last executing test programs:

4m49.973976798s ago: executing program 0 (id=62):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x1ff)
mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
syz_clone3(&(0x7f00000000c0)={0x349902400, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)

4m49.681680557s ago: executing program 0 (id=64):
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = syz_io_uring_setup(0x6440, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x3, 0x1, 0x0, 0xce})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='.'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0xfdef)
mremap(&(0x7f0000ffa000/0x3000)=nil, 0x1000000000000, 0x2, 0x0, &(0x7f0000ffa000/0x4000)=nil)

4m49.632482249s ago: executing program 0 (id=66):
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x53cb1000)
r0 = syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(r0, 0x5, &(0x7f0000000040)=0xf)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$netlink(0x10, 0x3, 0x0)
gettid()
futex(&(0x7f000000cffc), 0x1, 0x800000, 0x0, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x8000, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDGKBMODE(r2, 0x4b32, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r3, 0x40505331, &(0x7f0000000100)={{}, {0xe}, 0x0, 0xbf})
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0, 0x2)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='loginuid\x00')
preadv(r4, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c0ef815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaad1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69922050000f5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762e122428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302be7ff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9d3fded31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000bb60bc1f1635caf0ca9eabf804adc94e0a73923976299c7ac285542e5de1dd14183f1bb171eabe19fe98f551e1b635300d8e38f07eda29341535e532a6d64ed36fac9c77827bf85ac369eac8879e515b58a03438561c5e78157649c6d45e7e621b79d724e277f1ee49e5b63e81180626a73510be26082a097de42b016336707866d422a93e01c1cbe0cefd4a89dc24b0d7f549908b8620ffd7d900a0a96a381fdd763b39f0bc0af5faf593c5d39fdf43430e4b7c23b5cf691792248cfb9ec9f882dd19a9f6e9426b4f88fe14487942bb34e585083f7b98900682e2683922a94e2f0baecc00f74071d025220bcdbc7f5575ce72981e918681b5a0b1ee9af749885fd8cefb9e182b326eaebad4616647fe1c8c16e42e123c9651f634e962219f"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)

4m46.094398298s ago: executing program 0 (id=86):
mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x100000a)
socket(0x18, 0x3, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000280), 0x3fc, 0x101840)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000180)={'TPROXY\x00'}, &(0x7f0000000380)=0x1e)
r3 = dup(r1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
chroot(&(0x7f0000000340)='./file0/../file0/../file0/../file0\x00')
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000080)='./file0/../file0/../file0/../file0\x00', &(0x7f00000000c0)='./file0\x00')
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYBLOB="0000000000070000000000000000000000000000b0c5a4636b93524a8a6ede4751b6eac900394e7eaf8f4e72933108f3b00100008000000000ecbfdb330eb9a7607c38c766f895f584efabada85e0b699eafe06be615abbd8daa11", @ANYRES32=r0], 0x48)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x19, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
open_tree(0xffffffffffffff9c, 0x0, 0x89801)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x22, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r6, 0x6, 0x16, &(0x7f0000000240)=[@mss, @sack_perm, @timestamp, @mss={0x2, 0x4}, @timestamp, @window={0x3, 0xfffe, 0xfffc}, @timestamp, @mss={0x2, 0x5}], 0x2000000000000067)
setsockopt$inet_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
openat$cgroup_int(r5, &(0x7f0000000040)='hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x2, 0x0)
unshare(0x44040000)
open(&(0x7f00000000c0)='./bus\x00', 0x4002, 0x0)

4m45.733472496s ago: executing program 0 (id=90):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000080), 0x0, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newtaction={0x218, 0x30, 0x1, 0x0, 0x0, {}, [{0x204, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x6, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}, @m_mirred={0xa8, 0x20, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x7, 0xf617, 0x7, 0x5, 0x4}, 0x1}}]}, {0x5b, 0x6, "4383849486ac3c6b7067af3ee4d03530bf238489a5af428901133c8c6860c3bf0db00b4e889a8010c5ab77b3ddeb7b532f3bb428db972f04dab4b244845a5bb46b6cb082b3236318cdadb0a4ba3cd7f6b2ffbf864ed274"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_xt={0xcc, 0x12, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x4}]}, {0x9a, 0x6, "c7055e65089918c90785783000fb80cb792d0f303e632ada2ab90f83195d6247fc54d9cdc222eb1299af913dd05c6270c8fb4c61568b332977f8972c124b53c34ab21c2a00ec364013410104d019c482fcad6c35af7c2a2acf6f75d4091c416a3c695e9a6a018619c9ac51aa98b2c86c558184065c17dc94ab7037164176842dc8b2b8f652f407b2001b021199ab21e5d4bf274046e7"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2}}}}]}]}, 0x218}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e00000004000000040000000300000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYBLOB], 0x48) (async)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x60}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8, 0x20}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x7, 0x0}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
syz_open_dev$loop(&(0x7f0000000300), 0x2, 0x40000) (async)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f00000002c0)={0x0, 0x0, 0x27f}) (async)
ioctl$sock_bt_hci(r5, 0x800448d3, 0x0) (async)
inotify_init1(0x0) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10) (async)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c) (async)
sendto$inet6(r7, &(0x7f0000000040)='l', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c) (async)
shutdown(r7, 0x1) (async)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2a00a9, &(0x7f0000000080)={[{@nr_blocks={'nr_blocks', 0x3d, [0x6d]}}]}) (async)
syz_clone(0x41840000, 0x0, 0x14, 0x0, 0x0, 0x0)

4m45.502756756s ago: executing program 0 (id=97):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000e15000)={0x2, 0x4e20, @loopback}, 0x10)
socket$inet(0x2, 0x1, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000400000000001c0012000c000100626f6e64000000000c00020008000100"], 0x3c}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r5], 0x44}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
socket$inet_tcp(0x2, 0x1, 0x0)

4m45.44294386s ago: executing program 32 (id=97):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000e15000)={0x2, 0x4e20, @loopback}, 0x10)
socket$inet(0x2, 0x1, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000400000000001c0012000c000100626f6e64000000000c00020008000100"], 0x3c}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r5], 0x44}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
socket$inet_tcp(0x2, 0x1, 0x0)

3m7.514079753s ago: executing program 1 (id=932):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x3c)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, &(0x7f0000000480)={0x1, @pix_mp={0x7, 0xfffffffd, 0x32314d54, 0x0, 0x9, [{0x1}, {}, {0x0, 0x4}, {0x0, 0x10}, {0x0, 0xfffffffe}, {}, {0x3}, {0x0, 0xff}], 0xb5, 0x0, 0x3, 0x0, 0x3}})
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000})
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})
socket$nl_generic(0x10, 0x3, 0x10)
mount(0x0, 0x0, 0x0, 0x3029044, 0x0)
semget$private(0x0, 0x3, 0x8)
semctl$SETVAL(0x0, 0x0, 0x10, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x955, 0x7214, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "db19ff47"}]}}, 0x0}, 0x0)

3m3.284144668s ago: executing program 1 (id=965):
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r1, 0x0, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x18b801, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x22002, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
r6 = socket(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000300)={0x28, 0x0, 0x0, @my=0x0}, 0x10)
connect$vsock_stream(r6, 0x0, 0x0)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r7 = openat$uhid(0xffffffffffffff9c, &(0x7f0000001900), 0x802, 0x0)
write$UHID_CREATE2(r7, &(0x7f00000005c0)=ANY=[@ANYBLOB="0b00000073797a310000000000000000e90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000080"], 0x119)
r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x13, 0x16, &(0x7f0000000480)=ANY=[@ANYRES64, @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000df1bfcff01000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008200000b70300000000000085000000060000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x8, 0xff6, &(0x7f0000003040)=""/4086, 0x41100, 0x2, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x4, 0x5}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, r3, 0xa, &(0x7f0000000540)=[0xffffffffffffffff], &(0x7f0000000700)=[{0x3, 0x1, 0x1, 0x56f0e95fa46824de}, {0x1, 0x1, 0x4, 0x3}, {0x4, 0x1, 0x4, 0x9}, {0x0, 0x4, 0x2, 0xa}, {0x5, 0x2, 0xa, 0xa}, {0x1, 0x5, 0xd, 0x7}, {0x3, 0x2, 0x6, 0x8}, {0x2, 0x3, 0x0, 0x3}, {0x5, 0x1, 0x8, 0xc}, {0x3, 0x4, 0xe}], 0x10, 0xfffff004, @void, @value}, 0x94)
ioctl$UI_ABS_SETUP(r8, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
write$uinput_user_dev(r8, &(0x7f0000000800)={'syz1\x00', {0x0, 0x0, 0x4}, 0x26, [0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x1000, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000]}, 0x45c)
ioctl$UI_SET_EVBIT(r8, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r8, 0x5501)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000000c0)=0x3700000)
close_range(r2, 0xffffffffffffffff, 0x0)

3m2.629441738s ago: executing program 1 (id=969):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0xffffffffffffffff, 0xb, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
clock_getres(0x1, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
r0 = epoll_create1(0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000001c0)={0x0, 0x300})

3m2.554190652s ago: executing program 1 (id=970):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r2, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x0, 0x0, 0x2, 0xc43d, 0xf7fffffffffffffa, 0x910d, 0x6, 0x80, 0x2, 0xfffffffffffffffe, 0x1, 0x8001, 0x7, 0x1, 0x0, 0x2], 0x6000, 0x4})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x108, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = socket(0x2a, 0x2, 0xffffffff)
getsockname$packet(r6, &(0x7f0000000200)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xa, 0xffff}, {0x0, 0xffff}}}, 0x24}}, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r9 = dup(r8)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000052a1900580001c0"])
r10 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r11 = dup(r10)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280))
open_by_handle_at(0xffffffffffffff9c, 0x0, 0x0)
write$6lowpan_enable(r11, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x239, &(0x7f00000000c0)={0x0, 0x4533, 0x10100, 0xffffdffe, 0x0, 0x0, r11}, &(0x7f0000000180), &(0x7f0000000340))
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000040)=<r12=>0x0)
bind$nfc_llcp(r11, &(0x7f0000000280)={0x27, r12, 0x0, 0x2, 0xb, 0x7, "582cfbbd2cdc013d0cab0f70a7d55d09b07f39b70698eb795a78da6282bd05ca0af7c91ee18388d53fa7034099c6c2fb1381f1ad33b7184223cd927d37ac2f", 0x14}, 0x58)
r13 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000026e9ffffff18560000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000ff0300007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b00000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2002, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x9101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x3041008, 0x0)

3m1.803734195s ago: executing program 1 (id=973):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x3c)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, &(0x7f0000000480)={0x1, @pix_mp={0x7, 0xfffffffd, 0x32314d54, 0x0, 0x9, [{0x1}, {}, {0x0, 0x4}, {0x0, 0x10}, {0x0, 0xfffffffe}, {}, {0x3}, {0x0, 0xff}], 0xb5, 0x0, 0x3, 0x0, 0x3}})
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000})
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})
socket$nl_generic(0x10, 0x3, 0x10)
mount(0x0, 0x0, 0x0, 0x3029044, 0x0)
semget$private(0x0, 0x3, 0x8)
semctl$SETVAL(0x0, 0x0, 0x10, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x955, 0x7214, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "db19ff47"}]}}, 0x0}, 0x0)

3m1.529135538s ago: executing program 1 (id=977):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
write(r0, &(0x7f00000000c0)="832a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
syz_open_dev$sg(&(0x7f0000000140), 0x6, 0xee96977e252920a6)
write(r2, &(0x7f00000000c0)="832a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac)
r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
connect$ax25(r3, &(0x7f0000000040)={{0x3, @bcast, 0x8}, [@default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = syz_io_uring_setup(0x239, &(0x7f0000000280)={0x0, 0x376c, 0x400, 0xffffffff, 0x0, 0x0, r1}, &(0x7f0000000180)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r6, 0x359c, 0x253f, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000100))
r9 = syz_genetlink_get_family_id$smc(&(0x7f00000005c0), 0xffffffffffffffff)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[], 0x40}}, 0x4000000)
sendmsg$SMC_PNETID_DEL(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000", @ANYRES16=r9, @ANYBLOB="270e000000170000000004"], 0x14}, 0x1, 0x40030000000000, 0x0, 0x40000}, 0x0)
syz_open_dev$dri(&(0x7f0000000040), 0xfffffffd, 0x2ec00)
r11 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x109801, 0x22)
ioctl$KVM_SET_MSRS(r11, 0x4008ae89, &(0x7f0000000600)=ANY=[@ANYBLOB="0500000000000000e7080000000000006e000000000000002729ee86000000000000ffffffffffffa0090000000000000200000000000000b5030000000000002408000000000000dd0b0000000000000001000000000000"])
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0), 0x0)

3m1.524951266s ago: executing program 33 (id=977):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
write(r0, &(0x7f00000000c0)="832a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
syz_open_dev$sg(&(0x7f0000000140), 0x6, 0xee96977e252920a6)
write(r2, &(0x7f00000000c0)="832a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac)
r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
connect$ax25(r3, &(0x7f0000000040)={{0x3, @bcast, 0x8}, [@default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = syz_io_uring_setup(0x239, &(0x7f0000000280)={0x0, 0x376c, 0x400, 0xffffffff, 0x0, 0x0, r1}, &(0x7f0000000180)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r6, 0x359c, 0x253f, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000100))
r9 = syz_genetlink_get_family_id$smc(&(0x7f00000005c0), 0xffffffffffffffff)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[], 0x40}}, 0x4000000)
sendmsg$SMC_PNETID_DEL(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000", @ANYRES16=r9, @ANYBLOB="270e000000170000000004"], 0x14}, 0x1, 0x40030000000000, 0x0, 0x40000}, 0x0)
syz_open_dev$dri(&(0x7f0000000040), 0xfffffffd, 0x2ec00)
r11 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x109801, 0x22)
ioctl$KVM_SET_MSRS(r11, 0x4008ae89, &(0x7f0000000600)=ANY=[@ANYBLOB="0500000000000000e7080000000000006e000000000000002729ee86000000000000ffffffffffffa0090000000000000200000000000000b5030000000000002408000000000000dd0b0000000000000001000000000000"])
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0), 0x0)

4.212490095s ago: executing program 5 (id=2067):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0x5d7, 0x0)
ioctl$VIDIOC_QUERYCTRL(r2, 0xc0445624, &(0x7f00000000c0)={0x0, 0x0, "1ec4618f6538ecc26693065a2dcc26d92bb4f1030cd2c1011cdbf894a0839dc2"})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
socket$inet(0x2, 0x1, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
shutdown(0xffffffffffffffff, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x84, &(0x7f0000000040)={0x0, @in={{0xa}}, 0xffff}, 0x90)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000001a00210f00000000fc1c0000000000000300000000c955f007fb8abc28854120827e2912e14b5ee54ea252010b09"], 0x1c}}, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58)
r7 = accept4(r5, 0x0, 0x0, 0x0)
sendmmsg$alg(r7, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x8}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = dup(0xffffffffffffffff)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
sendmmsg$inet(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1}}], 0xfdef, 0x0)

3.726681146s ago: executing program 5 (id=2069):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000050000"], &(0x7f00000003c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x169101, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_usb_ep_read(0xffffffffffffffff, 0x2, 0x44, &(0x7f0000000380)=""/68)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000540)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa0008004503002400660000092190780a010102640101024e204e2404119078288701af061cc93818f65c9db65576a439864cc40dc402c01ac56743b9e9ba7eb5"], 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000001a40), 0x1003}, 0x38)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="180000020000000000000000000000009500000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
openat$dma_heap(0xffffff9c, &(0x7f0000000100), 0x202900, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000dc3f6e4013080100083a000000010902"], 0x0)
openat$ttyS3(0xffffff9c, &(0x7f00000001c0), 0x20800, 0x0)
r3 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
syz_usb_connect_ath9k(0x3, 0xdb, &(0x7f0000000400)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x44, [{{0x9, 0x2, 0x65}}]}}, 0x0)
socket$packet(0x11, 0x3, 0x300)

2.631328067s ago: executing program 2 (id=2076):
r0 = socket(0x10, 0x803, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = openat$tun(0xffffff9c, &(0x7f0000000000), 0x10000, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101})
r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
getsockopt$llc_int(r2, 0x10c, 0x4, &(0x7f0000000140), &(0x7f0000000180)=0x4)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = openat$hpet(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$sock_inet6_udp_SIOCINQ(r6, 0x6802, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r7}, 0x10)
r9 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r8}, 0x8)
close(r9)
r10 = syz_open_procfs(0x0, &(0x7f00000001c0)='timers\x00')
read$FUSE(r10, &(0x7f0000000540)={0x2020}, 0x2020)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0xffff, 0xff, 0x5, 0x8008, r6, 0xc2c8, '\x00', r5, r9, 0x5, 0x2, 0x2, 0x8, @value=r9, @void, @void, @value}, 0x50)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x50)
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xb, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x8001)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x24, 0x2c, 0xd27, 0x30ad29, 0x2, {0x0, 0x0, 0x0, r5, {0x0, 0x6}, {}, {0x7}}}, 0x24}}, 0x0)

2.57243505s ago: executing program 2 (id=2078):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0x5d7, 0x0)
ioctl$VIDIOC_QUERYCTRL(r2, 0xc0445624, &(0x7f00000000c0)={0x0, 0x0, "1ec4618f6538ecc26693065a2dcc26d92bb4f1030cd2c1011cdbf894a0839dc2"})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
socket$inet(0x2, 0x1, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
shutdown(0xffffffffffffffff, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x84, &(0x7f0000000040)={0x0, @in={{0xa}}, 0xffff}, 0x90)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000001a00210f00000000fc1c0000000000000300000000c955f007fb8abc28854120827e2912e14b5ee54ea252010b09"], 0x1c}}, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58)
r7 = accept4(r5, 0x0, 0x0, 0x0)
sendmmsg$alg(r7, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x8}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = dup(0xffffffffffffffff)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
sendmmsg$inet(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1}}], 0xfdef, 0x0)

2.292488061s ago: executing program 3 (id=2079):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = open(&(0x7f0000000380)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000000)={0x400d2f4, 0x0, 0x0, 0xfffffffd, 0xffffffff})
getdents(r2, &(0x7f0000000180)=""/98, 0x62)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f0000000300)=[{0x0, 0x61}, {&(0x7f00000001c0)="5c8000000000000000ea45a1", 0x20000081}], 0x2, 0x0)
getsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f0000000080)={@multicast2, @dev, <r5=>0x0}, &(0x7f0000000180)=0xc)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0xabd7, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r6, 0xc010640c, &(0x7f0000000140)={0x6})
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r2, &(0x7f00000006c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000400)={&(0x7f0000000600)=ANY=[@ANYBLOB="a4000000", @ANYRES16=r3, @ANYBLOB="000129bd7000fddbdf250b00000008000300030000000c000680060005004e240000080004000800000008000200080000000800030002000000080003000000000054000180060001000a00000008000700", @ANYRES32=0x0, @ANYBLOB="14000400fc010000000000000000000000000000140004000000000000000000000000000000000008000700", @ANYRES32=0x0, @ANYBLOB="080018aa", @ANYRES32=r5, @ANYBLOB='\b\x00\a\x00', @ANYRES32, @ANYBLOB="0500050006000000"], 0xa4}, 0x1, 0x0, 0x0, 0x4005}, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

2.292276532s ago: executing program 3 (id=2080):
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x7ac})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1})
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x9000000, 0x2)

2.18806664s ago: executing program 3 (id=2081):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c)
syz_emit_ethernet(0x82, &(0x7f00000000c0)={@link_local, @empty, @val={@val={0x88a8, 0x5, 0x0, 0x4}, {0x8100, 0x0, 0x0, 0x2}}, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "f2a400", 0x44, 0x2f, 0x0, @dev, @local, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {}, {0x289}, {0x8, 0x22eb, 0x60, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe}}}}}}}}}, 0x0)

2.122682838s ago: executing program 3 (id=2082):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000000060000000000000000000850000001700000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf000000, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

