0, 0x0, 0x1, 0xb})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[], 0x118)

2.905351104s ago: executing program 2 (id=2100):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, &(0x7f0000000000)=@framed={{}, [@printk={@lld, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000000)=r1, 0x4) (async)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000001640)={0x18, 0x2, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TUPLE_REPLY={0x4}]}, 0x18}}, 0x8000) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000000180)=[{&(0x7f0000000340)=""/52, 0x34}], 0x1, 0x0, 0x0)

2.829833556s ago: executing program 2 (id=2101):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00#\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x200001ef, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
socket$inet6(0xa, 0x2, 0x0)
lchown(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d00000085000000500000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r2, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x11}}}, 0x1e)
connect$pptp(r2, &(0x7f0000000040)={0x18, 0x2, {0x0, @multicast1}}, 0x1e)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r3, 0x40047438, &(0x7f0000000180)=""/246)
writev(r3, &(0x7f0000000680)=[{&(0x7f00000002c0)="2614", 0xf00}], 0x1)

2.829487383s ago: executing program 2 (id=2102):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="020000001400000006000001006e7a000000100000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000013007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
set_mempolicy(0x3, &(0x7f0000000000)=0x1, 0x0)
unshare(0x46060480)
shmat(0x0, &(0x7f0000233000/0x2000)=nil, 0x3000)
shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000)
r2 = shmget$private(0x0, 0x3000, 0x10, &(0x7f00000eb000/0x3000)=nil)
shmat(0x0, &(0x7f000003d000/0x1000)=nil, 0x4000)
mlockall(0x1)
socket$inet6(0xa, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$sock_buf(r3, 0x1, 0x1c, 0x0, &(0x7f0000000200))
shmat(r2, &(0x7f00003b7000/0x1000)=nil, 0x6000)
mlockall(0x7)
shmget$private(0x0, 0x2000, 0x400, &(0x7f00003dc000/0x2000)=nil)
shmctl$SHM_LOCK(0x0, 0xb)

1.830200885s ago: executing program 1 (id=2103):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000a636000000007fffffff8500000050000000850000000700000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000280)={'batadv0\x00'})
sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[], 0x54}}, 0x0)
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000077bc424348b2ef8e023fe418c7f912463342f5e6691b287931ad8186ab2a928225b21f6b505e9104373a3f8568fff7d842dba10a75f6e0fe9fdbbe35e798aa1b0c3eb14407ffaa1987ac9fa64b6e60218b7decbf6010e3dc68376a2886a8ec43e2153fef0c46c01474bca9f0096ce9f4fa5c09b14d0bf0af17767d67bdd4d8deec58f8d54bcd7aa5e2fcb2528e561b1db9ee6c96f0efcfcff25d24deb86d4c4085f1c4e61d75b91c277c0404c8a3695e468", @ANYRES16=r1, @ANYBLOB="01000000000000000000030000000800020000000000"], 0x1c}}, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
setreuid(0xee01, 0x0)
r4 = syz_open_dev$I2C(&(0x7f00000002c0), 0x1, 0x0)
ioctl$I2C_RDWR(r4, 0x707, &(0x7f0000002740)={&(0x7f0000000080)=[{0x0, 0x0, 0x2900, 0x0}], 0x1})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x400100bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r6, 0x800452d2, &(0x7f0000000100))
sched_setscheduler(0x0, 0x2, &(0x7f0000000080))
mount$bind(0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000000)={0x1, @broadcast, 0x0, 0x0, 'fo\x00', 0x36, 0x0, 0x2}, 0x2c)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r8, 0x0, 0x0, 0x20000000, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10)

1.049747174s ago: executing program 2 (id=2104):
r0 = open(&(0x7f0000000040)='./file0\x00', 0x60840, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000002000000b70843a356f74c0000000000007b8af8ff00000000b7080000000200007b8af0ff00000000bfa100e9ffffffff06010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000016c0)=[r0], 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, &(0x7f00000015c0)="89ef1284c86555bfe69b541fc18b8f329814f57bd00b1b3a660bb38d58430a051059c1c370b570890937")
kcmp(r1, 0x0, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000"], 0x7c}}, 0x0)
unshare(0x8020000)
fcntl$setlease(r0, 0x400, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x141003, 0x0)
r6 = fsopen(&(0x7f0000000000)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
fsmount(r6, 0x0, 0x0)

790.097477ms ago: executing program 3 (id=2105):
r0 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r0, &(0x7f0000000b80)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x655e, 0x4)
sendto$inet6(r0, &(0x7f0000000380)="a6b891f57f56fa7b70bf5c0263049f62a9d47b818a76956dff07000000000000f5ffffff8b2cd360", 0x28, 0x0, 0x0, 0x0)

658.347321ms ago: executing program 3 (id=2106):
r0 = fsopen(&(0x7f0000000180)='hfsplus\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
fcntl$setown(r1, 0x8, 0x0)
readv(r0, &(0x7f0000000200)=[{&(0x7f0000000080)=""/3, 0x3}], 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000400)='\xf5\xfc\xd2\xec]\x95zx8*\xa2d\x11\xb5\xb1\xa4y\x9e>\xe49{\x8a{\x81s\xea$\xdfg\xb1\x03DY!\x97\xadM\xd7\xff\x8a\xcd[>\x12e\xc3]\xba\x8ec\x00\x00\x00\x00\x00\x00\x00\xa0\xe2\xd5y\xd5\xcd\xf2\t\x00\x00\x00\x00\x00\x00\x00#\x01\xcd\xd6\xd0\xc6\xb9\xeb\x95\xd3\x9cl\x9cu#\xb4\xee\xe5\x9d\t\fV\xd4\xda\xfc`2?\x15P\xba\x14b\x1c\xcc\xd5\xb9jA$s\xb9g3\x15M\xd9\xb9 \xca[\xc7\xec\xa9;\xee\x01\xc9\xc4\x1f\xc3\xe4\xfa\xd3fU\x0e\x86\xc8\xa7\xaf\xaf\x04p\xa3\x8bb\xbf\\\xdb\x83\x00\x96sy\x14\x1eo\xcc9&\x946\xf9\xf5v\xee\xb5m$;\x01\xb8\xeau\x00\xd1S=\x920H\xc2z\xb5\xbe\x95\xef\xeb\xd1\xc8\xa1\xba\xach\xbef\xa8\x86\xc2\x18\x9cC\x15\x9c^\xcf\xe9\xbcp\xb4Ff\x00\x9d>p\"\x19\xd8}|~\xae\xdb\a59f\xb8?\xba\xf2\x8e\xa5y\\\x1a\x80=\xa72)\xf2\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)='/\x00\"\xb6\x9c\xd9\xa1\x1d\x00\x96', 0x0)
readv(r0, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000340)=""/107, 0x6b}], 0x2)
tkill(0x0, 0xb)
r2 = socket$inet6_icmp(0xa, 0x2, 0x3a)
getresuid(&(0x7f00000000c0), &(0x7f0000000280), &(0x7f0000000100))
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc0f8565c, &(0x7f0000000540)={0x9, 0x0, 0x4, {0x7, @sliced={0x1ff, [0x8, 0xb250, 0x7, 0x2, 0x200, 0x2, 0x7, 0x5, 0x3e0, 0x800, 0x7, 0xdaa8, 0x9, 0x1fc, 0xb, 0x8, 0x1, 0x7, 0x80, 0x9, 0x5, 0x4, 0x8, 0x7, 0x4, 0x9, 0x7, 0x4, 0x8, 0xc, 0x7fff, 0x7e, 0x61, 0x2, 0xe3, 0x5, 0x81, 0x5, 0xa, 0x7, 0x6, 0x1, 0x0, 0x81, 0xff, 0xa5, 0x6f9, 0x80], 0x800}}, 0x40})
setsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000140), 0xc)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r4 = dup(r3)
ioctl$SNDCTL_TMR_TIMEBASE(r4, 0xc0045401, &(0x7f0000000000)=0x278)
r5 = io_uring_setup(0x253c, &(0x7f0000000640)={0x0, 0xe613, 0x20, 0x3, 0x4})
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect(r6, &(0x7f0000000300)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x8}, 0x80)
close_range(r5, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
open(0x0, 0x26063c, 0x48)
timer_settime(0x0, 0x0, 0x0, 0x0)
ptrace$getenv(0x4201, 0x0, 0x7, 0x0)
write$UHID_INPUT(r4, &(0x7f0000002080)={0xfc, {"a2e3ad09ed0d09f9075e071887f70e06d038e7ff7fc6e5539b0d3e0a8b089b3f36356d030890e0879b0af8c6e70a9b334a959b669a240d0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
getpgid(0x0)
getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0)

319.659806ms ago: executing program 0 (id=2107):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000080), 0x200000, 0x4)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f00000024c0)={0x2020}, 0x2020)
ioctl$DRM_IOCTL_ADD_MAP(r0, 0xc0186415, &(0x7f0000000000)={&(0x7f00005d3000/0x4000)=nil, 0xffffffff, 0x1, 0x2})
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)

239.978923ms ago: executing program 0 (id=2108):
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, 0x0, 0x0, 0x0, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$user(0x0, 0x0, 0x0, 0xffffffffffffffe8, 0xfffffffffffffffd)
ioctl$TCSBRKP(r0, 0x5425, 0x40000000)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000040)={0x3, 0x51, "3c198f7f69c6347143a7c1a1085ca573fc8728e3ceff5f151513b3b0fdd80c9a1bdfe3d4bd7f6bce41ff0467676e3536754888dcbbe395e70e3144d7ace98968cf4fea7d90cd39407ee101cf1accd8be28"})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x13, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="7a0a00ff0000000071101a000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioperm(0x0, 0x4, 0x4000000001)
fstatfs(0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f00000001c0)={0x373, @time={0x4, 0x10000}, 0x0, {}, 0x5, 0x0, 0x4})

156.46895ms ago: executing program 0 (id=2109):
r0 = syz_open_dev$swradio(&(0x7f0000000100), 0x1, 0x2)
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/84, 0x9000}], 0x1) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r1 = socket$kcm(0x10, 0x3, 0x10)
readv(r1, &(0x7f0000000640)=[{&(0x7f00000003c0)=""/154, 0x9a}], 0x1) (async)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000028000bff7f000000000000000024fc60", 0x14}], 0x1}, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) (async)
bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) (async)
write$bt_hci(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="5300000002"], 0x8) (async)
r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) (async)
write$cgroup_int(r4, &(0x7f0000000540), 0xfffffdd8) (async)
writev(r4, &(0x7f0000000200)=[{&(0x7f0000000140)="a8baf2b442ba5df76908ecdedc8bd98555cf8355dc5b735ad97d6e177b7755084a0a4b60da3a77dba9455969dc231791140d56ec061407617e697422ec356d1b0fd159097f0041eb7a088cdc5a1db9ff4918ab80f376366484d15ebee5f7203d483414072bc8402d8d3f68dcc760e2ab2171ae793cce5d1b9ddf795a631a0cb14c4a7a97a07a30d984a9e570324b5d", 0x8f}], 0x1)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async)
syz_io_uring_setup(0x593, 0x0, 0x0, 0x0) (async)
io_uring_enter(0xffffffffffffffff, 0x381b, 0x0, 0x0, 0x0, 0x0) (async)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[], 0x58}}, 0x0) (async)
rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffff7feffff7ffd]}, 0x0, 0x8)
r5 = gettid()
prlimit64(0x0, 0xb, &(0x7f0000000000), 0x0) (async)
tkill(r5, 0x34) (async)
syz_io_uring_setup(0x2c0c, &(0x7f0000000400)={0x0, 0x0, 0x4002}, &(0x7f00000000c0), &(0x7f00000004c0))

155.105411ms ago: executing program 2 (id=2110):
r0 = syz_open_procfs$namespace(0x0, 0x0)
ioctl$BTRFS_IOC_RM_DEV(r0, 0x5000940b, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0xa, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r2=>0x0})
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x3dd2, 0x4)
sendmsg$can_raw(r1, &(0x7f00000004c0)={&(0x7f00000000c0)={0x1d, r2, 0x3}, 0x10, &(0x7f0000000080)={&(0x7f0000000340)=@canfd={{0x3, 0x0, 0x0, 0x1}, 0x34, 0x2, 0x0, 0x0, "105f43d0c6f7d70174db4b40c70eea22e584442b00a5b2d7ceb5fe88f94a65448aaebfd1c54012414b31cdd747e9f32ccf736aa3259a6f7acf033f906e41952d"}, 0x48}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe05000000000000000000009500000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0a00000000000000000000000780000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000020000"], 0x50)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)

89.105421ms ago: executing program 0 (id=2111):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00'}, 0x10) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = creat(0x0, 0x0)
openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async)
symlink(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='./file0\x00') (async)
lgetxattr(&(0x7f0000000d00)='./file0\x00', &(0x7f0000000d40)=@known='system.posix_acl_access\x00', 0x0, 0x0) (async)
write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x2b) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 32)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async, rerun: 64)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000020c0)=ANY=[@ANYBLOB="140004001000010000000000000000000000000a50000000060afb2818b684eccf0bc60051beffce7209040000000000002300020000000900020073797a32000000000900010073797a300000000024000480460001800a0080c483010071756f7461000000100002800c0001400000000000000000140000001100010000000000000000000000000a"], 0x78}}, 0x0) (async, rerun: 64)
read$msr(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/slabinfo\x00', 0x0, 0x0)
read$FUSE(r2, &(0x7f0000000080)={0x2020}, 0x2020)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000740)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x29c780}) (async)
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x17, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r7}, {}, {0x85, 0x0, 0x0, 0xbb}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$NFT_BATCH(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xe, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x4}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xc8}}, 0x0) (async, rerun: 32)
write$P9_RRENAME(r0, &(0x7f00000000c0)={0x7, 0x15, 0x1}, 0x7) (rerun: 32)

