last executing test programs:

3m36.700943677s ago: executing program 0 (id=643):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x4, @remote, 0xb}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fbdbdf25000000000800810070cd32486bfb7924468d4f07ff148d063538b20d27b9bd171513ea703123d18e7e484fcc5b2c375149a1a1501f8e6ce0472439e7632d96335c0a0be66a78cf8ebf5027c2b93bb538c3a9d6d9084e85f90999a948", @ANYRES32=0x0, @ANYBLOB="0800020000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000)
openat$cdrom(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet(0x2, 0x4000000000080001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10)
sync()
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@newtaction={0xa0, 0x30, 0x1, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_ct={0x40, 0x2, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_CT_ZONE={0x6, 0x4, 0x1}]}, {0xe, 0x6, "6ca32632937678dc1220"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x71d, 0xfffffffd}}}]}, {0x4}, {0xc, 0x7, {0x4e9b97d7b8a567c6}}, {0xc}}}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x8810}, 0x4011)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x181c82, 0x2)
fdatasync(r7)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x8100, 0x0)

3m35.40198874s ago: executing program 0 (id=652):
write$RDMA_USER_CM_CMD_NOTIFY(0xffffffffffffffff, &(0x7f0000000000)={0xf, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x8, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x499f, 0x0, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in=@remote, @in6=@dev={0xfe, 0x80, '\x00', 0x1a}, 0x40, 0x0, 0x3, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@broadcast, 0x0, 0x33}, 0x0, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x3, 0x1, 0x7}}, 0xe4)
sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x3f000000)

3m34.243361189s ago: executing program 0 (id=656):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000001000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r3}, 0x10)
set_mempolicy(0x4005, &(0x7f0000000080)=0x3, 0x2)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x200000a, 0x4c831, 0xffffffffffffffff, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket(0x11, 0x3, 0x0)
syz_emit_ethernet(0x108, &(0x7f0000000640)={@local, @empty, @val={@val={0x88a8, 0x6, 0x1, 0x2}, {0x8100, 0x6, 0x0, 0x1}}, {@llc={0x4, {@llc={0x143, 0xfc, "19", "d8bff457d9e8867822fcdafc2cae7e8db9adedb7f1f785dea1089277ca5308c264a60da9725b8753258921e9ac255e3edf453a58f314678793f44e266016f146fd35d8c0b59a383c0643a7bfd9b04daf1c48eba01e99db5126fc303aec3cef01be66b8ff99df4013ac4924e1d10853047491e578d019171a03c3bef3f17c44e0c485d1af40cec8782e1de7fd5e31b41b77b904745905b839e93d6c02f9afd7ccd765418ab7afe231162877e7806b4f6375ad3795fd153d1c8955a68ce317657c58afe7cb0b0aede7c20d4e9768632edf2508ee54dea95d97861158abe4444e1e862e5a32786e141b0ffb4bbc18a7dc"}}}}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000600)={'team0\x00', <r5=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x1000000, {0x0, 0x0, 0x12, r5, {0x0, 0x300}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4], [0x0, 0x0, 0x0, 0x0, 0xd645, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffff]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4, 0x3f}]}]}}]}, 0xa4}, 0x1, 0x7a00}, 0x4000000)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r6, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
sendto$inet(r6, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
unshare(0x40020000)

3m33.361671457s ago: executing program 0 (id=662):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYRES8=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e", 0x7)
r2 = accept4$alg(r1, 0x0, 0x0, 0x0)
read$alg(r2, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000f00)=[{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000004c0)="56306f8648dce05eb349d430f9828b4c8fa32d0ed7f0a9478fcc0f68a1ac5d864b0b96f19690213ceb3929edb3e533142f6c8a4bfec22bd9a440d2ade8bb8cd1de7a903bce2c5226180ab87365a7", 0x4e}, {&(0x7f0000000280)="a140744a191003222a6b31aa6baf697acff36b4ac8c2a283", 0x18}, {&(0x7f0000000540)="abb09272d06d32fa920c666e5af746c9464c04b4f35aeceda648c720800550fbe2bbd5a29de12eb57705017700a63158315cb9d84064a052c39bfe1f65b088f8e23e07d1", 0x44}, {&(0x7f00000005c0)="aa57130861a1e491f29553cc98cdef4faa70781a327a6d27fc2754e4", 0x1c}, {&(0x7f0000000680)="e2df454130f9e4d9e72f2d31ddde4158a9f852d4ac20af0ba70c2720b45663fee5137a3c5e9ed375125c94284ad36b6569cfc533b290fd5fff134f967fd7428db2807afceaf8025dbb9260ce", 0x4c}, {&(0x7f0000000600)="3d8b4abb133d7b26d53b70bb39a746ed5fe52317e133ae27023a310d", 0x1c}, {&(0x7f0000000900)="781ecdbcc4897cdf24b16b3df0ba056c95c25d8cd283ee29a056082b636951e8e62addeafbb8f0628a3994dd241505fbf8ba93527f4e050d4216967efd965d6697bfab369855547d8473bf6e3b449f9d2efc4aae9cc1cac8766a68ebee699ed8c1df642a0c957265b2a52810b6b1c19db3f2114e8b58fd51b583193155971f383f5d16d921efbbe39df27e0f4bfc2df38cfb13fb877f0191c3f6b571cdd4c0900960f6a5c1c2ae8c10e6092b7610934cab26f4d71216e916ad7e90625669b2736f94af5468511da7ec2a3ac60db78d9be722db28215c2b8623b1ebc2db638593aa4c1b907c6cf931c37332dd5d824c093ab48387b810cc", 0xf7}, {&(0x7f0000000a00)="efb6e18b1338b4daa5ff7f2f9aa13589819b50078fac2ae2a18af0476c03496331aa8cd3210aaaf8c32ef9bd5620a72ac8157d17be3819dbefe8e3d32fddce92efc1b7790254ae431c9994901ed6d37b661b3b6da75d5c164dfa81c074c7c5e2e709efa67158a8e5885e15dbe4bcc45b50b0204e79e9b9434e9f829614f1972ca3775e7238156dabc33aae33413f3a8830e8d3b04c79b87311354ec6367772a15d3b75c68c3e066771", 0xa9}, {&(0x7f0000000ac0)}], 0x9}, {0x0, 0x0, &(0x7f0000000bc0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1000000017010000040000000600000010000000170100000300000000000000b40000001701000002000000a2000000860cb456bbbfec447bdefb8027942ce682f290f6b5c211f96167bf9a9925edaa732eda48e970877d66853bf856dccc089ac89804df012e9c846e58320c656a1ca55d87a39e150495fc3e57f17e6589087a43cff58c0f9fcdff106c94762985049c81a110bf0ba1c0233640c4161b576a8ad1ae881cb3be7e6b8cfdbfdd092fefc663bb1a0cc6f467b3aebe6f59857c84d169a3a22bdc7f350ca2a89aa056f705cc2000000c0100001701000002000000fc000000a1b32c34c338a9427cc01f78059e55b2037463f0eb45cace92cfc182f53b9184a63e9db1b90a292fcd5c07853b43231eb1520af2225f99a54ab313b03dec2c864be8533830356dcfe8b97d681c553f5876a36a2463678d40e81f5e36c180e844ddb15d2e6eb7044e5f4a597637582d0f2fd02293411472f2c8f1675c497fcffc1c33c4b7ede4dc6ab4003d04ff66a6948aab17225acfea0b6d9b097a7a55c465b2af94799019fc931c9fcbaa07413479fa7a3511ec0395b4b2740c04c1a428b468ca1a625ee384cb9201ccbc0a42f03b12eb034a30ca412c992274b57320334abf066a626abb05a7aea552c2e57a180ed4de158d0958c8ccc8b7440d680000001701000002000000570000006637f2cfe6ff2446ab58ea202876c1a0892f16567fdeedccbaa3abf5cab77be9614fcc8dec29c6a0fa982e56d00b0677a769644c27e1ebdabdc17fdd0624184ebe1b7b3b3d01c8b45f"], 0x2fc, 0x20008010}], 0x2, 0x4005)
setrlimit(0xe, &(0x7f0000000180)={0x3, 0x8000})
bind$inet6(0xffffffffffffffff, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="3a15", 0x2, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty, 0x10}, 0x1c)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket(0x1e, 0x4, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x1c57, &(0x7f0000000300)={0x0, 0x40ac, 0x10000, 0x2, 0x3f, 0x0, r4}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3})
io_uring_enter(r5, 0x2def, 0x3ffd, 0x8, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
gettid()