2.012438926s ago: executing program 2 (id=2083):
r0 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @hyper}, 0x10, 0x80000)
writev(r0, &(0x7f0000001340)=[{&(0x7f0000000140)="24c1e4b771974cbdac770e7362ac2a5f5f28c4212b3519b48aea701a41091a1f6ee55e6b89cffc5daab99a4df2eb284998400773e59996f7549ca213de1a92cb6012a20737b0106e50617d3bc171e3eaf10a74fa116bfc5c5b5f17878aac52bf0e60e19124f6334659f5fd6bada8eb2aa48f55f17119a44c9a5e123f89163735d2af084873e1d81bce93ff96b7f3b130c76c76a1479d9acb288a54977bfdbc0435cb2ff1fe50e55f1c", 0xa9}, {&(0x7f0000002e00)="d7ad8bdea115b3673053545af85df421872ea0027a4d2cc1adbfed04e0fdefd491b113ea5bb4cc96c2e7a3afad89455f62b2bdd750ebadda39bb1cc6f39daaedbe0115ee5543033f0bff998cbdd34500837025c252493d38284108a7aaad4af73a60168a5b8d8bcea8398b360b7d9726290500a18f9ed7be6ead3e2bb9f77e11736929e3f37dd4b84f2da1ead1033d280400000000000000de10cc6341554c17fd667c46bd49a3bd8b91f651709d3c521feefa3eccfdc4b3aac46337ba1a1bc992bb0f254112dd21e70106de2b10325cfea76a2bf20a9dad7d211f9b7e58feecbe1832d1bbe00d8545ce9b647d67873adcab559d43133f81d48fac9c80e70336236c287d418759eeb9714051c5dd026d195bbf5247c45c5ed49980bb001f8c37b390209557c85a90a08359af722c0f38a0afdb2d251f6f2e35a3d137d94ab8d5acebe51e50232c462351c481feddaf5d9fbf4219a94ed2cd60472f200a83b9483fb3132f0bfec1ff62d3", 0x16a}, {&(0x7f00000002c0)="680ce7ba6db2ab25133c33bd9d76d2aaf64381033c20df92e9241887bfdb3354572f4c4cc3e0de1442bfe03bbeae674d6b3574715863f88165cca9ed9d6ce884c3428b86e8cc1a3c0ee3a6f486b5298a73f7c1abea413846022cc90256f0b27edaab2e613f4696213a592b35829a223b7b4a8515498579a6618a41da5e4ceb994d86bb12ff3b325366eb28fb301d5571261198c59daa584ecd10eec2b9dcb1c88cb8f4f21b3a34f40d6c5c171426d38e2da5e4f51c54f56126b80c967e70dc38dba19a8b6ecb36522879976c88dfe6be88fdc5a3959ede900dcd160c21ec21dbe573ef78648463a5d5571a92212fa61885ce81c8923a940dc19505db303b3f24182d9439597e2383d4e69dc5aa1c7274f625a6192ee9d3556c870ebe67c237b66268dbcec0e997ed064cd143e61e03f775826465014eca4e2f83c9fa5a2d93c5b9f40570ce021c93ce58b7d13635adf0f7a9db217d3d68bd4fecfd39bfe6c8cc91aba7d21a3ba3b581c49daded48fa2778ec172bbd9aa5ada9c4067df591fa03cda040b85ba37a76120e332d0402db418bbea05f5f9a9a4593f002603002cd5eb99af271e06b3d58e48404a0f28048286ad3568ebe43c4898b8869181c4af102802cf6ca54386373f5fd6597741f86909f0cf5eee667292a73b0a7386e032d127f35bcb3a8769ccd659e7e2af67da0ee71a75a9328110da9e13b611c6a711b54f3bf8ade8f85d73efa80961bca857f4263242c2ec6175269835856c387fc65b0ad1f66afc1d8961e4da7e82548c24fc3850aa26605cc672e132f1a7be476bdfa7587f6ce8fe5414723e7d2f69c45fe9602e1be8703a46a5183b09ed86adcc015fcde6349d428627cf982aa9baf9191bf1013aee4f2f9cd8cda9a4c5c88209c5156c538db0b9caee76d89ffc52b5cde66394111991b5425e042bbfcd099ed869e841644892c79d6a8283ae489165a8d40557b46ddb319b14085ae875b90a5ff23d3993595d55565fee3b6beecb23e856d4d0541404fcddfc5fe37d7c4e460b9d3165a1ff42a19ba8f169cabd855c474532318fb595d01c469de53603706a7462da6669976cd5d051a153d5375433d0049f9d8b4a63285e7fef60716148ba6bd5be3fdb09afafd697ae21bc5dfa36dbaedad73c3fc4d9f69a3eb64b30911699e3436758306ea68713c862ec13bab8b8f42c9f750880823f203dd28c20232db6916c3961b180526273f37217649f4dc51b73ba3f89132a87ecf030841115de748f427ece26fce8ae7d3d9abdd337b8b1712d4bb2a3929d6eadd6b36845af2be21975b3fb1df9c37e7f438f98d330647dd7e476038c1c6953626942673a470de271fecfd4d601856cf3304225b74a38bcc7810eac4f2307b020ec3ea33b37dad42530d8dbd9ce3ca44f1d43165dbc7c0a14591b7b97e8fc45e4e8019fcdcda23222eee168adcc49a59a9ede2f353b84fcfb001fdf558ba92e791a27f556fc035408075efa209df96f8ddfb5c9e8a3411365d67d8ec96012328dd2a8a5334e3d0803a236a266b72ea6dce416a8faa87b25810db9108ab18f8115278e74b2badc7df820153d5df0ee062ed8373448c88b11ecc3bf0c5e12f578fab988ee4fe455a8dfed6a252b96ac8c7cc77eb2d89d4acaacdfec952e73b35b8fa02f427c2a938858d9acb8ab91f6b1e0dc53d2d209ff05524781ac6b48407896ba5d7d2f70fc65cda5caba90cea291130a93fc12336029d37339ae13f5ae5e2aace517fe39440dd233d48c6d08edf636f98c3af5f0f5b137b941f26d9f008aa86add001ffc84d5f265cd541e5f8656d878865a21237686477a934f33df576dade57753d84f9b773a3493693cbad1f91ca48616c07ae46a28d85b72ff2d7be5bf714d22083eaede54db786cd16b0bcb33f79d662a9f85724a4531fc3846d36534b21a2a19652cddfff777507d6091e122790cc5d8e69ad10d95ab6fa0865f5df58f49988cf33450c02caeb8abfde98d272c75e6e886b00473b719a9ea058d46bb3302bf53ff372e1e14282d03d50ad723f29c430d24d387b4e84eb5393dd116efb3687405ffc090718bb9432cbdbac46c18c1b20c6d4617d977d553cdbb569f91438ea501e0b7ef6c423160ab0c941b9bc55ac84fb6eac53b1df6782efa679bdcea61c1da11d31f36fba46ffc211d8fce3803a030746a6cca7869497077b2f8c02adfc0912f05e885074f6950c93c5aadf01b2e9e10fc62f838e0e28c347af2e55b47c14e9b5f099b01b435313bc1bb02f2879aee7438c32760571055cdb0e0a335875b23dcc1b8612badefb881ec6df412e15f659e6227de1fc6dcec169f0b0b5a7e53c1dc3aa2d86c8fdbfd99e5dd3dab59324bce16aa273dbb7828ce20775fcfc1a925158ec3b6ba59806108ac6a2ad1dc0d57cf14b83bd724b2ee83662ffeb2674f0dd992dbb7ca159cb61743ffef16e7a14c8111bd54209807561236b58df4f71196620615f5439d00ea7a37c3570ff667324cbb64cf58e76fd46e5823cbcb07d6e2e33f43aee7c6921a15ac487820cd33cbd9273556b8980fb83c99a43a1ba523213cea28128522fa182318c5f35416f203f148e96bbea5635eff1766f783081967e22ede96ccc54deb7a3aa1fc71864db2445c86b2ecf411c441b66a25dff2a787735a2b28e4c4657fdc249969398fa88eaa530932f46ae1bf1fef9a536b66c9aef115ac5c7178f387be1fbbbf81613edea636538b23ef8ef9698f955e7add6160faac6b75afaa9ce32489646efd25ec38ba97c908f8a681c7346dd11c450bf56274ad14afa337a223707498a8fb784025a8aaa0615339b6130575398f28bf64a470e1d1da02d933f54faf6dd1f3dbef98567689cd1eed770677b0f30669cf5a56797ad978f775eb44ef358c16581e050bc67ae42bedad0fcfeb3c8bfbd0a4d3338c6998b10ffbb4cd730105bcfbcdb1907744b39fe7e8f0b56eb2aa09820928e2cbe0a53b9d1f506ff31ab33c424b57c042a759fc9d44e4484306079c6e33605f85538372674ce042e1c174a23980332be1d01493923e34dd22d4f4b4490a20c79482d800825dbbaafb6a8d9a7e99f4da9b540dd53d540537f2b105070742bfda2dafd1553f6920cabb248287d615bbe599bdc3dbdccff06a94153c99e64859c8fa62f8f4b6d86f03b39261e40da46183c49c8b34667013b8b27b7fe3275f3a1c605b831cf12f275008e2a2d4d85afb22bb1b191f957b01f225b70f2da39d00f5271a2d44169f4e8fb2d1ebd4d27717297b21b6a0adaa547eab1f343e8da71beeae9222be418a532703db1ba2d381e1644549cdc9590751d704288f0ab41d6413a68d39f73cf8c36afd3219ba0fe94b759e20affe12fcf3bec826d67e34293e4b0f864641c32f5f09f49b7e2869a20f3976caaa4c0a77052cdc860b90576cb1601619e2a9b68c5657f5e8c858db3b1e12107dee96b5e5bcbac2525210a297f1d70979fadaaa8b3f7f62a4bd768d44f4f426b462be59413d6271254a628a8dad3f3fc4e6b890323fdc9f3d7e76299ed7041bf395ed6f98877ef34df5dd4ac743529960f8fcad5a07d1d86e2af154662de052c3d6b6fc801890df9e312db239cbe5cf2690b8ba325e268b8a25fc539fd5bb8ce01315faa85672fd93fe20d0c7d99bc69fc159e84fcdc4e333b83fb6dddcc4994ef385e807ad68ac3d5a4452482652562713c0a28d0ca176620a82d693a5ba8a305a58e4b3ff4b2bf03883795a3fb4f077a99763fe41e2e4444d3e9c4924f4b5f3b233eec2ff4a3680875ecd4cd59ba31f7bba47cf44782de243076e08fd28a4c9a9da92a731c51a9ff24a51f41dda02b5a98ba60655bfc5858ea45c0a68448e5366882f9ec382856a411bb9fda48a47ba36da0b39841f33f5c773f2bdb99f0f546878f6d51f62a183e1b7705a566b86f404184b1b4382d980e874774fa1eeb6a7463650b2820a92dd65323414305b90242906101d4ad3b5622617437e1f65a392f27d88ba9cf23bc8240c44bd58c02e85e4c9ee59bc0a155f780bd5325bae3851c437da0c0870405326df8ef0fa3d101c5be4b50f67a64b5f1222af4d6ae17d6f36b94ba48f2268759fae2fe798ccd4b77470e82333b22d07c51afa9083aad6a7284741c86cecf22872dae5b827c396e8a203be41f9f31552236ad0bea11ad560d8c4c199964890bced0714c21ca3b5eec0e6c356122ef7245a02239d69bc0ab2b3cc88a9b51dd6ac03c2cd9a4567dad4a529b78e98b81df392aacdb9372b44f1f64141006660a53f861ed0a41dcfa8f20e1f054d3d055b79dcbce29e6c76d9758aba0e07d615e52b918b0c6926ab58b181f0b19031e4af4053f2773908670002e272574d7fbbf90fd4a0a4e0ad5f2a8a5b82afc8872c2faa3e5d9b1bb174c3c473446275c8af581b3cc2c31894f51f314e7191e1ddd0ee7b548b35bcd14d00e6d34864dda037347c7cc46c6b233a081e27f0eba9cb1abc8e71f33df59315bcf7cd6f293ea631461b38a5d2d43c4a4aa80100970f9d4020aa5829a8b27cc1129a6e8a0b6baa96307f9685a30710f741f9317b51ce4b0cba9b3fc3aaca8ca6d40037b59ac2a13e2f3fb7d36c63525a23a45a27baca8ca96223da901bf29efb5b9d0883eca6c8df38a5425ff79344da3ac0ac3e0085788452e846e417ddccc29952dc90c6470247a55db43eb100687f2c830130b063c79b9b73cffd8564bda50ebf49b18f8522b75ef06c0df02bb3501146dcedbbeb6cb3b1b083c76e5e7fbcb383034267bf2b38b01161bea7f1774868c7dcbe6fb5f89220308fa41275075bac6567af2423ec60be53ad989f7618617129fce355bfa155a96a93b0328bc0d6dcfa8ba0bb889c06d2d09ab6b086b5c19b91c1bbb8d548cb80ce170de83e7274ac0eefdb0c9f8fdda34789e71a92ff9cdd7e8f13996301e5e542a235d31de89e6678a28d2fe0f0a3825a495fab3387515e48812fe8de84ce45e44aa273e01e38f14bfb9be027a77ec1e4feb04833b625e3fd90c6c5d6a9ee216c00231e98be1a4b13957dd796de19413fff5bb6347172b16a39aff6e875f97c0f5fe7dc1abc6321e04f89ea7581ae379f368d87dadc8879a3e8f130284d40bae1ab29b72747084217882dfe125c01f337cf546b8c2e18aec1a2188f94c486a29cce444d147850cdf371eac635cbedbdb1cb9c1d3920600d3e56293f56189bb1125624c197ed187463ac4430d56b9a657e1b38a0dfdafb51388d3b6932b4cba1012e35c2620b89860ed63421817490d6cd90ea267d2391a5ea7071bcea707e48f7c2bf93fbeff073b0c6e3f149aa466262070e910657e0ac8e799e26fafbad21f44d77554e5944591bb7aa6e8f0fcae97e8a2d76a03a58e0f25c92ab7d67c8292a0e9772b504d8b04287ac22607cda5db7e1b32a2f9ff0038c9ef73c12a398b480f39a1632db4582e91fd472a816953923d2bc5b2e74e0177c080a44671ee3c2122f427016d628158237d5a8090785e60d4192cd0bf181c8fe4588b366a6aeea3a2be732385eb76b8b52785f91ec69d466cb7f54b58394e3cf34324e9dc157517daf50f0caee2f1f46efd5be521d678c1d10464084e7fe5f4141582f9d891d5ae9357997108c9e8e647ae4fa946b64dd12cfc62749ba644162cd35ea2a13a4d16661a36f2dd8cff71d99a495a94b3ec1f6905235ac6d611a70a42c93929f53a0f622498a61dd34eb382f2526b2f1de8dbcaafe0e0b0ff4e61ad7607fa75a9089008c725bf924d657c0dd59322b5b1b1fa301292a6241d2473f66210", 0x1000}, {&(0x7f00000012c0)="22cfffdb4c112bdf678b609bed83cb625e2fde0aeddad94399e1418f8a2f7666c8983d6469c6957763c1307f821fbe5e0c8b0d26786363cba25b6490dbc51f728e1f620503b7b164c956e6c1d1f818fe7dee985e21ba3bb0011a52b5950d59b6869345e979a1", 0x66}], 0x4)
r1 = syz_io_uring_setup(0x71a7, &(0x7f00000017c0)={0x0, 0xb1b, 0x1000, 0x0, 0x3cb}, &(0x7f0000000080)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000340)=@IORING_OP_FSYNC={0x3, 0x14, 0x0, @fd, 0x0, 0x0, 0x0, 0xdce5dbb6586d5d11, 0x1})
io_uring_enter(r1, 0x567, 0x0, 0x0, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000001b00)=[{{&(0x7f0000001740)=@un=@abs={0x1, 0x0, 0x4e24}, 0x80, &(0x7f00000019c0), 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB="b80000001801000004000000fa174ec9bf95c92b9c14d15a0e1931bf3919fec710330c10fb86311ca20021e0da6f688b6be9d60963b33218b50ad37be1d2dc3e9de8cf53abd0feefc99398d11935479d4b8d34878ffcb361c07b0d37b24492e32d9605266163febb874a79ff5050b795ab0ee49486c84a15e873fd4c6426de704c9530a7ab0d41970a25d4cdda65020264c8cd60b4cc85fd343edd808227ae2e22f4aa9d6fc15410dc9ab30915bff9cbc5309721b9a5c600380000001201000009000000ff59bedcef6bfdd730ab91cb1e2ac219f165c6f661aaab83f2db4bc31de868e5560afd59af862805e70000001b3c6b4f71a9b5298bc5f775266ef99add28ac145f05a962ecef0768f46ba37c9ffdba7ff26fdde73220411ceeb0c63d78487249a6d6b70db1e296a428ceb33cb4308c54d65c79d4a5031d7d5d7a072ee920241f4ab2f8a0"], 0xf0}}], 0x1, 0x20004000)
r4 = openat$vicodec0(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r5, 0x100)
ioctl$SG_IO(r5, 0x2285, &(0x7f0000001700)={0x0, 0xfffffffffffffff9, 0x0, 0x2, @buffer={0x0, 0x7f, &(0x7f0000001580)=""/127}, &(0x7f0000001600), &(0x7f0000001640)=""/84, 0x9, 0x17, 0x0, &(0x7f00000016c0)})
shutdown(r5, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r6, &(0x7f0000001400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x41000008}, 0xc, &(0x7f00000013c0)={&(0x7f0000001380)=ANY=[@ANYBLOB="140000000a0a0102000000e00000000000000003"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x10)
ioctl$VIDIOC_CREATE_BUFS(r4, 0xc0f8565c, &(0x7f0000000540)={0x0, 0x1, 0x2, {0xa, @raw_data="bde4753c319666bb5c3f1d0441e1357d10e6bf6993a4b8e7f4aee2f8cb684daabe48daf91dce80e1bafb7c06f71898701017ea020dfcb3a725819c486a2ab251a48ecd552d9d4defb1fe8a872a44107055b4f5a28b53da8b16d076864cfbd47b965ff689ac6f40077fbb6ed269f991f083e183861f9c54902345a529d9e9323a292ebcdde621a51242818eca9b5380b9e90c042ac58f30821847e260323160219ea72fc13127142c699ca8f85c89d8dd7017bb2d1ba7896666a2092acad9d6a23cdb1b58473e5228"}})
fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000040), &(0x7f0000000080)=ANY=[@ANYBLOB="00fbae068154e24c622fb22870ce3d40f480bedf33159602cda2afd0666a707ef4b8c3ee793808681d786f2c324b633e82b66e348d19a1accaf9af0493ba85de1d06b01b9316f99f1989530dae02b1c10df837d353e2abe7d85a08f70773027c52f6d9e5d618debc536dcf21193107c8c76dd7eb5e303396854784261fb10b24fb3d42f70abb60f82f6d880e1ed77d5aede3979d5b806f31aa94543396e818ba246c3ebf8c7a549536e65f821fd1"], 0xae, 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00220f00000083a8407a710b93bf0280037488dffcb8ab4cd1b9c08f53dfe28864ddb22d5aab323d9f493cd030f6aa8f71d39c1167ca4fc0ed2cc0c76f6191f5f9d1efed8644fa8a467699a7863766b2593ce95db61333603725424f1c49b205e02d36beaabc18258f13bdb3f55fc746375d8248229f94f698826ba800cd35f3776b37f092824b2b0669e862fa00656c4bb30e138a5ed29521365cfd5b06a3ecd363bc8d927988b4ea24a8"], 0x0}, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r7, 0x29, 0x4a, &(0x7f0000000080)=0x7, 0x4)
r8 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGREPORT(r8, 0x4805, 0x0)
ioctl$HIDIOCGVERSION(r8, 0x80044801, &(0x7f0000000040))
ioctl$sock_netrom_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x40007, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xffffff00, 0x2, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000014c0)={'ip6_vti0\x00', &(0x7f0000001440)={'syztnl2\x00', <r10=>0x0, 0x4, 0x1, 0x9, 0x9, 0x21, @private0, @mcast2, 0x8000, 0x7800, 0x3, 0x4}})
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="090200000000fcffffff0f00000008000300", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x24}}, 0x0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(0xffffffffffffffff, &(0x7f0000001c00)={&(0x7f0000001b40)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001bc0)={&(0x7f00000019c0)=ANY=[@ANYBLOB="4100b564ee32afac9e63c9b878b15d35f40086bb6fb92a571fd6592b00d6216dc06e8a63e7c0d35fb15dcf0afdd4c26da1d51586c4669c9ec1bf9d4ec78226d8f8329866b4919852460741c62e1ce2fc8dc4615fa1b86a", @ANYRES16=0x0, @ANYBLOB="04002abd7000fedbdf25080000000a000900000000000000000008002c00ff000000"], 0x28}, 0x1, 0x0, 0x0, 0x4040805}, 0x4004)
ioctl$sock_inet6_SIOCADDRT(r9, 0x890b, &(0x7f0000001500)={@remote, @local, @loopback, 0x7, 0xb7c, 0x4003, 0x0, 0x8, 0x80000, r10})

2.011911121s ago: executing program 5 (id=2084):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0), 0x10)
socket$l2tp(0x2, 0x2, 0x73)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x90)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_io_uring_setup(0x1918, &(0x7f0000000380)={0x0, 0x0, 0x2, 0x1, 0x2200}, &(0x7f0000000440)=<r1=>0x0, &(0x7f0000000400))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_open_dev$sndctrl(&(0x7f0000000180), 0x2, 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])
chdir(&(0x7f0000000140)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r2, &(0x7f0000000200), 0xf000)