0s ago: executing program 0 (id=2112):
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0), 0x0)
openat$vimc1(0xffffff9c, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r3, 0x89f7, &(0x7f0000000580)={'sit0\x00', &(0x7f00000004c0)={@private=0xa010102, 0x0, 0x0, 0x70, 0x0, [{}, {@initdev}, {@initdev}, {@local}, {}, {@remote}, {@broadcast}]}})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9004}, 0x4)
syz_emit_ethernet(0xfdef, &(0x7f0000000c00)=ANY=[@ANYBLOB="bbbbbbbbbbbbaa8aaaaaaa00080045000014000000020000907800000002e000000289c649d98a7b858f589b72e842a04f615d8b043d262677a09e65c95c1af4b2482a32edcdeb5c5dfa0af47bbd401fb729c2faaebc7ab782b9c909a6c780e55d8abdc0bef5358bd15f5e9f3f46885b7ca165ca28a7d1d17db566ecd0c62b3832b46b37ccf892a731a1e8f188e750684707e9d8dda5b6dbd8562bbbb9916bf9100485fe6a2962c81c73087e4feec654e508024808c9202f28113599f431e026bf9dbe7cf612a853a58e8f14785f883554bd41c3cae0d149598ff8622a39460900801e41152b81dae6220b5ea60bb50e0dcb2a2acd5c8e24ac66"], 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x58)
bind$alg(r6, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=@newtaction={0x84, 0x30, 0x1, 0x0, 0x0, {0x7a}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x8, 0x0, 0x0, 0x0, 0x0, 0x80000001}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xce}}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0)
r8 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r8)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000001ac0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

kernel console output (not intermixed with test programs):