3m32.287791486s ago: executing program 0 (id=668):
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x24)
mount$binder(0x0, &(0x7f0000000780)='./file0\x00', &(0x7f0000000680), 0x8001, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000600)='kfree\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffd}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a5"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74)
r1 = socket(0x10, 0x3, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r2, 0x80045017, &(0x7f00000021c0))
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x6)
bind$inet6(r3, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001d80)={0x18, 0x3, &(0x7f0000001c00)=ANY=[@ANYRES64=r2, @ANYRESDEC=0x0, @ANYRESOCT=r1, @ANYRES64=0x0, @ANYRESOCT=r3], &(0x7f00000000c0)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x6625000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000440)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=""/59, 0x3b}], 0x1}, 0x1}, {{&(0x7f0000000380)=@tipc=@id, 0x80, &(0x7f0000000940)=[{&(0x7f00000004c0)=""/237, 0xed}, {&(0x7f00000005c0)=""/29, 0x1d}, {&(0x7f00000006c0)=""/100, 0x64}, {&(0x7f0000001c80)=""/197, 0xc5}, {&(0x7f00000007c0)=""/114, 0x72}, {&(0x7f00000009c0)=""/4085, 0xff5}, {&(0x7f00000019c0)=""/197, 0xc5}, {&(0x7f0000001ac0)=""/165, 0xa5}, {&(0x7f0000001b80)=""/81, 0x51}, {&(0x7f0000000640)=""/14, 0xe}, {&(0x7f0000000900)=""/17, 0x11}], 0xb, &(0x7f0000002200)=""/4096, 0x1000}, 0x9}], 0x2, 0x2, 0x0)

3m31.303222558s ago: executing program 0 (id=672):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8e, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000001, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000001c0)={0x1, &(0x7f0000000000)=[{0x6, 0x3, 0x1, 0x7fff0001}]})
openat$btrfs_control(0xffffff9c, &(0x7f0000000140), 0x440, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000001480), 0x1, 0x0)
lseek(r7, 0x5, 0x2)
socket$inet6(0xa, 0x80002, 0x0)
syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)

3m16.259336929s ago: executing program 32 (id=672):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8e, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000001, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000001c0)={0x1, &(0x7f0000000000)=[{0x6, 0x3, 0x1, 0x7fff0001}]})
openat$btrfs_control(0xffffff9c, &(0x7f0000000140), 0x440, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000001480), 0x1, 0x0)
lseek(r7, 0x5, 0x2)
socket$inet6(0xa, 0x80002, 0x0)
syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)

6.421519689s ago: executing program 1 (id=1714):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)=ANY=[@ANYBLOB="140000001000010000000000000000000000000aec000000000a01020000000000000000050000020900010073797a300000000008000240000000023c0006e808cf7384552f120183af56c4b2b79056586784bdcd8587885c60e5aa03d08d86c3f3fb99dac62aecd67dae229b4fb1f5e5cc1fdb5a5790010c00044000000000000000027300060019b59eb8f88251e50df3a7832fa66219e3adfb6f7f9e540e5d75f5287b5e577d484288d63bf01771d1421e03c82f09584c5fccf3c638eda875b512ced355af6eac1595e41486cd23fbd7165585760593db53e7aaf06ae70b4224d1c9d423d0daa28bf927198015adbbcc6fd9c1e56000080002400000000314000000110001000000000000"], 0x114}, 0x1, 0x0, 0x0, 0x8004}, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000740)={r1, 0x58, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000f80)=[{{&(0x7f0000000100)={0x2, 0x4e23, @multicast1}, 0x10, &(0x7f0000000500)=[{&(0x7f00000001c0)="55b7b7fa643626d410a9c01052e31898b6a0d145936cc4122200fca78385c8a8e5bedf9124ef0ba3d01b0c2d620529ad07d8c45f517d0fff36b523eceeac02adb3", 0x41}, {&(0x7f0000000240)="341c47d52e56f1234d64f934b7448846067a859bdd654f58a21be8310a1d636e1d6d8e42fe088fa4b99aba8ddad0335d70783df777c5ec80932cf9c7438745bfb696cbcf5abdf793a35a65c2", 0x4c}, {&(0x7f00000002c0)="70a58b0381d93c33b6354a4e745fa165d9a587ba5c08fbd2d48ad2c601946218563e2c615d319b8c830c82e567395e04ddfc34a96120af6f76a02ed29e026ca252a8a373658806416c093f1212750f24cace63e45aa714753c18da22b4d9dc1e137ae7d3a226ad8fe03683aa6d3fa009b4364c31fa714850ee8e7bbe80", 0x7d}, {&(0x7f0000000340)="3880ce6547c865070f471978e14bb9c30956f39a5a497af88249e5595ec47467ad0ac8e5bcb91a1781af3b713e3af2f14051ed6c0d5389b30efb4bc513ff1cf7463a206ade1a98e3363f5bebd13fec2de57df10cf2db699d0c1b3fd6ed98a376881f4b125c81a6f94cecbce03e5aefd030590e7a0c29b45e9a9989d431028d94c9037208b3163b351fe4f067968afbae5ad3a8dd37479d6ca880829ac9ec995d7bc3583cce11bc788cae3259d88ea25db1714505e8bad3d581ed3b34fc988e573a5173664216dd4325494a13890fc4187ba836bcd97ebb207e99a4cf4b58af4f21d5ffd194c85dbce116a3b03a4f43ae083e31abe723f9adf3221080c3", 0xfd}, {&(0x7f0000000440)="c52ba64f5fd06516824a871405ff4fe2de8812318d74071caad4c6c3d6be6c9f857b0dda6744a579b02157082db739cb20c4b6d4baeaf20e493cc0c19d2da3fadf05be46df5fe17cdf09ae8c1bcbb7165b7c60f47a88daa8351a57f4a2711031c051", 0x62}, {&(0x7f0000000140)="f2d7112192e3e7bbab77349a772aefe2788ed35c511569e7161e4f21ae690eb1c24ca04d469b36882528d9c9e64a47", 0x2f}, {&(0x7f00000004c0)="5e8383de241edb", 0x7}], 0x7}}, {{&(0x7f0000000540)={0x2, 0x4e21, @rand_addr=0x64010101}, 0x10, &(0x7f0000000680)=[{&(0x7f0000000580)="d6a061312768bf33a8c200cd2aaf3c7dada75469ade7027783de4e0dd01c42c0000d70e680af0da6ba8c34be07acb89616b17256c8e8192fedbe89", 0x3b}, {&(0x7f00000005c0)="5cd9909b3247b3dca4459d6899ed349f8edd83af7db9760778b921b0235ef9d5076f0f40dbb7b11d251772a1a18a81fc77b993b57326eae6d838e6e3366ee95f68827cb9e2918b440ce10ad64c45079859fb677ad344cce62e003e3757312b37b8b727b0d00b5ac82ed303c8ef972ae1a7bde090eaf04f92393f5b351988b4eb9c4ca9eb5a5b07eb42ac3013253e63", 0x8f}], 0x2, &(0x7f0000000780)=[@ip_ttl={{0x10, 0x0, 0x2, 0x1}}, @ip_tos_u8={{0xd, 0x0, 0x1, 0x8e}}, @ip_tos_int={{0x10, 0x0, 0x1, 0xfffffe00}}, @ip_pktinfo={{0x18, 0x0, 0x8, {r2, @dev={0xac, 0x14, 0x14, 0x39}, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @ip_tos_u8={{0xd, 0x0, 0x1, 0x4}}], 0x58}}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000980)="4dee07a71a2378f259dca5bb65310c41edf28218050517a7517fd9cf59fc352c55d6e74697a169e70766e5e3ff33825af2d963b205c94a394c4de65e6d960828e0790cb533e8fa1a0b323a8749b159306af4aa03104779ea75d260181e4c53662501c5a734db8b1d4ac13ed6f675b4330dcaba3231e736050c6ebaf430e0399af8343c7e5c24b8de8a77b3807cf4146df5554daada47a0fc83d77a97891d3e331b926fcd2d22e6a678a95c6f1bc4fc3bbeb61268f7acfabb95958f53e0f2229b7bb20f19fae5fb33e9f53717d29b0bd94d4358608147d5e7655f55fad643b654644a24277aeeba78eb73decb", 0xec}], 0x1, &(0x7f0000000a80)=[@ip_tos_u8={{0xd, 0x0, 0x1, 0xe}}, @ip_ttl={{0x10, 0x0, 0x2, 0x3}}, @ip_ttl={{0x10, 0x0, 0x2, 0x6}}], 0x30}}, {{&(0x7f0000000ac0)={0x2, 0x4e24, @multicast1}, 0x10, &(0x7f0000000e40)=[{&(0x7f0000000b00)="b52b3d6358efbe397299a1c2ea567db1d25a8889290a3d2ddfe08d9bc711d8615ab9b033fb0622aae21fbc60aaa0809528901e5a8e089955d0c4239ee721340df73a4f49393f5df5e8c844ba6eb735f006c2de51f72286ee9686bb911421182cbd3ae6d50f6b61c1104924f67ad4eca8e70afcf6e3e91fef712baf9cca9485cc13804dd5d9821cc4bea5132a0590042c72cee3fccd06cc8b6bfff658dfe9a7c9f9f5e439b8863fcfc471", 0xaa}, {0x0}, {&(0x7f0000000bc0)="d13822", 0x3}, {&(0x7f0000000c00)="4a4fdae369a4f4fd12d099d4b427bfbef023d032413a824e337e4c6e50a63371599fb99f06139d180d218614c2af2c78f82b43dd51a2cd1b9cac42276870eb2e136d568ec47e349df7ba295190642037e18615e9ba5bac395ddbb7bb38c300b7fcc9c69912a8bb394c91f30c6ef2953860af5a9cf3cadec429e1c49ff8991fe25f102ba2a1c69eaccac4bc3839deb8", 0x8f}, {&(0x7f0000000cc0)="f72df88a1f4d030303f9452857f15463d6e841a5ea76d4e94232f3b4606afc279e96e70695616d1d4e581310cd1ca70ccba918b00ada7a076f02dae460a8e9b36a29be7895fa372a8df5f4f9598a0c", 0x4f}, {&(0x7f0000000d40)="c9d74db14e425d5ddcc38e00dd4e4576e0d15670fd36fa2f1ff7a9e0ed62caec0e33664a178bb80546eddfd7c03285e0efd75fe92ef20933cde9633e1a15dcaebdb8ed03cb2793b964a5f3dd4ca040b522de8d35a22b60ba2f541ffaa61b12ea56fbfe3d3661a87de61f835426c06711235a0e887de9ddc4cd43733931c78248d3b093c40bf9e691087b1b6138439eaeff72feb51090484871b817bcb34e6ad28867a9aa76665ae6f8ee6d3003d34cf5eba270afe9c1fa196c2e130eb19fccef7d493efe75aeb82f37a88046af8ed57089049041f485bb9cba7cde6ba82a", 0xde}], 0x6, &(0x7f0000000e80)=[@ip_tos_u8={{0xd, 0x0, 0x1, 0xf6}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@cipso={0x86, 0xe, 0xffffffffffffffff, [{0x2, 0x8, "347268413f84"}]}, @noop, @noop]}}}, @ip_ttl={{0x10, 0x0, 0x2, 0x9}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x10}}, @ip_tos_u8={{0xd}}, @ip_retopts={{0x7c, 0x0, 0x7, {[@lsrr={0x83, 0xf, 0x2d, [@rand_addr=0x64010101, @multicast1, @broadcast]}, @timestamp={0x44, 0x10, 0xff, 0x0, 0x7, [0x9, 0x5, 0x9]}, @lsrr={0x83, 0x1b, 0x7a, [@private=0xa010102, @empty, @multicast2, @empty, @private=0xa010102, @private=0xa010102]}, @timestamp={0x44, 0x18, 0x4d, 0x0, 0x7, [0x1, 0x1d49, 0x81, 0x10, 0x8]}, @timestamp_prespec={0x44, 0x1c, 0xad, 0x3, 0x5, [{@dev={0xac, 0x14, 0x14, 0x18}, 0x7}, {@multicast2, 0x7}, {@empty, 0x2}]}]}}}], 0xd8}}], 0x4, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', <r3=>0x0})
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x1ff, {0x0, 0x0, 0x0, r3, {0xfff2}, {}, {0x8, 0x10}}}, 0x24}}, 0x0)