1.452823423s ago: executing program 2 (id=2085):
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
unshare(0x68040200)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x884)
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000440)={0x53, 0x0, 0x10, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000380)="851666ce20db", 0x0, 0x10, 0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900})
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300), 0x4)
socket$packet(0x11, 0x2, 0x300)
setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, 0x0, 0x0)
r5 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x57, &(0x7f0000000240)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x34, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb, @void, @value}, 0x94)
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000380)='x', 0x1}], 0x1, 0xf)

1.280289024s ago: executing program 3 (id=2086):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount$binder(0x0, &(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000240)={[{@stats}]})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000140)=@newtaction={0x6c, 0x30, 0x53b, 0x0, 0x0, {}, [{0x58, 0x1, [@m_simple={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x9, 0x2, {0x1, 0xd, 0x20000000, 0x2, 0x3}}, @TCA_DEF_DATA={0xb, 0x3, 'simple\x00'}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
r4 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
sendfile(r4, r3, 0x0, 0x80000000)
r5 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r5, 0x0, 0x27, 0x0, 0x0)
r6 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
close(r6)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x181)
r7 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_PKEY_QUERY(0x18, r7, 0x0, &(0x7f0000000000)='\x00', 0x0)
execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r8, 0x541b, &(0x7f0000000040)={<r9=>0xffffffffffffffff})
close_range(r9, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x14f, &(0x7f0000000300)={0x0, 0x4941, 0x400, 0x0, 0x1d6, 0x0, r9}, &(0x7f0000000240)=<r10=>0x0, &(0x7f0000000280)=<r11=>0x0)
mkdir(0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x50, 0x4004, @fd, 0x0, 0x0})

1.27352512s ago: executing program 4 (id=2087):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0xbf22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r3 = socket(0x10, 0x3, 0x0)
preadv(r0, 0x0, 0x0, 0x6, 0x5)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={<r4=>0xffffffffffffffff})
r5 = dup(r4)
getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xc3, &(0x7f0000000340)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x3f00}, [@IFLA_MASTER={0x8, 0xa, r6}, @IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @local}]}}}]}, 0x40}, 0x1, 0x4c00000000000000}, 0x0)

831.731354ms ago: executing program 2 (id=2088):
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0xfffffffe, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) (async)
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ppoll(&(0x7f00000000c0)=[{r0, 0x1007}], 0x1, 0x0, 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000200)=@overlay={0x0, 0x1, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x8, 0x0, 0x4, 0x0, 0x0, "12848098"}})
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x10010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) (async)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0xd, 0x800)
syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0xcb75, 0x0, 0x0, 0xfffffffd}, &(0x7f0000000280), &(0x7f0000000200)) (async)
syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0xcb75, 0x0, 0x0, 0xfffffffd}, &(0x7f0000000280)=<r5=>0x0, &(0x7f0000000200))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
timer_create(0x2, 0x0, &(0x7f0000000180))
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, &(0x7f0000000300)={{0x2, 0x4e21, @private=0xa010100}, {0x6, @remote}, 0x4, {0x2, 0x4e24, @broadcast}, 'gre0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0) (async)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) (async)
sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r7, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) (async)
getsockname$packet(r7, &(0x7f00000002c0)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x5f, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x40800}, 0x0)

742.50458ms ago: executing program 3 (id=2089):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000001c0)='contention_end\x00', r0}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x273)

742.076326ms ago: executing program 5 (id=2090):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f00000001c0)=0x1, 0x4)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x80, 0x0, 0x1, 0x401, 0x2000000, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_SEQ_ADJ_REPLY={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8}]}]}, 0x80}}, 0x0)

622.691003ms ago: executing program 4 (id=2091):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0x5d7, 0x0)
ioctl$VIDIOC_QUERYCTRL(r2, 0xc0445624, &(0x7f00000000c0)={0x0, 0x0, "1ec4618f6538ecc26693065a2dcc26d92bb4f1030cd2c1011cdbf894a0839dc2"})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
socket$inet(0x2, 0x1, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
shutdown(0xffffffffffffffff, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x84, &(0x7f0000000040)={0x0, @in={{0xa}}, 0xffff}, 0x90)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000001a00210f00000000fc1c0000000000000300000000c955f007fb8abc28854120827e2912e14b5ee54ea252010b09"], 0x1c}}, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58)
r7 = accept4(r5, 0x0, 0x0, 0x0)
sendmmsg$alg(r7, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x8}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = dup(0xffffffffffffffff)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
sendmmsg$inet(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1}}], 0xfdef, 0x0)

622.309134ms ago: executing program 5 (id=2092):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
write$UHID_INPUT(r0, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0xb, 0x10012, r0, 0x57f9b000)
r1 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e24, 0x0, @empty}, 0x1c)
ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, &(0x7f00000000c0)="f93cf2f7daa8a7431b7b4224811fcf53028be744c53ec9f3a0f132cdebc211eeb9c18648d2034dbee972ec8d3bb23aed8e30b236751d48e1cab07c698bb8d4e97a0d0afe63b637222d6cee5ecda5824f19a1b857")
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="40000000100005070100", @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYBLOB="180012800800010073"], 0x40}, 0x1, 0x4c00000000000000}, 0x0)
r2 = openat$vsock(0xffffff9c, &(0x7f00000001c0), 0x40101, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000440)={&(0x7f0000000140)=[0x0, 0x0], &(0x7f0000000200)=[0x0], &(0x7f0000000240)=[0x0, <r6=>0x0], &(0x7f0000000280)=[0x0], 0x2, 0x1, 0x2, 0x1})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f0000000540)={0x5, 0x0, &(0x7f0000000500)=[0x0, 0x0, 0x0, <r8=>0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000680)={&(0x7f0000000580)=[0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0, <r9=>0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0], 0x3, 0xa, 0x8, 0x4})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000007c0)={&(0x7f00000006c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000700)=[0x0, 0x0], &(0x7f0000000740)=[0x0, <r10=>0x0, 0x0], &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x2, 0x3, 0x8})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r12, 0xae60)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
r14 = dup(r13)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$KVM_SET_VAPIC_ADDR(r14, 0x4008ae93, &(0x7f00000000c0)=0xffff)
ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f00000008c0)={&(0x7f0000000800)=[r6, r7, r8, r9, 0x0, r10], 0x6, 0x0, 0x0, 0x7, 0x100, 0x9, 0x0, {0x40, 0x1, 0x4, 0x4, 0xc256, 0x2, 0x0, 0xc, 0x1000, 0x3b, 0x2, 0xaad, 0x2, 0x3a6ae4b6, "d17d9a8af8b24c3bcdf6c3b20e8f396559e008d6a8515215401b500f059907d1"}})
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001640)=[{{&(0x7f0000000040)={0x2, 0x4e22, @private=0xa010102}, 0x10, 0x0}}], 0x1, 0x240080e4)
r15 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r15, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001f40)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c0002800800010004000000140003"], 0x50}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_NMI(r5, 0xae9a)

556.506771ms ago: executing program 2 (id=2093):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x3c)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, &(0x7f0000000480)={0x1, @pix_mp={0x7, 0xfffffffd, 0x32314d54, 0x0, 0x9, [{0x1}, {}, {0x0, 0x4}, {0x0, 0x10}, {0x0, 0xfffffffe}, {}, {0x3}, {0x0, 0xff}], 0xb5, 0x0, 0x3, 0x0, 0x3}})
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
read$msr(0xffffffffffffffff, &(0x7f0000032680)=""/102392, 0x18ff8)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000})
ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})
mount(0x0, 0x0, 0x0, 0x3029044, 0x0)
semget$private(0x0, 0x3, 0x8)
semctl$SETVAL(0x0, 0x0, 0x10, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x955, 0x7214, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "db19ff47"}]}}, 0x0}, 0x0)

382.655291ms ago: executing program 4 (id=2094):
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000540)}, 0x0)
socket$kcm(0xa, 0x3, 0x3a)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = socket(0x40000000015, 0x5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x38, r2, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x5, 0x1e}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}]]}, 0x38}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f0000000080)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000040)="c5", 0x0, 0x3}, 0x50)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)}, 0x800)
getsockopt$IP_SET_OP_GET_BYINDEX(r0, 0x1, 0x53, &(0x7f0000000000)={0x7, 0x7, 0x4}, &(0x7f00000000c0)=0x28)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1200000004000000080000000100001e80000000e2c21b99420eda6bcd9f3cd5f3cb695200000000c702b77311dcc91c2611895f0e7b8f6f8181b6ea8bd9caa4f1b7a26e08f7cf88897b5311c81a9defc5185834149cf60694b30a05eaac261306b8bda516c46e9a6196210f6ceaa80f4465f6630c3530f0d291a581e5152adb79a8178cd9757b3e05392f3d964a32f844d36b7e6aa99749e6300a4bc5384e07125eacc56e440a508151bbb076f8e9dc360642339d7f3ec8946d336b02", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff0000", @ANYRES32=r6, @ANYBLOB="0000000002000000b70500000800000085000000aa00000095"], &(0x7f0000000300)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)

382.388089ms ago: executing program 4 (id=2095):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r0)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000200)={0x0, 0x700, &(0x7f0000000240)={&(0x7f0000000000)={0x20, r1, 0x3e8c4ddb697c9f8f, 0x0, 0x0, {0x4}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x20}}, 0x3000000)

292.248945ms ago: executing program 4 (id=2096):
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
unshare(0x68040200)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x884)
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000440)={0x53, 0x0, 0x10, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000380)="851666ce20db", 0x0, 0x10, 0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900})
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300), 0x4)
socket$packet(0x11, 0x2, 0x300)
setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, 0x0, 0x0)
r5 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x57, &(0x7f0000000240)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x34, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb, @void, @value}, 0x94)
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000380)='x', 0x1}], 0x1, 0xf)

111.978534ms ago: executing program 5 (id=2097):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount$binder(0x0, &(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000240)={[{@stats}]})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000140)=@newtaction={0x6c, 0x30, 0x53b, 0x0, 0x0, {}, [{0x58, 0x1, [@m_simple={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x9, 0x2, {0x1, 0xd, 0x20000000, 0x2, 0x3}}, @TCA_DEF_DATA={0xb, 0x3, 'simple\x00'}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
r4 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
sendfile(r4, r3, 0x0, 0x80000000)
r5 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r5, 0x0, 0x27, 0x0, 0x0)
r6 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
close(r6)
r7 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x181)
fcntl$setlease(r7, 0x400, 0x1)
execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r8, 0x541b, &(0x7f0000000040)={<r9=>0xffffffffffffffff})
close_range(r9, 0xffffffffffffffff, 0x0)
r10 = syz_io_uring_setup(0x14f, &(0x7f0000000300)={0x0, 0x4941, 0x400, 0x0, 0x1d6, 0x0, r9}, &(0x7f0000000240)=<r11=>0x0, &(0x7f0000000280)=<r12=>0x0)
mkdir(0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r11, r12, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x50, 0x4004, @fd, 0x0, 0x0})
io_uring_enter(r10, 0x5951, 0x7a89, 0x0, 0x0, 0x0)

0s ago: executing program 4 (id=2098):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount$binder(0x0, &(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000240)={[{@stats}]})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000140)=@newtaction={0x6c, 0x30, 0x53b, 0x0, 0x0, {}, [{0x58, 0x1, [@m_simple={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x9, 0x2, {0x1, 0xd, 0x20000000, 0x2, 0x3}}, @TCA_DEF_DATA={0xb, 0x3, 'simple\x00'}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
r4 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
sendfile(r4, r3, 0x0, 0x80000000)
r5 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r5, 0x0, 0x27, 0x0, 0x0)
r6 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
close(r6)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x181)
r7 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_PKEY_QUERY(0x18, r7, 0x0, &(0x7f0000000000)='\x00', 0x0)
execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r8, 0x541b, &(0x7f0000000040)={<r9=>0xffffffffffffffff})
close_range(r9, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x14f, &(0x7f0000000300)={0x0, 0x4941, 0x400, 0x0, 0x1d6, 0x0, r9}, &(0x7f0000000240)=<r10=>0x0, &(0x7f0000000280)=<r11=>0x0)
mkdir(0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x50, 0x4004, @fd, 0x0, 0x0})

kernel console output (not intermixed with test programs):