or proto=fd
[  334.246752][T10860] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  334.398967][T10866] netlink: 112 bytes leftover after parsing attributes in process `syz.0.1446'.
[  334.554621][T10886] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1450'.
[  334.569497][T10885] fuse: Unknown parameter 'group_�Ö'
[  334.634899][T10885] CIFS mount error: No usable UNC path provided in device string!
[  334.634899][T10885] 
[  334.637722][T10885] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  334.746634][T10899] IPVS: Unknown mcast interface: veth0_vlan
[  334.865067][T10910] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0
[  335.037231][T10919] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1462'.
[  335.157359][    T8] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  335.276817][T10925] loop0: detected capacity change from 0 to 7
[  335.279965][T10925] Dev loop0: unable to read RDB block 7
[  335.282173][T10925]  loop0: AHDI p2
[  335.283589][T10925] loop0: partition table partially beyond EOD, truncated
[  335.321568][    T8] usb 7-1: Using ep0 maxpacket: 8
[  335.330642][    T8] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  335.333953][    T8] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  335.337547][    T8] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  335.345068][    T8] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  335.362769][    T8] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  335.371401][    T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  335.839469][T10923] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1465'.
[  336.150763][T10940] create_pit_timer: 5 callbacks suppressed
[  336.150780][T10940] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  336.675059][   T25] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  336.838018][   T25] usb 6-1: New USB device found, idVendor=0403, idProduct=da73, bcdDevice=dc.8d
[  336.841592][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.847973][   T25] usb 6-1: config 0 descriptor??
[  336.860090][T10946] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1473'.
[  336.860685][   T25] usb 6-1: NDI device with a latency value of 1
[  337.065115][   T25] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected
[  337.068899][   T25] ftdi_sio ttyUSB0: unknown device type: 0xdc8d
[  337.076105][   T25] usb 6-1: USB disconnect, device number 41
[  337.081076][   T25] ftdi_sio 6-1:0.0: device disconnected
[  337.633264][T10954] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1475'.
[  337.806185][T10967] Process accounting resumed
[  337.863893][    T8] usb 7-1: usb_control_msg returned -71
[  337.867381][    T8] usbtmc 7-1:16.0: can't read capabilities
[  337.878858][    T8] usb 7-1: USB disconnect, device number 21
[  337.933487][T10973] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1482'.
[  338.158418][T10991] bond0: entered promiscuous mode
[  338.160411][T10991] bond_slave_0: entered promiscuous mode
[  338.162696][T10991] bond_slave_1: entered promiscuous mode
[  338.188632][T10991] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  338.279396][T10989] bond0: left promiscuous mode
[  338.282813][T10989] bond_slave_0: left promiscuous mode
[  338.287166][T10989] bond_slave_1: left promiscuous mode
[  338.519466][T11002] Process accounting resumed
[  338.680560][T11006] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  338.742191][   T39] audit: type=1326 audit(1728413046.721:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10975 comm="syz.2.1483" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7fc00000
[  339.057213][T11022] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1493'.
[  340.042609][T11036] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1496'.
[  340.047474][T11036] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1496'.
[  340.053802][T11036] gtp0: entered promiscuous mode
[  340.057645][T11036] gtp0: entered allmulticast mode
[  340.345844][T11044] ptrace attach of "/syz-executor exec"[6270] was attempted by "/syz-executor exec"[11044]
[  340.357044][T11044] netlink: 'syz.0.1500': attribute type 4 has an invalid length.
[  340.664972][   T30] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  340.844927][   T30] usb 5-1: Using ep0 maxpacket: 32
[  340.851333][   T30] usb 5-1: unable to get BOS descriptor or descriptor too short
[  340.858035][   T30] usb 5-1: config 2 has an invalid descriptor of length 234, skipping remainder of the config
[  340.862143][   T30] usb 5-1: config 2 has 0 interfaces, different from the descriptor's value: 1
[  340.872505][   T30] usb 5-1: string descriptor 0 read error: -22
[  340.874660][   T30] usb 5-1: New USB device found, idVendor=06e1, idProduct=a155, bcdDevice=5d.cc
[  340.878354][   T30] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.077471][T11050] could not allocate digest TFM handle blake2s-128-generic
[  341.095492][   T30] usb 5-1: USB disconnect, device number 21
[  341.675328][T11060] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1503'.
[  341.741007][T11065] tls_set_device_offload: netdev not found
[  341.939143][T11075] netlink: set zone limit has 4 unknown bytes
[  342.991434][T11103] overlayfs: failed to resolve './file1': -2
[  343.823966][T11112] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1515'.
[  344.030831][T11119] fuse: Unknown parameter 'grou’_ie'
[  344.086676][T11122] PM: Enabling pm_trace changes system date and time during resume.
[  344.086676][T11122] PM: Correct system time has to be restored manually after resume.
[  345.255012][   T57] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  345.322278][T11139] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  345.407939][   T57] usb 7-1: config index 0 descriptor too short (expected 23569, got 27)
[  345.411030][   T57] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  345.416801][   T57] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  345.420274][   T57] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  345.423145][   T57] usb 7-1: Manufacturer: syz
[  345.437504][   T57] usb 7-1: config 0 descriptor??
[  345.524072][   T57] rc_core: IR keymap rc-hauppauge not found
[  345.530648][   T57] Registered IR keymap rc-empty
[  345.545996][   T57] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[  345.556119][   T57] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input21
[  345.847940][    T8] usb 7-1: USB disconnect, device number 22
[  346.107563][T11153] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1525'.
[  346.206493][T11167] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1529'.
[  346.400797][T11173] netlink: 'syz.2.1531': attribute type 4 has an invalid length.
[  346.413350][T11173] netlink: 'syz.2.1531': attribute type 4 has an invalid length.
[  346.435342][T11173] syzkaller0: entered allmulticast mode
[  346.468857][    T8] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  346.603649][T11179] Process accounting resumed
[  346.645031][    T8] usb 5-1: Using ep0 maxpacket: 8
[  346.652422][    T8] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  346.657044][    T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  346.660969][    T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  346.665009][    T8] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  346.669684][    T8] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  346.673810][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.887176][    T8] usb 5-1: GET_CAPABILITIES returned 0
[  346.889261][    T8] usbtmc 5-1:16.0: can't read capabilities
[  346.957519][   T30] kernel write not supported for file /crypto (pid: 30 comm: kworker/1:0)
[  347.088607][   T64] usb 5-1: USB disconnect, device number 22
[  347.116779][T11184] netlink: 'syz.3.1534': attribute type 11 has an invalid length.
[  347.186413][T11189] sctp: [Deprecated]: syz.2.1536 (pid 11189) Use of int in max_burst socket option.
[  347.186413][T11189] Use struct sctp_assoc_value instead
[  347.316247][T11194] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1537'.
[  347.625092][   T64] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  347.795212][   T64] usb 6-1: Using ep0 maxpacket: 16
[  347.800435][   T64] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  347.803371][   T64] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  347.806588][   T64] usb 6-1: Product: syz
[  347.807803][   T64] usb 6-1: Manufacturer: syz
[  347.809100][   T64] usb 6-1: SerialNumber: syz
[  347.811313][   T64] usb 6-1: config 0 descriptor??
[  348.091303][T11211] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  348.141682][T11198] syzkaller0: entered promiscuous mode
[  348.144359][T11198] syzkaller0: entered allmulticast mode
[  348.944127][T11223] xt_socket: unknown flags 0x10
[  351.548349][   T30] usb 6-1: USB disconnect, device number 42
[  351.599319][T11235] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1546'.
[  352.279684][T11284] netlink: 'syz.0.1553': attribute type 1 has an invalid length.
[  352.282618][T11284] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1553'.
[  352.729856][T11306] loop7: detected capacity change from 0 to 16384
[  352.865208][T11306] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  352.880951][T11306] Buffer I/O error on dev loop7, logical block 0, async page read
[  352.884167][T11306] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  352.888203][T11306] Buffer I/O error on dev loop7, logical block 0, async page read
[  352.892000][T11306] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  352.896305][T11306] Buffer I/O error on dev loop7, logical block 0, async page read
[  352.900207][T11306] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  352.903807][T11306] Buffer I/O error on dev loop7, logical block 0, async page read
[  352.908067][T11306] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  352.911625][T11306] Buffer I/O error on dev loop7, logical block 0, async page read
[  352.915668][T11306] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  352.919252][T11306] Buffer I/O error on dev loop7, logical block 0, async page read
[  352.921582][T11313] Process accounting resumed
[  352.924461][T11306] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  352.928378][T11306] Buffer I/O error on dev loop7, logical block 0, async page read
[  352.931955][T11315] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1557'.
[  352.932181][T11306] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  352.939425][T11306] Buffer I/O error on dev loop7, logical block 0, async page read
[  352.942565][T11306] ldm_validate_partition_table(): Disk read failed.
[  352.946364][T11306] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  352.949905][T11306] Buffer I/O error on dev loop7, logical block 0, async page read
[  352.954017][T11306] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  352.958034][T11306] Buffer I/O error on dev loop7, logical block 0, async page read
[  352.967163][T11306] Dev loop7: unable to read RDB block 0
[  352.983169][T11306]  loop7: unable to read partition table
[  352.986391][T11306] loop_reread_partitions: partition scan of loop7 (K‹>¤i)ßí/480�• #Ð	…$qÝZ”©þ•I‘ŠçýÎ[†u±@3bÏàôüÏûj!5MMñ]
z) failed (rc=-5)
[  352.995166][T11318] 9pnet_fd: Insufficient options for proto=fd
[  353.246793][T11336] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1564'.
[  354.017605][T11346] fuse: Bad value for 'fd'
[  354.051475][T11348] Process accounting resumed
[  354.152786][T11350] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1568'.
[  354.255109][   T57] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  354.360160][T11365] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  354.404940][   T57] usb 7-1: Using ep0 maxpacket: 32
[  354.409873][   T57] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[  354.413202][   T57] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  354.418665][   T57] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  354.422830][   T57] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  354.429389][   T57] usb 7-1: config 0 interface 0 has no altsetting 0
[  354.434798][   T57] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  354.438663][   T57] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  354.444222][   T57] usb 7-1: Product: syz
[  354.446306][   T57] usb 7-1: Manufacturer: syz
[  354.448131][   T57] usb 7-1: SerialNumber: syz
[  354.451358][   T57] usb 7-1: config 0 descriptor??
[  354.455677][   T57] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  354.464048][   T57] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  355.171811][T11373] : entered promiscuous mode
[  355.316906][T11376] tmpfs: Cannot change global quota limit on remount
[  355.600171][T11384] input: syz0 as /devices/virtual/input/input22
[  356.079126][T11386] Process accounting resumed
[  356.175318][T11391] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1578'.
[  356.321673][T11400] block device autoloading is deprecated and will be removed.
[  356.381063][T11398] md0: using deprecated bitmap file support
[  356.383909][T11398] md0: error: bitmap file must be a regular file
[  356.549341][   T39] audit: type=1800 audit(1728413064.521:200): pid=11407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1583" name="/" dev="fuse" ino=1 res=0 errno=0
[  357.004368][T11413] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1585'.
[  357.059598][T11413] netfs: Couldn't get user pages (rc=-14)
[  358.178343][T11428] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1588'.
[  358.269459][T11430] Process accounting resumed
[  358.394199][T11434] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1591'.
[  358.399769][T11434] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1591'.
[  359.227896][T11444] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  359.561745][ T5347] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260
[  359.584932][  T980] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  359.689187][T11344] ldusb 7-1:0.0: Couldn't submit HID_REQ_SET_REPORT -110
[  359.704553][T11460] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1597'.
[  359.718352][ T6367] usb 7-1: USB disconnect, device number 23
[  359.724405][ T6367] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  359.746636][  T980] usb 6-1: Using ep0 maxpacket: 8
[  359.756291][  T980] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  359.760654][  T980] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  359.764059][  T980] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  359.774787][  T980] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  359.776665][T11464] Process accounting resumed
[  359.778532][  T980] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  359.786129][  T980] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  359.790013][  T980] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.801825][  T980] usbtmc 6-1:16.0: probe with driver usbtmc failed with error -22
[  360.090391][   T39] audit: type=1326 audit(1728413068.071:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  360.111667][   T39] audit: type=1326 audit(1728413068.081:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=290 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  360.120017][   T39] audit: type=1326 audit(1728413068.081:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  360.142688][   T39] audit: type=1326 audit(1728413068.081:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  360.375223][   T39] audit: type=1326 audit(1728413068.081:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  360.397971][   T39] audit: type=1326 audit(1728413068.081:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=187 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  360.415769][   T39] audit: type=1326 audit(1728413068.081:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  360.423323][   T39] audit: type=1326 audit(1728413068.081:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=97 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  360.431002][   T39] audit: type=1326 audit(1728413068.091:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.1599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  360.956657][T11492] overlay: filesystem on ./bus not supported as upperdir
[  361.666915][T11505] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1607'.
[  361.740444][   T39] kauditd_printk_skb: 25 callbacks suppressed
[  361.740461][   T39] audit: type=1326 audit(1728413069.721:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  361.752068][   T39] audit: type=1326 audit(1728413069.721:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  361.762047][   T39] audit: type=1326 audit(1728413069.721:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=197 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  361.773633][   T39] audit: type=1326 audit(1728413069.721:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  361.783267][   T39] audit: type=1326 audit(1728413069.721:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  361.791391][   T39] audit: type=1326 audit(1728413069.721:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  361.800944][   T39] audit: type=1326 audit(1728413069.721:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  361.813932][   T39] audit: type=1326 audit(1728413069.721:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11506 comm="syz.3.1608" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  361.835605][T11509] Process accounting resumed
[  362.580285][   T30] usb 6-1: USB disconnect, device number 43
[  362.707727][T11542] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1618'.
[  362.714683][T11542] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1618'.
[  362.718961][T11542] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1618'.
[  362.727534][T11542] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1618'.
[  362.953379][T11544] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  364.095166][T11556] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  364.101761][T11556] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  364.145614][   T39] audit: type=1800 audit(1728413072.131:243): pid=11556 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1622" name="blkio.bfq.io_serviced" dev="overlay" ino=9223372036890698635 res=0 errno=0
[  364.479309][T11567] Trying to write to read-only block-device nullb0
[  365.136741][   T39] audit: type=1326 audit(1728413073.121:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11593 comm="syz.3.1631" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x0
[  365.609723][T11603] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1634'.
[  365.939304][T11610] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1635'.
[  365.985706][  T980] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  366.007871][T11616] xt_cgroup: xt_cgroup: no path or classid specified
[  366.165102][  T980] usb 6-1: Using ep0 maxpacket: 32
[  366.169112][  T980] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  366.174691][  T980] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  366.178740][  T980] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  366.181830][  T980] usb 6-1: Product: syz
[  366.183370][  T980] usb 6-1: Manufacturer: syz
[  366.185135][  T980] usb 6-1: SerialNumber: syz
[  366.188766][  T980] usb 6-1: config 0 descriptor??
[  366.191212][T11609] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  366.673454][T11643] Bluetooth: (null): Non-link packet received in non-active state
[  366.749090][   T39] audit: type=1804 audit(1728413074.731:245): pid=11646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1645" name="/newroot/399/file0" dev="fuse" ino=1 res=1 errno=0
[  366.780439][T11264] Bluetooth: (null): Invalid header checksum
[  366.783680][T11264] Bluetooth: (null): Invalid header checksum
[  366.888626][ T1098] Bluetooth: (null): Invalid header checksum
[  366.997137][T11264] Bluetooth: (null): Invalid header checksum
[  367.115615][T11266] Bluetooth: (null): Invalid header checksum
[  367.216868][ T6367] usb 6-1: USB disconnect, device number 44
[  367.236530][T11266] Bluetooth: (null): Invalid header checksum
[  367.358175][T11254] Bluetooth: (null): Invalid header checksum
[  367.465644][T11254] Bluetooth: (null): Invalid header checksum
[  367.578016][T11254] Bluetooth: (null): Invalid header checksum
[  367.685873][T11264] Bluetooth: (null): Invalid header checksum
[  367.805825][T11266] Bluetooth: (null): Invalid header checksum
[  367.925371][T11264] Bluetooth: (null): Invalid header checksum
[  367.992204][T11656] (unnamed net_device) (uninitialized): option arp_validate: invalid value (524288)
[  368.045680][T11264] Bluetooth: (null): Invalid header checksum
[  368.167941][T11264] Bluetooth: (null): Invalid header checksum
[  368.187706][T11660] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1649'.
[  368.191421][T11660] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1649'.
[  368.242136][T11660] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  368.249749][T11660] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  368.285442][T11264] Bluetooth: (null): Invalid header checksum
[  368.396609][T11254] Bluetooth: (null): Invalid header checksum
[  368.474990][    T8] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  368.604602][ T1098] Bluetooth: (null): Invalid header checksum
[  368.617274][ T1098] Bluetooth: (null): Invalid header checksum
[  368.624922][    T8] usb 5-1: Using ep0 maxpacket: 8
[  368.629959][    T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  368.634090][    T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  368.637832][    T8] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  368.641539][    T8] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  368.645490][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.655848][    T8] hub 5-1:1.0: bad descriptor, ignoring hub
[  368.658194][    T8] hub 5-1:1.0: probe with driver hub failed with error -5
[  368.661421][    T8] cdc_wdm 5-1:1.0: skipping garbage
[  368.663391][    T8] cdc_wdm 5-1:1.0: skipping garbage
[  368.665617][    T8] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  368.725216][ T1098] Bluetooth: (null): Invalid header checksum
[  368.835641][T11254] Bluetooth: (null): Invalid header checksum
[  368.945380][ T1098] Bluetooth: (null): Invalid header checksum
[  369.070432][T11254] Bluetooth: (null): Invalid header checksum
[  369.087929][    T8] usb 5-1: USB disconnect, device number 23
[  369.185377][T11266] Bluetooth: (null): Invalid header checksum
[  369.303699][T11266] Bluetooth: (null): Invalid header checksum
[  369.406047][ T1098] Bluetooth: (null): Invalid header checksum
[  369.425058][    T8] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  369.515722][T11264] Bluetooth: (null): Invalid header checksum
[  369.574950][    T8] usb 5-1: Using ep0 maxpacket: 8
[  369.592586][    T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  369.598124][    T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  369.601621][    T8] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  369.607076][    T8] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  369.611003][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.625792][ T1098] Bluetooth: (null): Invalid header checksum
[  369.627812][    T8] hub 5-1:1.0: bad descriptor, ignoring hub
[  369.630332][    T8] hub 5-1:1.0: probe with driver hub failed with error -5
[  369.633201][    T8] cdc_wdm 5-1:1.0: skipping garbage
[  369.642682][    T8] cdc_wdm 5-1:1.0: skipping garbage