5.668673666s ago: executing program 1 (id=1717):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$inet_sctp(0x2, 0x5, 0x84)
r0 = syz_io_uring_setup(0x6440, &(0x7f0000000080)={0x0, 0x4, 0x800}, &(0x7f0000000040), 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0xa4}}, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r3, 0x40015b13, &(0x7f0000000040))

5.406694109s ago: executing program 4 (id=1719):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
unshare(0x40020000)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="280000001400190100000000fa00000228"], 0x28}}, 0x48c0)

5.221427485s ago: executing program 4 (id=1720):
close(0xffffffffffffffff)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendto$inet(r0, 0x0, 0x0, 0x20048880, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f0000000000)=0x1)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001a80)={0x4, 0x0, &(0x7f0000001900)=[@enter_looper], 0x1, 0x0, &(0x7f0000000040)="a1"})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
recvmmsg(r0, &(0x7f00000008c0), 0x0, 0x101, &(0x7f0000000940)={0x0, 0x3938700})
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000070000001c000180060001000200000008000300ac1414aa0800060006000000c0ad313452ae376c593694c40b01bcb8a4ffc6e718dcc02ea3499e9a9dca151e"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)

4.911669885s ago: executing program 4 (id=1723):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYRES8=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e", 0x7)
r2 = accept4$alg(r1, 0x0, 0x0, 0x0)
read$alg(r2, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000f00)=[{0x0, 0x0, &(0x7f0000000740)=[{0x0}, {&(0x7f0000000280)="a140744a191003222a6b31aa6baf697acff36b4ac8", 0x15}, {&(0x7f0000000680)}, {&(0x7f0000000600)}, {0x0}, {&(0x7f0000000a00)="efb6e18b1338b4daa5ff7f2f9aa13589819b50078fac2ae2a18af0476c03496331aa8cd3210aaaf8c32ef9bd5620a72ac8157d17be3819dbefe8e3d32fddce92efc1b7790254ae431c9994901ed6d37b661b3b6da75d5c164dfa81c074c7c5e2e709efa67158a8e5885e15dbe4bcc45b50b0204e79e9b9434e9f829614f1972ca3775e7238156dabc33aae33413f3a8830e8d3b04c79b87311354ec6367772a15d3b75c68c3e0667", 0xa8}, {&(0x7f0000000ac0)}], 0x7}, {0x0, 0x0, &(0x7f0000000bc0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1000000017010000040000000600000010000000170100000300000000000000b40000001701000002000000a2000000860cb456bbbfec447bdefb8027942ce682f290f6b5c211f96167bf9a9925edaa732eda48e970877d66853bf856dccc089ac89804df012e9c846e58320c656a1ca55d87a39e150495fc3e57f17e6589087a43cff58c0f9fcdff106c94762985049c81a110bf0ba1c0233640c4161b576a8ad1ae881cb3be7e6b8cfdbfdd092fefc663bb1a0cc6f467b3aebe6f59857c84d169a3a22bdc7f350ca2a89aa056f705cc2000000c0100001701000002000000fc000000a1b32c34c338a9427cc01f78059e55b2037463f0eb45cace92cfc182f53b9184a63e9db1b90a292fcd5c07853b43231eb1520af2225f99a54ab313b03dec2c864be8533830356dcfe8b97d681c553f5876a36a2463678d40e81f5e36c180e844ddb15d2e6eb7044e5f4a597637582d0f2fd02293411472f2c8f1675c497fcffc1c33c4b7ede4dc6ab4003d04ff66a6948aab17225acfea0b6d9b097a7a55c465b2af94799019fc931c9fcbaa07413479fa7a3511ec0395b4b2740c04c1a428b468ca1a625ee384cb9201ccbc0a42f03b12eb034a30ca412c992274b57320334abf066a626abb05a7aea552c2e57a180ed4de158d0958c8ccc8b7440d680000001701000002000000570000006637f2cfe6ff2446ab58ea202876c1a0892f16567fdeedccbaa3abf5cab77be9614fcc8dec29c6a0fa982e56d00b0677a769644c27e1ebdabdc17fdd0624184ebe1b7b3b3d01c8b45f"], 0x2fc, 0x20008010}], 0x2, 0x4005)
setrlimit(0xe, &(0x7f0000000180)={0x3, 0x8000})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="3a15", 0x2, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty, 0x10}, 0x1c)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket(0x1e, 0x4, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x1c57, &(0x7f0000000300)={0x0, 0x40ac, 0x10000, 0x2, 0x3f, 0x0, r4}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3})
io_uring_enter(r5, 0x2def, 0x3ffd, 0x8, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
gettid()

4.205622755s ago: executing program 1 (id=1726):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800"/13], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x48}, 0x4, 0x700000000000000}, 0x8850)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r0, 0x0, 0x100000000000000}, 0x18)
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_clock_offset={{0x1c, 0x5}, {0xc, 0xc9, 0x7}}}, 0x8)

4.135773088s ago: executing program 1 (id=1728):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
close(r1)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8b06, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, &(0x7f0000000040)={@rand_addr=0xfffffffb, @remote, 0x1, "918faf84750c1db204ce51983fc0447df421efd31862475bc663262f57d8bb63", 0x799, 0x9, 0x2, 0x3}, 0x3c)
sendmsg$kcm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

4.001625246s ago: executing program 4 (id=1729):
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x1}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4)
sendmsg$inet6(r2, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x25}}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000029000000040000002b0000000000000718"], 0x30}, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x0, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_EDITDEST(r3, 0x0, 0x489, &(0x7f0000000380)={{0x84, @multicast1, 0x4e20, 0x3, 'sh\x00', 0x0, 0x60000040, 0x63}, {@dev={0xac, 0x14, 0x14, 0x36}, 0x4e21, 0x12002, 0xf, 0xe1b2, 0x10001}}, 0x44)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x121a02, 0x0)
sendfile(r4, 0xffffffffffffffff, &(0x7f0000002700)=0x23, 0x1c)
write$P9_RVERSION(r4, 0x0, 0x15)
syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x200}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$qrtr(0x2a, 0x2, 0x0)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
dup(r6)
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r7, 0xc01064d1, &(0x7f0000000040)={0x1, 0x0, &(0x7f0000000080)=[0x0]})

3.94152541s ago: executing program 1 (id=1730):
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2710, @my=0x1}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4)
sendmsg$inet6(r2, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x25}}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000029000000040000002b0000000000000718"], 0x30}, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x0, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_EDITDEST(r3, 0x0, 0x489, &(0x7f0000000380)={{0x84, @multicast1, 0x4e20, 0x3, 'sh\x00', 0x0, 0x60000040, 0x63}, {@dev={0xac, 0x14, 0x14, 0x36}, 0x4e21, 0x12002, 0xf, 0xe1b2, 0x10001}}, 0x44)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x121a02, 0x0)
sendfile(r4, 0xffffffffffffffff, &(0x7f0000002700)=0x23, 0x1c)
write$P9_RVERSION(r4, 0x0, 0x15)
syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x200}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$qrtr(0x2a, 0x2, 0x0)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
dup(r6)
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r7, 0xc01064d1, &(0x7f0000000040)={0x1, 0x0, &(0x7f0000000080)=[0x0]})