0x150
[  258.053563][T11400]  should_failslab+0xc2/0x120
[  258.054829][T11400]  __kmalloc_cache_noprof+0x68/0x420
[  258.056249][T11400]  ? __get_fs_type+0x21/0x170
[  258.057584][T11400]  alloc_fs_context+0x57/0x9c0
[  258.058871][T11400]  path_mount+0xbfb/0x1f10
[  258.060077][T11400]  ? kmem_cache_free+0x152/0x4c0
[  258.061308][T11400]  ? __pfx_path_mount+0x10/0x10
[  258.062599][T11400]  ? putname+0x13c/0x180
[  258.063727][T11400]  __ia32_sys_mount+0x292/0x310
[  258.065056][T11400]  ? __pfx___ia32_sys_mount+0x10/0x10
[  258.066570][T11400]  __do_fast_syscall_32+0x73/0x120
[  258.067942][T11400]  do_fast_syscall_32+0x32/0x80
[  258.069241][T11400]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  258.070914][T11400] RIP: 0023:0xf709e579
[  258.072008][T11400] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  258.077050][T11400] RSP: 002b:00000000f506f55c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  258.079251][T11400] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000200000c0
[  258.081333][T11400] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000020000040
[  258.083415][T11400] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  258.085512][T11400] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  258.087590][T11400] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  258.089691][T11400]  </TASK>
[  258.226952][T11416] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  258.231210][T11416] usb usb8: check_ctrlrecip: process 11416 (syz.3.1556) requesting ep 01 but needs 81
[  258.233825][T11416] usb usb8: usbfs: process 11416 (syz.3.1556) did not claim interface 0 before use
[  258.529922][T11434] dlm: no locking on control device
[  258.587612][T11436] FAULT_INJECTION: forcing a failure.
[  258.587612][T11436] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  258.591263][T11436] CPU: 3 UID: 0 PID: 11436 Comm: syz.3.1562 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  258.594646][T11436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  258.597402][T11436] Call Trace:
[  258.598293][T11436]  <TASK>
[  258.599070][T11436]  dump_stack_lvl+0x16c/0x1f0
[  258.600312][T11436]  should_fail_ex+0x497/0x5b0
[  258.601543][T11436]  strncpy_from_user+0x3b/0x2d0
[  258.602820][T11436]  getname_flags.part.0+0x8f/0x550
[  258.604149][T11436]  getname+0x8d/0xe0
[  258.605094][T11436]  do_sys_openat2+0x104/0x1e0
[  258.606542][T11436]  ? __pfx_do_sys_openat2+0x10/0x10
[  258.608416][T11436]  ? __fget_files+0x206/0x3a0
[  258.609938][T11436]  __ia32_compat_sys_openat+0x16e/0x210
[  258.611845][T11436]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  258.614018][T11436]  ? ksys_write+0x1ba/0x250
[  258.615625][T11436]  __do_fast_syscall_32+0x73/0x120
[  258.617445][T11436]  do_fast_syscall_32+0x32/0x80
[  258.618960][T11436]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  258.620615][T11436] RIP: 0023:0xf70ee579
[  258.621676][T11436] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  258.626652][T11436] RSP: 002b:00000000f50e0490 EFLAGS: 00000293 ORIG_RAX: 0000000000000127
[  258.628805][T11436] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f50e04e0
[  258.631515][T11436] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f7423ff4
[  258.634340][T11436] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  258.637045][T11436] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  258.639754][T11436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  258.642535][T11436]  </TASK>
[  258.643744][    C3] vkms_vblank_simulate: vblank timer overrun
[  258.673598][T11439] syz.4.1563[11439] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  258.673669][T11439] syz.4.1563[11439] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  258.677175][T11439] syz.4.1563[11439] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  258.835208][T11447] »»»»»» speed is unknown, defaulting to 1000
[  258.886193][T11447] »»»»»» speed is unknown, defaulting to 1000
[  258.954063][   T62] usb 8-1: new full-speed USB device number 19 using dummy_hcd
[  259.064408][ T7323] usb 10-1: USB disconnect, device number 7
[  259.106867][   T62] usb 8-1: config 0 has no interfaces?
[  259.110121][   T62] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  259.112526][   T62] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.114787][   T62] usb 8-1: Product: syz
[  259.115891][   T62] usb 8-1: Manufacturer: syz
[  259.117053][   T62] usb 8-1: SerialNumber: syz
[  259.119130][   T62] usb 8-1: config 0 descriptor??
[  259.212759][T11462] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  259.325863][T11466] batadv_slave_1: entered promiscuous mode
[  259.332592][T11443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  259.335805][T11466] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1571'.
[  259.338786][T11443] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  259.345871][T11443] Bluetooth: hci0: load_link_keys: too big key_count value 27400
[  259.348952][   T62] usb 8-1: USB disconnect, device number 19
[  259.642690][   T39] kauditd_printk_skb: 251 callbacks suppressed
[  259.642702][   T39] audit: type=1326 audit(1734753004.620:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11475 comm="syz.4.1576" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  259.650405][   T39] audit: type=1326 audit(1734753004.620:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11475 comm="syz.4.1576" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  259.656857][   T39] audit: type=1326 audit(1734753004.630:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11475 comm="syz.4.1576" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  259.658931][T11476] ieee802154 phy1 wpan1: encryption failed: -22
[  259.664441][   T39] audit: type=1326 audit(1734753004.630:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11475 comm="syz.4.1576" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  259.675850][   T39] audit: type=1326 audit(1734753004.630:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11475 comm="syz.4.1576" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  259.685876][   T39] audit: type=1326 audit(1734753004.630:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11475 comm="syz.4.1576" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  259.694330][   T39] audit: type=1326 audit(1734753004.630:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11475 comm="syz.4.1576" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  259.700787][   T39] audit: type=1326 audit(1734753004.630:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11475 comm="syz.4.1576" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  259.707625][   T39] audit: type=1326 audit(1734753004.640:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11475 comm="syz.4.1576" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  259.713123][   T39] audit: type=1326 audit(1734753004.640:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11475 comm="syz.4.1576" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  259.919886][T11489] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1582'.
[  260.012250][T11496] netlink: 'syz.3.1583': attribute type 3 has an invalid length.
[  260.021287][T11496] netlink: 'syz.3.1583': attribute type 3 has an invalid length.
[  260.034356][T11496] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1583'.
[  260.248010][T11502] ieee802154 phy1 wpan1: encryption failed: -22
[  260.379914][T11508] netlink: 'syz.2.1588': attribute type 3 has an invalid length.
[  260.381997][T11508] netlink: 'syz.2.1588': attribute type 3 has an invalid length.
[  260.384590][T11508] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1588'.
[  260.608106][T11518] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0
[  260.611293][T11517] IPVS: stopping master sync thread 11518 ...
[  260.781975][T11513] FAULT_INJECTION: forcing a failure.
[  260.781975][T11513] name failslab, interval 1, probability 0, space 0, times 0
[  260.785769][T11513] CPU: 3 UID: 0 PID: 11513 Comm: syz.5.1591 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  260.788569][T11513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  260.791369][T11513] Call Trace:
[  260.792259][T11513]  <TASK>
[  260.793059][T11513]  dump_stack_lvl+0x16c/0x1f0
[  260.794313][T11513]  should_fail_ex+0x497/0x5b0
[  260.795571][T11513]  ? fs_reclaim_acquire+0xae/0x150
[  260.796926][T11513]  should_failslab+0xc2/0x120
[  260.798178][T11513]  __kmalloc_cache_noprof+0x68/0x420
[  260.799564][T11513]  ? filemap_check_errors+0xa9/0x160
[  260.800962][T11513]  bdev_disk_changed+0x470/0x14e0
[  260.802284][T11513]  ? __pfx___mutex_lock+0x10/0x10
[  260.803628][T11513]  ? __pfx_bdev_disk_changed+0x10/0x10
[  260.805085][T11513]  blkdev_get_whole+0x187/0x290
[  260.806370][T11513]  bdev_open+0x2c7/0xe20
[  260.807492][T11513]  bdev_file_open_by_dev+0x17d/0x210
[  260.808894][T11513]  disk_scan_partitions+0x1ed/0x320
[  260.810262][T11513]  blkdev_common_ioctl+0x686/0x2220
[  260.811632][T11513]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  260.813259][T11513]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  260.814732][T11513]  ? do_vfs_ioctl+0x513/0x1950
[  260.816034][T11513]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  260.817370][T11513]  ? __pfx_lock_release+0x10/0x10
[  260.818735][T11513]  ? trace_lock_acquire+0x14e/0x1f0
[  260.820128][T11513]  compat_blkdev_ioctl+0x257/0x750
[  260.821484][T11513]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  260.822967][T11513]  ? __fget_files+0x206/0x3a0
[  260.824247][T11513]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  260.825757][T11513]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  260.827156][T11513]  __do_fast_syscall_32+0x73/0x120
[  260.828518][T11513]  do_fast_syscall_32+0x32/0x80
[  260.829806][T11513]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  260.831464][T11513] RIP: 0023:0xf7f20579
[  260.832552][T11513] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  260.837580][T11513] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  260.839777][T11513] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 000000000000125f
[  260.841843][T11513] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  260.843927][T11513] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  260.846000][T11513] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  260.848069][T11513] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  260.850137][T11513]  </TASK>
[  260.851121][    C3] vkms_vblank_simulate: vblank timer overrun
[  261.478003][T11533] ieee802154 phy1 wpan1: encryption failed: -22
[  261.603970][ T5948] usb 7-1: new full-speed USB device number 18 using dummy_hcd
[  261.765335][ T5948] usb 7-1: config index 0 descriptor too short (expected 26395, got 27)
[  261.767579][ T5948] usb 7-1: config 130 has 1 interface, different from the descriptor's value: 20
[  261.769998][ T5948] usb 7-1: config 130 interface 0 has no altsetting 0
[  261.773347][ T5948] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  261.775912][ T5948] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.778291][ T5948] usb 7-1: Product: syz
[  261.779698][ T5948] usb 7-1: Manufacturer: syz
[  261.781279][ T5948] usb 7-1: SerialNumber: syz
[  262.155830][T11545] netlink: 'syz.3.1601': attribute type 3 has an invalid length.
[  262.157885][T11545] netlink: 'syz.3.1601': attribute type 3 has an invalid length.
[  262.160114][T11545] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1601'.
[  262.399815][ T5948] usblp 7-1:130.0: usblp0: USB Unidirectional printer dev 18 if 0 alt 245 proto 1 vid 0x0525 pid 0xA4A8
[  262.936024][T11558] bond0: entered promiscuous mode
[  262.941846][T11558] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  263.101919][T11559] bond0: left promiscuous mode
[  263.126904][T11565] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  263.133473][T11565] usb usb8: check_ctrlrecip: process 11565 (syz.3.1607) requesting ep 01 but needs 81
[  263.137228][T11565] usb usb8: usbfs: process 11565 (syz.3.1607) did not claim interface 0 before use
[  263.146378][T11566] ieee802154 phy1 wpan1: encryption failed: -22
[  263.547363][T11581] netlink: 'syz.3.1613': attribute type 3 has an invalid length.
[  263.549561][T11581] netlink: 'syz.3.1613': attribute type 3 has an invalid length.
[  263.554579][T11581] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1613'.
[  263.862671][T11585] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  264.242965][   T62] usb 7-1: USB disconnect, device number 18
[  264.246970][   T62] usblp0: removed
[  264.374702][T11590] overlayfs: missing 'lowerdir'
[  264.433006][T11593] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1617'.
[  264.462618][T11595] dlm: no locking on control device
[  265.417094][T11622] dlm: no locking on control device
[  265.628670][T11630] netlink: 'syz.4.1630': attribute type 3 has an invalid length.
[  265.630755][T11630] netlink: 'syz.4.1630': attribute type 3 has an invalid length.
[  265.633224][T11630] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1630'.
[  266.301478][   T39] kauditd_printk_skb: 119 callbacks suppressed
[  266.301489][   T39] audit: type=1326 audit(1734753011.280:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11638 comm="syz.2.1633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  266.310372][   T39] audit: type=1326 audit(1734753011.280:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11638 comm="syz.2.1633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  266.320784][   T39] audit: type=1326 audit(1734753011.310:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11638 comm="syz.2.1633" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf709e579 code=0x7ffc0000
[  266.328409][   T39] audit: type=1326 audit(1734753011.310:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11638 comm="syz.2.1633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  266.336103][   T39] audit: type=1326 audit(1734753011.310:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11638 comm="syz.2.1633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  266.342048][   T39] audit: type=1326 audit(1734753011.310:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11638 comm="syz.2.1633" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf709e579 code=0x7ffc0000
[  266.349429][   T39] audit: type=1326 audit(1734753011.310:1121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11638 comm="syz.2.1633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  266.357141][   T39] audit: type=1326 audit(1734753011.310:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11638 comm="syz.2.1633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  266.363109][   T39] audit: type=1326 audit(1734753011.310:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11638 comm="syz.2.1633" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf709e579 code=0x7ffc0000
[  266.446011][T11643] ieee802154 phy1 wpan1: encryption failed: -22
[  266.760094][   T39] audit: type=1326 audit(1734753011.740:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11638 comm="syz.2.1633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  267.655129][T11655] dlm: no locking on control device
[  268.664388][T11680] »»»»»» speed is unknown, defaulting to 1000
[  268.703197][T11680] »»»»»» speed is unknown, defaulting to 1000
[  268.835659][   T62] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  268.838580][T11688] ieee802154 phy1 wpan1: encryption failed: -22
[  269.003975][   T62] usb 9-1: Using ep0 maxpacket: 16
[  269.020565][   T62] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  269.023465][   T62] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  269.026403][   T62] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  269.029912][   T62] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00
[  269.032455][   T62] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.032842][T11693] dlm: no locking on control device
[  269.038255][   T62] usb 9-1: config 0 descriptor??
[  269.454142][   T62] input: HID 0955:7214 Haptics as /devices/virtual/input/input33
[  269.459497][   T62] shield 0003:0955:7214.0020: Registered Thunderstrike controller
[  269.461641][   T62] shield 0003:0955:7214.0020: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0
[  269.615178][T11708] FAULT_INJECTION: forcing a failure.
[  269.615178][T11708] name failslab, interval 1, probability 0, space 0, times 0
[  269.618797][T11708] CPU: 3 UID: 0 PID: 11708 Comm: syz.5.1654 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  269.621568][T11708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  269.624371][T11708] Call Trace:
[  269.625278][T11708]  <TASK>
[  269.626065][T11708]  dump_stack_lvl+0x16c/0x1f0
[  269.627402][T11708]  should_fail_ex+0x497/0x5b0
[  269.628702][T11708]  ? fs_reclaim_acquire+0xae/0x150
[  269.630042][T11708]  should_failslab+0xc2/0x120
[  269.631285][T11708]  __kmalloc_node_noprof+0xd1/0x520
[  269.632656][T11708]  ? __get_vm_area_node+0x1dc/0x2f0
[  269.634024][T11708]  ? __vmalloc_node_range_noprof+0x3d8/0x1530
[  269.635628][T11708]  __vmalloc_node_range_noprof+0x3d8/0x1530
[  269.637190][T11708]  ? find_held_lock+0x2d/0x110
[  269.638478][T11708]  ? __dev_ethtool+0x2ec4/0x5ab0
[  269.639790][T11708]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  269.641444][T11708]  ? __might_fault+0xe3/0x190
[  269.642683][T11708]  ? __might_fault+0xe3/0x190
[  269.643944][T11708]  ? __dev_ethtool+0x2ec4/0x5ab0
[  269.645256][T11708]  vzalloc_noprof+0x6b/0x90
[  269.646461][T11708]  ? __dev_ethtool+0x2ec4/0x5ab0
[  269.647826][T11708]  __dev_ethtool+0x2ec4/0x5ab0
[  269.649085][T11708]  ? __pfx_lock_release+0x10/0x10
[  269.650396][T11708]  ? trace_lock_acquire+0x14e/0x1f0
[  269.651768][T11708]  ? __pfx___dev_ethtool+0x10/0x10
[  269.653114][T11708]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  269.654733][T11708]  ? hlock_class+0x4e/0x130
[  269.655942][T11708]  ? __lock_acquire+0x15a9/0x3c40
[  269.657268][T11708]  ? __pfx___lock_acquire+0x10/0x10
[  269.658650][T11708]  ? __pfx_stack_trace_save+0x10/0x10
[  269.660070][T11708]  ? stack_depot_save_flags+0x28/0x9e0
[  269.661496][T11708]  ? find_held_lock+0x2d/0x110
[  269.662758][T11708]  ? lock_acquire.part.0+0x11b/0x380
[  269.664142][T11708]  ? __mutex_trylock_common+0xea/0x250
[  269.665569][T11708]  ? __pfx___mutex_trylock_common+0x10/0x10
[  269.667112][T11708]  ? dev_ethtool+0x167/0x330
[  269.668395][T11708]  ? rcu_is_watching+0x12/0xc0
[  269.669658][T11708]  ? trace_contention_end+0xee/0x140
[  269.671041][T11708]  ? __mutex_lock+0x1cc/0xa60
[  269.672326][T11708]  ? dev_ethtool+0x167/0x330
[  269.673544][T11708]  ? __pfx___mutex_lock+0x10/0x10
[  269.674884][T11708]  dev_ethtool+0x17c/0x330
[  269.676062][T11708]  ? __pfx_dev_ethtool+0x10/0x10
[  269.677363][T11708]  ? netdev_name_node_lookup_rcu+0xf0/0x140
[  269.678943][T11708]  dev_ioctl+0x2a2/0x10c0
[  269.680072][T11708]  compat_sock_ioctl+0x44c/0x7e0
[  269.681370][T11708]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  269.682748][T11708]  ? __fget_files+0x206/0x3a0
[  269.683990][T11708]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  269.685417][T11708]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  269.686945][T11708]  __do_fast_syscall_32+0x73/0x120
[  269.688304][T11708]  do_fast_syscall_32+0x32/0x80
[  269.689580][T11708]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  269.691228][T11708] RIP: 0023:0xf7f20579
[  269.692295][T11708] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  269.697283][T11708] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  269.699468][T11708] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008946
[  269.701535][T11708] RDX: 00000000200002c0 RSI: 0000000000000000 RDI: 0000000000000000
[  269.703579][T11708] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  269.705649][T11708] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  269.707704][T11708] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  269.709786][T11708]  </TASK>
[  269.710706][    C3] vkms_vblank_simulate: vblank timer overrun
[  269.714068][T11708] syz.5.1654: vmalloc error: size 4096, failed to allocated page array size 8, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  269.718719][T11708] CPU: 3 UID: 0 PID: 11708 Comm: syz.5.1654 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  269.721491][T11708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  269.724266][T11708] Call Trace:
[  269.725142][T11708]  <TASK>
[  269.725918][T11708]  dump_stack_lvl+0x16c/0x1f0
[  269.727152][T11708]  warn_alloc+0x24d/0x3a0
[  269.728315][T11708]  ? __pfx_warn_alloc+0x10/0x10
[  269.729593][T11708]  ? dump_stack_lvl+0x1a3/0x1f0
[  269.730873][T11708]  ? rcu_is_watching+0x12/0xc0
[  269.732146][T11708]  ? trace_kmalloc+0x2d/0xd0
[  269.733366][T11708]  ? __get_vm_area_node+0x1dc/0x2f0
[  269.734728][T11708]  __vmalloc_node_range_noprof+0x1105/0x1530
[  269.736333][T11708]  ? __dev_ethtool+0x2ec4/0x5ab0
[  269.737654][T11708]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  269.739316][T11708]  ? __might_fault+0xe3/0x190
[  269.740567][T11708]  ? __might_fault+0xe3/0x190
[  269.741820][T11708]  ? __dev_ethtool+0x2ec4/0x5ab0
[  269.743129][T11708]  vzalloc_noprof+0x6b/0x90
[  269.744313][T11708]  ? __dev_ethtool+0x2ec4/0x5ab0
[  269.745618][T11708]  __dev_ethtool+0x2ec4/0x5ab0
[  269.746883][T11708]  ? __pfx_lock_release+0x10/0x10
[  269.748227][T11708]  ? trace_lock_acquire+0x14e/0x1f0
[  269.749595][T11708]  ? __pfx___dev_ethtool+0x10/0x10
[  269.750928][T11708]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  269.752544][T11708]  ? hlock_class+0x4e/0x130
[  269.753857][T11708]  ? __lock_acquire+0x15a9/0x3c40
[  269.755274][T11708]  ? __pfx___lock_acquire+0x10/0x10
[  269.756768][T11708]  ? __pfx_stack_trace_save+0x10/0x10
[  269.758184][T11708]  ? stack_depot_save_flags+0x28/0x9e0
[  269.759589][T11708]  ? find_held_lock+0x2d/0x110
[  269.760953][T11708]  ? lock_acquire.part.0+0x11b/0x380
[  269.762337][T11708]  ? __mutex_trylock_common+0xea/0x250
[  269.763771][T11708]  ? __pfx___mutex_trylock_common+0x10/0x10
[  269.765350][T11708]  ? dev_ethtool+0x167/0x330
[  269.766579][T11708]  ? rcu_is_watching+0x12/0xc0
[  269.767856][T11708]  ? trace_contention_end+0xee/0x140
[  269.769247][T11708]  ? __mutex_lock+0x1cc/0xa60
[  269.770503][T11708]  ? dev_ethtool+0x167/0x330
[  269.771755][T11708]  ? __pfx___mutex_lock+0x10/0x10
[  269.773103][T11708]  dev_ethtool+0x17c/0x330
[  269.774300][T11708]  ? __pfx_dev_ethtool+0x10/0x10
[  269.775620][T11708]  ? netdev_name_node_lookup_rcu+0xf0/0x140
[  269.777199][T11708]  dev_ioctl+0x2a2/0x10c0
[  269.778371][T11708]  compat_sock_ioctl+0x44c/0x7e0
[  269.779701][T11708]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  269.781146][T11708]  ? __fget_files+0x206/0x3a0
[  269.782743][T11708]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  269.784590][T11708]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  269.786383][T11708]  __do_fast_syscall_32+0x73/0x120
[  269.788117][T11708]  do_fast_syscall_32+0x32/0x80
[  269.789759][T11708]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  269.791760][T11708] RIP: 0023:0xf7f20579
[  269.793126][T11708] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  269.798192][T11708] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  269.800397][T11708] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008946
[  269.802447][T11708] RDX: 00000000200002c0 RSI: 0000000000000000 RDI: 0000000000000000
[  269.804504][T11708] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  269.806506][T11708] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  269.808559][T11708] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  269.810616][T11708]  </TASK>
[  269.811526][    C3] vkms_vblank_simulate: vblank timer overrun
[  269.813852][T11708] Mem-Info:
[  269.814949][T11708] active_anon:7029 inactive_anon:316 isolated_anon:0
[  269.814949][T11708]  active_file:9804 inactive_file:43532 isolated_file:0
[  269.814949][T11708]  unevictable:1768 dirty:331 writeback:0
[  269.814949][T11708]  slab_reclaimable:6602 slab_unreclaimable:62001
[  269.814949][T11708]  mapped:26049 shmem:3800 pagetables:807
[  269.814949][T11708]  sec_pagetables:309 bounce:0
[  269.814949][T11708]  kernel_misc_reclaimable:0
[  269.814949][T11708]  free:48529 free_pcp:2763 free_cma:0
[  269.828046][T11708] Node 0 active_anon:5196kB inactive_anon:1264kB active_file:1916kB inactive_file:11104kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:6708kB dirty:188kB writeback:0kB shmem:5148kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:9716kB pagetables:912kB sec_pagetables:1160kB all_unreclaimable? yes
[  269.836405][T11708] Node 1 active_anon:27612kB inactive_anon:0kB active_file:37300kB inactive_file:163024kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:99988kB dirty:1136kB writeback:0kB shmem:14660kB shmem_thp:2048kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:2860kB pagetables:2316kB sec_pagetables:76kB all_unreclaimable? no
[  269.847196][T11708] Node 0 DMA free:2968kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:184kB inactive_anon:88kB active_file:0kB inactive_file:192kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:464kB local_pcp:160kB free_cma:0kB
[  269.854664][T11708] lowmem_reserve[]: 0 273 0 0 0
[  269.856042][T11708] Node 0 DMA32 free:19664kB boost:2048kB min:15952kB low:19428kB high:22904kB reserved_highatomic:4096KB active_anon:5012kB inactive_anon:1176kB active_file:1916kB inactive_file:10912kB unevictable:3536kB writepending:188kB present:1032196kB managed:306308kB mlocked:0kB bounce:0kB free_pcp:1200kB local_pcp:608kB free_cma:0kB
[  269.863965][T11708] lowmem_reserve[]: 0 0 0 0 0
[  269.865353][T11708] Node 1 DMA32 free:166700kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:30212kB inactive_anon:0kB active_file:37300kB inactive_file:163024kB unevictable:3536kB writepending:1136kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:6540kB local_pcp:724kB free_cma:0kB
[  269.873033][T11708] lowmem_reserve[]: 0 0 0 0 0
[  269.874417][T11708] Node 0 DMA: 50*4kB (U) 50*8kB (UE) 50*16kB (UE) 49*32kB (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2968kB
[  269.878120][T11708] Node 0 DMA32: 198*4kB (UH) 29*8kB (UMEH) 10*16kB (UMEH) 67*32kB (UMEH) 64*64kB (UMEH) 15*128kB (UME) 8*256kB (UME) 2*512kB (UM) 1*1024kB (M) 3*2048kB (M) 0*4096kB = 19584kB
[  269.882844][T11708] Node 1 DMA32: 18*4kB (UME) 208*8kB (UME) 419*16kB (UME) 514*32kB (UME) 348*64kB (UME) 145*128kB (UME) 96*256kB (UME) 41*512kB (UM) 34*1024kB (UM) 10*2048kB (UM) 0*4096kB = 166584kB
[  269.887686][ T6002] usb 9-1: USB disconnect, device number 15
[  269.889329][T11708] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  269.891881][T11708] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  269.894355][T11708] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  269.896896][T11708] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  269.899401][T11708] 59795 total pagecache pages
[  269.900708][T11708] 0 pages in swap cache
[  269.901874][T11708] Free swap  = 124260kB
[  269.903029][T11708] Total swap = 124996kB
[  269.904245][T11708] 524155 pages RAM
[  269.905269][T11708] 0 pages HighMem/MovableOnly
[  269.906567][T11708] 206675 pages reserved
[  269.907747][T11708] 0 pages cma reserved
[  269.909055][  T834] shield 0003:0955:7214.0020: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  269.912021][  T834] shield 0003:0955:7214.0020: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  269.914953][  T834] shield 0003:0955:7214.0020: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  269.917815][  T834] shield 0003:0955:7214.0020: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  271.052748][T11723] netlink: 'syz.3.1657': attribute type 3 has an invalid length.
[  271.055478][T11723] netlink: 'syz.3.1657': attribute type 3 has an invalid length.
[  271.058382][T11723] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1657'.
[  271.221647][ T1215] Bluetooth: hci4: Frame reassembly failed (-84)
[  271.223700][T11727] Bluetooth: hci4: Frame reassembly failed (-84)
[  271.798428][T11738] ieee802154 phy1 wpan1: encryption failed: -22
[  272.823820][T11748] team0: Mode "" not found
[  272.894094][T11757] netlink: 'syz.4.1670': attribute type 13 has an invalid length.
[  272.950343][T11759] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1670'.
[  273.076071][T11769] syz_tun: entered promiscuous mode
[  273.080053][T11769] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  273.084655][T11769] Cannot create hsr debugfs directory
[  273.284021][ T5941] Bluetooth: hci4: command 0x1003 tx timeout
[  273.284102][ T5300] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  273.697994][T11783] dlm: no locking on control device
[  273.938127][T11805] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1688'.
[  274.079492][T11812] netlink: 'syz.2.1690': attribute type 3 has an invalid length.
[  274.082333][T11812] netlink: 'syz.2.1690': attribute type 3 has an invalid length.
[  274.088420][T11812] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1690'.
[  274.193042][T11816] netlink: 'syz.3.1692': attribute type 3 has an invalid length.
[  274.195614][T11816] netlink: 'syz.3.1692': attribute type 3 has an invalid length.
[  274.199971][T11816] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1692'.
[  274.943457][T11822] binder_alloc: 11821: binder_alloc_buf, no vma
[  275.164639][T11835] tmpfs: Bad value for 'mpol'
[  275.169849][T11835] fuse: Bad value for 'group_id'
[  275.171212][T11835] fuse: Bad value for 'group_id'
[  275.404001][   T62] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  275.484069][   T25] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  275.524735][ T5979] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  275.554054][   T62] usb 10-1: Using ep0 maxpacket: 16
[  275.557149][   T62] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  275.561421][   T62] usb 10-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  275.567413][   T62] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.571312][   T62] usb 10-1: config 0 descriptor??
[  275.576424][   T62] input: bcm5974 as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/input/input35
[  275.641189][   T25] usb 9-1: config 0 has no interfaces?