[  369.646470][    T8] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  369.735853][ T1098] Bluetooth: (null): Invalid header checksum
[  369.938728][   T30] usb 5-1: USB disconnect, device number 24
[  370.230380][T11710] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  371.184998][   T57] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  371.346459][   T57] usb 5-1: Using ep0 maxpacket: 8
[  371.351467][   T57] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  371.356072][   T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  371.365118][   T57] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  371.368584][   T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  371.372185][   T57] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  371.390575][   T57] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  371.393533][   T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.405732][T11730] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1671'.
[  371.410286][T11730] batadv_slave_1: entered promiscuous mode
[  371.411264][   T57] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22
[  371.419212][T11730] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1671'.
[  371.773225][T11753] Cannot find add_set index 65534 as target
[  371.964457][   T39] audit: type=1326 audit(1728413079.941:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.0.1668" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[  371.975089][   T39] audit: type=1326 audit(1728413079.951:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.0.1668" exe="/syz-executor" sig=0 arch=40000003 syscall=39 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[  372.003329][   T39] audit: type=1326 audit(1728413079.951:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.0.1668" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[  372.019434][   T39] audit: type=1326 audit(1728413079.961:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.0.1668" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[  372.028291][   T39] audit: type=1326 audit(1728413079.961:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.0.1668" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[  372.035983][   T39] audit: type=1326 audit(1728413079.961:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.0.1668" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[  372.043361][   T39] audit: type=1326 audit(1728413079.971:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.0.1668" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[  372.053713][   T39] audit: type=1326 audit(1728413079.981:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.0.1668" exe="/syz-executor" sig=0 arch=40000003 syscall=30 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[  372.061646][   T39] audit: type=1326 audit(1728413079.981:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.0.1668" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[  372.068970][   T39] audit: type=1326 audit(1728413079.981:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.0.1668" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa7579 code=0x7ffc0000
[  373.101949][T11768] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  373.909496][   T30] usb 5-1: USB disconnect, device number 25
[  374.146197][T11778] netlink: 'syz.2.1683': attribute type 1 has an invalid length.
[  374.149670][T11778] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1683'.
[  375.200244][T11787] netlink: 'syz.1.1685': attribute type 1 has an invalid length.
[  375.203170][T11787] netlink: 154788 bytes leftover after parsing attributes in process `syz.1.1685'.
[  375.225448][T11797] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1689'.
[  375.465085][  T980] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  375.580600][T11813] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  375.614901][  T980] usb 7-1: Using ep0 maxpacket: 8
[  375.620471][  T980] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  375.624084][  T980] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  375.627526][  T980] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  375.630895][  T980] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  375.633863][  T980] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  375.639351][  T980] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  375.642486][  T980] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.654573][  T980] usbtmc 7-1:16.0: probe with driver usbtmc failed with error -22
[  377.415015][    T8] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  377.443621][T11845] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  377.451143][T11845] smc: net device wg0 applied user defined pnetid SYZ0
[  377.585114][    T8] usb 5-1: Using ep0 maxpacket: 8
[  377.591140][    T8] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  377.594663][    T8] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  377.600000][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.707363][ T1375] ieee802154 phy0 wpan0: encryption failed: -22
[  377.923378][T11853] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1704'.
[  378.235130][   T25] usb 7-1: USB disconnect, device number 24
[  378.276551][T11862] netlink: 'syz.2.1707': attribute type 39 has an invalid length.
[  378.870063][T11864] netlink: 'syz.0.1699': attribute type 8 has an invalid length.
[  378.873401][T11864] netlink: 161700 bytes leftover after parsing attributes in process `syz.0.1699'.
[  379.459932][T11883] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1712'.
[  379.463494][T11883] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1712'.
[  379.524040][   T25] kernel write not supported for file /1449/net/rt6_stats (pid: 25 comm: kworker/2:0)
[  379.580193][T11887] netlink: 116 bytes leftover after parsing attributes in process `syz.1.1714'.
[  379.634201][T11889] mkiss: ax0: crc mode is auto.
[  379.895190][   T25] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  380.055036][   T25] usb 6-1: Using ep0 maxpacket: 8
[  380.058633][   T25] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  380.063963][   T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  380.068498][   T25] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  380.073280][   T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  380.077185][   T25] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  380.081696][   T25] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  380.084939][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.091983][   T25] usbtmc 6-1:16.0: probe with driver usbtmc failed with error -22
[  380.296372][T11889] binder: 11888:11889 ioctl 40046205 0 returned -22
[  380.953499][  T980] usb 5-1: USB disconnect, device number 26
[  381.038101][T11897] syz.3.1718: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  381.045018][T11897] CPU: 3 UID: 0 PID: 11897 Comm: syz.3.1718 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  381.048944][T11897] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  381.052692][T11897] Call Trace:
[  381.053616][T11897]  <TASK>
[  381.054447][T11897]  dump_stack_lvl+0x16c/0x1f0
[  381.055848][T11897]  warn_alloc+0x24d/0x3a0
[  381.057119][T11897]  ? __pfx_warn_alloc+0x10/0x10
[  381.058816][T11897]  ? __pfx_stack_trace_save+0x10/0x10
[  381.060683][T11897]  ? kasan_save_stack+0x42/0x60
[  381.062651][T11897]  ? kasan_save_stack+0x33/0x60
[  381.064644][T11897]  ? kasan_save_track+0x14/0x30
[  381.066587][T11897]  ? __kasan_kmalloc+0xaa/0xb0
[  381.068599][T11897]  ? xskq_create+0x52/0x1d0
[  381.070427][T11897]  ? do_sock_setsockopt+0x222/0x480
[  381.072479][T11897]  ? __sys_setsockopt+0x1a4/0x270
[  381.074414][T11897]  ? __ia32_sys_setsockopt+0xbc/0x160
[  381.076498][T11897]  __vmalloc_node_range_noprof+0x11a7/0x15a0
[  381.078816][T11897]  ? xskq_create+0xfb/0x1d0
[  381.080692][T11897]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  381.083139][T11897]  ? xskq_create+0xfb/0x1d0
[  381.084697][T11897]  vmalloc_user_noprof+0x6b/0x90
[  381.086530][T11897]  ? xskq_create+0xfb/0x1d0
[  381.088194][T11897]  xskq_create+0xfb/0x1d0
[  381.089746][T11897]  xsk_setsockopt+0x869/0xac0
[  381.091455][T11897]  ? __pfx_xsk_setsockopt+0x10/0x10
[  381.093487][T11897]  ? __pfx_xsk_setsockopt+0x10/0x10
[  381.095602][T11897]  do_sock_setsockopt+0x222/0x480
[  381.097497][T11897]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  381.099490][T11897]  ? fdget+0x176/0x210
[  381.100999][T11897]  __sys_setsockopt+0x1a4/0x270
[  381.102797][T11897]  ? __pfx___sys_setsockopt+0x10/0x10
[  381.104719][T11897]  ? rcu_is_watching+0x12/0xc0
[  381.106387][T11897]  __ia32_sys_setsockopt+0xbc/0x160
[  381.108666][T11897]  ? lockdep_hardirqs_on+0x7c/0x110
[  381.110734][T11897]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  381.113381][T11897]  __do_fast_syscall_32+0x73/0x120
[  381.115310][T11897]  do_fast_syscall_32+0x32/0x80
[  381.117115][T11897]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  381.119485][T11897] RIP: 0023:0xf7f06579
[  381.121000][T11897] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  381.127908][T11897] RSP: 002b:00000000f568656c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  381.131124][T11897] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000000000011b
[  381.134088][T11897] RDX: 0000000000000005 RSI: 0000000020000840 RDI: 0000000000000004
[  381.136826][T11897] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  381.139767][T11897] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  381.142861][T11897] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  381.145726][T11897]  </TASK>
[  381.155886][T11897] Mem-Info:
[  381.158469][T11897] active_anon:4189 inactive_anon:7347 isolated_anon:0
[  381.158469][T11897]  active_file:11690 inactive_file:27985 isolated_file:0
[  381.158469][T11897]  unevictable:779 dirty:234 writeback:0
[  381.158469][T11897]  slab_reclaimable:4833 slab_unreclaimable:54737
[  381.158469][T11897]  mapped:17532 shmem:8786 pagetables:749
[  381.158469][T11897]  sec_pagetables:322 bounce:0
[  381.158469][T11897]  kernel_misc_reclaimable:0
[  381.158469][T11897]  free:80870 free_pcp:3811 free_cma:0
[  381.187597][T11897] Node 0 active_anon:0kB inactive_anon:88kB active_file:0kB inactive_file:20kB unevictable:1548kB isolated(anon):0kB isolated(file):0kB mapped:3328kB dirty:12kB writeback:0kB shmem:2068kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9412kB pagetables:1620kB sec_pagetables:1224kB all_unreclaimable? no
[  381.200773][T11897] Node 1 active_anon:16656kB inactive_anon:29300kB active_file:46760kB inactive_file:111920kB unevictable:1568kB isolated(anon):0kB isolated(file):0kB mapped:66800kB dirty:924kB writeback:0kB shmem:33076kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3212kB pagetables:1276kB sec_pagetables:64kB all_unreclaimable? no
[  381.213685][T11897] Node 0 DMA free:904kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:136kB local_pcp:12kB free_cma:0kB
[  381.224707][T11897] lowmem_reserve[]: 0 273 0 0 0
[  381.226884][T11897] Node 0 DMA32 free:21440kB boost:0kB min:13904kB low:17380kB high:20856kB reserved_highatomic:4096KB active_anon:0kB inactive_anon:88kB active_file:0kB inactive_file:20kB unevictable:1548kB writepending:12kB present:1032196kB managed:306280kB mlocked:12kB bounce:0kB free_pcp:560kB local_pcp:32kB free_cma:0kB
[  381.238216][T11897] lowmem_reserve[]: 0 0 0 0 0
[  381.239893][T11897] Node 1 DMA32 free:303172kB boost:10240kB min:57384kB low:69168kB high:80952kB reserved_highatomic:0KB active_anon:16656kB inactive_anon:29300kB active_file:46760kB inactive_file:111920kB unevictable:1568kB writepending:924kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:12860kB local_pcp:776kB free_cma:0kB
[  381.254433][T11897] lowmem_reserve[]: 0 0 0 0 0
[  381.256418][T11897] Node 0 DMA: 4*4kB (U) 3*8kB (U) 1*16kB (U) 27*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 920kB
[  381.261371][T11897] Node 0 DMA32: 184*4kB (UMEH) 157*8kB (UMEH) 36*16kB (UMEH) 105*32kB (UMEH) 57*64kB (UMEH) 17*128kB (UMEH) 9*256kB (UMH) 9*512kB (UMH) 3*1024kB (UM) 0*2048kB 0*4096kB = 21736kB
[  381.268091][T11897] Node 1 DMA32: 196*4kB (UME) 83*8kB (UME) 54*16kB (UME) 123*32kB (UME) 57*64kB (UME) 87*128kB (UME) 109*256kB (UM) 64*512kB (UM) 77*1024kB (UM) 27*2048kB (UM) 24*4096kB (UM) = 314152kB
[  381.280761][T11897] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  381.284619][T11897] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  381.288541][T11897] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  381.292448][T11897] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  381.296282][T11897] 49424 total pagecache pages
[  381.298100][T11897] 969 pages in swap cache
[  381.299680][T11897] Free swap  = 108192kB
[  381.301231][T11897] Total swap = 124996kB
[  381.302758][T11897] 524155 pages RAM
[  381.304097][T11897] 0 pages HighMem/MovableOnly
[  381.305688][T11897] 206682 pages reserved
[  381.307093][T11897] 0 pages cma reserved
[  381.384283][T11909] syz.0.1719[11909] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  381.384376][T11909] syz.0.1719[11909] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  381.400126][T11909] syz.0.1719[11909] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  382.651200][   T57] usb 6-1: USB disconnect, device number 45
[  382.987463][T11931] No control pipe specified
[  384.724237][T11958] netlink: 'syz.2.1732': attribute type 4 has an invalid length.
[  384.740239][T11958] netlink: 'syz.2.1732': attribute type 4 has an invalid length.
[  385.229330][ T1992] usb 6-1: new low-speed USB device number 46 using dummy_hcd
[  385.395251][ T1992] usb 6-1: device descriptor read/64, error -71
[  385.655392][ T1992] usb 6-1: new low-speed USB device number 47 using dummy_hcd
[  385.795261][ T1992] usb 6-1: device descriptor read/64, error -71
[  385.868673][T11972] xt_policy: neither incoming nor outgoing policy selected
[  385.905534][ T1992] usb usb6-port1: attempt power cycle
[  385.922235][T11974] netlink: 4104 bytes leftover after parsing attributes in process `syz.2.1737'.
[  385.925850][T11974] openvswitch: netlink: ct_state flags 00020000 unsupported
[  386.175044][   T57] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  386.245268][ T1992] usb 6-1: new low-speed USB device number 48 using dummy_hcd
[  386.266802][ T1992] usb 6-1: device descriptor read/8, error -71
[  386.324927][   T57] usb 7-1: Using ep0 maxpacket: 8
[  386.336957][   T57] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  386.341023][   T57] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  386.354945][   T57] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  386.358536][   T57] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  386.362210][   T57] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  386.374933][   T57] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  386.378346][   T57] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.398533][   T57] usbtmc 7-1:16.0: probe with driver usbtmc failed with error -22
[  386.505283][ T1992] usb 6-1: new low-speed USB device number 49 using dummy_hcd
[  386.527195][ T1992] usb 6-1: device descriptor read/8, error -71
[  386.636838][ T1992] usb usb6-port1: unable to enumerate USB device
[  387.008742][T11979] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  387.011263][T11979] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  387.039709][T11979] vhci_hcd vhci_hcd.0: Device attached
[  387.092801][T11980] vhci_hcd: connection closed
[  387.094520][   T12] vhci_hcd: stop threads
[  387.099134][   T12] vhci_hcd: release socket
[  387.100678][   T12] vhci_hcd: disconnect device
[  387.132616][T11987] FAULT_INJECTION: forcing a failure.
[  387.132616][T11987] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  387.150214][T11987] CPU: 1 UID: 0 PID: 11987 Comm: syz.0.1740 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  387.154354][T11987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  387.158408][T11987] Call Trace:
[  387.160063][T11987]  <TASK>
[  387.161321][T11987]  dump_stack_lvl+0x16c/0x1f0
[  387.163096][T11987]  should_fail_ex+0x497/0x5b0
[  387.164856][T11987]  _copy_from_user+0x30/0xf0
[  387.166516][T11987]  get_compat_msghdr+0xa8/0x170
[  387.168233][T11987]  ? __pfx_get_compat_msghdr+0x10/0x10
[  387.170190][T11987]  ? __pfx___lock_acquire+0x10/0x10
[  387.172048][T11987]  ___sys_sendmsg+0x1b0/0x1e0
[  387.173786][T11987]  ? __pfx____sys_sendmsg+0x10/0x10
[  387.175736][T11987]  ? lock_acquire+0x2f/0xb0
[  387.177353][T11987]  ? __fget_files+0x40/0x3f0
[  387.178967][T11987]  ? fdget+0x176/0x210
[  387.180406][T11987]  __sys_sendmsg+0x117/0x1f0
[  387.182113][T11987]  ? __pfx___sys_sendmsg+0x10/0x10
[  387.184052][T11987]  ? __fget_files+0x244/0x3f0
[  387.185814][T11987]  __do_fast_syscall_32+0x73/0x120
[  387.187706][T11987]  do_fast_syscall_32+0x32/0x80
[  387.189507][T11987]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  387.191834][T11987] RIP: 0023:0xf7fa7579
[  387.193340][T11987] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  387.200446][T11987] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  387.203464][T11987] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000440
[  387.206306][T11987] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  387.209205][T11987] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  387.212160][T11987] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  387.215074][T11987] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  387.217941][T11987]  </TASK>
[  387.639002][ T5361] Bluetooth: hci4: sending frame failed (-49)
[  387.642915][ T5347] Bluetooth: hci4: Opcode 0x1003 failed: -49
[  387.734941][ T1992] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  387.896662][ T1992] usb 5-1: config 0 has no interfaces?
[  387.909369][ T1992] usb 5-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  387.915243][ T1992] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.918300][ T1992] usb 5-1: Product: syz
[  387.921290][ T1992] usb 5-1: Manufacturer: syz
[  387.924974][ T1992] usb 5-1: SerialNumber: syz
[  387.936726][ T1992] r8152-cfgselector 5-1: Unknown version 0x0000
[  387.944119][ T1992] r8152-cfgselector 5-1: config 0 descriptor??
[  388.160592][T11994] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  388.164195][  T980] r8152-cfgselector 5-1: USB disconnect, device number 27
[  388.691968][T12010] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1747'.
[  388.781660][T12014] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1748'.
[  388.794578][T12014] vxcan3: entered promiscuous mode
[  388.929807][   T57] usb 7-1: USB disconnect, device number 25
[  389.109612][T12014] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1748'.
[  389.207880][T12024] FAULT_INJECTION: forcing a failure.
[  389.207880][T12024] name failslab, interval 1, probability 0, space 0, times 0
[  389.223471][T12024] CPU: 3 UID: 0 PID: 12024 Comm: syz.0.1750 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  389.226895][T12024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  389.230314][T12024] Call Trace:
[  389.231422][T12024]  <TASK>
[  389.232374][T12024]  dump_stack_lvl+0x16c/0x1f0
[  389.233830][T12024]  should_fail_ex+0x497/0x5b0
[  389.235384][T12024]  ? fs_reclaim_acquire+0xae/0x160
[  389.237059][T12024]  should_failslab+0xc2/0x120
[  389.238551][T12024]  kmem_cache_alloc_node_noprof+0x71/0x310
[  389.240349][T12024]  ? __alloc_skb+0x2b3/0x380
[  389.241774][T12024]  __alloc_skb+0x2b3/0x380
[  389.243163][T12024]  ? __pfx___alloc_skb+0x10/0x10
[  389.244633][T12024]  ? lock_acquire+0x2f/0xb0
[  389.246070][T12024]  netlink_alloc_large_skb+0x69/0x130
[  389.247795][T12024]  netlink_sendmsg+0x689/0xd70
[  389.249337][T12024]  ? __pfx_netlink_sendmsg+0x10/0x10
[  389.251029][T12024]  ? lock_acquire+0x2f/0xb0
[  389.252518][T12024]  ____sys_sendmsg+0x9ae/0xb40
[  389.254091][T12024]  ? __pfx_____sys_sendmsg+0x10/0x10
[  389.255797][T12024]  ? get_compat_msghdr+0x11b/0x170
[  389.257459][T12024]  ? __pfx___lock_acquire+0x10/0x10
[  389.259133][T12024]  ___sys_sendmsg+0x135/0x1e0
[  389.260607][T12024]  ? __pfx____sys_sendmsg+0x10/0x10
[  389.262062][T12024]  ? lock_acquire+0x2f/0xb0
[  389.263318][T12024]  ? __fget_files+0x40/0x3f0
[  389.264586][T12024]  ? fdget+0x176/0x210
[  389.265938][T12024]  __sys_sendmsg+0x117/0x1f0
[  389.267498][T12024]  ? __pfx___sys_sendmsg+0x10/0x10
[  389.269212][T12024]  ? __fget_files+0x244/0x3f0
[  389.270799][T12024]  __do_fast_syscall_32+0x73/0x120
[  389.272485][T12024]  do_fast_syscall_32+0x32/0x80
[  389.274089][T12024]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  389.276085][T12024] RIP: 0023:0xf7fa7579
[  389.277399][T12024] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  389.283488][T12024] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  389.286239][T12024] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000440
[  389.288901][T12024] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  389.291576][T12024] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  389.294000][T12024] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  389.296568][T12024] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  389.299124][T12024]  </TASK>
[  390.108325][T12035] input: syz1 as /devices/virtual/input/input23
[  390.154924][ T5347] Bluetooth: hci3: command 0x0405 tx timeout
[  391.136812][T12050] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  391.788544][T12058] fuse: Unknown parameter '0xffffffffffffffff18446744073709551615Wê�Æep½”Ž>0Uðù9¶†'
[  391.816583][T12058] Process accounting resumed
[  393.056197][T12069] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1762'.
[  394.586204][T12087] ALSA: seq fatal error: cannot create timer (-19)
[  394.637966][T12087] ALSA: seq fatal error: cannot create timer (-19)
[  395.865770][T12102] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1769'.
[  397.454987][   T57] usb 6-1: new full-speed USB device number 50 using dummy_hcd
[  397.616521][   T57] usb 6-1: config 1 has an invalid descriptor of length 110, skipping remainder of the config
[  397.620342][   T57] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  397.623709][   T57] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64
[  397.628095][   T57] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  397.631450][   T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.636582][T12109] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  397.640129][   T57] hub 6-1:1.0: bad descriptor, ignoring hub
[  397.642161][   T57] hub 6-1:1.0: probe with driver hub failed with error -5
[  397.645092][   T57] cdc_wdm 6-1:1.0: skipping garbage
[  397.647052][   T57] cdc_wdm 6-1:1.0: skipping garbage
[  397.649682][   T57] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  397.651855][   T57] cdc_wdm 6-1:1.0: Unknown control protocol
[  397.950577][T12123] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1775'.
[  398.299804][T12108] cdc_wdm 6-1:1.0: Error autopm - -16
[  398.299984][  T980] usb 6-1: USB disconnect, device number 50
[  398.454907][  T980] usb 6-1: new low-speed USB device number 51 using dummy_hcd
[  398.627819][  T980] usb 6-1: config 1 has an invalid descriptor of length 110, skipping remainder of the config
[  398.631733][  T980] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  398.635054][  T980] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8
[  398.639041][  T980] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  398.642418][  T980] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.647361][T12109] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  398.651773][  T980] hub 6-1:1.0: bad descriptor, ignoring hub