3.611232555s ago: executing program 3 (id=1732):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=ANY=[@ANYRES64, @ANYRESOCT, @ANYRES64=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1e, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_io_uring_setup(0x131, &(0x7f0000000440)={0x0, 0x5cb1, 0x2, 0x4}, &(0x7f0000000400), 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000027c0)={0x11, 0x4, &(0x7f0000000a40)=ANY=[@ANYBLOB="1801000000050000000000000000ea0485000000d000000095"], &(0x7f0000000a00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
setrlimit(0x3, &(0x7f0000000180)={0x7, 0x3})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SNDCTL_DSP_GETTRIGGER(0xffffffffffffffff, 0x80045010, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000340)=0xff)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000100)={0x2, 0x4e21, @loopback}, 0x10)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x30)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000300)=0xc)
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000a80)='./file0\x00', &(0x7f0000000ac0)='ext2\x00', 0x0, &(0x7f0000000140)='grpquota')

2.327833402s ago: executing program 3 (id=1733):
syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
r0 = syz_io_uring_setup(0xc17, &(0x7f0000000980)={0x0, 0x5885, 0x80, 0x10000000}, 0x0, &(0x7f0000000280)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)

1.387797812s ago: executing program 3 (id=1734):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000020000000000000f9ffff0b8500000007000000850000000700000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
timer_create(0x0, 0x0, &(0x7f0000000000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
timer_gettime(0x0, &(0x7f0000000140))

880.944303ms ago: executing program 4 (id=1735):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYRESDEC=r0, @ANYRESHEX=r0, @ANYBLOB="eeeaffff616d250b50c83b2a6a34000000000000", @ANYRES32=0x0, @ANYRES32, @ANYRES8], 0x50)
r1 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
syz_open_dev$vim2m(0x0, 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x10b121)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000280)=0x11)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f00000000c0))
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r4, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x4e20, 0x6, @mcast2, 0xd}}}, 0x88)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000240)={0x0, 0xf0ffffff, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400d0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)=ANY=[@ANYBLOB="0b0000000a000000076171c1ff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000020000000a004e2900000002fc0100000000000000000000000000ff06000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2400000008fc0100000000000000000000000000020700"/380], 0x18c)
syz_emit_ethernet(0x46, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa441, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
connect$llc(0xffffffffffffffff, &(0x7f00000002c0)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @remote}, 0x10)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1700bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
rmdir(&(0x7f0000000100)='./control\x00')

851.18349ms ago: executing program 1 (id=1737):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYRES8=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e", 0x7)
r2 = accept4$alg(r1, 0x0, 0x0, 0x0)
read$alg(r2, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000f00)=[{0x0, 0x0, &(0x7f0000000740)=[{0x0}, {&(0x7f0000000280)="a140744a191003222a6b31aa6baf697acff36b4ac8", 0x15}, {&(0x7f0000000680)}, {&(0x7f0000000600)}, {0x0}, {&(0x7f0000000a00)="efb6e18b1338b4daa5ff7f2f9aa13589819b50078fac2ae2a18af0476c03496331aa8cd3210aaaf8c32ef9bd5620a72ac8157d17be3819dbefe8e3d32fddce92efc1b7790254ae431c9994901ed6d37b661b3b6da75d5c164dfa81c074c7c5e2e709efa67158a8e5885e15dbe4bcc45b50b0204e79e9b9434e9f829614f1972ca3775e7238156dabc33aae33413f3a8830e8d3b04c79b87311354ec6367772a15d3b75c68c3e0667", 0xa8}, {&(0x7f0000000ac0)}], 0x7}, {0x0, 0x0, &(0x7f0000000bc0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1000000017010000040000000600000010000000170100000300000000000000b40000001701000002000000a2000000860cb456bbbfec447bdefb8027942ce682f290f6b5c211f96167bf9a9925edaa732eda48e970877d66853bf856dccc089ac89804df012e9c846e58320c656a1ca55d87a39e150495fc3e57f17e6589087a43cff58c0f9fcdff106c94762985049c81a110bf0ba1c0233640c4161b576a8ad1ae881cb3be7e6b8cfdbfdd092fefc663bb1a0cc6f467b3aebe6f59857c84d169a3a22bdc7f350ca2a89aa056f705cc2000000c0100001701000002000000fc000000a1b32c34c338a9427cc01f78059e55b2037463f0eb45cace92cfc182f53b9184a63e9db1b90a292fcd5c07853b43231eb1520af2225f99a54ab313b03dec2c864be8533830356dcfe8b97d681c553f5876a36a2463678d40e81f5e36c180e844ddb15d2e6eb7044e5f4a597637582d0f2fd02293411472f2c8f1675c497fcffc1c33c4b7ede4dc6ab4003d04ff66a6948aab17225acfea0b6d9b097a7a55c465b2af94799019fc931c9fcbaa07413479fa7a3511ec0395b4b2740c04c1a428b468ca1a625ee384cb9201ccbc0a42f03b12eb034a30ca412c992274b57320334abf066a626abb05a7aea552c2e57a180ed4de158d0958c8ccc8b7440d680000001701000002000000570000006637f2cfe6ff2446ab58ea202876c1a0892f16567fdeedccbaa3abf5cab77be9614fcc8dec29c6a0fa982e56d00b0677a769644c27e1ebdabdc17fdd0624184ebe1b7b3b3d01c8b45f"], 0x2fc, 0x20008010}], 0x2, 0x4005)
setrlimit(0xe, &(0x7f0000000180)={0x3, 0x8000})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty, 0x10}, 0x1c)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket(0x1e, 0x4, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x1c57, &(0x7f0000000300)={0x0, 0x40ac, 0x10000, 0x2, 0x3f, 0x0, r4}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3})
io_uring_enter(r5, 0x2def, 0x3ffd, 0x8, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
gettid()

846.446345ms ago: executing program 3 (id=1738):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800"/13], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x48}, 0x4, 0x700000000000000}, 0x8850)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r0, 0x0, 0x100000000000000}, 0x18)
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_clock_offset={{0x1c, 0x5}, {0xc, 0xc9, 0x7}}}, 0x8)

771.392663ms ago: executing program 3 (id=1739):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x1c57, &(0x7f0000000300)={0x0, 0x40ac, 0x10000, 0x2, 0x3f, 0x0, r3}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2})
io_uring_enter(r4, 0x2def, 0x4000, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r7 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f00000001c0)={'\x00', 0x801, 0x6, 0x8000, 0xc, 0x59c, 0xffffffffffffffff})
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x15, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

560.471241ms ago: executing program 4 (id=1741):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x75be, &(0x7f0000000100)={0x0, 0x4304, 0x100, 0x2}, &(0x7f0000000000), &(0x7f0000000380))
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r2, 0xc06864b8, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r4, 0xfffffffc)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r5, &(0x7f00000000c0)="1c", 0x10002, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x3431, &(0x7f00000003c0), &(0x7f0000000040), &(0x7f0000000180)=<r6=>0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0601, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000003c0)=0x14)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
sendmsg$NL80211_CMD_NEW_KEY(r8, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000300)=ANY=[@ANYRES64=r8, @ANYRES16=r7, @ANYRESHEX=r3, @ANYRESOCT=r7, @ANYRESDEC=r6], 0x50}, 0x1, 0x0, 0x0, 0x40901}, 0x0)
pread64(r8, &(0x7f0000000440)=""/4096, 0x1000, 0x0)
r9 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r9)
keyctl$KEYCTL_WATCH_KEY(0x20, r9, 0xffffffffffffffff, 0x1e)
add_key$fscrypt_v1(0x0, &(0x7f0000000280)={'fscrypt:', @auto=[0x66, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x35, 0x0, 0xd, 0x65]}, &(0x7f0000000180)={0x0, "de8d0d27ca969fa15f8b3b7bae39c1b3327d4332f8c149d2d65a347d67f6db7eb90dfdad3cdebaaf421412f812305c9da91699b5a02c1295596f0fd9ec78f2fd", 0x2d}, 0x48, r9)

210.831703ms ago: executing program 2 (id=1744):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$EBT_SO_GET_INFO(r0, 0x0, 0x80, &(0x7f00000004c0)={'nat\x00', 0x7000000, 0x0, 0x0, [0x1, 0xffffffffffffffff, 0x0, 0x2, 0x9, 0x8]}, &(0x7f0000000280)=0x50)

131.644193ms ago: executing program 2 (id=1745):
chdir(0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r2 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000740)={0x53, 0x0, 0xa, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="a1f8a81b133d", 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x9, 0xc)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, 0x0, 0x0)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x5c, r5, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x48, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xffffffff}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x34, r1, 0x1, 0x0, 0x0, {{}, {}, {0x18, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'team0\x00'}}}}}, 0x34}}, 0x0)

131.074513ms ago: executing program 2 (id=1746):
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
r0 = socket$nl_generic(0x11, 0x3, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000100)={'team0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000380)=@newqdisc={0x98, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r3, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x68, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100], [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4]}}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4, 0xc}]}}]}, 0x98}}, 0x0)
sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)