[  275.643103][   T25] usb 9-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  275.649288][   T25] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.653717][   T25] usb 9-1: config 0 descriptor??
[  275.700221][ T5979] usb 8-1: config 0 has no interfaces?
[  275.702133][ T5979] usb 8-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  275.705796][ T5979] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.710799][ T5979] usb 8-1: config 0 descriptor??
[  275.779429][T11835] input: syz0 as /devices/virtual/input/input36
[  275.883397][ T5343] bcm5974 10-1:0.0: could not read from device
[  275.890769][   T62] usb 10-1: USB disconnect, device number 8
[  275.919309][T11833] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  275.923168][T11833] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  276.051048][T11836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  276.054255][T11836] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  276.568181][T11844] ieee802154 phy1 wpan1: encryption failed: -22
[  276.773684][ T7323] usb 8-1: USB disconnect, device number 20
[  276.937027][   T25] usb 9-1: USB disconnect, device number 16
[  277.653030][T11871] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1710'.
[  278.008657][T11877] »»»»»» speed is unknown, defaulting to 1000
[  278.089892][T11877] »»»»»» speed is unknown, defaulting to 1000
[  278.278817][T11883] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1713'.
[  278.363088][T11890] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1716'.
[  279.537019][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  279.584109][ T6002] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  279.754523][ T6002] usb 8-1: config 0 has no interfaces?
[  279.756611][ T6002] usb 8-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  279.760168][ T6002] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  279.767074][ T6002] usb 8-1: config 0 descriptor??
[  279.833762][T11918] vti0: entered promiscuous mode
[  280.031422][T11891] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  280.033727][T11891] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  280.114302][T11925] Invalid ELF header magic: != ELF
[  280.292404][ T5999] usb 8-1: USB disconnect, device number 21
[  281.771655][ T5979] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  281.925002][ T5979] usb 7-1: Using ep0 maxpacket: 32
[  281.928311][ T5979] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  281.933689][ T5979] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  281.944267][ T5979] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  281.946970][ T5979] usb 7-1: Product: syz
[  281.948347][ T5979] usb 7-1: Manufacturer: syz
[  281.949930][ T5979] usb 7-1: SerialNumber: syz
[  281.953359][ T5979] usb 7-1: config 0 descriptor??
[  281.955956][T11942] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  281.970692][    C3] ata1: illegal qc_active transition (00000000->00400000)
[  282.226598][ T5979] usb 7-1: USB disconnect, device number 19
[  282.255101][T11962] FAULT_INJECTION: forcing a failure.
[  282.255101][T11962] name failslab, interval 1, probability 0, space 0, times 0
[  282.258697][T11962] CPU: 1 UID: 0 PID: 11962 Comm: syz.5.1739 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  282.261515][T11962] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  282.264342][T11962] Call Trace:
[  282.265237][T11962]  <TASK>
[  282.266014][T11962]  dump_stack_lvl+0x16c/0x1f0
[  282.267247][T11962]  should_fail_ex+0x497/0x5b0
[  282.268559][T11962]  ? fs_reclaim_acquire+0xae/0x150
[  282.270081][T11962]  should_failslab+0xc2/0x120
[  282.271309][T11962]  __kmalloc_cache_noprof+0x68/0x420
[  282.273104][T11962]  ? rcu_is_watching+0x12/0xc0
[  282.274571][T11962]  ? trace_kmalloc+0x2d/0xd0
[  282.275995][T11962]  ? __pfx_free_modprobe_argv+0x10/0x10
[  282.277748][T11962]  call_usermodehelper_setup+0x9a/0x340
[  282.279352][T11962]  __request_module+0x3d6/0x6c0
[  282.281074][T11962]  ? dev_load+0x1ff/0x240
[  282.282328][T11962]  ? __pfx___request_module+0x10/0x10
[  282.284245][T11962]  ? aa_get_newest_label+0x376/0x680
[  282.285901][T11962]  ? __pfx_aa_get_newest_label+0x10/0x10
[  282.287781][T11962]  ? apparmor_capable+0x114/0x1d0
[  282.289068][T11962]  ? dev_load+0x1de/0x240
[  282.290305][T11962]  dev_load+0x1ff/0x240
[  282.291565][T11962]  dev_ioctl+0x19c/0x10c0
[  282.292693][T11962]  sock_ioctl+0x5b9/0x6c0
[  282.293775][T11962]  ? __pfx_sock_ioctl+0x10/0x10
[  282.295007][ T1104] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[  282.295047][T11962]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  282.295075][T11962]  compat_sock_ioctl+0x619/0x7e0
[  282.295088][T11962]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  282.298117][ T1104] ata1.00: configured for UDMA/100
[  282.298739][T11962]  ? __fget_files+0x206/0x3a0
[  282.298757][T11962]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  282.298769][T11962]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  282.307206][T11962]  __do_fast_syscall_32+0x73/0x120
[  282.308561][T11962]  do_fast_syscall_32+0x32/0x80
[  282.309841][T11962]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  282.311493][T11962] RIP: 0023:0xf7f20579
[  282.312577][T11962] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  282.317890][T11962] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  282.320068][T11962] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000089f1
[  282.322124][T11962] RDX: 00000000200000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  282.324304][T11962] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  282.326394][T11962] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  282.328457][T11962] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  282.330538][T11962]  </TASK>
[  282.473326][T11974] »»»»»» speed is unknown, defaulting to 1000
[  282.566249][T11974] »»»»»» speed is unknown, defaulting to 1000
[  282.891337][ T5948] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  283.208743][ T5948] usb 8-1: config 0 has no interfaces?
[  283.210467][ T5948] usb 8-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  283.212857][ T5948] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.219599][ T5948] usb 8-1: config 0 descriptor??
[  283.530772][T11992] »»»»»» speed is unknown, defaulting to 1000
[  283.559856][T11975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  283.562159][T11975] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  283.646946][T11992] »»»»»» speed is unknown, defaulting to 1000
[  284.148287][ T6002] usb 8-1: USB disconnect, device number 22
[  284.184142][T12008] netlink: 'syz.5.1750': attribute type 4 has an invalid length.
[  284.291679][T12019] IPVS: set_ctl: invalid protocol: 46 10.1.1.2:20003
[  286.151445][T12047] input: syz0 as /devices/virtual/input/input37
[  287.470118][T12059] ieee802154 phy1 wpan1: encryption failed: -22
[  287.848401][T12064] program syz.4.1770 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.884197][ T7323] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  288.047811][ T7323] usb 7-1: too many configurations: 68, using maximum allowed: 8
[  288.051568][ T7323] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  288.056434][ T7323] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  288.059980][ T7323] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  288.063363][ T7323] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  288.068087][ T7323] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  288.072590][ T7323] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  288.076894][ T7323] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  288.080522][ T7323] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  288.085025][ T7323] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  288.087787][ T7323] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.090269][ T7323] usb 7-1: Product: syz
[  288.091426][ T7323] usb 7-1: Manufacturer: syz
[  288.092746][ T7323] usb 7-1: SerialNumber: syz
[  288.097637][ T7323] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  288.110595][ T7323] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  288.544773][ T5999] usb 7-1: USB disconnect, device number 20
[  288.592530][T12076] FAULT_INJECTION: forcing a failure.
[  288.592530][T12076] name failslab, interval 1, probability 0, space 0, times 0
[  288.596029][T12076] CPU: 2 UID: 0 PID: 12076 Comm: syz.3.1773 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  288.598759][T12076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  288.601515][T12076] Call Trace:
[  288.602389][T12076]  <TASK>
[  288.603163][T12076]  dump_stack_lvl+0x16c/0x1f0
[  288.604515][T12076]  should_fail_ex+0x497/0x5b0
[  288.605900][T12076]  ? fs_reclaim_acquire+0xae/0x150
[  288.607255][T12076]  should_failslab+0xc2/0x120
[  288.608520][T12076]  __kmalloc_noprof+0xce/0x4f0
[  288.609760][T12076]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  288.611209][T12076]  ? tomoyo_realpath_from_path+0xbf/0x710
[  288.612699][T12076]  ? rcu_is_watching+0x12/0xc0
[  288.613945][T12076]  tomoyo_realpath_from_path+0xbf/0x710
[  288.615476][T12076]  tomoyo_check_open_permission+0x2ad/0x3c0
[  288.617024][T12076]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  288.618727][T12076]  ? __pfx_hook_file_open+0x10/0x10
[  288.620082][T12076]  ? lock_acquire+0x2f/0xb0
[  288.621261][T12076]  tomoyo_file_open+0x6b/0x90
[  288.622485][T12076]  security_file_open+0x84/0x1e0
[  288.623774][T12076]  do_dentry_open+0x57e/0x1ea0
[  288.625234][T12076]  ? inode_permission+0xdd/0x5f0
[  288.626521][T12076]  vfs_open+0x82/0x3f0
[  288.627587][T12076]  ? may_open+0x1f2/0x400
[  288.628708][T12076]  path_openat+0x1e6a/0x2d60
[  288.629910][T12076]  ? __pfx_path_openat+0x10/0x10
[  288.631192][T12076]  ? __pfx___lock_acquire+0x10/0x10
[  288.632542][T12076]  ? lock_acquire.part.0+0x11b/0x380
[  288.633899][T12076]  ? find_held_lock+0x2d/0x110
[  288.635239][T12076]  do_filp_open+0x20c/0x470
[  288.636438][T12076]  ? __pfx_do_filp_open+0x10/0x10
[  288.637782][T12076]  ? find_held_lock+0x2d/0x110
[  288.639051][T12076]  ? alloc_fd+0x41f/0x760
[  288.640186][T12076]  do_sys_openat2+0x17a/0x1e0
[  288.641411][T12076]  ? __pfx_do_sys_openat2+0x10/0x10
[  288.642760][T12076]  ? __fget_files+0x206/0x3a0
[  288.644003][T12076]  __ia32_compat_sys_openat+0x16e/0x210
[  288.645624][T12076]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  288.647228][T12076]  ? ksys_write+0x1ba/0x250
[  288.648484][T12076]  __do_fast_syscall_32+0x73/0x120
[  288.649821][T12076]  do_fast_syscall_32+0x32/0x80
[  288.651093][T12076]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  288.652756][T12076] RIP: 0023:0xf70ee579
[  288.653824][T12076] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  288.658909][T12076] RSP: 002b:00000000f50e04f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000127
[  288.661066][T12076] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f72cce2c
[  288.663096][T12076] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000f7423ff4
[  288.665409][T12076] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  288.667442][T12076] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  288.669488][T12076] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  288.671536][T12076]  </TASK>
[  288.674548][T12076] ERROR: Out of memory at tomoyo_realpath_from_path.
[  288.987690][T12084] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1775'.
[  289.109163][   T62] libceph: connect (1)[c::]:6789 error -101
[  289.110818][   T62] libceph: mon0 (1)[c::]:6789 connect error
[  289.124032][ T7323] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  289.125955][ T7323] ath9k_htc: Failed to initialize the device
[  289.127807][ T5999] usb 7-1: ath9k_htc: USB layer deinitialized
[  289.268095][T12088] ceph: No mds server is up or the cluster is laggy
[  289.305531][T12099] netlink: 'syz.2.1779': attribute type 3 has an invalid length.
[  289.307683][T12099] netlink: 'syz.2.1779': attribute type 3 has an invalid length.
[  289.310056][T12099] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1779'.
[  290.194018][   T62] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  290.344092][   T62] usb 10-1: Using ep0 maxpacket: 8
[  290.351597][   T62] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  290.356015][   T62] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  290.359189][   T62] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.363342][   T62] usb 10-1: config 0 descriptor??
[  290.467281][   T39] kauditd_printk_skb: 1 callbacks suppressed
[  290.467292][   T39] audit: type=1326 audit(1734753035.450:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12128 comm="syz.4.1782" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x0
[  290.573961][   T62] iowarrior 10-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  290.579282][T12138] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  290.850735][T12143] futex_wake_op: syz.5.1781 tries to shift op by 144; fix this program
[  291.349632][T12160] binder_alloc: 12159: binder_alloc_buf size -624 failed, no address space
[  291.353148][T12160] binder_alloc: allocated: 16 (num: 2 largest: 8), free: 8176 (num: 1 largest: 8176)
[  291.378039][T12160] ieee802154 phy1 wpan1: encryption failed: -22
[  291.403952][ T1449] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  291.523455][T12163] netlink: 'syz.3.1790': attribute type 3 has an invalid length.
[  291.533967][T12163] netlink: 'syz.3.1790': attribute type 3 has an invalid length.
[  291.544628][T12163] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1790'.
[  291.770917][ T1449] usb 7-1: too many configurations: 68, using maximum allowed: 8
[  291.774653][ T1449] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  291.783212][ T1449] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  291.790119][ T1449] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  291.797084][ T1449] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  291.805503][ T1449] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  291.827347][ T1449] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  291.840199][ T1449] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  291.848505][ T1449] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  291.859298][ T1449] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  291.861721][ T1449] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.864071][ T1449] usb 7-1: Product: syz
[  291.866460][ T1449] usb 7-1: Manufacturer: syz
[  291.883909][ T1449] usb 7-1: SerialNumber: syz
[  291.925022][ T1449] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  291.941424][ T1449] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  292.171485][   T35] usb 7-1: USB disconnect, device number 21
[  292.986111][ T1449] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  292.987497][   T25] usb 10-1: USB disconnect, device number 9
[  292.987997][ T1449] ath9k_htc: Failed to initialize the device
[  292.992053][   T35] usb 7-1: ath9k_htc: USB layer deinitialized
[  293.425649][T12200] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1803'.
[  293.453048][    C3] ata1: illegal qc_active transition (00000000->00000040)
[  293.475890][T12205] FAULT_INJECTION: forcing a failure.
[  293.475890][T12205] name failslab, interval 1, probability 0, space 0, times 0
[  293.479642][T12205] CPU: 2 UID: 0 PID: 12205 Comm: syz.5.1806 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  293.482849][T12205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  293.485697][T12205] Call Trace:
[  293.486585][T12205]  <TASK>
[  293.487371][T12205]  dump_stack_lvl+0x16c/0x1f0
[  293.488638][T12205]  should_fail_ex+0x497/0x5b0
[  293.489880][T12205]  ? fs_reclaim_acquire+0xae/0x150
[  293.491640][T12205]  should_failslab+0xc2/0x120
[  293.492955][T12205]  __kmalloc_noprof+0xce/0x4f0
[  293.494220][T12205]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  293.495695][T12205]  ? tomoyo_realpath_from_path+0xbf/0x710
[  293.497187][T12205]  tomoyo_realpath_from_path+0xbf/0x710
[  293.498640][T12205]  ? tomoyo_path_number_perm+0x235/0x5b0
[  293.500127][T12205]  tomoyo_path_number_perm+0x248/0x5b0
[  293.501544][T12205]  ? tomoyo_path_number_perm+0x235/0x5b0
[  293.503018][T12205]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  293.504670][T12205]  ? __pfx_lock_release+0x10/0x10
[  293.505993][T12205]  ? trace_lock_acquire+0x14e/0x1f0
[  293.507359][T12205]  ? lock_acquire+0x2f/0xb0
[  293.508559][T12205]  ? __fget_files+0x40/0x3a0
[  293.509774][T12205]  ? __fget_files+0x206/0x3a0
[  293.511012][T12205]  security_file_ioctl_compat+0x9b/0x240
[  293.512493][T12205]  __do_compat_sys_ioctl+0x4e/0x2c0
[  293.513859][T12205]  __do_fast_syscall_32+0x73/0x120
[  293.515253][T12205]  do_fast_syscall_32+0x32/0x80
[  293.516555][T12205]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  293.518218][T12205] RIP: 0023:0xf7f20579
[  293.519289][T12205] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  293.524277][T12205] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  293.526470][T12205] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0845657
[  293.528538][T12205] RDX: 0000000020000380 RSI: 0000000000000000 RDI: 0000000000000000
[  293.530601][T12205] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  293.532653][T12205] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  293.534780][T12205] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  293.536860][T12205]  </TASK>
[  293.537724][    C2] vkms_vblank_simulate: vblank timer overrun
[  293.544022][T12205] ERROR: Out of memory at tomoyo_realpath_from_path.
[  293.788102][ T1104] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[  293.790565][ T1104] ata1.00: configured for UDMA/100
[  293.828916][T12228] netlink: zone id is out of range
[  293.830670][T12228] netlink: zone id is out of range
[  293.832599][T12228] netlink: zone id is out of range
[  293.834401][T12228] netlink: zone id is out of range
[  294.060307][T12232] FAULT_INJECTION: forcing a failure.
[  294.060307][T12232] name failslab, interval 1, probability 0, space 0, times 0
[  294.063824][T12232] CPU: 2 UID: 0 PID: 12232 Comm: syz.5.1816 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  294.066713][T12232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  294.069682][T12232] Call Trace:
[  294.070556][T12232]  <TASK>
[  294.071422][T12232]  dump_stack_lvl+0x16c/0x1f0
[  294.072757][T12232]  should_fail_ex+0x497/0x5b0
[  294.074013][T12232]  ? fs_reclaim_acquire+0xae/0x150
[  294.075437][T12232]  should_failslab+0xc2/0x120
[  294.076852][T12232]  __kmalloc_cache_node_noprof+0x6f/0x3f0
[  294.078385][T12232]  ? __get_vm_area_node+0x101/0x2f0
[  294.079756][T12232]  __get_vm_area_node+0x101/0x2f0
[  294.081086][T12232]  ? blkdev_common_ioctl+0x686/0x2220
[  294.082734][T12232]  __vmalloc_node_range_noprof+0x26a/0x1530
[  294.084899][T12232]  ? bdev_disk_changed+0x48f/0x14e0
[  294.086809][T12232]  ? bdev_disk_changed+0x48f/0x14e0
[  294.088718][T12232]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  294.090920][T12232]  ? bdev_disk_changed+0x48f/0x14e0
[  294.092701][T12232]  vzalloc_noprof+0x6b/0x90
[  294.094342][T12232]  ? bdev_disk_changed+0x48f/0x14e0
[  294.096236][T12232]  bdev_disk_changed+0x48f/0x14e0
[  294.098084][T12232]  ? __pfx___mutex_lock+0x10/0x10
[  294.099910][T12232]  ? __pfx_bdev_disk_changed+0x10/0x10
[  294.101798][T12232]  blkdev_get_whole+0x187/0x290
[  294.103518][T12232]  bdev_open+0x2c7/0xe20
[  294.105023][T12232]  bdev_file_open_by_dev+0x17d/0x210
[  294.106829][T12232]  disk_scan_partitions+0x1ed/0x320
[  294.108619][T12232]  blkdev_common_ioctl+0x686/0x2220
[  294.110424][T12232]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  294.112460][T12232]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  294.114486][T12232]  ? do_vfs_ioctl+0x513/0x1950
[  294.116206][T12232]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  294.118063][T12232]  ? __pfx_lock_release+0x10/0x10
[  294.119895][T12232]  ? trace_lock_acquire+0x14e/0x1f0
[  294.121771][T12232]  compat_blkdev_ioctl+0x257/0x750
[  294.123596][T12232]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  294.125508][T12232]  ? __fget_files+0x206/0x3a0
[  294.127193][T12232]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  294.129227][T12232]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  294.131147][T12232]  __do_fast_syscall_32+0x73/0x120
[  294.133045][T12232]  do_fast_syscall_32+0x32/0x80
[  294.134818][T12232]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  294.137077][T12232] RIP: 0023:0xf7f20579
[  294.138497][T12232] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  294.144825][T12232] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  294.147580][T12232] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 000000000000125f
[  294.150171][T12232] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  294.152920][T12232] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  294.155543][T12232] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  294.158141][T12232] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  294.160722][T12232]  </TASK>
[  294.161895][    C2] vkms_vblank_simulate: vblank timer overrun
[  294.165665][T12232] syz.5.1816: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  294.170193][T12232] CPU: 0 UID: 0 PID: 12232 Comm: syz.5.1816 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  294.172990][T12232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  294.175824][T12232] Call Trace:
[  294.176704][T12232]  <TASK>
[  294.177492][T12232]  dump_stack_lvl+0x16c/0x1f0
[  294.178832][T12232]  warn_alloc+0x24d/0x3a0
[  294.179992][T12232]  ? __pfx_warn_alloc+0x10/0x10
[  294.181270][T12232]  ? __kmalloc_cache_node_noprof+0x245/0x3f0
[  294.182835][T12232]  ? __kasan_kmalloc+0x8a/0xb0
[  294.184122][T12232]  ? __get_vm_area_node+0x1dc/0x2f0
[  294.185505][T12232]  __vmalloc_node_range_noprof+0xd27/0x1530
[  294.187047][T12232]  ? bdev_disk_changed+0x48f/0x14e0
[  294.188751][T12232]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  294.190450][T12232]  ? bdev_disk_changed+0x48f/0x14e0
[  294.191872][T12232]  vzalloc_noprof+0x6b/0x90
[  294.193063][T12232]  ? bdev_disk_changed+0x48f/0x14e0
[  294.194431][T12232]  bdev_disk_changed+0x48f/0x14e0
[  294.195775][T12232]  ? __pfx___mutex_lock+0x10/0x10
[  294.197180][T12232]  ? __pfx_bdev_disk_changed+0x10/0x10
[  294.198629][T12232]  blkdev_get_whole+0x187/0x290
[  294.199913][T12232]  bdev_open+0x2c7/0xe20
[  294.201024][T12232]  bdev_file_open_by_dev+0x17d/0x210
[  294.202401][T12232]  disk_scan_partitions+0x1ed/0x320
[  294.203799][T12232]  blkdev_common_ioctl+0x686/0x2220
[  294.205156][T12232]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  294.206761][T12232]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  294.208754][T12232]  ? do_vfs_ioctl+0x513/0x1950
[  294.210448][T12232]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  294.211877][T12232]  ? __pfx_lock_release+0x10/0x10
[  294.213189][T12232]  ? trace_lock_acquire+0x14e/0x1f0
[  294.214621][T12232]  compat_blkdev_ioctl+0x257/0x750
[  294.215973][T12232]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  294.217446][T12232]  ? __fget_files+0x206/0x3a0
[  294.218677][T12232]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  294.220139][T12232]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  294.221501][T12232]  __do_fast_syscall_32+0x73/0x120
[  294.222798][T12232]  do_fast_syscall_32+0x32/0x80
[  294.224083][T12232]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  294.225747][T12232] RIP: 0023:0xf7f20579
[  294.227155][T12232] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  294.232103][T12232] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  294.234258][T12232] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 000000000000125f
[  294.236419][T12232] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  294.238470][T12232] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  294.240510][T12232] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  294.242632][T12232] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  294.245171][T12232]  </TASK>
[  294.246251][T12232] Mem-Info:
[  294.247101][T12232] active_anon:8593 inactive_anon:316 isolated_anon:0
[  294.247101][T12232]  active_file:9831 inactive_file:35478 isolated_file:0
[  294.247101][T12232]  unevictable:1768 dirty:333 writeback:0
[  294.247101][T12232]  slab_reclaimable:6613 slab_unreclaimable:62996
[  294.247101][T12232]  mapped:27674 shmem:5333 pagetables:853
[  294.247101][T12232]  sec_pagetables:310 bounce:0
[  294.247101][T12232]  kernel_misc_reclaimable:0
[  294.247101][T12232]  free:54205 free_pcp:1712 free_cma:0
[  294.258658][T12232] Node 0 active_anon:5608kB inactive_anon:1264kB active_file:1916kB inactive_file:11104kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:6988kB dirty:4kB writeback:0kB shmem:5428kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:9716kB pagetables:980kB sec_pagetables:1160kB all_unreclaimable? yes
[  294.267355][T12232] Node 1 active_anon:28764kB inactive_anon:0kB active_file:37408kB inactive_file:130808kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:103708kB dirty:1328kB writeback:0kB shmem:15904kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:2956kB pagetables:2432kB sec_pagetables:80kB all_unreclaimable? no
[  294.276006][T12232] Node 0 DMA free:3000kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:172kB inactive_anon:88kB active_file:0kB inactive_file:192kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:348kB local_pcp:20kB free_cma:0kB
[  294.283209][T12232] lowmem_reserve[]: 0 273 0 0 0
[  294.284601][T12232] Node 0 DMA32 free:19800kB boost:2048kB min:15952kB low:19428kB high:22904kB reserved_highatomic:4096KB active_anon:5436kB inactive_anon:1176kB active_file:1916kB inactive_file:10912kB unevictable:3536kB writepending:4kB present:1032196kB managed:306308kB mlocked:0kB bounce:0kB free_pcp:1268kB local_pcp:548kB free_cma:0kB
[  294.292233][T12232] lowmem_reserve[]: 0 0 0 0 0
[  294.293608][T12232] Node 1 DMA32 free:193752kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:28764kB inactive_anon:0kB active_file:37408kB inactive_file:130808kB unevictable:3536kB writepending:1328kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:5324kB local_pcp:1028kB free_cma:0kB
[  294.301259][T12232] lowmem_reserve[]: 0 0 0 0 0
[  294.302743][T12232] Node 0 DMA: 51*4kB (U) 57*8kB (UE) 47*16kB (UE) 49*32kB (UE) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2980kB
[  294.306543][T12232] Node 0 DMA32: 212*4kB (UH) 47*8kB (UEH) 5*16kB (UH) 76*32kB (UMEH) 67*64kB (UMEH) 14*128kB (UME) 7*256kB (UE) 2*512kB (UM) 1*1024kB (M) 3*2048kB (M) 0*4096kB = 19800kB
[  294.310937][T12232] Node 1 DMA32: 8*4kB (U) 61*8kB (UE) 289*16kB (UME) 358*32kB (UME) 109*64kB (UME) 90*128kB (UME) 69*256kB (UME) 37*512kB (UM) 37*1024kB (UM) 13*2048kB (UM) 14*4096kB (UM) = 193560kB
[  294.315739][T12232] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  294.318200][T12232] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  294.320594][T12232] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  294.323408][T12232] Node 1 hugepages_total=4 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  294.325864][T12232] 50645 total pagecache pages
[  294.327100][T12232] 0 pages in swap cache
[  294.328194][T12232] Free swap  = 124248kB
[  294.329272][T12232] Total swap = 124996kB
[  294.330384][T12232] 524155 pages RAM
[  294.331466][T12232] 0 pages HighMem/MovableOnly
[  294.332690][T12232] 206675 pages reserved
[  294.333778][T12232] 0 pages cma reserved
[  294.979644][    C3] ata1: illegal qc_active transition (00000000->00000200)
[  295.299240][ T1104] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[  295.301991][ T1104] ata1.00: configured for UDMA/100
[  295.570354][T12260] netlink: 'syz.5.1824': attribute type 3 has an invalid length.
[  295.572520][T12260] netlink: 'syz.5.1824': attribute type 3 has an invalid length.
[  295.684599][ T5941] Bluetooth: hci2: command 0x0c1a tx timeout
[  295.766215][T12260] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1824'.
[  296.267518][T12266] FAULT_INJECTION: forcing a failure.
[  296.267518][T12266] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  296.270891][T12266] CPU: 3 UID: 0 PID: 12266 Comm: syz.3.1827 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  296.273844][T12266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  296.276759][T12266] Call Trace:
[  296.277626][T12266]  <TASK>
[  296.278423][T12266]  dump_stack_lvl+0x16c/0x1f0
[  296.279703][T12266]  should_fail_ex+0x497/0x5b0
[  296.280989][T12266]  _copy_to_user+0x32/0xd0
[  296.282157][T12266]  simple_read_from_buffer+0xd0/0x160
[  296.283612][T12266]  proc_fail_nth_read+0x198/0x270
[  296.284984][T12266]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  296.286381][T12266]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  296.287856][T12266]  vfs_read+0x1df/0xbe0
[  296.288937][T12266]  ? __fget_files+0x1fc/0x3a0
[  296.290215][T12266]  ? __pfx___mutex_lock+0x10/0x10
[  296.291559][T12266]  ? __pfx_vfs_read+0x10/0x10
[  296.292828][T12266]  ? __fget_files+0x206/0x3a0
[  296.294059][T12266]  ksys_read+0x12b/0x250
[  296.295254][T12266]  ? __pfx_ksys_read+0x10/0x10
[  296.296510][T12266]  __do_fast_syscall_32+0x73/0x120
[  296.297848][T12266]  do_fast_syscall_32+0x32/0x80
[  296.299113][T12266]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  296.300748][T12266] RIP: 0023:0xf70ee579
[  296.301924][T12266] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  296.307347][T12266] RSP: 002b:00000000f50e0590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  296.309541][T12266] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f50e0620
[  296.311579][T12266] RDX: 000000000000000f RSI: 00000000f7423ff4 RDI: 0000000000000000
[  296.313606][T12266] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  296.315698][T12266] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  296.318189][T12266] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  296.320234][T12266]  </TASK>
[  296.464165][T12272] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  296.553774][T12274] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  296.556255][T12277] »»»»»» speed is unknown, defaulting to 1000