[  398.663186][  T980] hub 6-1:1.0: probe with driver hub failed with error -5
[  398.666532][  T980] cdc_wdm 6-1:1.0: skipping garbage
[  398.668453][  T980] cdc_wdm 6-1:1.0: skipping garbage
[  398.676919][  T980] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  398.679088][  T980] cdc_wdm 6-1:1.0: Unknown control protocol
[  398.967899][T12131] FAULT_INJECTION: forcing a failure.
[  398.967899][T12131] name failslab, interval 1, probability 0, space 0, times 0
[  398.972306][T12131] CPU: 3 UID: 0 PID: 12131 Comm: syz.2.1778 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  398.976133][T12131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  398.979901][T12131] Call Trace:
[  398.981114][T12131]  <TASK>
[  398.982168][T12131]  dump_stack_lvl+0x16c/0x1f0
[  398.983892][T12131]  should_fail_ex+0x497/0x5b0
[  398.985602][T12131]  should_failslab+0xc2/0x120
[  398.987390][T12131]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  398.989384][T12131]  ? skb_clone+0x190/0x3f0
[  398.991007][T12131]  skb_clone+0x190/0x3f0
[  398.992528][T12131]  netlink_deliver_tap+0xb26/0xcf0
[  398.994341][T12131]  netlink_unicast+0x5e1/0x7f0
[  398.996105][T12131]  ? __pfx_netlink_unicast+0x10/0x10
[  398.998093][T12131]  ? __phys_addr_symbol+0x30/0x80
[  398.998881][   T64] usb 6-1: USB disconnect, device number 51
[  398.999894][T12131]  ? __check_object_size+0x488/0x710
[  398.999931][T12131]  netlink_sendmsg+0x8b8/0xd70
[  398.999956][T12131]  ? __pfx_netlink_sendmsg+0x10/0x10
[  399.007744][T12131]  ? lock_acquire+0x2f/0xb0
[  399.009369][T12131]  ____sys_sendmsg+0x9ae/0xb40
[  399.011052][T12131]  ? __pfx_____sys_sendmsg+0x10/0x10
[  399.012918][T12131]  ? get_compat_msghdr+0x11b/0x170
[  399.014769][T12131]  ? __pfx___lock_acquire+0x10/0x10
[  399.016694][T12131]  ___sys_sendmsg+0x135/0x1e0
[  399.018370][T12131]  ? __pfx____sys_sendmsg+0x10/0x10
[  399.020215][T12131]  ? lock_acquire+0x2f/0xb0
[  399.021841][T12131]  ? __fget_files+0x40/0x3f0
[  399.023453][T12131]  ? fdget+0x176/0x210
[  399.024873][T12131]  __sys_sendmsg+0x117/0x1f0
[  399.026533][T12131]  ? __pfx___sys_sendmsg+0x10/0x10
[  399.028322][T12131]  ? __fget_files+0x244/0x3f0
[  399.029994][T12131]  __do_fast_syscall_32+0x73/0x120
[  399.031797][T12131]  do_fast_syscall_32+0x32/0x80
[  399.033505][T12131]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  399.035707][T12131] RIP: 0023:0xf73fe579
[  399.037035][T12131] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  399.042418][T12131] RSP: 002b:00000000f56e656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  399.044602][T12131] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000440
[  399.046650][T12131] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  399.048688][T12131] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  399.050944][T12131] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  399.052984][T12131] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  399.055147][T12131]  </TASK>
[  399.845042][   T57] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  400.034939][   T57] usb 5-1: Using ep0 maxpacket: 8
[  400.038460][   T57] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  400.042565][   T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  400.052643][   T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  400.063526][   T57] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  400.078779][   T57] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  400.093241][   T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.234975][ T5361] Bluetooth: hci3: command 0x0405 tx timeout
[  400.335258][T11266] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  400.339462][T11266] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  400.370910][ T5361] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  400.377187][ T5361] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  400.381064][ T5361] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  400.388447][ T5361] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  400.391692][ T5361] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  400.394548][ T5361] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  400.451863][T11266] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  400.456277][T11266] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  400.552139][T11266] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  400.556221][T11266] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  400.645763][T12148] chnl_net:caif_netlink_parms(): no params data found
[  400.735866][T11266] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  400.739428][T11266] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  400.791235][T12148] bridge0: port 1(bridge_slave_0) entered blocking state
[  400.793975][T12148] bridge0: port 1(bridge_slave_0) entered disabled state
[  400.797325][T12148] bridge_slave_0: entered allmulticast mode
[  400.800376][T12148] bridge_slave_0: entered promiscuous mode
[  400.805612][T12148] bridge0: port 2(bridge_slave_1) entered blocking state
[  400.808466][T12148] bridge0: port 2(bridge_slave_1) entered disabled state
[  400.811423][T12148] bridge_slave_1: entered allmulticast mode
[  400.816565][T12148] bridge_slave_1: entered promiscuous mode
[  400.864161][T12148] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  400.871812][T12148] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  400.918980][T12148] team0: Port device team_slave_0 added
[  400.931062][T12148] team0: Port device team_slave_1 added
[  400.987574][T12148] batman_adv: batadv0: Adding interface: batadv_slave_0
[  400.989983][T12148] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  401.001535][T12148] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  401.015968][T12148] batman_adv: batadv0: Adding interface: batadv_slave_1
[  401.018489][T12148] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  401.029634][T12148] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  401.076520][T11266] bridge_slave_1: left allmulticast mode
[  401.078277][T11266] bridge_slave_1: left promiscuous mode
[  401.080265][T11266] bridge0: port 2(bridge_slave_1) entered disabled state
[  401.089149][T11266] bridge_slave_0: left allmulticast mode
[  401.091367][T11266] bridge_slave_0: left promiscuous mode
[  401.093612][T11266] bridge0: port 1(bridge_slave_0) entered disabled state
[  401.811884][T11266] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  401.816705][T11266] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  401.821930][T11266] bond0 (unregistering): Released all slaves
[  401.911561][T12148] hsr_slave_0: entered promiscuous mode
[  401.914242][T12148] hsr_slave_1: entered promiscuous mode
[  401.917542][T12148] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  401.919529][T12148] Cannot create hsr debugfs directory
[  401.921010][T11266] Êü: left promiscuous mode
[  402.128464][T12172] FAULT_INJECTION: forcing a failure.
[  402.128464][T12172] name failslab, interval 1, probability 0, space 0, times 0
[  402.132884][T12172] CPU: 2 UID: 0 PID: 12172 Comm: syz.1.1787 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  402.136670][T12172] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  402.140506][T12172] Call Trace:
[  402.141786][T12172]  <TASK>
[  402.142870][T12172]  dump_stack_lvl+0x16c/0x1f0
[  402.144604][T12172]  should_fail_ex+0x497/0x5b0
[  402.146287][T12172]  ? fs_reclaim_acquire+0xae/0x160
[  402.148137][T12172]  should_failslab+0xc2/0x120
[  402.149836][T12172]  __kmalloc_node_noprof+0xd1/0x440
[  402.151714][T12172]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  402.153747][T12172]  __kvmalloc_node_noprof+0xad/0x1a0
[  402.155721][T12172]  xfrm_user_rcv_msg_compat+0x371/0x12e0
[  402.157741][T12172]  ? __pfx_xfrm_user_rcv_msg_compat+0x10/0x10
[  402.159972][T12172]  ? ___sys_sendmsg+0x135/0x1e0
[  402.161840][T12172]  ? __do_fast_syscall_32+0x73/0x120
[  402.163811][T12172]  ? __pfx_xfrm_user_rcv_msg_compat+0x10/0x10
[  402.166013][T12172]  xfrm_user_rcv_msg+0x30f/0xb30
[  402.167778][T12172]  ? kfree_skbmem+0x1a4/0x1f0
[  402.169420][T12172]  ? find_held_lock+0x2d/0x110
[  402.171130][T12172]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  402.173102][T12172]  ? hlock_class+0x4e/0x130
[  402.174792][T12172]  ? __lock_acquire+0x163e/0x3ce0
[  402.176681][T12172]  ? __mutex_trylock_common+0xea/0x250
[  402.178639][T12172]  netlink_rcv_skb+0x165/0x410
[  402.180404][T12172]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  402.182436][T12172]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  402.184493][T12172]  ? __mutex_lock+0x1a6/0x9c0
[  402.186468][T12172]  ? netlink_deliver_tap+0x1ae/0xcf0
[  402.188447][T12172]  xfrm_netlink_rcv+0x71/0x90
[  402.190227][T12172]  netlink_unicast+0x53c/0x7f0
[  402.191964][T12172]  ? __pfx_netlink_unicast+0x10/0x10
[  402.193854][T12172]  ? __phys_addr_symbol+0x30/0x80
[  402.195708][T12172]  ? __check_object_size+0x488/0x710
[  402.197577][T12172]  netlink_sendmsg+0x8b8/0xd70
[  402.199330][T12172]  ? __pfx_netlink_sendmsg+0x10/0x10
[  402.201257][T12172]  ? lock_acquire+0x2f/0xb0
[  402.202957][T12172]  ____sys_sendmsg+0x9ae/0xb40
[  402.204640][T12172]  ? __pfx_____sys_sendmsg+0x10/0x10
[  402.206576][T12172]  ? get_compat_msghdr+0x11b/0x170
[  402.208418][T12172]  ? __pfx___lock_acquire+0x10/0x10
[  402.210248][T12172]  ___sys_sendmsg+0x135/0x1e0
[  402.211969][T12172]  ? __pfx____sys_sendmsg+0x10/0x10
[  402.213853][T12172]  ? lock_acquire+0x2f/0xb0
[  402.215596][T12172]  ? __fget_files+0x40/0x3f0
[  402.217297][T12172]  ? fdget+0x176/0x210
[  402.218792][T12172]  __sys_sendmsg+0x117/0x1f0
[  402.220511][T12172]  ? __pfx___sys_sendmsg+0x10/0x10
[  402.222421][T12172]  ? __fget_files+0x244/0x3f0
[  402.224238][T12172]  __do_fast_syscall_32+0x73/0x120
[  402.226183][T12172]  do_fast_syscall_32+0x32/0x80
[  402.227913][T12172]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  402.230106][T12172] RIP: 0023:0xf740e579
[  402.231618][T12172] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  402.238362][T12172] RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  402.241367][T12172] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000440
[  402.244288][T12172] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  402.247218][T12172] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  402.250017][T12172] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  402.252829][T12172] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  402.255704][T12172]  </TASK>
[  402.439374][T12185] fuse: Bad value for 'user_id'
[  402.441377][T12185] fuse: Bad value for 'user_id'
[  402.486192][ T5361] Bluetooth: hci0: command tx timeout
[  402.561948][   T57] usb 5-1: usb_control_msg returned -71
[  402.563992][   T57] usbtmc 5-1:16.0: can't read capabilities
[  402.592966][   T57] usb 5-1: USB disconnect, device number 28
[  402.657524][T11266] hsr_slave_0: left promiscuous mode
[  402.659607][T11266] hsr_slave_1: left promiscuous mode
[  402.678366][T11266] veth1_macvtap: left promiscuous mode
[  402.680375][T11266] veth0_macvtap: left promiscuous mode
[  403.022974][   T57] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  403.184921][   T57] usb 5-1: Using ep0 maxpacket: 8
[  403.188341][   T57] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  403.195814][   T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  403.210427][   T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  403.214025][   T57] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  403.223186][   T57] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  403.228343][   T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.454454][   T57] usb 5-1: GET_CAPABILITIES returned 0
[  403.456549][   T57] usbtmc 5-1:16.0: can't read capabilities
[  403.829936][T11266] team0 (unregistering): Port device team_slave_1 removed
[  404.003441][T11266] team0 (unregistering): Port device team_slave_0 removed
[  404.558688][ T5361] Bluetooth: hci0: command tx timeout
[  405.321473][T12207] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  405.567902][T12148] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  405.590947][T12148] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  405.599904][T12148] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  405.609277][T12148] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  405.688101][ T5353] usb 5-1: USB disconnect, device number 29
[  405.754764][T12148] 8021q: adding VLAN 0 to HW filter on device bond0
[  405.767937][T12234] FAULT_INJECTION: forcing a failure.
[  405.767937][T12234] name failslab, interval 1, probability 0, space 0, times 0
[  405.770933][T12234] CPU: 1 UID: 0 PID: 12234 Comm: syz.0.1797 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  405.773452][T12234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  405.776482][T12234] Call Trace:
[  405.777680][T12234]  <TASK>
[  405.778468][T12234]  dump_stack_lvl+0x16c/0x1f0
[  405.779722][T12234]  should_fail_ex+0x497/0x5b0
[  405.781022][T12234]  ? fs_reclaim_acquire+0xae/0x160
[  405.782429][T12234]  should_failslab+0xc2/0x120
[  405.782965][T12148] 8021q: adding VLAN 0 to HW filter on device team0
[  405.783664][T12234]  kmem_cache_alloc_node_noprof+0x71/0x310
[  405.787389][T12234]  ? __alloc_skb+0x2b3/0x380
[  405.788671][T12234]  __alloc_skb+0x2b3/0x380
[  405.789939][T12234]  ? __pfx___alloc_skb+0x10/0x10
[  405.790106][ T1098] bridge0: port 1(bridge_slave_0) entered blocking state
[  405.791262][T12234]  netlink_ack+0x164/0xb20
[  405.793601][ T1098] bridge0: port 1(bridge_slave_0) entered forwarding state
[  405.794885][T12234]  netlink_rcv_skb+0x327/0x410
[  405.794910][T12234]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  405.794935][T12234]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  405.794952][T12234]  ? __mutex_lock+0x1a6/0x9c0
[  405.802554][T12234]  ? netlink_deliver_tap+0x1ae/0xcf0
[  405.803960][T12234]  xfrm_netlink_rcv+0x71/0x90
[  405.805217][T12234]  netlink_unicast+0x53c/0x7f0
[  405.805882][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state
[  405.806463][T12234]  ? __pfx_netlink_unicast+0x10/0x10
[  405.808800][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state
[  405.810107][T12234]  ? __phys_addr_symbol+0x30/0x80
[  405.810126][T12234]  ? __check_object_size+0x488/0x710
[  405.810143][T12234]  netlink_sendmsg+0x8b8/0xd70
[  405.810158][T12234]  ? __pfx_netlink_sendmsg+0x10/0x10
[  405.810171][T12234]  ? lock_acquire+0x2f/0xb0
[  405.818060][T12234]  ____sys_sendmsg+0x9ae/0xb40
[  405.819291][T12234]  ? __pfx_____sys_sendmsg+0x10/0x10
[  405.820633][T12234]  ? get_compat_msghdr+0x11b/0x170
[  405.822050][T12234]  ? __pfx___lock_acquire+0x10/0x10
[  405.823511][T12234]  ___sys_sendmsg+0x135/0x1e0
[  405.824902][T12234]  ? __pfx____sys_sendmsg+0x10/0x10
[  405.826262][T12234]  ? lock_acquire+0x2f/0xb0
[  405.827370][T12234]  ? __fget_files+0x40/0x3f0
[  405.828438][T12234]  ? fdget+0x176/0x210
[  405.829505][T12234]  __sys_sendmsg+0x117/0x1f0
[  405.830601][T12234]  ? __pfx___sys_sendmsg+0x10/0x10
[  405.831774][T12234]  ? __fget_files+0x244/0x3f0
[  405.832928][T12234]  __do_fast_syscall_32+0x73/0x120
[  405.834091][T12234]  do_fast_syscall_32+0x32/0x80
[  405.835295][T12234]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  405.836810][T12234] RIP: 0023:0xf7fa7579
[  405.837754][T12234] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  405.843337][T12234] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  405.845966][T12234] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000440
[  405.848568][T12234] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  405.851120][T12234] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  405.853627][T12234] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  405.856141][T12234] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  405.858673][T12234]  </TASK>
[  405.869048][T12148] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  405.872484][T12148] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  405.993694][T12148] 8021q: adding VLAN 0 to HW filter on device batadv0
[  406.017770][T12148] veth0_vlan: entered promiscuous mode
[  406.022523][T12148] veth1_vlan: entered promiscuous mode
[  406.041887][T12148] veth0_macvtap: entered promiscuous mode
[  406.047591][T12148] veth1_macvtap: entered promiscuous mode
[  406.057820][T12148] batman_adv: batadv0: Interface activated: batadv_slave_0
[  406.064285][T12148] batman_adv: batadv0: Interface activated: batadv_slave_1
[  406.072860][T12148] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  406.076255][T12148] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  406.078876][T12148] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  406.081608][T12148] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  406.127106][T11254] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  406.129828][T11254] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  406.141958][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  406.144710][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  406.245001][   T30] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[  406.254985][ T5410] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  406.357718][T12259] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  406.394933][   T30] usb 6-1: Using ep0 maxpacket: 8
[  406.404649][   T30] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  406.409425][ T5410] usb 5-1: Using ep0 maxpacket: 8
[  406.412145][   T30] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  406.416233][   T30] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  406.420557][ T5410] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  406.424466][ T5410] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  406.428261][   T30] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  406.431883][   T30] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  406.436716][ T5410] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  406.440156][ T5410] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  406.444610][   T30] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  406.448212][ T5410] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  406.451506][ T5410] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.454483][   T30] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.487201][   T30] usbtmc 6-1:16.0: probe with driver usbtmc failed with error -22
[  406.635786][ T5361] Bluetooth: hci0: command tx timeout
[  407.123673][T12260] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[  407.681634][T12263] 9pnet_fd: Insufficient options for proto=fd
[  407.805163][T12263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1800'.
[  407.809934][T12263] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1800'.
[  407.813525][T12263] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1800'.
[  408.715006][ T5361] Bluetooth: hci0: command tx timeout
[  408.979006][ T5410] usb 5-1: usb_control_msg returned -71
[  408.981034][ T5410] usbtmc 5-1:16.0: can't read capabilities
[  408.990818][ T5410] usb 5-1: USB disconnect, device number 30
[  408.999275][ T1427] usb 6-1: USB disconnect, device number 52
[  409.415426][ T5410] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  409.574977][ T5410] usb 5-1: Using ep0 maxpacket: 8
[  409.582574][ T5410] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  409.587912][ T5410] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  409.593430][ T5410] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  409.597515][ T5410] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  409.602343][ T5410] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  409.606072][ T5410] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  409.669049][T12302] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1810'.
[  409.838853][ T5410] usb 5-1: GET_CAPABILITIES returned 0
[  409.842193][ T5410] usbtmc 5-1:16.0: can't read capabilities
[  410.075257][ T5391] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  410.225004][ T5391] usb 7-1: Using ep0 maxpacket: 8
[  410.229893][ T5391] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  410.234123][ T5391] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  410.239245][ T5391] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  410.243414][ T5391] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  410.248310][ T5391] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  410.252137][ T5391] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.591551][T12311] netlink: 'syz.3.1813': attribute type 10 has an invalid length.
[  410.597025][T12311] syz_tun: entered promiscuous mode
[  410.611380][T12311] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  410.663430][   T39] kauditd_printk_skb: 9 callbacks suppressed
[  410.663443][   T39] audit: type=1326 audit(1728413118.641:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12314 comm="syz.3.1814" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x0
[  410.877975][T12317] tmpfs: Unknown parameter 'eid'
[  412.046732][ T5353] usb 5-1: USB disconnect, device number 31
[  412.091453][T12326] FAULT_INJECTION: forcing a failure.
[  412.091453][T12326] name failslab, interval 1, probability 0, space 0, times 0
[  412.100515][T12326] CPU: 2 UID: 0 PID: 12326 Comm: syz.0.1816 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  412.103952][T12326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  412.107563][T12326] Call Trace:
[  412.108768][T12326]  <TASK>
[  412.109858][T12326]  dump_stack_lvl+0x16c/0x1f0
[  412.111558][T12326]  should_fail_ex+0x497/0x5b0
[  412.113252][T12326]  should_failslab+0xc2/0x120
[  412.114937][T12326]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  412.116858][T12326]  ? skb_clone+0x190/0x3f0
[  412.118548][T12326]  skb_clone+0x190/0x3f0
[  412.120188][T12326]  netlink_deliver_tap+0xb26/0xcf0
[  412.122078][T12326]  netlink_unicast+0x6b4/0x7f0
[  412.123832][T12326]  ? __pfx_netlink_unicast+0x10/0x10
[  412.125737][T12326]  netlink_ack+0x6a5/0xb20
[  412.127384][T12326]  netlink_rcv_skb+0x327/0x410
[  412.128875][T12326]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  412.130443][T12326]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  412.132282][T12326]  ? __mutex_lock+0x1a6/0x9c0
[  412.133989][T12326]  ? netlink_deliver_tap+0x1ae/0xcf0
[  412.135880][T12326]  xfrm_netlink_rcv+0x71/0x90
[  412.137479][T12326]  netlink_unicast+0x53c/0x7f0
[  412.139121][T12326]  ? __pfx_netlink_unicast+0x10/0x10
[  412.140909][T12326]  ? __phys_addr_symbol+0x30/0x80
[  412.142642][T12326]  ? __check_object_size+0x488/0x710
[  412.144447][T12326]  netlink_sendmsg+0x8b8/0xd70
[  412.146171][T12326]  ? __pfx_netlink_sendmsg+0x10/0x10
[  412.147900][T12326]  ? lock_acquire+0x2f/0xb0
[  412.149267][T12326]  ____sys_sendmsg+0x9ae/0xb40
[  412.150852][T12326]  ? __pfx_____sys_sendmsg+0x10/0x10
[  412.152399][T12326]  ? get_compat_msghdr+0x11b/0x170
[  412.153870][T12326]  ? __pfx___lock_acquire+0x10/0x10
[  412.155713][T12326]  ___sys_sendmsg+0x135/0x1e0
[  412.157414][T12326]  ? __pfx____sys_sendmsg+0x10/0x10
[  412.158900][T12326]  ? lock_acquire+0x2f/0xb0
[  412.160282][T12326]  ? __fget_files+0x40/0x3f0
[  412.161981][T12326]  ? fdget+0x176/0x210
[  412.163445][T12326]  __sys_sendmsg+0x117/0x1f0
[  412.165159][T12326]  ? __pfx___sys_sendmsg+0x10/0x10
[  412.167045][T12326]  ? __fget_files+0x244/0x3f0
[  412.168772][T12326]  __do_fast_syscall_32+0x73/0x120
[  412.170620][T12326]  do_fast_syscall_32+0x32/0x80