61.555516ms ago: executing program 2 (id=1747):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000020000000000000f9ffff0b8500000007000000850000000700000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
timer_create(0x0, 0x0, &(0x7f0000000000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
timer_gettime(0x0, &(0x7f0000000140))

61.133868ms ago: executing program 2 (id=1748):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800"/13], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x48}, 0x4, 0x700000000000000}, 0x8850)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r0, 0x0, 0x100000000000000}, 0x18)
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_clock_offset={{0x1c, 0x5}, {0xc, 0xc9, 0x7}}}, 0x8)

60.793366ms ago: executing program 3 (id=1749):
bind$alg(0xffffffffffffffff, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$evdev(0x0, 0x0, 0x60000)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
bind$inet(r1, 0x0, 0x0)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)
socket$netlink(0x10, 0x3, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r2, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x3, 0x3ff, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x10000000, 0x99, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x2, 0x3, 0x2000079, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0xc0000000, 0x0, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4], [0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0x100000]}, 0x45c)
ioctl$UI_DEV_CREATE(r2, 0x5501)
ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f0000000500))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)

0s ago: executing program 2 (id=1750):
syslog(0x2, &(0x7f00000004c0)=""/164, 0xa4)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000fcffffff000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)

kernel console output (not intermixed with test programs):

-executor" sig=0 arch=40000003 syscall=356 compat=1 ip=0xf7f53579 code=0x7ffc0000
[  275.194266][   T40] audit: type=1326 audit(1749856820.153:4716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10351 comm="syz.1.890" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000
[  275.201640][   T40] audit: type=1326 audit(1749856820.153:4717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10351 comm="syz.1.890" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000
[  275.208874][   T40] audit: type=1326 audit(1749856820.153:4718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10351 comm="syz.1.890" exe="/syz-executor" sig=0 arch=40000003 syscall=156 compat=1 ip=0xf7f53579 code=0x7ffc0000
[  275.216293][   T40] audit: type=1326 audit(1749856820.153:4719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10351 comm="syz.1.890" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000
[  275.223963][   T40] audit: type=1326 audit(1749856820.153:4720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10351 comm="syz.1.890" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000
[  275.230997][   T40] audit: type=1326 audit(1749856820.163:4721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10351 comm="syz.1.890" exe="/syz-executor" sig=0 arch=40000003 syscall=241 compat=1 ip=0xf7f53579 code=0x7ffc0000
[  275.239242][   T40] audit: type=1326 audit(1749856820.163:4722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10351 comm="syz.1.890" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000
[  277.157106][T10371] netlink: 12 bytes leftover after parsing attributes in process `syz.4.894'.
[  277.287789][T10376] Bluetooth: hci4: Frame reassembly failed (-84)
[  277.291070][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  277.300996][T10376] mkiss: ax0: crc mode is auto.
[  278.014869][T10384] : entered promiscuous mode
[  278.690621][T10396] netlink: 4 bytes leftover after parsing attributes in process `syz.2.902'.
[  278.693706][T10396] bridge_slave_1: left allmulticast mode
[  278.695763][T10396] bridge_slave_1: left promiscuous mode
[  278.698430][T10396] bridge0: port 2(bridge_slave_1) entered disabled state
[  278.708334][T10396] bridge_slave_0: left allmulticast mode
[  278.710664][T10396] bridge_slave_0: left promiscuous mode
[  278.715746][T10396] bridge0: port 1(bridge_slave_0) entered disabled state
[  278.726665][ T1119] sr 2:0:0:0: [sr0] tag#3 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[  278.730567][ T1119] sr 2:0:0:0: [sr0] tag#3 Sense Key : Illegal Request [current] 
[  278.734013][ T1119] sr 2:0:0:0: [sr0] tag#3 Add. Sense: Invalid command operation code
[  278.737104][ T1119] sr 2:0:0:0: [sr0] tag#3 CDB: Write(10) 2a 00 00 00 00 00 00 00 02 00
[  278.739984][ T1119] blk_print_req_error: 84 callbacks suppressed
[  278.739991][ T1119] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  278.746681][ T1119] Buffer I/O error on dev sr0, logical block 0, lost async page write
[  279.361507][ T5957] Bluetooth: hci4: command 0xfc11 tx timeout
[  279.364634][ T5952] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  279.435951][T10404] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check.
[  279.508145][T10404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.904'.
[  279.891484][ T6011] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  280.048062][ T6028] libceph: connect (1)[c::]:6789 error -101
[  280.050084][ T6028] libceph: mon0 (1)[c::]:6789 connect error
[  280.062851][ T6011] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  280.066535][ T6011] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  280.069929][ T6011] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  280.073256][ T6011] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.077507][T10413] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  280.081714][ T6011] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  280.097499][T10426] ceph: No mds server is up or the cluster is laggy
[  280.431500][   T24] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  280.592221][   T24] usb 6-1: Using ep0 maxpacket: 8
[  280.604099][   T24] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  280.607615][   T24] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  280.617769][   T24] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  280.620810][   T24] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  280.627727][   T24] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  280.630639][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.936925][   T24] usb 6-1: GET_CAPABILITIES returned 0
[  280.939894][   T24] usbtmc 6-1:16.0: can't read capabilities
[  281.142544][   T24] usb 6-1: USB disconnect, device number 32
[  282.294424][T10465] ieee802154 phy0 wpan0: encryption failed: -22
[  282.686042][ T6048] usb 9-1: USB disconnect, device number 3
[  282.841934][T10471] capability: warning: `syz.2.922' uses 32-bit capabilities (legacy support in use)
[  283.046609][T10477] bond1: entered allmulticast mode
[  283.481496][ T6048] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  283.631489][ T6048] usb 6-1: Using ep0 maxpacket: 8
[  283.634788][ T6048] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  283.643675][ T6048] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  283.648819][ T6048] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  283.652822][ T6048] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  283.658157][ T6048] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  283.661260][ T6048] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.877041][ T6048] usb 6-1: GET_CAPABILITIES returned 0
[  283.879250][ T6048] usbtmc 6-1:16.0: can't read capabilities
[  284.078970][ T6048] usb 6-1: USB disconnect, device number 33
[  284.255854][T10499] ieee802154 phy0 wpan0: encryption failed: -22
[  284.492688][   T40] kauditd_printk_skb: 5 callbacks suppressed
[  284.492698][   T40] audit: type=1326 audit(1749856829.473:4728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10509 comm="syz.4.933" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  284.503862][   T40] audit: type=1326 audit(1749856829.473:4729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10509 comm="syz.4.933" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  284.513268][   T40] audit: type=1326 audit(1749856829.473:4730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10509 comm="syz.4.933" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70de579 code=0x7ffc0000
[  284.522943][   T40] audit: type=1326 audit(1749856829.473:4731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10509 comm="syz.4.933" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  284.531789][   T40] audit: type=1326 audit(1749856829.473:4732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10509 comm="syz.4.933" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  284.555320][   T40] audit: type=1326 audit(1749856829.533:4733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10509 comm="syz.4.933" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70de579 code=0x7ffc0000
[  284.566125][   T40] audit: type=1326 audit(1749856829.533:4734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10509 comm="syz.4.933" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  284.575378][   T40] audit: type=1326 audit(1749856829.533:4735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10509 comm="syz.4.933" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  284.584388][   T40] audit: type=1326 audit(1749856829.533:4736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10509 comm="syz.4.933" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf70de579 code=0x7ffc0000
[  284.593179][   T40] audit: type=1326 audit(1749856829.533:4737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10509 comm="syz.4.933" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  286.072477][T10542] ieee802154 phy0 wpan0: encryption failed: -22
[  286.410337][T10547] netlink: 8 bytes leftover after parsing attributes in process `syz.1.945'.
[  286.700436][T10559] netlink: 24 bytes leftover after parsing attributes in process `syz.4.949'.
[  288.203486][T10588] ieee802154 phy0 wpan0: encryption failed: -22
[  288.442919][T10598] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  288.566054][T10601] syzkaller1: entered allmulticast mode
[  288.703998][T10610] netlink: 'syz.2.961': attribute type 1 has an invalid length.
[  288.708045][T10610] netlink: 4 bytes leftover after parsing attributes in process `syz.2.961'.
[  289.320273][ T5952] Bluetooth: hci3: unexpected event for opcode 0x0404
[  290.170696][T10634] block device autoloading is deprecated and will be removed.
[  290.964185][T10648] input: syz0 as /devices/virtual/input/input48