[  296.557303][T12274] usb usb8: check_ctrlrecip: process 12274 (syz.3.1831) requesting ep 01 but needs 81
[  296.560984][T12274] usb usb8: usbfs: process 12274 (syz.3.1831) did not claim interface 0 before use
[  296.593572][T12282] overlayfs: conflicting options: nfs_export=on,index=off
[  296.600295][T12277] »»»»»» speed is unknown, defaulting to 1000
[  296.607510][T12282] vcan0: tx drop: invalid sa for name 0x0000000000000002
[  296.836208][T12286] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  296.878242][T12243] Cannot find del_set index 3 as target
[  296.881183][T12243] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1819'.
[  296.899370][T12296] netlink: 168 bytes leftover after parsing attributes in process `syz.5.1836'.
[  297.444192][   T35] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  297.594907][   T35] usb 10-1: too many configurations: 68, using maximum allowed: 8
[  297.601213][   T35] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  297.605286][   T35] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  297.609506][   T35] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  297.613173][   T35] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  297.618982][   T35] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  297.623001][   T35] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  297.626663][   T35] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  297.631626][   T35] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  297.642197][   T35] usb 10-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  297.644891][   T35] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  297.646958][   T35] usb 10-1: Product: syz
[  297.648057][   T35] usb 10-1: Manufacturer: syz
[  297.649440][   T35] usb 10-1: SerialNumber: syz
[  297.666370][   T35] usb 10-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  297.686935][ T5979] usb 10-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  298.122774][   T25] usb 10-1: USB disconnect, device number 10
[  298.314127][ T7323] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  298.518809][ T7323] usb 9-1: config 0 has no interfaces?
[  298.520319][ T7323] usb 9-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  298.522727][ T7323] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.526739][ T7323] usb 9-1: config 0 descriptor??
[  298.717586][T12315] netlink: 'syz.2.1842': attribute type 10 has an invalid length.
[  298.723248][T12315] batman_adv: batadv0: Adding interface: team0
[  298.725517][ T5979] ath9k_htc 10-1:1.0: ath9k_htc: Target is unresponsive
[  298.727531][T12315] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  298.735125][ T5979] ath9k_htc: Failed to initialize the device
[  298.737946][   T25] usb 10-1: ath9k_htc: USB layer deinitialized
[  298.738065][T12315] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  298.804099][ T5941] Bluetooth: hci2: command 0x0c1a tx timeout
[  298.839290][T12310] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  298.842360][T12310] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  298.867488][   T39] audit: type=1326 audit(1734753043.850:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12323 comm="syz.3.1845" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  298.873028][   T39] audit: type=1326 audit(1734753043.850:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12323 comm="syz.3.1845" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  298.878650][   T39] audit: type=1326 audit(1734753043.850:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12323 comm="syz.3.1845" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  298.884242][   T39] audit: type=1326 audit(1734753043.850:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12323 comm="syz.3.1845" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  298.889368][   T39] audit: type=1326 audit(1734753043.850:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12323 comm="syz.3.1845" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  298.895901][   T39] audit: type=1326 audit(1734753043.850:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12323 comm="syz.3.1845" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  298.901463][   T39] audit: type=1326 audit(1734753043.850:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12323 comm="syz.3.1845" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  298.907494][   T39] audit: type=1326 audit(1734753043.850:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12323 comm="syz.3.1845" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  298.913765][   T39] audit: type=1326 audit(1734753043.850:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12323 comm="syz.3.1845" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  298.919523][   T39] audit: type=1326 audit(1734753043.850:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12323 comm="syz.3.1845" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  299.014742][T12332] ieee802154 phy1 wpan1: encryption failed: -22
[  299.559118][ T7323] usb 9-1: USB disconnect, device number 17
[  299.796742][T12347] netlink: 'syz.5.1850': attribute type 3 has an invalid length.
[  299.799482][T12347] netlink: 'syz.5.1850': attribute type 3 has an invalid length.
[  299.801681][T12347] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1850'.
[  299.812325][T12348] ieee802154 phy1 wpan1: encryption failed: -22
[  300.752598][T12362] ieee802154 phy1 wpan1: encryption failed: -22
[  301.207799][T12379] »»»»»» speed is unknown, defaulting to 1000
[  301.248214][T12379] »»»»»» speed is unknown, defaulting to 1000
[  301.634030][   T25] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  301.684052][T12390] netlink: 'syz.2.1863': attribute type 3 has an invalid length.
[  301.686090][T12390] netlink: 'syz.2.1863': attribute type 3 has an invalid length.
[  301.688300][T12390] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1863'.
[  301.817319][   T25] usb 8-1: config 0 has no interfaces?
[  301.818961][   T25] usb 8-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  301.822398][   T25] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.839068][   T25] usb 8-1: config 0 descriptor??
[  302.255768][T12381] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  302.258738][T12381] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  302.581400][ T5979] usb 8-1: USB disconnect, device number 23
[  302.650113][T12403] ieee802154 phy1 wpan1: encryption failed: -22
[  302.865090][T12418] FAULT_INJECTION: forcing a failure.
[  302.865090][T12418] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  302.868472][T12418] CPU: 2 UID: 0 PID: 12418 Comm: syz.4.1872 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  302.871241][T12418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  302.874077][T12418] Call Trace:
[  302.875284][T12418]  <TASK>
[  302.876281][T12418]  dump_stack_lvl+0x16c/0x1f0
[  302.877852][T12418]  should_fail_ex+0x497/0x5b0
[  302.879426][T12418]  _copy_from_user+0x2e/0xd0
[  302.880964][T12418]  do_fb_ioctl+0x292/0x7d0
[  302.882436][T12418]  ? __pfx_do_fb_ioctl+0x10/0x10
[  302.884101][T12418]  ? tomoyo_path_number_perm+0x298/0x5b0
[  302.885972][T12418]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  302.887931][T12418]  fb_compat_ioctl+0x55f/0x670
[  302.889505][T12418]  ? __pfx_fb_compat_ioctl+0x10/0x10
[  302.891234][T12418]  ? __fget_files+0x206/0x3a0
[  302.892797][T12418]  ? __pfx_fb_compat_ioctl+0x10/0x10
[  302.894533][T12418]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  302.896287][T12418]  __do_fast_syscall_32+0x73/0x120
[  302.897978][T12418]  do_fast_syscall_32+0x32/0x80
[  302.899584][T12418]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  302.901652][T12418] RIP: 0023:0xf7fd4579
[  302.902995][T12418] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  302.909152][T12418] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  302.911875][T12418] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601
[  302.914446][T12418] RDX: 0000000020000380 RSI: 0000000000000000 RDI: 0000000000000000
[  302.916924][T12418] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  302.918983][T12418] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  302.921067][T12418] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  302.923673][T12418]  </TASK>
[  303.054039][ T5979] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  303.206073][ T5979] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.212954][ T5979] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  303.216630][ T5979] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  303.221114][ T5979] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  303.227146][ T5979] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.233259][ T5979] usb 10-1: config 0 descriptor??
[  303.539403][T12424] netlink: 'syz.3.1874': attribute type 3 has an invalid length.
[  303.541707][T12424] netlink: 'syz.3.1874': attribute type 3 has an invalid length.
[  303.545264][T12424] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1874'.
[  303.641972][ T5979] plantronics 0003:047F:FFFF.0021: unknown main item tag 0x0
[  303.645617][ T5979] plantronics 0003:047F:FFFF.0021: No inputs registered, leaving
[  303.655191][ T5979] plantronics 0003:047F:FFFF.0021: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  304.516384][T12432] uprobe: syz.4.1877:12432 failed to unregister, leaking uprobe
[  304.813013][T12444] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  304.815362][T12444] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  304.877496][T12447] netlink: 'syz.4.1882': attribute type 1 has an invalid length.
[  304.879491][T12447] netlink: 'syz.4.1882': attribute type 3 has an invalid length.
[  304.881922][T12447] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1882'.
[  305.329381][T12465] netlink: 'syz.2.1886': attribute type 3 has an invalid length.
[  305.331465][T12465] netlink: 'syz.2.1886': attribute type 3 has an invalid length.
[  305.333713][T12465] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1886'.
[  306.099505][ T1449] usb 10-1: USB disconnect, device number 11
[  306.479985][T12482] »»»»»» speed is unknown, defaulting to 1000
[  306.611049][T12482] »»»»»» speed is unknown, defaulting to 1000
[  306.721653][T12486] »»»»»» speed is unknown, defaulting to 1000
[  306.763498][T12486] »»»»»» speed is unknown, defaulting to 1000
[  307.754564][ T5999] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  307.937233][ T5999] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  307.940076][ T5999] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  307.942373][ T5999] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  307.945681][ T5999] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  307.948075][ T5999] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.950973][ T5999] usb 7-1: config 0 descriptor??
[  308.726237][   T39] kauditd_printk_skb: 41 callbacks suppressed
[  308.726247][   T39] audit: type=1326 audit(1734753053.710:1178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12508 comm="syz.5.1900" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  308.734260][   T39] audit: type=1326 audit(1734753053.710:1179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12508 comm="syz.5.1900" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  308.740236][   T39] audit: type=1326 audit(1734753053.720:1180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12508 comm="syz.5.1900" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  308.747352][   T39] audit: type=1326 audit(1734753053.720:1181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12508 comm="syz.5.1900" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  308.753481][   T39] audit: type=1326 audit(1734753053.720:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12508 comm="syz.5.1900" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  308.760356][   T39] audit: type=1326 audit(1734753053.720:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12508 comm="syz.5.1900" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  308.766316][   T39] audit: type=1326 audit(1734753053.720:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12508 comm="syz.5.1900" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  308.771954][   T39] audit: type=1326 audit(1734753053.720:1185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12508 comm="syz.5.1900" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  308.777861][   T39] audit: type=1326 audit(1734753053.720:1186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12508 comm="syz.5.1900" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  308.783395][   T39] audit: type=1326 audit(1734753053.720:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12508 comm="syz.5.1900" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  308.860500][T12511] ieee802154 phy1 wpan1: encryption failed: -22
[  309.143696][T12513] »»»»»» speed is unknown, defaulting to 1000
[  309.178429][ T5999] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  309.180521][ T5999] plantronics 0003:047F:FFFF.0022: No inputs registered, leaving
[  309.202449][T12513] »»»»»» speed is unknown, defaulting to 1000
[  309.236023][ T5999] plantronics 0003:047F:FFFF.0022: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  309.239965][ T5999] usb 7-1: USB disconnect, device number 22
[  310.631556][T12542] ieee802154 phy1 wpan1: encryption failed: -22
[  310.781110][ T5999] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  310.963984][ T5999] usb 7-1: Using ep0 maxpacket: 16
[  310.968425][ T5999] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  310.972493][ T5999] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  310.976303][ T5999] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  310.980951][ T5999] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00
[  310.984620][ T5999] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.990477][ T5999] usb 7-1: config 0 descriptor??
[  311.238173][T12554] ieee802154 phy1 wpan1: encryption failed: -22
[  311.478780][ T5999] input: HID 0955:7214 Haptics as /devices/virtual/input/input39
[  311.493781][ T5999] shield 0003:0955:7214.0023: Registered Thunderstrike controller
[  311.504225][ T5999] shield 0003:0955:7214.0023: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0
[  312.595112][ T1335] shield 0003:0955:7214.0023: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  312.603970][ T1335] shield 0003:0955:7214.0023: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  312.607784][ T1335] shield 0003:0955:7214.0023: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  312.611518][ T1335] shield 0003:0955:7214.0023: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  313.063097][T12572] netlink: 'syz.5.1919': attribute type 3 has an invalid length.
[  313.065742][T12572] netlink: 'syz.5.1919': attribute type 3 has an invalid length.
[  313.067879][T12572] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1919'.
[  313.452081][    T9] usb 7-1: USB disconnect, device number 23
[  313.857916][T12589] ieee802154 phy1 wpan1: encryption failed: -22
[  314.123003][   T39] kauditd_printk_skb: 30 callbacks suppressed
[  314.123016][   T39] audit: type=1326 audit(1734753059.100:1218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12585 comm="syz.2.1924" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  314.130687][   T39] audit: type=1326 audit(1734753059.110:1219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12585 comm="syz.2.1924" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  314.234113][   T39] audit: type=1326 audit(1734753059.210:1220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12592 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  314.242644][   T39] audit: type=1326 audit(1734753059.220:1221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12592 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  314.253288][   T39] audit: type=1326 audit(1734753059.220:1222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12592 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf709e579 code=0x7ffc0000
[  314.261375][   T39] audit: type=1326 audit(1734753059.220:1223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12592 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  314.272889][   T39] audit: type=1326 audit(1734753059.220:1224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12592 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  314.279752][   T39] audit: type=1326 audit(1734753059.220:1225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12592 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf709e579 code=0x7ffc0000
[  314.285910][   T39] audit: type=1326 audit(1734753059.230:1226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12592 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  314.293026][   T39] audit: type=1326 audit(1734753059.230:1227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12592 comm="syz.2.1926" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  314.380082][T12595] ieee802154 phy1 wpan1: encryption failed: -22
[  316.274325][T12607] FAULT_INJECTION: forcing a failure.
[  316.274325][T12607] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  316.277868][T12607] CPU: 3 UID: 0 PID: 12607 Comm: syz.2.1930 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  316.281535][T12607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  316.285199][T12607] Call Trace:
[  316.286385][T12607]  <TASK>
[  316.287447][T12607]  dump_stack_lvl+0x16c/0x1f0
[  316.289109][T12607]  should_fail_ex+0x497/0x5b0
[  316.290756][T12607]  _copy_from_iter+0x29b/0x1400
[  316.292490][T12607]  ? trace_lock_acquire+0x14e/0x1f0
[  316.294326][T12607]  ? __alloc_skb+0x200/0x380
[  316.295975][T12607]  ? __pfx__copy_from_iter+0x10/0x10
[  316.297839][T12607]  ? __virt_addr_valid+0x1a4/0x590
[  316.299665][T12607]  ? __virt_addr_valid+0x5e/0x590
[  316.301433][T12607]  ? __phys_addr_symbol+0x30/0x80
[  316.303214][T12607]  ? __check_object_size+0x488/0x710
[  316.305130][T12607]  netlink_sendmsg+0x813/0xd70
[  316.306854][T12607]  ? __pfx_netlink_sendmsg+0x10/0x10
[  316.308767][T12607]  ____sys_sendmsg+0x9ae/0xb40
[  316.310478][T12607]  ? __pfx_____sys_sendmsg+0x10/0x10
[  316.312352][T12607]  ? get_compat_msghdr+0x11b/0x170
[  316.314171][T12607]  ___sys_sendmsg+0x135/0x1e0
[  316.315850][T12607]  ? __pfx____sys_sendmsg+0x10/0x10
[  316.317720][T12607]  ? __pfx_lock_release+0x10/0x10
[  316.319512][T12607]  ? trace_lock_acquire+0x14e/0x1f0
[  316.321446][T12607]  ? __fget_files+0x206/0x3a0
[  316.323115][T12607]  __sys_sendmsg+0x16e/0x220
[  316.324771][T12607]  ? __pfx___sys_sendmsg+0x10/0x10
[  316.326602][T12607]  __do_fast_syscall_32+0x73/0x120
[  316.328420][T12607]  do_fast_syscall_32+0x32/0x80
[  316.330144][T12607]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  316.332357][T12607] RIP: 0023:0xf709e579
[  316.333812][T12607] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  316.340486][T12607] RSP: 002b:00000000f509055c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  316.343398][T12607] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020004bc0
[  316.346169][T12607] RDX: 0000000000044084 RSI: 0000000000000000 RDI: 0000000000000000
[  316.348932][T12607] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  316.351698][T12607] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  316.354468][T12607] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  316.357258][T12607]  </TASK>
[  316.486706][ T1412] ieee802154 phy1 wpan1: encryption failed: -22
[  316.735842][T12620] ieee802154 phy1 wpan1: encryption failed: -22
[  316.916271][T12622] vlan2: entered promiscuous mode
[  316.919205][T12622] team0: Device vlan2 is already an upper device of the team interface
[  317.053791][T12629] ieee802154 phy1 wpan1: encryption failed: -22
[  317.754001][ T5948] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  317.903979][ T5948] usb 9-1: Using ep0 maxpacket: 8
[  317.910024][ T5948] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  317.912929][ T5948] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1040, setting to 1024
[  317.915795][ T5948] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  317.918418][ T5948] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  317.920969][ T5948] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  317.928913][ T5948] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  317.928928][ T5948] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  317.928983][ T5948] usb 9-1: Product: syz
[  317.928991][ T5948] usb 9-1: Manufacturer: syz
[  317.928999][ T5948] usb 9-1: SerialNumber: syz
[  317.945965][T12652] netlink: 'syz.3.1945': attribute type 3 has an invalid length.
[  317.948044][T12652] netlink: 'syz.3.1945': attribute type 3 has an invalid length.
[  317.950896][T12652] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1945'.
[  318.086165][T12653] netlink: 'syz.2.1944': attribute type 7 has an invalid length.
[  318.088192][T12653] netlink: 212424 bytes leftover after parsing attributes in process `syz.2.1944'.
[  318.098075][   T35] kernel write not supported for file /snd/midiC2D0 (pid: 35 comm: kworker/3:0)
[  318.164055][ T5948] cdc_ncm 9-1:1.0: bind() failure
[  318.166985][ T5948] cdc_ncm 9-1:1.1: CDC Union missing and no IAD found
[  318.168817][ T5948] cdc_ncm 9-1:1.1: bind() failure
[  318.181142][ T5948] usb 9-1: USB disconnect, device number 18
[  318.347790][T12655] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1946'.
[  318.500431][T12659] ieee802154 phy1 wpan1: encryption failed: -22
[  318.755271][T12663] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1949'.
[  318.863453][T12669] netlink: 'syz.2.1952': attribute type 2 has an invalid length.
[  318.866129][T12669] netlink: 'syz.2.1952': attribute type 1 has an invalid length.
[  318.867600][T12671] ip6t_srh: unknown srh invflags 85DA
[  318.976244][T12683] netlink: 'syz.4.1957': attribute type 1 has an invalid length.
[  318.989082][T12683] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1957'.
[  319.284407][   T39] kauditd_printk_skb: 34 callbacks suppressed
[  319.284418][   T39] audit: type=1326 audit(1734753064.270:1262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.4.1958" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  319.304617][   T39] audit: type=1326 audit(1734753064.270:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.4.1958" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  319.346565][   T39] audit: type=1326 audit(1734753064.280:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.4.1958" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  319.374031][   T39] audit: type=1326 audit(1734753064.280:1265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.4.1958" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  319.379658][   T39] audit: type=1326 audit(1734753064.280:1266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.4.1958" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  319.405920][   T39] audit: type=1326 audit(1734753064.280:1267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.4.1958" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  319.424568][   T39] audit: type=1326 audit(1734753064.280:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.4.1958" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  319.484008][   T39] audit: type=1326 audit(1734753064.280:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.4.1958" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  319.489563][   T39] audit: type=1326 audit(1734753064.280:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.4.1958" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  319.495393][   T39] audit: type=1326 audit(1734753064.280:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.4.1958" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  319.863928][    T9] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  320.015449][    T9] usb 7-1: config 0 has no interfaces?
[  320.016994][    T9] usb 7-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  320.019355][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.031071][    T9] usb 7-1: config 0 descriptor??
[  320.172427][T12693] »»»»»» speed is unknown, defaulting to 1000
[  320.207921][T12693] »»»»»» speed is unknown, defaulting to 1000
[  320.349688][T12685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  320.358991][T12685] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  320.654328][T12711] FAULT_INJECTION: forcing a failure.
[  320.654328][T12711] name failslab, interval 1, probability 0, space 0, times 0
[  320.657658][T12711] CPU: 3 UID: 0 PID: 12711 Comm: syz.3.1963 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  320.660406][T12711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  320.663062][T12711] Call Trace:
[  320.664055][T12711]  <TASK>
[  320.664908][T12711]  dump_stack_lvl+0x16c/0x1f0
[  320.666144][T12711]  should_fail_ex+0x497/0x5b0
[  320.667370][T12711]  should_failslab+0xc2/0x120
[  320.668610][T12711]  kmem_cache_alloc_noprof+0x6e/0x3b0
[  320.669977][T12711]  ? skb_clone+0x190/0x3f0
[  320.671136][T12711]  skb_clone+0x190/0x3f0
[  320.672251][T12711]  can_send+0x5d2/0xc10
[  320.673356][T12711]  ? __pfx_can_send+0x10/0x10
[  320.674586][T12711]  ? isotp_fill_dataframe+0x369/0x5b0
[  320.676001][T12711]  isotp_sendmsg+0xe14/0x1da0
[  320.677244][T12711]  ? __pfx_isotp_sendmsg+0x10/0x10
[  320.678777][T12711]  ? __pfx_aa_sk_perm+0x10/0x10
[  320.680074][T12711]  ? rcu_is_watching+0x12/0xc0
[  320.681320][T12711]  ? trace_contention_end+0xee/0x140
[  320.682690][T12711]  sock_sendmsg+0x369/0x410
[  320.683893][T12711]  ? __pfx_sock_sendmsg+0x10/0x10
[  320.685218][T12711]  splice_to_socket+0xaac/0x1040
[  320.686506][T12711]  ? __pfx_splice_to_socket+0x10/0x10
[  320.687922][T12711]  ? apparmor_file_permission+0x251/0x400
[  320.689415][T12711]  ? bpf_lsm_file_permission+0x9/0x10
[  320.690814][T12711]  ? security_file_permission+0x71/0x210
[  320.692286][T12711]  ? __pfx_splice_to_socket+0x10/0x10
[  320.693682][T12711]  do_splice+0x145c/0x1f60
[  320.694865][T12711]  ? __pfx_do_splice+0x10/0x10
[  320.696119][T12711]  ? __pfx_pipe_clear_nowait+0x10/0x10
[  320.697536][T12711]  ? __pfx_lock_release+0x10/0x10
[  320.698869][T12711]  ? trace_lock_acquire+0x14e/0x1f0
[  320.700235][T12711]  __do_splice+0x327/0x360
[  320.701411][T12711]  ? __pfx___do_splice+0x10/0x10
[  320.702785][T12711]  ? __fget_files+0x206/0x3a0
[  320.704022][T12711]  __ia32_sys_splice+0x189/0x250
[  320.705339][T12711]  __do_fast_syscall_32+0x73/0x120
[  320.706670][T12711]  do_fast_syscall_32+0x32/0x80
[  320.707960][T12711]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  320.709615][T12711] RIP: 0023:0xf70ee579
[  320.710680][T12711] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  320.715798][T12711] RSP: 002b:00000000f50e055c EFLAGS: 00000296 ORIG_RAX: 0000000000000139
[  320.717962][T12711] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  320.720030][T12711] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 000000000004ffe0
[  320.722075][T12711] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  320.724175][T12711] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  320.726208][T12711] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  320.728254][T12711]  </TASK>
[  320.729108][    C3] vkms_vblank_simulate: vblank timer overrun
[  320.731464][T12711] can-isotp: isotp_sendmsg: can_send_ret -ENOMEM
[  321.034162][T12724] »»»»»» speed is unknown, defaulting to 1000
[  321.086135][   T35] usb 7-1: USB disconnect, device number 24
[  321.125307][    C3] ata1: illegal qc_active transition (00000000->00000100)
[  321.198969][T12724] »»»»»» speed is unknown, defaulting to 1000
[  321.453484][ T1104] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[  321.457519][ T1104] ata1.00: configured for UDMA/100
[  321.901247][T12741] netlink: 'syz.2.1971': attribute type 3 has an invalid length.
[  321.903449][T12741] netlink: 'syz.2.1971': attribute type 3 has an invalid length.
[  321.906480][T12741] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1971'.
[  322.022603][ T5982] IPVS: starting estimator thread 0...
[  322.124109][T12744] IPVS: using max 38 ests per chain, 91200 per kthread
[  324.308633][T12786] netlink: 'syz.5.1985': attribute type 3 has an invalid length.
[  324.310975][T12786] netlink: 'syz.5.1985': attribute type 3 has an invalid length.
[  324.313246][T12786] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1985'.
[  324.494092][    T9] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  324.737230][    T9] usb 9-1: config 0 has no interfaces?
[  324.738850][    T9] usb 9-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  324.742231][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.904144][   T62] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  324.925950][    T9] usb 9-1: config 0 descriptor??
[  325.055302][   T62] usb 8-1: New USB device found, idVendor=79cc, idProduct=980d, bcdDevice=b6.8e
[  325.057794][   T62] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.062065][   T62] usb 8-1: config 0 descriptor??
[  325.064383][   T62] usb-storage 8-1:0.0: USB Mass Storage device detected
[  325.202135][T12763] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  325.204041][ T5982] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  325.205578][T12763] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  325.355988][ T5982] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  325.359240][ T5982] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  325.362790][ T5982] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  325.367150][ T5982] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  325.369838][ T5982] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.373257][ T5982] usb 10-1: config 0 descriptor??
[  325.479814][    T9] usb 9-1: USB disconnect, device number 19
[  325.779877][ T5982] usbhid 10-1:0.0: can't add hid device: -71
[  325.781544][ T5982] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  325.788298][ T5982] usb 10-1: USB disconnect, device number 12
[  325.808888][   T62] usb 8-1: USB disconnect, device number 24
[  325.918153][   T39] kauditd_printk_skb: 13 callbacks suppressed