[  412.172413][T12326]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  412.174824][T12326] RIP: 0023:0xf7fa7579
[  412.176492][T12326] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  412.183587][T12326] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  412.186333][T12326] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000440
[  412.189070][T12326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  412.191751][T12326] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  412.194060][T12326] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  412.196808][T12326] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  412.198965][T12326]  </TASK>
[  412.815125][ T5391] usb 7-1: usb_control_msg returned -71
[  412.839162][ T5391] usbtmc 7-1:16.0: can't read capabilities
[  412.857502][ T5391] usb 7-1: USB disconnect, device number 26
[  413.180762][ T9892] bond0: (slave syz_tun): Releasing backup interface
[  413.298817][T12356] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  413.473141][ T5347] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  413.478953][ T5347] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  413.482792][ T5347] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  413.488346][ T5347] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  413.496226][ T5347] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  413.499273][ T5347] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  413.643369][T12358] chnl_net:caif_netlink_parms(): no params data found
[  413.803851][T12358] bridge0: port 1(bridge_slave_0) entered blocking state
[  413.807577][T12358] bridge0: port 1(bridge_slave_0) entered disabled state
[  413.811096][T12358] bridge_slave_0: entered allmulticast mode
[  413.816035][T12358] bridge_slave_0: entered promiscuous mode
[  413.824761][T12358] bridge0: port 2(bridge_slave_1) entered blocking state
[  413.827955][T12358] bridge0: port 2(bridge_slave_1) entered disabled state
[  413.831408][T12358] bridge_slave_1: entered allmulticast mode
[  413.836407][T12358] bridge_slave_1: entered promiscuous mode
[  413.902148][T12358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  413.909946][T12358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  413.973002][T12358] team0: Port device team_slave_0 added
[  413.978450][T12358] team0: Port device team_slave_1 added
[  414.035608][T12358] batman_adv: batadv0: Adding interface: batadv_slave_0
[  414.038306][T12358] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  414.048912][T12358] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  414.065037][T12358] batman_adv: batadv0: Adding interface: batadv_slave_1
[  414.067629][T12358] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  414.080126][T12358] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  414.140173][T12358] hsr_slave_0: entered promiscuous mode
[  414.143615][T12358] hsr_slave_1: entered promiscuous mode
[  414.147301][T12358] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  414.150126][T12358] Cannot create hsr debugfs directory
[  414.361196][T12358] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.447636][T12358] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.552505][T12358] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.651338][T12358] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.861411][T12358] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  414.870731][T12358] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  414.881117][T12358] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  414.896767][T12358] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  414.962335][T12358] 8021q: adding VLAN 0 to HW filter on device bond0
[  414.979036][T12358] 8021q: adding VLAN 0 to HW filter on device team0
[  414.988203][ T1098] bridge0: port 1(bridge_slave_0) entered blocking state
[  414.990925][ T1098] bridge0: port 1(bridge_slave_0) entered forwarding state
[  415.008152][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state
[  415.010948][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state
[  415.021787][T12376] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1831'.
[  415.115750][T12378] ieee802154 phy0 wpan0: encryption failed: -22
[  415.229214][T12358] 8021q: adding VLAN 0 to HW filter on device batadv0
[  415.276198][T12358] veth0_vlan: entered promiscuous mode
[  415.286356][T12358] veth1_vlan: entered promiscuous mode
[  415.313611][T12358] veth0_macvtap: entered promiscuous mode
[  415.320971][T12358] veth1_macvtap: entered promiscuous mode
[  415.332558][T12358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  415.335961][T12358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  415.340013][T12358] batman_adv: batadv0: Interface activated: batadv_slave_0
[  415.346303][T12358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  415.358011][T12358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  415.361784][T12358] batman_adv: batadv0: Interface activated: batadv_slave_1
[  415.368889][T12358] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  415.371005][T12358] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  415.373032][T12358] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  415.376392][T12358] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  415.435103][T11266] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.437905][T11266] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.455249][T11289] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.457993][T11289] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.585048][ T5391] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[  415.595042][ T5347] Bluetooth: hci3: command tx timeout
[  415.595994][   T35] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  415.735225][ T5391] usb 6-1: Using ep0 maxpacket: 8
[  415.741113][ T5391] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  415.745701][ T5391] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  415.751815][ T5391] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  415.756704][ T5391] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  415.762041][ T5391] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  415.766698][ T5391] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.775211][   T35] usb 5-1: Using ep0 maxpacket: 8
[  415.779071][   T35] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  415.783173][   T35] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  415.786808][   T35] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  415.789870][   T35] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  415.793340][   T35] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  415.796631][   T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.515052][   T35] usb 5-1: GET_CAPABILITIES returned 0
[  416.517150][   T35] usbtmc 5-1:16.0: can't read capabilities
[  416.583260][T12408] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1839'.
[  416.586950][T12408] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  416.589846][T12408] batman_adv: batadv0: Removing interface: batadv_slave_0
[  416.595993][T12408] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  416.599454][T12408] batman_adv: batadv0: Removing interface: batadv_slave_1
[  416.651268][T12411] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  417.674952][ T5347] Bluetooth: hci3: command tx timeout
[  418.264964][ T5587] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  418.291137][ T5391] usb 6-1: usb_control_msg returned -71
[  418.293327][ T5391] usbtmc 6-1:16.0: can't read capabilities
[  418.299877][ T1427] usb 5-1: USB disconnect, device number 32
[  418.332354][ T5391] usb 6-1: USB disconnect, device number 53
[  418.415292][ T5587] usb 7-1: Using ep0 maxpacket: 8
[  418.435754][ T5587] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  418.438663][ T5587] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  418.442326][ T5587] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  418.446028][ T5587] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  418.449306][ T5587] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  418.454075][ T5587] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  418.457277][ T5587] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.468096][ T5587] usbtmc 7-1:16.0: probe with driver usbtmc failed with error -22
[  418.775226][T12437] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  418.821488][ T5391] kernel write not supported for file /uhid (pid: 5391 comm: kworker/2:3)
[  419.310398][T12456] netlink: 312 bytes leftover after parsing attributes in process `syz.1.1853'.
[  419.314434][T12456] netlink: 312 bytes leftover after parsing attributes in process `syz.1.1853'.
[  419.645032][    T8] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[  419.754971][ T5347] Bluetooth: hci3: command tx timeout
[  419.805075][    T8] usb 6-1: Using ep0 maxpacket: 8
[  419.811380][    T8] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  419.815157][    T8] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  419.819127][    T8] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 38176, setting to 1024
[  419.822303][    T8] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  419.826606][    T8] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  419.831383][    T8] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  419.834953][    T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.045562][    T8] usb 6-1: GET_CAPABILITIES returned 0
[  420.047082][    T8] usbtmc 6-1:16.0: can't read capabilities
[  420.186312][T12465] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1857'.
[  421.040903][   T30] usb 7-1: USB disconnect, device number 27
[  421.834958][ T5347] Bluetooth: hci3: command tx timeout
[  421.984942][    T8] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  422.135131][    T8] usb 5-1: Using ep0 maxpacket: 8
[  422.139005][    T8] usb 5-1: config 0 has no interfaces?
[  422.141109][    T8] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  422.144973][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.149981][    T8] usb 5-1: config 0 descriptor??
[  422.169418][T12492] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  422.306782][T12494] netlink: 272 bytes leftover after parsing attributes in process `syz.3.1864'.
[  422.309645][T12494] netlink: 272 bytes leftover after parsing attributes in process `syz.3.1864'.
[  422.380274][   T30] usb 6-1: USB disconnect, device number 54
[  422.500840][T12499] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1866'.
[  422.552268][T12507] Bluetooth: MGMT ver 1.23
[  422.825116][    T8] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[  422.975083][    T8] usb 6-1: Using ep0 maxpacket: 8
[  422.982569][    T8] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  422.987413][    T8] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  422.992225][    T8] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  422.997830][    T8] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  423.001625][    T8] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  423.007378][    T8] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  423.011071][    T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  423.024167][    T8] usbtmc 6-1:16.0: probe with driver usbtmc failed with error -22
[  423.440078][T12513] netlink: 116 bytes leftover after parsing attributes in process `syz.3.1870'.
[  423.584793][T12520] 9pnet: p9_errstr2errno: server reported unknown error Ý@íÎhQI¸¥ŠteœkKzEËxÐBAšÁbà¹lpΆ²vxÝé*óÍDŽ‘àò}‘©Ù’ñ;5ÏÇ–3OŲ"`õͶ
[  423.824918][ T5410] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  423.974971][ T5410] usb 7-1: Using ep0 maxpacket: 8
[  423.979182][ T5410] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  423.983141][ T5410] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  423.987964][ T5410] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  423.991629][ T5410] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  423.996778][ T5410] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  424.000004][ T5410] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.644960][ T5347] Bluetooth: hci0: command tx timeout
[  424.667654][ T1427] usb 5-1: USB disconnect, device number 33
[  425.094933][ T1427] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  425.245027][ T1427] usb 5-1: Using ep0 maxpacket: 8
[  425.249171][ T1427] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  425.253422][ T1427] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  425.259629][ T1427] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 38176, setting to 1024
[  425.263859][ T1427] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  425.267780][ T1427] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  425.272581][ T1427] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  425.275965][ T1427] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.484389][ T1427] usb 5-1: GET_CAPABILITIES returned 0
[  425.486630][ T1427] usbtmc 5-1:16.0: can't read capabilities
[  425.600039][    T8] usb 6-1: USB disconnect, device number 55
[  425.687817][T12534] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1876'.
[  425.690443][T12534] netlink: 332 bytes leftover after parsing attributes in process `syz.1.1876'.
[  425.909744][T12541] 9pnet_fd: Insufficient options for proto=fd
[  426.528630][ T5410] usb 7-1: usb_control_msg returned -71
[  426.530964][ T5410] usbtmc 7-1:16.0: can't read capabilities
[  426.542175][ T5410] usb 7-1: USB disconnect, device number 28
[  426.643698][T12550] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  427.417253][T12560] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1882'.
[  427.452110][T12560] autofs: Bad value for 'fd'
[  427.733642][ T1427] usb 5-1: USB disconnect, device number 34
[  428.345410][ T1427] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  428.525061][ T1427] usb 5-1: Using ep0 maxpacket: 8
[  428.542497][ T1427] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  428.549019][ T1427] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  428.552518][ T1427] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  428.558354][ T1427] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  428.562176][ T1427] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  428.567264][ T1427] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  428.570385][ T1427] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.592985][ T1427] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22
[  429.324984][T12583] netlink: 'syz.3.1890': attribute type 10 has an invalid length.
[  429.518182][T12589] netlink: 312 bytes leftover after parsing attributes in process `syz.1.1892'.
[  429.521568][T12589] netlink: 312 bytes leftover after parsing attributes in process `syz.1.1892'.
[  429.574975][ T1427] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  429.743209][ T1427] usb 7-1: Using ep0 maxpacket: 8
[  429.746705][ T1427] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  429.750446][ T1427] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  429.754024][ T1427] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  429.757725][ T1427] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  429.761835][ T1427] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  429.764983][ T1427] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.589018][T12600] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  430.927741][ T5410] usb 5-1: USB disconnect, device number 35
[  431.003743][T12602] 9p: Unknown uid 00000000004294967295
[  431.947844][T12616] FAULT_INJECTION: forcing a failure.
[  431.947844][T12616] name failslab, interval 1, probability 0, space 0, times 0
[  431.953128][T12616] CPU: 3 UID: 0 PID: 12616 Comm: syz.0.1901 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  431.957076][T12616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  431.960845][T12616] Call Trace:
[  431.962076][T12616]  <TASK>
[  431.963169][T12616]  dump_stack_lvl+0x16c/0x1f0
[  431.964967][T12616]  should_fail_ex+0x497/0x5b0
[  431.966750][T12616]  should_failslab+0xc2/0x120
[  431.968458][T12616]  __kmalloc_noprof+0xcb/0x410
[  431.970176][T12616]  io_cqring_event_overflow+0xcb/0x6f0
[  431.972118][T12616]  __io_submit_flush_completions+0x1069/0x20e0
[  431.974298][T12616]  ? io_queue_sqe_fallback+0x121/0xaa0
[  431.976273][T12616]  io_submit_sqes+0xa73/0x2530
[  431.978068][T12616]  __do_sys_io_uring_enter+0xc0f/0x1170
[  431.980084][T12616]  ? __fget_files+0x244/0x3f0
[  431.981720][T12616]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  431.983865][T12616]  ? fput+0x30/0x390
[  431.985276][T12616]  ? ksys_write+0x1ad/0x260
[  431.986930][T12616]  ? __pfx_ksys_write+0x10/0x10
[  431.988712][T12616]  __do_fast_syscall_32+0x73/0x120
[  431.990588][T12616]  do_fast_syscall_32+0x32/0x80
[  431.992211][T12616]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  431.994384][T12616] RIP: 0023:0xf7fa7579
[  431.995864][T12616] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  432.002636][T12616] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  432.005569][T12616] RAX: ffffffffffffffda RBX: 0000000000000018 RCX: 0000000000002d3e
[  432.008411][T12616] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  432.011063][T12616] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  432.013809][T12616] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  432.016636][T12616] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  432.019453][T12616]  </TASK>
[  432.201860][ T1427] usb 7-1: usb_control_msg returned -71
[  432.203389][ T1427] usbtmc 7-1:16.0: can't read capabilities
[  432.203396][T12625] netlink: 272 bytes leftover after parsing attributes in process `syz.1.1904'.
[  432.211402][T12625] netlink: 272 bytes leftover after parsing attributes in process `syz.1.1904'.
[  432.211502][ T1427] usb 7-1: USB disconnect, device number 29
[  432.257996][T12632] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1906'.
[  432.326096][T12630] fuse: Bad value for 'group_id'
[  432.327944][T12630] fuse: Bad value for 'group_id'
[  432.514949][ T5410] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[  432.664929][ T5410] usb 6-1: Using ep0 maxpacket: 8
[  432.676303][ T5410] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  432.680396][ T5410] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  432.684010][ T5410] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  432.688646][ T5410] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  432.692662][ T5410] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  432.697815][ T5410] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  432.701330][ T5410] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.708831][ T5410] usbtmc 6-1:16.0: probe with driver usbtmc failed with error -22
[  432.969120][T12657] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  433.324911][ T5410] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  433.494949][ T5410] usb 5-1: Using ep0 maxpacket: 8
[  433.498019][ T5410] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  433.501266][ T5410] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  433.504139][ T5410] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  433.508110][ T5410] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  433.512204][ T5410] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  433.514707][ T5410] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  434.566463][T12666] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1915'.
[  434.570460][T12666] netlink: 332 bytes leftover after parsing attributes in process `syz.2.1915'.
[  435.282337][ T5587] usb 6-1: USB disconnect, device number 56
[  435.506071][T12699] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  436.123814][ T5410] usb 5-1: usb_control_msg returned -71
[  436.134949][ T5410] usbtmc 5-1:16.0: can't read capabilities
[  436.141509][ T5410] usb 5-1: USB disconnect, device number 36
[  438.076062][T12735] 9pnet_fd: Insufficient options for proto=fd
[  438.495368][ T5410] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[  438.645010][ T5410] usb 7-1: Using ep0 maxpacket: 8
[  438.649813][ T5410] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  438.654002][ T5410] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  438.656305][T12744] PKCS8: Unsupported PKCS#8 version
[  438.660335][ T5410] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  438.664062][ T5410] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  438.679549][ T5410] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  438.683066][ T5410] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.042594][ T1375] ieee802154 phy0 wpan0: encryption failed: -22
[  439.788233][T12759] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1938'.
[  439.799849][T12761] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  441.187668][ T5410] usb 7-1: usb_control_msg returned -71
[  441.189388][ T5410] usbtmc 7-1:16.0: can't read capabilities
[  441.210340][ T5410] usb 7-1: USB disconnect, device number 30
[  441.284934][   T30] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  441.455383][   T30] usb 5-1: Using ep0 maxpacket: 16
[  441.458287][   T30] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  441.461144][   T30] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  441.464465][   T30] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  441.469999][   T30] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.476630][   T30] usb 5-1: config 0 descriptor??
[  441.574985][ T5410] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[  441.735015][ T5410] usb 7-1: Using ep0 maxpacket: 8
[  441.740972][ T5410] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  441.743982][ T5410] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  441.746786][ T5410] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  441.749577][ T5410] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  441.752409][ T5410] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  441.756008][ T5410] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  441.758519][ T5410] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.776657][ T5410] usbtmc 7-1:16.0: probe with driver usbtmc failed with error -22
[  441.885583][   T30] microsoft 0003:045E:07DA.0005: No inputs registered, leaving
[  441.889519][   T30] microsoft 0003:045E:07DA.0005: hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[  441.893136][   T30] microsoft 0003:045E:07DA.0005: no inputs found
[  441.895350][   T30] microsoft 0003:045E:07DA.0005: could not initialize ff, continuing anyway
[  442.341045][T12780] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1942'.
[  442.358691][    T8] usb 5-1: USB disconnect, device number 37
[  443.254934][    T8] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  443.275028][ T1992] usb 6-1: new high-speed USB device number 57 using dummy_hcd
[  443.405047][    T8] usb 5-1: Using ep0 maxpacket: 8
[  443.408620][    T8] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  443.411531][    T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  443.414315][    T8] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 38176, setting to 1024
[  443.417816][    T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  443.421196][    T8] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  443.425994][ T1992] usb 6-1: Using ep0 maxpacket: 8