[  291.871587][ T5952] Bluetooth: hci3: unexpected event for opcode 0x0404
[  292.387181][ T6849] Bluetooth: hci4: Frame reassembly failed (-84)
[  292.389582][ T6849] Bluetooth: hci4: Frame reassembly failed (-84)
[  292.402904][T10672] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  292.516110][T10674] atomic_op ffff888042323998 conn xmit_atomic 0000000000000000
[  292.741465][ T6048] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  292.908224][ T6048] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  292.912252][ T6048] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  292.916499][ T6048] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  292.920997][ T6048] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  292.950071][T10666] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  293.023533][ T6048] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  293.705467][ T6048] usb 9-1: USB disconnect, device number 4
[  294.280544][T10689] input: syz0 as /devices/virtual/input/input49
[  294.401832][ T5952] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  294.564745][   T40] kauditd_printk_skb: 22 callbacks suppressed
[  294.564757][   T40] audit: type=1326 audit(2000000005.820:4760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.3.988" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x50000
[  294.573623][   T40] audit: type=1326 audit(2000000005.820:4761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.3.988" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x50000
[  294.580097][   T40] audit: type=1326 audit(2000000005.820:4762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.3.988" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x50000
[  294.586670][   T40] audit: type=1326 audit(2000000005.820:4763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.3.988" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x50000
[  294.593333][   T40] audit: type=1326 audit(2000000005.820:4764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.3.988" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x50000
[  294.599572][   T40] audit: type=1326 audit(2000000005.820:4765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.3.988" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x50000
[  294.607233][   T40] audit: type=1326 audit(2000000005.820:4766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.3.988" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x50000
[  294.617116][   T40] audit: type=1326 audit(2000000005.820:4767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.3.988" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x50000
[  294.623799][   T40] audit: type=1326 audit(2000000005.820:4768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.3.988" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x50000
[  294.630735][   T40] audit: type=1326 audit(2000000005.820:4769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10696 comm="syz.3.988" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x50000
[  294.652249][T10701] warning: `syz.4.989' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  294.669392][T10701] usb usb1: usbfs: process 10701 (syz.4.989) did not claim interface 0 before use
[  294.913080][T10708] input input50: cannot allocate more than FF_MAX_EFFECTS effects
[  295.094157][T10714] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  295.731440][ T6028] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[  295.953835][ T6028] usb 7-1: Using ep0 maxpacket: 16
[  296.291295][ T6028] usb 7-1: config 12 has an invalid interface number: 24 but max is 0
[  296.294903][ T6028] usb 7-1: config 12 has no interface number 0
[  296.297591][ T6028] usb 7-1: config 12 interface 24 altsetting 219 has an invalid descriptor for endpoint zero, skipping
[  296.305633][ T6028] usb 7-1: config 12 interface 24 has no altsetting 0
[  296.312373][ T6028] usb 7-1: New USB device found, idVendor=0bda, idProduct=c82c, bcdDevice=e0.28
[  296.319440][ T6028] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.322785][ T6028] usb 7-1: Product: syz
[  296.324725][ T6028] usb 7-1: Manufacturer: syz
[  296.326712][ T6028] usb 7-1: SerialNumber: syz
[  296.339787][T10716] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  296.501646][T10722] input: syz0 as /devices/virtual/input/input51
[  296.819420][T10730] netlink: 'syz.1.997': attribute type 153 has an invalid length.
[  296.825870][T10730] netlink: 36 bytes leftover after parsing attributes in process `syz.1.997'.
[  296.887166][T10732] fuse: Unknown parameter '00000000000000000000000'
[  297.431359][T10742] ieee802154 phy0 wpan0: encryption failed: -22
[  297.573353][T10747] overlayfs: failed to resolve './file0': -2
[  297.988780][T10753] tmpfs: Unknown parameter 'nr_in�QDn��4'
[  298.113178][ T6028] usb 7-1: USB disconnect, device number 34
[  298.294404][ T5984] libceph: connect (1)[c::]:6789 error -101
[  298.296532][ T5984] libceph: mon0 (1)[c::]:6789 connect error
[  298.298678][T10754] ceph: No mds server is up or the cluster is laggy
[  298.689051][T10763] ieee802154 phy0 wpan0: encryption failed: -22
[  299.285326][T10769] syz.2.1008 (10769): /proc/10767/oom_adj is deprecated, please use /proc/10767/oom_score_adj instead.
[  299.367080][T10771] pimreg: entered allmulticast mode
[  299.802640][T10775] overlayfs: failed to resolve './file1': -2
[  300.177827][T10766] input: syz0 as /devices/virtual/input/input52
[  300.201139][T10778] ieee802154 phy0 wpan0: encryption failed: -22
[  300.455763][T10787] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  300.457799][T10787] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  300.462656][T10787] vhci_hcd vhci_hcd.0: Device attached
[  300.533223][T10794] netlink: 'syz.4.1014': attribute type 11 has an invalid length.
[  300.535770][T10794] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1014'.
[  300.769074][T10787] netdevsim netdevsim2: Direct firmware load for @ failed with error -2
[  300.772193][T10787] netdevsim netdevsim2: Falling back to sysfs fallback for: @
[  300.802538][ T6011] usb 41-1: new low-speed USB device number 2 using vhci_hcd
[  300.803075][ T5984] IPVS: starting estimator thread 0...
[  300.920643][T10805] IPVS: using max 29 ests per chain, 69600 per kthread
[  301.213294][T10820] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7)
[  301.215357][T10820] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  301.224910][T10820] vhci_hcd vhci_hcd.0: Device attached
[  301.367437][T10789] vhci_hcd: connection reset by peer
[  301.370971][ T1140] vhci_hcd: stop threads
[  301.373156][ T1140] vhci_hcd: release socket
[  301.375195][ T1140] vhci_hcd: disconnect device
[  301.401505][ T6029] vhci_hcd: vhci_device speed not set
[  301.462737][ T6029] usb 45-1: new full-speed USB device number 2 using vhci_hcd
[  301.471608][ T6048] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  301.621420][ T6048] usb 9-1: Using ep0 maxpacket: 8
[  301.624957][ T6048] usb 9-1: config 0 has no interfaces?
[  301.628431][ T6048] usb 9-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1
[  301.631294][ T6048] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.635455][ T6048] usb 9-1: Product: syz
[  301.637567][ T6048] usb 9-1: Manufacturer: syz
[  301.639927][ T6048] usb 9-1: SerialNumber: syz
[  301.650204][ T6048] usb 9-1: config 0 descriptor??
[  301.856602][T10822] usbip_core: unknown command
[  301.858132][T10822] vhci_hcd: unknown pdu 0
[  301.859525][T10822] usbip_core: unknown command
[  301.864271][T10820] netlink: 'syz.4.1017': attribute type 10 has an invalid length.
[  301.864511][   T47] vhci_hcd: stop threads
[  301.868069][T10820] bridge0: port 2(bridge_slave_1) entered disabled state
[  301.868982][   T47] vhci_hcd: release socket
[  301.872536][T10820] bridge0: port 1(bridge_slave_0) entered disabled state
[  301.874376][   T47] vhci_hcd: disconnect device
[  301.881959][T10820] bridge0: port 2(bridge_slave_1) entered blocking state
[  301.884588][T10820] bridge0: port 2(bridge_slave_1) entered forwarding state
[  301.887794][T10820] bridge0: port 1(bridge_slave_0) entered blocking state
[  301.890679][T10820] bridge0: port 1(bridge_slave_0) entered forwarding state
[  301.897219][T10820] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  301.906570][ T6048] usb 9-1: USB disconnect, device number 5
[  301.921819][ T6029] vhci_hcd: vhci_device speed not set
[  302.022099][T10833] tmpfs: Unknown parameter 'nr_in�QDn��4'
[  302.195848][T10835] overlayfs: failed to resolve './file1': -2
[  302.892982][T10848] ieee802154 phy0 wpan0: encryption failed: -22
[  303.051600][T10862] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1027'.
[  303.215207][T10869] overlayfs: failed to resolve './file1': -2
[  303.267707][T10872] trusted_key: syz.3.1031 sent an empty control message without MSG_MORE.
[  303.857260][T10885] input: syz0 as /devices/virtual/input/input53
[  305.003792][ T6029] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  305.272902][ T6029] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  305.276360][ T6029] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  305.279435][ T6029] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  305.282589][ T6029] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.286896][T10908] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  305.291208][ T6029] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  305.371895][   T60] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[  305.911506][ T6011] vhci_hcd: vhci_device speed not set
[  307.734880][ T6011] usb 6-1: USB disconnect, device number 34
[  307.832143][   T60] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  307.836361][   T60] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  307.840354][   T60] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  307.844522][   T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.854499][T10911] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  307.863311][   T60] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  307.925634][   T60] usb 7-1: USB disconnect, device number 35
[  309.155444][T10973] 9pnet: Could not find request transport: x�n
[  309.752730][   T40] kauditd_printk_skb: 22611 callbacks suppressed
[  309.752743][   T40] audit: type=1804 audit(2000000021.010:27381): pid=10989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1060" name="/newroot/272/bus/bus" dev="overlay" ino=1684 res=1 errno=0
[  309.769992][   T40] audit: type=1804 audit(2000000021.020:27382): pid=10989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1060" name="/newroot/272/bus/bus" dev="overlay" ino=1684 res=1 errno=0