[  325.918164][   T39] audit: type=1326 audit(1734753070.900:1285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12816 comm="syz.3.1994" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  325.925795][   T39] audit: type=1326 audit(1734753070.900:1286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12816 comm="syz.3.1994" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  325.931945][   T39] audit: type=1326 audit(1734753070.910:1287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12816 comm="syz.3.1994" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  325.939870][   T39] audit: type=1326 audit(1734753070.910:1288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12816 comm="syz.3.1994" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  325.947852][   T39] audit: type=1326 audit(1734753070.910:1289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12816 comm="syz.3.1994" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  325.953539][   T39] audit: type=1326 audit(1734753070.910:1290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12816 comm="syz.3.1994" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  325.959818][   T39] audit: type=1326 audit(1734753070.910:1291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12816 comm="syz.3.1994" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  325.965684][   T39] audit: type=1326 audit(1734753070.910:1292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12816 comm="syz.3.1994" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  325.971246][   T39] audit: type=1326 audit(1734753070.910:1293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12816 comm="syz.3.1994" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  325.976878][   T39] audit: type=1326 audit(1734753070.910:1294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12816 comm="syz.3.1994" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[  326.118658][T12821] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1995'.
[  326.679882][T12835] netlink: 'syz.5.2000': attribute type 1 has an invalid length.
[  327.514108][ T5999] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  327.666523][ T5999] usb 7-1: config 0 has no interfaces?
[  327.668357][ T5999] usb 7-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  327.670765][ T5999] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  327.865886][ T5999] usb 7-1: config 0 descriptor??
[  328.139025][T12854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  328.142293][T12854] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  328.174214][    T9] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  328.325535][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  328.328317][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  328.330748][    T9] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  328.334459][    T9] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  328.336762][    T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.344373][    T9] usb 8-1: config 0 descriptor??
[  328.846677][T12865] netlink: 'syz.5.2008': attribute type 3 has an invalid length.
[  328.848827][T12865] netlink: 'syz.5.2008': attribute type 3 has an invalid length.
[  328.851964][T12865] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2008'.
[  328.946721][    T9] usbhid 8-1:0.0: can't add hid device: -71
[  328.948852][    T9] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  328.958883][    T9] usb 8-1: USB disconnect, device number 25
[  329.046401][   T62] usb 7-1: USB disconnect, device number 25
[  329.304326][    C3] IPv4: Oversized IP packet from 172.20.20.24
[  329.306552][    C3] IPv4: Oversized IP packet from 172.20.20.24
[  329.481116][T12886] ieee802154 phy1 wpan1: encryption failed: -22
[  329.626181][T12890] ieee802154 phy1 wpan1: encryption failed: -22
[  329.934984][T12896] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  329.964341][    T9] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  330.122723][T12896] 8021q: adding VLAN 0 to HW filter on device bond0
[  330.163952][    T9] usb 10-1: Using ep0 maxpacket: 16
[  330.167253][    T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  330.171024][    T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  330.174492][    T9] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  330.178543][    T9] usb 10-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00
[  330.181646][    T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.185784][    T9] usb 10-1: config 0 descriptor??
[  330.494405][   T62] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  330.640278][    T9] input: HID 0955:7214 Haptics as /devices/virtual/input/input40
[  330.648930][    T9] shield 0003:0955:7214.0024: Registered Thunderstrike controller
[  330.655308][   T62] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  330.657125][    T9] shield 0003:0955:7214.0024: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.5-1/input0
[  330.658698][   T62] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  330.658719][   T62] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  330.669952][   T62] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  330.672282][   T62] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.678763][   T62] usb 8-1: config 0 descriptor??
[  330.898895][ T6002] shield 0003:0955:7214.0024: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  330.903193][ T6002] shield 0003:0955:7214.0024: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  330.903411][ T6002] shield 0003:0955:7214.0024: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  330.903469][ T1449] usb 10-1: USB disconnect, device number 13
[  330.903646][ T6002] shield 0003:0955:7214.0024: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  330.949300][   T39] kauditd_printk_skb: 32 callbacks suppressed
[  330.949310][   T39] audit: type=1326 audit(1734753075.930:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12913 comm="syz.4.2024" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  330.958285][   T39] audit: type=1326 audit(1734753075.930:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12913 comm="syz.4.2024" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  330.963979][   T39] audit: type=1326 audit(1734753075.930:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12913 comm="syz.4.2024" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  330.969633][   T39] audit: type=1326 audit(1734753075.930:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12913 comm="syz.4.2024" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  330.978529][   T39] audit: type=1326 audit(1734753075.930:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12913 comm="syz.4.2024" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  330.984803][   T39] audit: type=1326 audit(1734753075.940:1332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12913 comm="syz.4.2024" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  330.990544][   T39] audit: type=1326 audit(1734753075.940:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12913 comm="syz.4.2024" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  330.996469][   T39] audit: type=1326 audit(1734753075.940:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12913 comm="syz.4.2024" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  331.002124][   T39] audit: type=1326 audit(1734753075.940:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12913 comm="syz.4.2024" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  331.008210][   T39] audit: type=1326 audit(1734753075.940:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12913 comm="syz.4.2024" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  331.073246][T12916] ieee802154 phy1 wpan1: encryption failed: -22
[  331.093689][   T62] usbhid 8-1:0.0: can't add hid device: -71
[  331.095544][   T62] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  331.107881][   T62] usb 8-1: USB disconnect, device number 26
[  331.607748][ T1449] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[  331.944170][ T1449] usb 9-1: config 0 has no interfaces?
[  331.945577][ T1449] usb 9-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  331.947809][ T1449] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.951763][ T1449] usb 9-1: config 0 descriptor??
[  332.293967][T12924] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  332.298531][T12924] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.457454][T12944] ieee802154 phy1 wpan1: encryption failed: -22
[  332.655182][T12950] »»»»»» speed is unknown, defaulting to 1000
[  332.665384][T12952] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2037'.
[  332.698739][T12950] »»»»»» speed is unknown, defaulting to 1000
[  332.756016][T12956] netlink: 'syz.3.2038': attribute type 16 has an invalid length.
[  332.758275][T12956] netlink: 'syz.3.2038': attribute type 3 has an invalid length.
[  332.760597][T12956] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2038'.
[  332.765783][T12956] ubi0: attaching mtd0
[  332.768487][T12956] ubi0: scanning is finished
[  332.770052][T12956] ubi0: empty MTD device detected
[  332.879654][ T1449] usb 9-1: USB disconnect, device number 20
[  332.898132][T12956] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  332.900121][T12956] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  332.901979][T12956] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  332.903805][T12956] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  332.906198][T12956] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  332.907976][T12956] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  332.910011][T12956] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1780708546
[  332.912565][T12956] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  332.916676][T12961] ubi0: background thread "ubi_bgt0d" started, PID 12961
[  332.933307][T12964] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2040'.
[  333.019642][T12965] wireguard0: entered promiscuous mode
[  333.023602][T12965] wireguard0: entered allmulticast mode
[  333.654388][T12976] xt_HMARK: proto mask must be zero with L3 mode
[  333.742934][T12982] ieee802154 phy1 wpan1: encryption failed: -22
[  333.761587][T12981] »»»»»» speed is unknown, defaulting to 1000
[  333.884935][T12981] »»»»»» speed is unknown, defaulting to 1000
[  334.604350][ T1449] usb 9-1: new high-speed USB device number 21 using dummy_hcd
[  334.614510][ T5979] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  334.775856][ T1449] usb 9-1: config 0 has no interfaces?
[  334.777646][ T1449] usb 9-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  334.780363][ T1449] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.783998][ T5979] usb 8-1: Using ep0 maxpacket: 16
[  334.795782][ T5979] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  334.798359][ T1449] usb 9-1: config 0 descriptor??
[  334.814777][ T5979] usb 8-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  334.824021][ T5979] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.826901][ T5979] usb 8-1: Product: syz
[  334.828389][ T5979] usb 8-1: Manufacturer: syz
[  334.830052][ T5979] usb 8-1: SerialNumber: syz
[  334.838436][ T5979] usb 8-1: config 0 descriptor??
[  334.845389][ T5979] hub 8-1:0.0: bad descriptor, ignoring hub
[  334.847398][ T5979] hub 8-1:0.0: probe with driver hub failed with error -5
[  334.851533][ T5979] input: syz syz as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input41
[  335.072833][T13002] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  335.075277][T13002] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  335.110960][ T6002] usb 9-1: USB disconnect, device number 21
[  335.364186][ T5979] usb 8-1: USB disconnect, device number 27
[  335.407211][T13019] ieee802154 phy1 wpan1: encryption failed: -22
[  335.873989][ T5948] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[  336.033945][ T5948] usb 10-1: Using ep0 maxpacket: 16
[  336.036765][ T5948] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  336.039689][ T5948] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  336.042809][ T5948] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  336.047271][ T5948] usb 10-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00
[  336.050014][ T5948] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.054633][ T5948] usb 10-1: config 0 descriptor??
[  336.084039][ T1449] usb 9-1: new high-speed USB device number 22 using dummy_hcd
[  336.250640][   T39] kauditd_printk_skb: 69 callbacks suppressed
[  336.250656][   T39] audit: type=1800 audit(1734753081.230:1406): pid=13022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2058" name="/" dev="fuse" ino=0 res=0 errno=0
[  336.462425][ T1449] usb 9-1: Using ep0 maxpacket: 16
[  336.694345][ T1449] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  336.696222][ T5948] input: HID 0955:7214 Haptics as /devices/virtual/input/input42
[  336.698070][ T1449] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  336.730228][ T5948] shield 0003:0955:7214.0025: Registered Thunderstrike controller
[  336.735246][ T5948] shield 0003:0955:7214.0025: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.5-1/input0
[  336.752699][ T1449] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  336.792861][ T1449] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00
[  336.802634][ T1449] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.992813][ T5999] usb 10-1: USB disconnect, device number 14
[  336.993832][ T1449] usb 9-1: config 0 descriptor??
[  336.996946][ T1335] thermal thermal_zone0: Temperature check failed (-19)
[  336.999757][ T5948] shield 0003:0955:7214.0025: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  337.002512][ T5948] shield 0003:0955:7214.0025: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  337.021445][ T5948] shield 0003:0955:7214.0025: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  337.024466][ T5948] shield 0003:0955:7214.0025: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  337.475156][ T1449] input: HID 0955:7214 Haptics as /devices/virtual/input/input44
[  337.480441][ T1449] shield 0003:0955:7214.0026: Registered Thunderstrike controller
[  337.482513][ T1449] shield 0003:0955:7214.0026: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0
[  337.675902][ T6002] shield 0003:0955:7214.0026: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  337.678880][ T6002] shield 0003:0955:7214.0026: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  337.681835][ T6002] shield 0003:0955:7214.0026: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  337.684967][ T6002] shield 0003:0955:7214.0026: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  337.693294][    T9] usb 9-1: USB disconnect, device number 22
[  338.006181][   T39] audit: type=1326 audit(1734753082.990:1407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13051 comm="syz.5.2067" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  338.013954][   T39] audit: type=1326 audit(1734753082.990:1408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13051 comm="syz.5.2067" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  338.024118][   T39] audit: type=1326 audit(1734753082.990:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13051 comm="syz.5.2067" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  338.030004][   T39] audit: type=1326 audit(1734753082.990:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13051 comm="syz.5.2067" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  338.036148][   T39] audit: type=1326 audit(1734753082.990:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13051 comm="syz.5.2067" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  338.047765][   T39] audit: type=1326 audit(1734753082.990:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13051 comm="syz.5.2067" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  338.053689][   T39] audit: type=1326 audit(1734753082.990:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13051 comm="syz.5.2067" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  338.060155][   T39] audit: type=1326 audit(1734753082.990:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13051 comm="syz.5.2067" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  338.074333][   T39] audit: type=1326 audit(1734753082.990:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13051 comm="syz.5.2067" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f20579 code=0x7ffc0000
[  338.137387][T13056] ieee802154 phy1 wpan1: encryption failed: -22
[  338.864009][ T6002] usb 10-1: new high-speed USB device number 15 using dummy_hcd
[  339.021417][T13072] FAULT_INJECTION: forcing a failure.
[  339.021417][T13072] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  339.032138][T13072] CPU: 2 UID: 0 PID: 13072 Comm: syz.2.2072 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  339.036016][T13072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  339.039837][T13072] Call Trace:
[  339.040293][ T6002] usb 10-1: config 0 has no interfaces?
[  339.041056][T13072]  <TASK>
[  339.041090][T13072]  dump_stack_lvl+0x16c/0x1f0
[  339.041120][T13072]  should_fail_ex+0x497/0x5b0
[  339.047231][T13072]  _copy_from_user+0x2e/0xd0
[  339.048822][T13072]  kstrtouint_from_user+0xd7/0x1c0
[  339.050674][T13072]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  339.051363][ T6002] usb 10-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  339.052222][T13072]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  339.052238][T13072]  proc_fail_nth_write+0x84/0x250
[  339.052254][T13072]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  339.052267][T13072]  ? ksys_write+0x12b/0x250
[  339.052282][T13072]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  339.056177][ T6002] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.056974][T13072]  vfs_write+0x24c/0x1150
[  339.056990][T13072]  ? __fget_files+0x1fc/0x3a0
[  339.057002][T13072]  ? __pfx___mutex_lock+0x10/0x10
[  339.057016][T13072]  ? __pfx_vfs_write+0x10/0x10
[  339.057031][T13072]  ? __fget_files+0x206/0x3a0
[  339.071121][T13072]  ksys_write+0x12b/0x250
[  339.072176][T13072]  ? __pfx_ksys_write+0x10/0x10
[  339.073414][T13072]  __do_fast_syscall_32+0x73/0x120
[  339.074751][T13072]  do_fast_syscall_32+0x32/0x80
[  339.076044][T13072]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  339.077652][T13072] RIP: 0023:0xf709e579
[  339.078662][T13072] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  339.083282][T13072] RSP: 002b:00000000f5090590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  339.085410][T13072] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5090620
[  339.087333][T13072] RDX: 0000000000000001 RSI: 00000000f73d3ff4 RDI: 0000000000000000
[  339.089332][T13072] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  339.091293][T13072] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  339.093264][T13072] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  339.095315][T13072]  </TASK>
[  339.108640][ T6002] usb 10-1: config 0 descriptor??
[  339.152322][T13079] »»»»»» speed is unknown, defaulting to 1000
[  339.190136][T13079] »»»»»» speed is unknown, defaulting to 1000
[  339.438155][T13063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  339.442218][T13063] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  339.642185][ T5979] usb 10-1: USB disconnect, device number 15
[  339.660888][T13094] netlink: 'syz.4.2077': attribute type 3 has an invalid length.
[  339.663281][T13094] netlink: 'syz.4.2077': attribute type 3 has an invalid length.
[  339.666476][T13094] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2077'.
[  339.781169][T13096] ieee802154 phy1 wpan1: encryption failed: -22
[  340.747663][T13112] »»»»»» speed is unknown, defaulting to 1000
[  340.781400][T13112] »»»»»» speed is unknown, defaulting to 1000
[  341.576585][   T39] kauditd_printk_skb: 87 callbacks suppressed
[  341.576600][   T39] audit: type=1326 audit(1734753086.570:1503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13129 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  341.587662][T13122] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2088'.
[  341.589753][   T39] audit: type=1326 audit(1734753086.570:1504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13129 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  341.599348][   T39] audit: type=1326 audit(1734753086.580:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13129 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  341.614001][   T39] audit: type=1326 audit(1734753086.590:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13129 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  341.622903][   T39] audit: type=1326 audit(1734753086.590:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13129 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  341.629811][   T39] audit: type=1326 audit(1734753086.590:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13129 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  341.639333][   T39] audit: type=1326 audit(1734753086.590:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13129 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  341.647756][   T39] audit: type=1326 audit(1734753086.590:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13129 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  341.658656][   T39] audit: type=1326 audit(1734753086.600:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13129 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  341.665017][   T39] audit: type=1326 audit(1734753086.600:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13129 comm="syz.4.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x7ffc0000
[  341.754527][T13136] ieee802154 phy1 wpan1: encryption failed: -22
[  341.913310][T13150] »»»»»» speed is unknown, defaulting to 1000
[  341.953006][T13150] »»»»»» speed is unknown, defaulting to 1000
[  342.144028][ T5948] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  342.317723][T13154] 
[  342.318330][T13154] =============================
[  342.319534][T13154] [ BUG: Invalid wait context ]
[  342.320741][T13154] 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 Not tainted
[  342.322782][T13154] -----------------------------
[  342.325165][T13154] syz.5.2097/13154 is trying to lock:
[  342.326457][T13154] ffff888021ebef18 (&sighand->siglock){-.-.}-{3:3}, at: __lock_task_sighand+0xc2/0x340
[  342.328908][T13154] other info that might help us debug this:
[  342.330604][T13154] context-{5:5}
[  342.331491][T13154] 4 locks held by syz.5.2097/13154:
[  342.332789][T13154]  #0: ffff8880225b60a8 (&ctx->uring_lock){+.+.}-{4:4}, at: __do_sys_io_uring_enter+0xd38/0x1620
[  342.335437][T13154]  #1: ffff88805adee928 (&acct->lock){+.+.}-{2:2}, at: io_wq_enqueue+0x20a/0xb30
[  342.337683][T13154]  #2: ffffffff8ddbad40 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1c2/0x590
[  342.340122][T13154]  #3: ffffffff8ddbad40 (rcu_read_lock){....}-{1:3}, at: __lock_task_sighand+0x3f/0x340
[  342.342537][T13154] stack backtrace:
[  342.343599][T13154] CPU: 0 UID: 0 PID: 13154 Comm: syz.5.2097 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[  342.346261][T13154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  342.348895][T13154] Call Trace:
[  342.349776][T13154]  <TASK>
[  342.350576][T13154]  dump_stack_lvl+0x116/0x1f0
[  342.351852][T13154]  __lock_acquire+0x878/0x3c40
[  342.353088][T13154]  ? __pfx___lock_acquire+0x10/0x10
[  342.354347][T13154]  ? __pfx___lock_acquire+0x10/0x10
[  342.355687][T13154]  ? __pfx_mark_lock+0x10/0x10
[  342.356915][T13154]  lock_acquire.part.0+0x11b/0x380
[  342.358242][T13154]  ? __lock_task_sighand+0xc2/0x340
[  342.359623][T13154]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  342.361472][T13154]  ? rcu_is_watching+0x12/0xc0
[  342.363132][T13154]  ? trace_lock_acquire+0x14e/0x1f0
[  342.364649][T13154]  ? trace_lock_acquire+0x14e/0x1f0
[  342.365957][T13154]  ? __lock_task_sighand+0xc2/0x340
[  342.367275][T13154]  ? lock_acquire+0x2f/0xb0
[  342.368428][T13154]  ? __lock_task_sighand+0xc2/0x340
[  342.369769][T13154]  _raw_spin_lock_irqsave+0x3a/0x60
[  342.371190][T13154]  ? __lock_task_sighand+0xc2/0x340
[  342.373000][T13154]  __lock_task_sighand+0xc2/0x340
[  342.374775][T13154]  group_send_sig_info+0x290/0x300
[  342.376568][T13154]  ? __pfx_group_send_sig_info+0x10/0x10
[  342.378521][T13154]  ? __pfx___lock_acquire+0x10/0x10
[  342.380312][T13154]  ? is_bpf_text_address+0x8a/0x1a0
[  342.382129][T13154]  ? __pfx_lock_release+0x10/0x10
[  342.383895][T13154]  bpf_send_signal_common+0x415/0x520
[  342.385401][T13154]  ? __pfx_bpf_send_signal_common+0x10/0x10
[  342.386920][T13154]  ? trace_lock_acquire+0x14e/0x1f0
[  342.388310][T13154]  ? unwind_get_return_address+0x59/0xa0
[  342.389748][T13154]  ? bpf_trace_run2+0x1c2/0x590
[  342.391019][T13154]  bpf_send_signal+0x1d/0x30
[  342.392205][T13154]  bpf_prog_631417f49dd64198+0x25/0x48
[  342.393616][T13154]  bpf_trace_run2+0x231/0x590
[  342.394815][T13154]  ? __pfx_bpf_trace_run2+0x10/0x10
[  342.396116][T13154]  ? hlock_class+0x4e/0x130
[  342.397276][T13154]  trace_contention_end.constprop.0+0xf0/0x170
[  342.398778][T13154]  __pv_queued_spin_lock_slowpath+0x27e/0xc90
[  342.400356][T13154]  ? io_prep_rw+0x250/0xb70
[  342.401541][T13154]  ? __do_fast_syscall_32+0x73/0x120
[  342.402890][T13154]  ? do_fast_syscall_32+0x32/0x80
[  342.404227][T13154]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  342.405901][T13154]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[  342.407644][T13154]  ? lock_acquire.part.0+0x11b/0x380
[  342.409029][T13154]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  342.410475][T13154]  do_raw_spin_lock+0x210/0x2c0
[  342.411735][T13154]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  342.413111][T13154]  ? lock_acquire+0x2f/0xb0
[  342.414305][T13154]  ? io_wq_enqueue+0x20a/0xb30
[  342.415559][T13154]  io_wq_enqueue+0x20a/0xb30
[  342.417247][T13154]  ? __pfx_io_wq_enqueue+0x10/0x10
[  342.419139][T13154]  ? __io_import_iovec+0x25f/0x5b0
[  342.420995][T13154]  ? __pfx_io_wq_work_match_item+0x10/0x10
[  342.422763][T13154]  ? io_prep_async_work+0x654/0x770
[  342.424133][T13154]  io_queue_iowq+0x232/0x4a0
[  342.425353][T13154]  io_queue_sqe_fallback+0xcd/0x9f0
[  342.426742][T13154]  ? io_prep_rw+0x565/0xb70
[  342.427902][T13154]  io_submit_sqes+0x15fe/0x25f0
[  342.429166][T13154]  __do_sys_io_uring_enter+0xd43/0x1620
[  342.430585][T13154]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  342.432108][T13154]  ? __ia32_sys_futex_time32+0x1da/0x460
[  342.433482][T13154]  ? __ia32_sys_futex_time32+0x2fd/0x460
[  342.434916][T13154]  ? xfd_validate_state+0x5d/0x180
[  342.436206][T13154]  ? rcu_is_watching+0x12/0xc0
[  342.437482][T13154]  __do_fast_syscall_32+0x73/0x120
[  342.438761][T13154]  do_fast_syscall_32+0x32/0x80
[  342.439940][T13154]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  342.441543][T13154] RIP: 0023:0xf7f20579
[  342.442555][T13154] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  342.448664][T13154] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  342.450798][T13154] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000005951
[  342.452900][T13154] RDX: 0000000000007a89 RSI: 0000000000000000 RDI: 0000000000000000
[  342.455377][T13154] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  342.458110][T13154] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  342.460830][T13154] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  342.463580][T13154]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  342.483941][ T5948] usb 7-1: Using ep0 maxpacket: 16
[  342.489965][ T5948] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  342.493104][ T5948] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  342.495713][ T5948] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  342.499060][ T5948] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00
[  342.501441][ T5948] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  342.514246][ T5948] usb 7-1: config 0 descriptor??
[  342.826628][T13157] syz_tun (unregistering): left promiscuous mode
[  342.839236][T13134] syz_tun (unregistering): left promiscuous mode
[  343.025362][ T5948] usbhid 7-1:0.0: can't add hid device: -71
[  343.027983][ T5948] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  343.033369][ T5948] usb 7-1: USB disconnect, device number 26
[  343.056812][  T100] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.165113][  T100] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.287566][  T100] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.425448][  T100] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.703235][  T100] bond0 (unregistering): Released all slaves
[  343.706308][  T100] bond1 (unregistering): Released all slaves
[  343.709205][  T100] bond2 (unregistering): Released all slaves
[  343.712083][  T100] bond3 (unregistering): Released all slaves
[  343.797312][  T100] tipc: Left network mode
[  344.005022][  T100] batadv_slave_1: left promiscuous mode
[  344.008586][  T100] hsr_slave_0: left promiscuous mode
[  344.010876][  T100] hsr_slave_1: left promiscuous mode
[  344.015224][  T100] veth1_macvtap: left promiscuous mode
[  344.017110][  T100] veth0_macvtap: left promiscuous mode
[  344.018861][  T100] veth1_vlan: left promiscuous mode
[  344.020753][  T100] veth0_vlan: left promiscuous mode
[  344.951153][  T100] IPVS: stop unused estimator thread 0...
[  345.000075][  T100] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.065403][  T100] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.125294][  T100] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.175955][  T100] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.479464][  T100] bond0 (unregistering): Released all slaves
[  345.482967][  T100] bond1 (unregistering): Released all slaves
[  345.488083][  T100] bond2 (unregistering): Released all slaves
[  345.492973][  T100] bond3 (unregistering): Released all slaves
[  345.741490][  T100] hsr_slave_0: left promiscuous mode
[  345.743741][  T100] hsr_slave_1: left promiscuous mode
[  345.749557][  T100] veth1_macvtap: left promiscuous mode
[  345.751064][  T100] veth0_macvtap: left promiscuous mode
[  345.752548][  T100] veth1_vlan: left promiscuous mode
[  345.754097][  T100] veth0_vlan: left promiscuous mode
[  346.778533][  T100] IPVS: stop unused estimator thread 0...