[  443.427634][    T8] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  443.430239][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.433279][ T1992] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  443.442240][ T1992] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  443.448000][ T1992] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  443.451382][ T1992] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  443.457216][ T1992] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  443.459728][ T1992] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.640704][    T8] usb 5-1: GET_CAPABILITIES returned 0
[  443.642921][    T8] usbtmc 5-1:16.0: can't read capabilities
[  443.671892][    C2] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  444.096522][T12817] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  444.257697][   T30] usb 7-1: USB disconnect, device number 31
[  444.310811][T12819] UBIFS error (pid: 12819): cannot open "./file0", error -22
[  444.389755][T12821] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1954'.
[  444.473335][T12823] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1955'.
[  444.551316][T12825] overlayfs: cannot append lower layer
[  444.742744][T12829] ufs: You didn't specify the type of your ufs filesystem
[  444.742744][T12829] 
[  444.742744][T12829] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  444.742744][T12829] 
[  444.742744][T12829] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  444.756914][T12829] syz.2.1958: attempt to access beyond end of device
[  444.756914][T12829] loop2: rw=0, sector=16, nr_sectors = 2 limit=0
[  445.967785][ T5587] usb 5-1: USB disconnect, device number 38
[  446.020474][ T1992] usb 6-1: usb_control_msg returned -71
[  446.022495][ T1992] usbtmc 6-1:16.0: can't read capabilities
[  446.039503][ T1992] usb 6-1: USB disconnect, device number 57
[  446.054510][T12847] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1963'.
[  446.731889][T11266] Bluetooth: hci4: Frame reassembly failed (-84)
[  446.734588][T12867] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  446.744945][T11289] Bluetooth: hci4: Frame reassembly failed (-84)
[  448.446332][    T8] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[  448.595109][    T8] usb 7-1: Using ep0 maxpacket: 8
[  448.600278][    T8] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  448.604313][    T8] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  448.608418][    T8] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  448.612563][    T8] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  448.618616][    T8] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  448.622097][    T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.795050][ T5347] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  448.795117][ T5361] Bluetooth: hci4: command 0x1003 tx timeout
[  448.980847][T12891] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1974'.
[  448.983307][T12891] gretap0: entered allmulticast mode
[  448.985251][T12890] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1974'.
[  448.995640][T12890] gretap0: entered promiscuous mode
[  448.997864][T12890] gretap0: left allmulticast mode
[  449.078451][T12894] process 'memfd:£Ÿn´dRi5¬Îáˆ�[@8×Î 9I“=µç\'LæÒŽ¼)JtTDq�Ï�ºå1õ È>É\…L¿Ï‘ßMó^T*' started with executable stack
[  449.195735][T12899] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1977'.
[  449.199161][T12899] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1977'.
[  449.208416][T12899] syz_tun: entered promiscuous mode
[  449.212599][T12899] syz_tun: left promiscuous mode
[  449.270393][T12903] syz.1.1977: attempt to access beyond end of device
[  449.270393][T12903] sr0: rw=6144, sector=128, nr_sectors = 8 limit=128
[  449.276128][T12903] gfs2: error -5 reading superblock
[  449.362404][T12905] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  451.270228][    T8] usb 7-1: usb_control_msg returned -71
[  451.274985][    T8] usbtmc 7-1:16.0: can't read capabilities
[  451.372044][    T8] usb 7-1: USB disconnect, device number 32
[  452.447878][T12959] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  452.555048][ T5587] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  452.655610][T12962] netlink: 120 bytes leftover after parsing attributes in process `syz.2.1994'.
[  452.686272][T12962] mkiss: ax0: crc mode is auto.
[  452.705047][ T5587] usb 5-1: Using ep0 maxpacket: 8
[  452.711066][ T5587] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  452.715936][ T5587] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  452.719729][ T5587] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  452.723411][ T5587] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  452.729687][ T5587] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  452.733305][ T5587] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  452.841732][T12963] mkiss: ax0: crc mode is auto.
[  454.368598][T12965] /dev/sr0: Can't open blockdev
[  455.302799][ T5587] usb 5-1: usb_control_msg returned -71
[  455.304790][ T5587] usbtmc 5-1:16.0: can't read capabilities
[  455.308164][ T5587] usb 5-1: USB disconnect, device number 39
[  456.005997][T13000] netlink: 'syz.0.2003': attribute type 7 has an invalid length.
[  456.008892][T13000] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2003'.
[  456.031503][T13000] netlink: 5120 bytes leftover after parsing attributes in process `syz.0.2003'.
[  456.036774][T13000] netlink: 4048 bytes leftover after parsing attributes in process `syz.0.2003'.
[  456.040421][T13000] netlink: 3268 bytes leftover after parsing attributes in process `syz.0.2003'.
[  456.043542][T13000] netlink: 7100 bytes leftover after parsing attributes in process `syz.0.2003'.
[  456.495140][T12251] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  456.644997][T12251] usb 5-1: Using ep0 maxpacket: 8
[  456.648950][T12251] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  456.653234][T12251] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  456.657020][T12251] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 38176, setting to 1024
[  456.661140][T12251] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  456.664697][T12251] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  456.669755][T12251] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  456.673030][T12251] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.856870][T13011] netlink: 'syz.2.2007': attribute type 23 has an invalid length.
[  456.886773][T12251] usb 5-1: GET_CAPABILITIES returned 0
[  456.888853][T12251] usbtmc 5-1:16.0: can't read capabilities
[  457.821339][T13028] tipc: Enabling of bearer <eth:pim6reg1> rejected, failed to enable media
[  458.439540][T13021] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  459.256260][ T1992] usb 5-1: USB disconnect, device number 40
[  460.304958][ T5410] usb 6-1: new high-speed USB device number 58 using dummy_hcd
[  460.391138][T13086] bridge0: port 2(bridge_slave_1) entered disabled state
[  460.393313][T13086] bridge0: port 1(bridge_slave_0) entered disabled state
[  460.423944][T13089] netlink: 'syz.3.2030': attribute type 5 has an invalid length.
[  460.473334][T13086] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  460.474916][ T5410] usb 6-1: Using ep0 maxpacket: 8
[  460.483465][ T5410] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  460.491477][ T5410] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  460.496871][ T5410] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 38176, setting to 1024
[  460.497592][T13086] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  460.502928][T13091] block device autoloading is deprecated and will be removed.
[  460.505958][ T5410] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  460.510923][ T5410] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  460.517357][ T5410] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  460.522368][ T5410] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.557118][T13086] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  460.559529][T13086] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  460.561852][T13086] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  460.564097][T13086] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  460.593635][T13089] : entered promiscuous mode
[  460.739640][ T5410] usb 6-1: GET_CAPABILITIES returned 0
[  460.742114][ T5410] usbtmc 6-1:16.0: can't read capabilities
[  460.801388][T13101] netlink: 288 bytes leftover after parsing attributes in process `syz.3.2032'.
[  460.918127][T13119] PKCS7: Unknown OID: [4] 2.19.0.2.86.14.43(bad)
[  460.920359][T13119] PKCS7: Only support pkcs7_signedData type
[  461.368009][T13139] kAFS: unparsable volume name
[  461.705791][   T39] audit: type=1326 audit(1728413169.691:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13145 comm="syz.2.2047" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f43579 code=0x0
[  462.762554][T13163] usb 2-1: USB disconnect, device number 2
[  462.852278][T13167] hub 2-0:1.0: USB hub found
[  462.853748][T13167] hub 2-0:1.0: 6 ports detected
[  462.893452][ T1992] usb 6-1: USB disconnect, device number 58
[  462.926731][T13172] netlink: 16166 bytes leftover after parsing attributes in process `syz.1.2056'.
[  462.947183][T13172] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  463.021624][T13175] syzkaller0: entered promiscuous mode
[  463.023129][T13175] syzkaller0: entered allmulticast mode
[  463.044898][ T5410] usb 2-1: new high-speed USB device number 3 using ehci-pci
[  463.269151][ T5410] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  463.271613][ T5410] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  463.273828][ T5410] usb 2-1: Product: QEMU USB Tablet
[  463.275849][ T5410] usb 2-1: Manufacturer: QEMU
[  463.277279][ T5410] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[  463.343585][ T5410] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0006/input/input25
[  463.565436][ T5410] hid-generic 0003:0627:0001.0006: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  463.717916][   T39] audit: type=1800 audit(1728413171.691:267): pid=13190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2060" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  463.808068][T13192] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2061'.
[  465.128605][T13210] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2066'.
[  465.188230][T13215] bridge0: port 1(bridge_slave_0) entered disabled state
[  465.330557][T13213] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  465.332489][T13213] overlayfs: failed to set xattr on upper
[  465.333994][T13213] overlayfs: ...falling back to redirect_dir=nofollow.
[  465.337143][T13213] overlayfs: ...falling back to uuid=null.
[  465.391208][T13225] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  465.774768][T13237] netlink: 'syz.0.2073': attribute type 1 has an invalid length.
[  465.778428][T13237] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.2073'.
[  465.780783][T13232] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2072'.
[  465.781460][T13237] netlink: 'syz.0.2073': attribute type 1 has an invalid length.
[  466.027385][T13252] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  466.103107][T13265] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  466.554885][T12252] usb 6-1: new high-speed USB device number 59 using dummy_hcd
[  466.716204][T12252] usb 6-1: config 0 has no interfaces?
[  466.719182][T12252] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  466.721849][T12252] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  466.724041][T12252] usb 6-1: Manufacturer: syz
[  466.726852][T12252] usb 6-1: config 0 descriptor??
[  466.903927][T13276] netlink: 'syz.2.2082': attribute type 1 has an invalid length.
[  466.929082][T13276] 8021q: adding VLAN 0 to HW filter on device batadv1
[  466.933226][T13276] bond1: (slave batadv1): Enslaving as a backup interface with an up link
[  466.944782][T13276] bond1 (unregistering): (slave batadv1): Releasing backup interface
[  466.959004][T13276] bond1 (unregistering): Released all slaves
[  466.975558][T13279] netlink: 'syz.0.2083': attribute type 8 has an invalid length.
[  466.981508][ T5353] usb 6-1: USB disconnect, device number 59
[  466.997763][T13279] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2083'.
[  467.000176][T13279] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2083'.
[  467.284945][ T1992] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  467.437602][ T1992] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  467.439915][ T1992] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.441868][ T1992] usb 5-1: Product: syz
[  467.442948][ T1992] usb 5-1: Manufacturer: syz
[  467.444081][ T1992] usb 5-1: SerialNumber: syz
[  467.449341][ T1992] usb 5-1: config 0 descriptor??
[  467.509649][T13284] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2085'.
[  467.540223][T13286] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2086'.
[  467.702231][ T1427] usb 5-1: USB disconnect, device number 41
[  468.243914][T13302] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2089'.
[  468.520543][T13318] netlink: 'syz.2.2093': attribute type 4 has an invalid length.
[  468.585350][T13318] netlink: 'syz.2.2093': attribute type 4 has an invalid length.
[  469.048990][T13326] fuse: Bad value for 'fd'
[  469.054633][T13326] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  469.384974][ T5587] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  469.536239][ T5587] usb 5-1: Using ep0 maxpacket: 8
[  469.538986][ T5587] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  469.542004][ T5587] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  469.543902][T13339] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2099'.
[  469.544664][ T5587] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 38176, setting to 1024
[  469.544680][ T5587] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  469.544692][ T5587] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  469.544715][ T5587] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  469.584882][ T5587] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.623228][T13335] syzkaller0: entered promiscuous mode
[  469.624746][T13335] syzkaller0: entered allmulticast mode
[  469.804404][ T5587] usb 5-1: GET_CAPABILITIES returned 0
[  469.814940][ T5587] usbtmc 5-1:16.0: can't read capabilities
[  470.851972][T13360] IPVS: set_ctl: invalid protocol: 1 255.255.255.255:0
[  472.110266][ T1992] usb 5-1: USB disconnect, device number 42
[  472.665494][T13373] 
[  472.666195][T13373] ======================================================
[  472.668012][T13373] WARNING: possible circular locking dependency detected
[  472.669790][T13373] 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 Not tainted
[  472.671650][T13373] ------------------------------------------------------
[  472.674754][T13373] syz.3.2106/13373 is trying to acquire lock:
[  472.676335][T13373] ffff8880211e4258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x6d/0x3b0
[  472.679353][T13373] 
[  472.679353][T13373] but task is already holding lock:
[  472.681268][T13373] ffff88802977a128 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x235/0x700
[  472.683560][T13373] 
[  472.683560][T13373] which lock already depends on the new lock.
[  472.683560][T13373] 
[  472.686021][T13373] 
[  472.686021][T13373] the existing dependency chain (in reverse order) is:
[  472.688237][T13373] 
[  472.688237][T13373] -> #3 (&d->lock){+.+.}-{3:3}:
[  472.690021][T13373]        __mutex_lock+0x175/0x9c0
[  472.691351][T13373]        __rfcomm_dlc_close+0x235/0x700
[  472.692800][T13373]        rfcomm_dlc_close+0x1eb/0x240
[  472.694224][T13373]        __rfcomm_sock_close+0xa7/0x230
[  472.695653][T13373]        rfcomm_sock_shutdown+0xd5/0x230
[  472.697126][T13373]        rfcomm_sock_release+0x5d/0x140
[  472.698507][T13373]        __sock_release+0xb0/0x270
[  472.699815][T13373]        sock_close+0x1c/0x30
[  472.700984][T13373]        __fput+0x3f6/0xb60
[  472.702141][T13373]        task_work_run+0x14e/0x250
[  472.703389][T13373]        get_signal+0x1d3/0x26d0
[  472.704597][T13373]        arch_do_signal_or_restart+0x90/0x7e0
[  472.706182][T13373]        syscall_exit_to_user_mode+0x150/0x2a0
[  472.707766][T13373]        __do_fast_syscall_32+0x80/0x120
[  472.709123][T13373]        do_fast_syscall_32+0x32/0x80
[  472.710540][T13373]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  472.712311][T13373] 
[  472.712311][T13373] -> #2 (rfcomm_mutex){+.+.}-{3:3}:
[  472.714247][T13373]        __mutex_lock+0x175/0x9c0
[  472.715645][T13373]        rfcomm_dlc_exists+0x5f/0x1a0
[  472.717042][T13373]        rfcomm_dev_ioctl+0xabc/0x1e70
[  472.718482][T13373]        rfcomm_sock_compat_ioctl+0xba/0xe0
[  472.720026][T13373]        compat_sock_ioctl+0x17b/0x7e0
[  472.721448][T13373]        __do_compat_sys_ioctl+0x259/0x2b0
[  472.722980][T13373]        __do_fast_syscall_32+0x73/0x120
[  472.724448][T13373]        do_fast_syscall_32+0x32/0x80
[  472.725836][T13373]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  472.727547][T13373] 
[  472.727547][T13373] -> #1 (rfcomm_ioctl_mutex){+.+.}-{3:3}:
[  472.729518][T13373]        __mutex_lock+0x175/0x9c0
[  472.730788][T13373]        rfcomm_dev_ioctl+0x9db/0x1e70
[  472.732157][T13373]        rfcomm_sock_compat_ioctl+0xba/0xe0
[  472.733622][T13373]        compat_sock_ioctl+0x17b/0x7e0
[  472.735035][T13373]        __do_compat_sys_ioctl+0x259/0x2b0
[  472.736502][T13373]        __do_fast_syscall_32+0x73/0x120
[  472.737915][T13373]        do_fast_syscall_32+0x32/0x80
[  472.739255][T13373]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  472.740977][T13373] 
[  472.740977][T13373] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}:
[  472.743336][T13373]        __lock_acquire+0x250b/0x3ce0
[  472.744683][T13373]        lock_acquire.part.0+0x11b/0x380
[  472.746027][T13373]        lock_sock_nested+0x3a/0xf0
[  472.747301][T13373]        rfcomm_sk_state_change+0x6d/0x3b0
[  472.748752][T13373]        __rfcomm_dlc_close+0x28c/0x700
[  472.750229][T13373]        rfcomm_dlc_close+0x1eb/0x240
[  472.751632][T13373]        __rfcomm_sock_close+0xa7/0x230
[  472.753127][T13373]        rfcomm_sock_shutdown+0xd5/0x230
[  472.754615][T13373]        rfcomm_sock_release+0x5d/0x140
[  472.756064][T13373]        __sock_release+0xb0/0x270
[  472.757406][T13373]        sock_close+0x1c/0x30
[  472.758669][T13373]        __fput+0x3f6/0xb60
[  472.759825][T13373]        task_work_run+0x14e/0x250
[  472.761277][T13373]        get_signal+0x1d3/0x26d0
[  472.762513][T13373]        arch_do_signal_or_restart+0x90/0x7e0
[  472.764003][T13373]        syscall_exit_to_user_mode+0x150/0x2a0
[  472.765556][T13373]        __do_fast_syscall_32+0x80/0x120
[  472.766980][T13373]        do_fast_syscall_32+0x32/0x80
[  472.768329][T13373]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  472.770096][T13373] 
[  472.770096][T13373] other info that might help us debug this:
[  472.770096][T13373] 
[  472.772625][T13373] Chain exists of:
[  472.772625][T13373]   sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_mutex --> &d->lock
[  472.772625][T13373] 
[  472.775986][T13373]  Possible unsafe locking scenario:
[  472.775986][T13373] 
[  472.777929][T13373]        CPU0                    CPU1
[  472.779347][T13373]        ----                    ----
[  472.780742][T13373]   lock(&d->lock);
[  472.781706][T13373]                                lock(rfcomm_mutex);
[  472.783394][T13373]                                lock(&d->lock);
[  472.784986][T13373]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM);
[  472.786553][T13373] 
[  472.786553][T13373]  *** DEADLOCK ***
[  472.786553][T13373] 
[  472.788497][T13373] 3 locks held by syz.3.2106/13373:
[  472.789750][T13373]  #0: ffff8880129a2608 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x270
[  472.792265][T13373]  #1: ffffffff8fd52128 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x33/0x240
[  472.794571][T13373]  #2: ffff88802977a128 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x235/0x700
[  472.796909][T13373] 
[  472.796909][T13373] stack backtrace:
[  472.798381][T13373] CPU: 1 UID: 0 PID: 13373 Comm: syz.3.2106 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  472.801034][T13373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  472.803641][T13373] Call Trace:
[  472.804472][T13373]  <TASK>
[  472.805319][T13373]  dump_stack_lvl+0x116/0x1f0
[  472.806516][T13373]  print_circular_bug+0x419/0x5d0
[  472.807799][T13373]  check_noncircular+0x31a/0x400
[  472.809055][T13373]  ? __pfx_check_noncircular+0x10/0x10
[  472.810416][T13373]  ? lockdep_lock+0xc6/0x200
[  472.811567][T13373]  ? __pfx_lockdep_lock+0x10/0x10
[  472.812809][T13373]  __lock_acquire+0x250b/0x3ce0
[  472.814053][T13373]  ? __pfx___lock_acquire+0x10/0x10
[  472.815355][T13373]  ? __mutex_trylock_common+0xea/0x250
[  472.816704][T13373]  ? __pfx___mutex_trylock_common+0x10/0x10
[  472.818185][T13373]  ? __rfcomm_dlc_close+0x235/0x700
[  472.819475][T13373]  lock_acquire.part.0+0x11b/0x380
[  472.820769][T13373]  ? rfcomm_sk_state_change+0x6d/0x3b0
[  472.822158][T13373]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  472.823548][T13373]  ? rcu_is_watching+0x12/0xc0
[  472.824728][T13373]  ? trace_lock_acquire+0x14a/0x1d0
[  472.826012][T13373]  ? rfcomm_sk_state_change+0x6d/0x3b0
[  472.827363][T13373]  ? lock_acquire+0x2f/0xb0
[  472.828489][T13373]  ? rfcomm_sk_state_change+0x6d/0x3b0
[  472.829830][T13373]  lock_sock_nested+0x3a/0xf0
[  472.830996][T13373]  ? rfcomm_sk_state_change+0x6d/0x3b0
[  472.832340][T13373]  rfcomm_sk_state_change+0x6d/0x3b0
[  472.833679][T13373]  __rfcomm_dlc_close+0x28c/0x700
[  472.835003][T13373]  rfcomm_dlc_close+0x1eb/0x240
[  472.836208][T13373]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  472.837680][T13373]  __rfcomm_sock_close+0xa7/0x230
[  472.838912][T13373]  rfcomm_sock_shutdown+0xd5/0x230
[  472.840173][T13373]  rfcomm_sock_release+0x5d/0x140
[  472.841422][T13373]  __sock_release+0xb0/0x270
[  472.842579][T13373]  ? __pfx_sock_close+0x10/0x10
[  472.843848][T13373]  sock_close+0x1c/0x30
[  472.844938][T13373]  __fput+0x3f6/0xb60
[  472.845991][T13373]  ? _raw_spin_unlock_irq+0x23/0x50
[  472.847367][T13373]  task_work_run+0x14e/0x250
[  472.848586][T13373]  ? __pfx_task_work_run+0x10/0x10
[  472.849932][T13373]  get_signal+0x1d3/0x26d0
[  472.851128][T13373]  ? kick_process+0xf6/0x1b0
[  472.852358][T13373]  ? task_work_add+0x1d6/0x370
[  472.853658][T13373]  ? __pfx_task_work_add+0x10/0x10
[  472.855025][T13373]  ? __pfx_get_signal+0x10/0x10
[  472.856309][T13373]  arch_do_signal_or_restart+0x90/0x7e0
[  472.857753][T13373]  ? __pfx___sys_connect+0x10/0x10
[  472.859118][T13373]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  472.860721][T13373]  ? rcu_is_watching+0x12/0xc0
[  472.861987][T13373]  syscall_exit_to_user_mode+0x150/0x2a0
[  472.863456][T13373]  __do_fast_syscall_32+0x80/0x120
[  472.864795][T13373]  do_fast_syscall_32+0x32/0x80
[  472.866052][T13373]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  472.867734][T13373] RIP: 0023:0xf745e579
[  472.868810][T13373] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  472.873720][T13373] RSP: 002b:00000000f574656c EFLAGS: 00000296 ORIG_RAX: 000000000000016a
[  472.875810][T13373] RAX: fffffffffffffffc RBX: 0000000000000009 RCX: 0000000020000300
[  472.877840][T13373] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[  472.879829][T13373] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  472.881837][T13373] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  472.883870][T13373] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  472.885917][T13373]  </TASK>