[  310.055594][T10994] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1063'.
[  310.159232][ T5952] Bluetooth: hci2: unexpected event for opcode 0x0404
[  310.407294][T11002] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  310.412615][T11002] Error validating options; rc = [-22]
[  310.472405][T11003] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1065'.
[  310.760371][T11009] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1067'.
[  310.873696][T11007] input: syz0 as /devices/virtual/input/input54
[  311.256030][   T40] audit: type=1326 audit(2000000022.510:27383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11010 comm="syz.4.1068" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70de579 code=0x0
[  311.326702][   T40] audit: type=1326 audit(2000000022.580:27384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  311.342018][   T40] audit: type=1326 audit(2000000022.590:27385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  311.346775][T11020] netlink: 'syz.4.1068': attribute type 16 has an invalid length.
[  311.352227][T11020] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1068'.
[  311.357002][T11020] bridge0: port 1(bridge_slave_0) entered disabled state
[  311.359342][   T40] audit: type=1326 audit(2000000022.590:27386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  311.375118][   T40] audit: type=1326 audit(2000000022.590:27387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  311.386569][   T40] audit: type=1326 audit(2000000022.590:27388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  311.396737][   T40] audit: type=1326 audit(2000000022.590:27389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  311.419786][ T6048] libceph: connect (1)[c::]:6789 error -101
[  311.424071][ T6048] libceph: mon0 (1)[c::]:6789 connect error
[  311.433958][   T40] audit: type=1326 audit(2000000022.590:27390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1072" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  311.550903][T11031] Invalid ELF header magic: != ELF
[  311.632013][T11026] ceph: No mds server is up or the cluster is laggy
[  311.681694][ T6048] libceph: connect (1)[c::]:6789 error -101
[  311.684494][ T6048] libceph: mon0 (1)[c::]:6789 connect error
[  312.470326][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  312.474545][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  312.481738][T11060] netlink: 'syz.3.1079': attribute type 1 has an invalid length.
[  312.482678][T11058] FAULT_INJECTION: forcing a failure.
[  312.482678][T11058] name failslab, interval 1, probability 0, space 0, times 0
[  312.488963][T11058] CPU: 1 UID: 0 PID: 11058 Comm: syz.1.1077 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  312.488979][T11058] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  312.488997][T11058] Call Trace:
[  312.489001][T11058]  <TASK>
[  312.489005][T11058]  dump_stack_lvl+0x16c/0x1f0
[  312.489030][T11058]  should_fail_ex+0x512/0x640
[  312.489046][T11058]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  312.489063][T11058]  should_failslab+0xc2/0x120
[  312.489074][T11058]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  312.489090][T11058]  ? sock_alloc_inode+0x25/0x1c0
[  312.489104][T11058]  ? __pfx_sock_alloc_inode+0x10/0x10
[  312.489115][T11058]  sock_alloc_inode+0x25/0x1c0
[  312.489126][T11058]  alloc_inode+0x61/0x240
[  312.489138][T11058]  sock_alloc+0x40/0x280
[  312.489149][T11058]  do_accept+0xf7/0x530
[  312.489163][T11058]  ? do_raw_spin_lock+0x12c/0x2b0
[  312.489179][T11058]  ? __pfx_do_accept+0x10/0x10
[  312.489202][T11058]  __sys_accept4+0x100/0x1c0
[  312.489216][T11058]  ? __pfx___sys_accept4+0x10/0x10
[  312.489234][T11058]  __ia32_sys_accept4+0x94/0x100
[  312.489248][T11058]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  312.489265][T11058]  __do_fast_syscall_32+0x7c/0x3a0
[  312.489276][T11058]  do_fast_syscall_32+0x32/0x80
[  312.489286][T11058]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  312.489299][T11058] RIP: 0023:0xf7f53579
[  312.489307][T11058] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  312.489318][T11058] RSP: 002b:00000000f503455c EFLAGS: 00000296 ORIG_RAX: 000000000000016c
[  312.489328][T11058] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000
[  312.489334][T11058] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  312.489340][T11058] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  312.489345][T11058] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  312.489351][T11058] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  312.489364][T11058]  </TASK>
[  312.802605][   T85] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  312.805529][   T85] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  312.811251][ T5952] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  312.815367][ T5952] CPU: 3 UID: 0 PID: 5952 Comm: kworker/u33:4 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  312.815386][ T5952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  312.815394][ T5952] Workqueue: hci0 hci_rx_work
[  312.815408][ T5952] Call Trace:
[  312.815413][ T5952]  <TASK>
[  312.815417][ T5952]  dump_stack_lvl+0x16c/0x1f0
[  312.815450][ T5952]  sysfs_warn_dup+0x7f/0xa0
[  312.815466][ T5952]  sysfs_create_dir_ns+0x24b/0x2b0
[  312.815479][ T5952]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  312.815491][ T5952]  ? find_held_lock+0x2b/0x80
[  312.815506][ T5952]  ? do_raw_spin_unlock+0x172/0x230
[  312.815523][ T5952]  kobject_add_internal+0x2c4/0x9b0
[  312.815547][ T5952]  kobject_add+0x16e/0x240
[  312.815558][ T5952]  ? __pfx_kobject_add+0x10/0x10
[  312.815571][ T5952]  ? do_raw_spin_unlock+0x172/0x230
[  312.815588][ T5952]  ? kobject_put+0xab/0x5a0
[  312.815602][ T5952]  device_add+0x288/0x1a70
[  312.815616][ T5952]  ? __pfx_dev_set_name+0x10/0x10
[  312.815630][ T5952]  ? __pfx_device_add+0x10/0x10
[  312.815641][ T5952]  ? mgmt_send_event_skb+0x2fb/0x460
[  312.815661][ T5952]  hci_conn_add_sysfs+0x17e/0x230
[  312.815673][ T5952]  le_conn_complete_evt+0x1075/0x1d70
[  312.815693][ T5952]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  312.815708][ T5952]  ? hci_event_packet+0x459/0x11c0
[  312.815728][ T5952]  hci_le_conn_complete_evt+0x23c/0x370
[  312.815747][ T5952]  hci_le_meta_evt+0x354/0x5e0
[  312.815757][ T5952]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  312.815774][ T5952]  hci_event_packet+0x685/0x11c0
[  312.815817][ T5952]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  312.815830][ T5952]  ? __pfx_hci_event_packet+0x10/0x10
[  312.815848][ T5952]  ? kcov_remote_start+0x3c9/0x6d0
[  312.815864][ T5952]  ? lockdep_hardirqs_on+0x7c/0x110
[  312.815884][ T5952]  hci_rx_work+0x2c5/0x16b0
[  312.815896][ T5952]  ? rcu_is_watching+0x12/0xc0
[  312.815910][ T5952]  process_one_work+0x9cf/0x1b70
[  312.815933][ T5952]  ? __pfx_process_one_work+0x10/0x10
[  312.815952][ T5952]  ? assign_work+0x1a0/0x250
[  312.815967][ T5952]  worker_thread+0x6c8/0xf10
[  312.815988][ T5952]  ? __pfx_worker_thread+0x10/0x10
[  312.816003][ T5952]  kthread+0x3c2/0x780
[  312.816016][ T5952]  ? __pfx_kthread+0x10/0x10
[  312.816031][ T5952]  ? rcu_is_watching+0x12/0xc0
[  312.816040][ T5952]  ? __pfx_kthread+0x10/0x10
[  312.816054][ T5952]  ret_from_fork+0x5d4/0x6f0
[  312.816068][ T5952]  ? __pfx_kthread+0x10/0x10
[  312.816081][ T5952]  ret_from_fork_asm+0x1a/0x30
[  312.816099][ T5952]  </TASK>
[  312.816128][ T5952] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  312.897965][ T5952] Bluetooth: hci0: failed to register connection device
[  313.249268][T11069] netlink: 'syz.1.1081': attribute type 1 has an invalid length.
[  313.589770][T11079] tmpfs: Unknown parameter 'nr_in�QDn��4'
[  313.988298][T11094] fuse: Unknown parameter 'f�3�5:qTjtW��v�i���\o�Q�qѼ2���aX}Y����@�a�o`bcW?�Sq��	���?g�t������{�L��厫%z+d�3>2�'
[  313.995006][T11094] netlink: zone id is out of range
[  313.996661][T11094] netlink: zone id is out of range
[  313.998229][T11094] netlink: zone id is out of range
[  314.000211][T11094] netlink: zone id is out of range
[  314.002082][T11094] netlink: zone id is out of range
[  314.003767][T11094] netlink: zone id is out of range
[  314.005343][T11094] netlink: zone id is out of range
[  314.006913][T11094] netlink: zone id is out of range
[  314.008503][T11094] netlink: zone id is out of range
[  314.010553][T11094] netlink: zone id is out of range
[  314.466296][T11106] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1091'.
[  314.491506][   T10] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  314.642245][   T10] usb 9-1: Using ep0 maxpacket: 8
[  314.645334][   T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  314.648872][   T10] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  314.651994][   T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.661798][   T10] usb 9-1: config 0 descriptor??
[  314.865675][   T10] iowarrior 9-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  315.183993][T11126] netlink: 'syz.1.1097': attribute type 1 has an invalid length.
[  315.210412][T11126] bond1: entered promiscuous mode
[  315.213472][T11126] 8021q: adding VLAN 0 to HW filter on device bond1
[  315.222781][T11126] 8021q: adding VLAN 0 to HW filter on device bond1
[  315.225397][T11126] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  315.229608][T11126] bond1: (slave vxcan3): Setting fail_over_mac to active for active-backup mode
[  315.236706][T11126] bond1: (slave vxcan3): making interface the new active one
[  315.239799][T11126] vxcan3: entered promiscuous mode
[  315.242931][T11126] bond1: (slave vxcan3): Enslaving as an active interface with an up link
[  315.347583][T11131] fuse: Unknown parameter 'f�3�5:qTjtW��v�i���\o�Q�qѼ2���aX}Y����@�a�o`bcW?�Sq��	���?g�t������{�L��厫%z+d�3>2�'
[  315.456543][ T6029] usb 9-1: USB disconnect, device number 6
[  315.471978][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  315.471989][   T40] audit: type=1800 audit(2000000026.720:27395): pid=11136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1096" name="file1" dev="overlay" ino=1663 res=0 errno=0
[  315.842681][T11134] FAULT_INJECTION: forcing a failure.
[  315.842681][T11134] name failslab, interval 1, probability 0, space 0, times 0
[  315.846614][T11134] CPU: 1 UID: 0 PID: 11134 Comm: syz.2.1099 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  315.846629][T11134] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  315.846635][T11134] Call Trace:
[  315.846639][T11134]  <TASK>
[  315.846643][T11134]  dump_stack_lvl+0x16c/0x1f0
[  315.846663][T11134]  should_fail_ex+0x512/0x640
[  315.846679][T11134]  ? __kmalloc_node_noprof+0xc5/0x500
[  315.846697][T11134]  should_failslab+0xc2/0x120