VM DIAGNOSIS:
03:42:54  Registers:
info registers vcpu 0

CPU#0
RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff85142730 RDI=ffffffff9a6672c0 RBP=ffffffff9a667280 RSP=ffffc9000053efe8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=ffffffff9a667280 R14=ffffffff9a6672d0 R15=0000000000000035
RIP=ffffffff85142757 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b400000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020086000 CR3=0000000000fc4000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000203b000000000 0000000c00000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=0000000000000003 RCX=1ffffffff203a2d2 RDX=ffff888025142440
RSI=ffffffff81484a34 RDI=ffffffff81484a21 RBP=ffff88805adee910 RSP=ffffc9002836fbe8
R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff901ce397 R11=0000000000000000
R12=0000000000000003 R13=0000000000000003 R14=ffff88802b53fc40 R15=ffffed100b5bdd22
RIP=ffffffff81484a36 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c3e8181 CR3=0000000000fc4000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000c400000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=dffffc0000000000 RBX=0000000000000001 RCX=ffffffff90acad60 RDX=0000000000000008
RSI=ffffc9000051f970 RDI=ffffc9000051f8d8 RBP=ffffc9000051f920 RSP=ffffc9000051f800
R8 =ffffffff90acad8a R9 =ffffffff90acad64 R10=ffffc9000051f8d8 R11=0000000000004017
R12=ffffc9000051f928 R13=ffffc9000051f8d8 R14=ffffc9000051f8e0 R15=ffffc9000051f970
RIP=ffffffff8148ec82 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7496188 CR3=000000005ff6c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000008800000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000005 RBX=000000001fcef653 RCX=ffff888040429690 RDX=ffffffff8180c8dd
RSI=000000000fae32cb RDI=00000000249f8e63 RBP=0000000000000001 RSP=ffffc900005cf9a8
R8 =ffffffff90a836a8 R9 =ffff88807eaf6530 R10=ffffc900005cf8d8 R11=0000000000000b8f
R12=0000000000000000 R13=ffffc900005cfa08 R14=000000000000000c R15=000000000000000c
RIP=ffffffff84c7fa54 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7180360 CR3=00000000495aa000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fefec100 Opmask01=000000004480007f Opmask02=00000000fffeff7f Opmask03=0008004000040442
Opmask04=00000000ffffffdf Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 003d45444f4d5645 44003d524f4e494d
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd3790eaa0 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 00ff000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7343734042034373 431e161e035c1810
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1c1f115c435d4316 10120300161e121d
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 722f766564752f62 696c2f7273752f00 534b4e494c564544 00454d414e564544
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d003d454d 414e564544003d58 45444e494649003d 4550595456454400
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d0018454d 414e564544001858 45444e4946490018 4550595456454400
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 34adf4208220f863 000000056068b91a 0000000000000131 00000000302e7465
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 303d4d554e535542 003031312f33362f 3032323d45505900 34373132323d4d00
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 75794d680a1a0014 457431746b7c7b79 75763270101e0845 6737445e5e184d3d
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7f7f7f6f7f7f5f5f 6f7f7f7f7f7f7f7f 777f777f7f7f7d7f 7f3f5f7f5e5d7f7f
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3b2433273f397b27 697a787c69303b7e 69305f474f5b647c 69303b2433273f39
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 36373132323d4d42 4e51005300745f67 646147203d454d20 4253433d52454249
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3030313232003336 003000310033362f 3032002031303d00 3437313232003000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000