VM DIAGNOSIS:
18:46:20  Registers:
info registers vcpu 0

CPU#0
RAX=0000000001314d7c RBX=0000000000000000 RCX=ffffffff8b130829 RDX=ffffed1005687026
RSI=ffffffff8bb12320 RDI=ffffffff816417fc RBP=fffffbfff1b52af8 RSP=ffffffff8da07e20
R8 =0000000000000000 R9 =ffffed1005687025 R10=ffff88802b43812b R11=0000000000000001
R12=0000000000000000 R13=ffffffff8da957c0 R14=ffffffff901cd188 R15=0000000000000000
RIP=ffffffff8b131c0f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f373a85e440 CR3=000000005c948000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001b800000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85036a05 RDI=ffffffff9a63a220 RBP=ffffffff9a63a1e0 RSP=ffffc900237ff1a8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=000000000000002d R14=ffffffff850369a0 R15=0000000000000000
RIP=ffffffff85036a2f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f5684da4 CR3=0000000073fda000 CR4=00352ef0
DR0=0000000000000000 DR1=000000000000000a DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000009800000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=0000000000000002 RCX=ffffffff848f05b3 RDX=ffff88801bbfa440
RSI=0000000000000020 RDI=0000000000000001 RBP=ffffffff8bb1ca40 RSP=ffffc900033673c0
R8 =0000000000000001 R9 =0000000000000020 R10=0000000000000010 R11=00000000000a2012
R12=0000000000000010 R13=0000000000000001 R14=0000000000000003 R15=0000000000000010
RIP=ffffffff818cb882 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f3ad1696d00 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055ad14eaf000 CR3=0000000000736000 CR4=00352ef0
DR0=fffffffffffffffc DR1=0000000000000000 DR2=0000000000000002 DR3=0000000000000800 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=1e1b8ca31e1b8ca3 1e1b8ca31e1b8ca3 1e1b8ca31e1b8ca3 1e1b8ca31e1b8ca3 1e1b8ca31e1b8ca3 1e1b8ca31e1b8ca3 1e1b8ca31e1b8ca3 1e1b8ca31e1b8ca3
ZMM22=1bc8a9691bc8a969 1bc8a9691bc8a969 1bc8a9691bc8a969 1bc8a9691bc8a969 1bc8a9691bc8a969 1bc8a9691bc8a969 1bc8a9691bc8a969 1bc8a9691bc8a969
ZMM23=11956d8211956d82 11956d8211956d82 11956d8211956d82 11956d8211956d82 11956d8211956d82 11956d8211956d82 11956d8211956d82 11956d8211956d82
ZMM24=5521667055216670 5521667055216670 5521667055216670 5521667055216670 5521667055216670 5521667055216670 5521667055216670 5521667055216670
ZMM25=130120ad130120ad 130120ad130120ad 130120ad130120ad 130120ad130120ad 130120ad130120ad 130120ad130120ad 130120ad130120ad 130120ad130120ad
ZMM26=da570317da570317 da570317da570317 da570317da570317 da570317da570317 da570317da570317 da570317da570317 da570317da570317 da570317da570317
ZMM27=77c11b1f77c11b1f 77c11b1f77c11b1f 77c11b1f77c11b1f 77c11b1f77c11b1f 77c11b1f77c11b1f 77c11b1f77c11b1f 77c11b1f77c11b1f 77c11b1f77c11b1f
ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=420c0000420c0000 420c0000420c0000 420c0000420c0000 420c0000420c0000 420c0000420c0000 420c0000420c0000 420c0000420c0000 420c0000420c0000
info registers vcpu 3

CPU#3
RAX=0000000000698c64 RBX=0000000000000003 RCX=ffffffff8b130829 RDX=ffffed10056e7026
RSI=ffffffff8bb12320 RDI=ffffffff816417fc RBP=ffffed10036ee488 RSP=ffffc90000497e08
R8 =0000000000000000 R9 =ffffed10056e7025 R10=ffff88802b73812b R11=0000000000000001
R12=0000000000000003 R13=ffff88801b772440 R14=ffffffff901cd188 R15=0000000000000000
RIP=ffffffff8b131c0f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020031000 CR3=0000000021b18000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000