[  315.846707][T11134]  __kmalloc_node_noprof+0xd8/0x500
[  315.846723][T11134]  ? qdisc_alloc+0xbb/0xc50
[  315.846736][T11134]  qdisc_alloc+0xbb/0xc50
[  315.846748][T11134]  qdisc_create_dflt+0x94/0x490
[  315.846759][T11134]  taprio_init+0x48f/0x910
[  315.846778][T11134]  ? __pfx_taprio_init+0x10/0x10
[  315.846792][T11134]  ? qdisc_alloc+0x94f/0xc50
[  315.846802][T11134]  ? __pfx_taprio_init+0x10/0x10
[  315.846817][T11134]  qdisc_create+0x457/0xfc0
[  315.846833][T11134]  tc_modify_qdisc+0x12bb/0x2130
[  315.846851][T11134]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  315.846877][T11134]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  315.846891][T11134]  rtnetlink_rcv_msg+0x3c6/0xe90
[  315.846904][T11134]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  315.846919][T11134]  ? ref_tracker_free+0x37c/0x830
[  315.846936][T11134]  netlink_rcv_skb+0x155/0x420
[  315.846949][T11134]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  315.846960][T11134]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  315.846977][T11134]  ? netlink_deliver_tap+0x1ae/0xd30
[  315.846991][T11134]  netlink_unicast+0x53d/0x7f0
[  315.847005][T11134]  ? __pfx_netlink_unicast+0x10/0x10
[  315.847020][T11134]  netlink_sendmsg+0x8d1/0xdd0
[  315.847035][T11134]  ? __pfx_netlink_sendmsg+0x10/0x10
[  315.847047][T11134]  ? __import_iovec+0x1dd/0x650
[  315.847061][T11134]  ____sys_sendmsg+0xa95/0xc70
[  315.847073][T11134]  ? ea_dealloc_unstuffed+0x110/0xa60
[  315.847086][T11134]  ? __pfx_____sys_sendmsg+0x10/0x10
[  315.847098][T11134]  ? get_compat_msghdr+0x11a/0x170
[  315.847115][T11134]  ___sys_sendmsg+0x134/0x1d0
[  315.847132][T11134]  ? __pfx____sys_sendmsg+0x10/0x10
[  315.847163][T11134]  ? find_held_lock+0x2b/0x80
[  315.847202][T11134]  __sys_sendmsg+0x16d/0x220
[  315.847219][T11134]  ? __pfx___sys_sendmsg+0x10/0x10
[  315.847248][T11134]  ? rcu_is_watching+0x12/0xc0
[  315.847270][T11134]  __do_fast_syscall_32+0x7c/0x3a0
[  315.847284][T11134]  do_fast_syscall_32+0x32/0x80
[  315.847294][T11134]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  315.847308][T11134] RIP: 0023:0xf7f21579
[  315.847316][T11134] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  315.847326][T11134] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  315.847336][T11134] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000800007c0
[  315.847343][T11134] RDX: 0000000004000080 RSI: 0000000000000000 RDI: 0000000000000000
[  315.847349][T11134] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  315.847354][T11134] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  315.847360][T11134] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  315.847373][T11134]  </TASK>
[  316.573951][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  316.576021][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  316.757004][T11171] syzkaller1: entered promiscuous mode
[  316.758828][T11171] syzkaller1: entered allmulticast mode
[  316.784530][T11170] syz.1.1107 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  316.787965][T11170] tipc: Started in network mode
[  316.789487][T11170] tipc: Node identity 2, cluster identity 5
[  316.791506][T11170] tipc: Node number set to 2
[  316.793465][T11170] tipc: Cannot configure node identity twice
[  317.134578][T11198] tmpfs: Unknown parameter 'nr_in�QDn��4'
[  317.356504][T11206] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1113'.
[  317.412607][T11206] batman_adv: batadv0: Removing interface: macvtap0
[  317.554856][T11212] input: syz1 as /devices/virtual/input/input57
[  317.620378][T11219] evm: overlay not supported
[  318.754681][T11241] pim6reg: entered allmulticast mode
[  318.766630][T11241] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1126'.
[  319.282746][ T5958] Bluetooth: hci0: command 0x0406 tx timeout
[  319.351439][ T6011] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[  319.555476][ T6011] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  319.560128][ T6011] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  319.563815][ T6011] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  319.566754][ T6011] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.576054][T11270] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  319.583027][ T6011] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  319.891667][   T60] usb 7-1: USB disconnect, device number 36
[  320.321556][ T5952] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  320.562714][T11289] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  320.566451][T11289] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  320.571224][T11289] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  321.932340][T11310] input: syz0 as /devices/virtual/input/input58
[  321.940613][T11316] syz.2.1148: attempt to access beyond end of device
[  321.940613][T11316] nbd2: rw=4096, sector=2, nr_sectors = 2 limit=0
[  321.945233][T11316] EXT4-fs (nbd2): unable to read superblock
[  322.470706][T11322] binder: 11321:11322 ioctl c0306201 80000540 returned -22
[  322.571486][ T6011] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  322.579800][T11328] bond0: (slave bond_slave_0): Releasing backup interface
[  322.586826][T11328] bond0: (slave bond_slave_1): Releasing backup interface
[  322.601071][T11328] team0: Port device team_slave_0 removed
[  322.607202][T11328] team0: Port device team_slave_1 removed
[  322.609445][T11328] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  322.613546][T11328] batman_adv: batadv0: Removing interface: batadv_slave_0
[  322.616948][T11328] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  322.619322][T11328] batman_adv: batadv0: Removing interface: batadv_slave_1
[  322.745234][ T6011] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  322.752737][ T6011] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  322.757705][T11333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1155'.
[  322.764583][ T6011] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  322.770267][ T6011] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.787851][T11334] ip6t_srh: unknown srh invflags 6BE9
[  322.810639][T11319] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  322.856569][ T6011] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  322.987867][T11336] mac80211_hwsim hwsim9 �: renamed from wlan1
[  324.055592][T11347] input: syz0 as /devices/virtual/input/input59
[  324.539574][ T6028] usb 9-1: USB disconnect, device number 7
[  324.704675][T11356] fuse: Bad value for 'fd'
[  324.760944][T11360] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  324.948470][T11364] fuse: Unknown parameter 'f�3�5:qTjtW��v�i���\o�Q�qѼ2���aX}Y����@�a�o`bcW?�Sq��	���?g�t������{�L��厫%z+d�3>2�'
[  325.509111][ T6029] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  325.664690][ T6029] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  325.669204][ T6029] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  325.673640][ T6029] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  325.677337][ T6029] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.683910][T11369] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  325.707391][ T6029] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  326.841496][T11387] tmpfs: Unknown parameter 'nr_in�QDn��4'
[  327.065558][    T9] usb 9-1: USB disconnect, device number 8
[  327.101474][ T6011] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[  327.252822][ T6011] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  327.256428][ T6011] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  327.259589][ T6011] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  327.262707][ T6011] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  327.266182][ T6011] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  327.270913][ T6011] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  327.274621][ T6011] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  327.277139][ T6011] usb 7-1: Product: syz
[  327.278452][ T6011] usb 7-1: Manufacturer: syz
[  327.283710][ T6011] cdc_wdm 7-1:1.0: skipping garbage
[  327.285413][ T6011] cdc_wdm 7-1:1.0: skipping garbage
[  327.288028][ T6011] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  327.289923][ T6011] cdc_wdm 7-1:1.0: Unknown control protocol
[  327.494044][    C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  327.496961][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  327.499767][    C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  327.503520][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  327.506449][    C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  327.510285][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  327.513095][    C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  327.515867][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  327.518604][    C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  327.521366][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  327.524155][    C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  327.526873][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  327.529639][    C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  327.532412][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  327.535156][    C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  327.537887][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  327.540694][ T6028] usb 7-1: USB disconnect, device number 37
[  327.543286][    C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  327.543303][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  327.543314][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  327.699570][T11385] fuse: Unknown parameter 'f�7_�Kc��r>إ|�d'
[  328.088322][T11413] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1175'.
[  328.093385][T11413] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1175'.
[  328.289237][T11424] net_ratelimit: 164 callbacks suppressed
[  328.289244][T11424] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  328.769440][T11445] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1178'.
[  329.461532][ T6029] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  329.642639][ T6029] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  329.647181][ T6029] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  329.659384][ T6029] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  329.662566][ T6029] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.673004][T11458] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  329.677193][ T6029] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  330.058961][   T40] audit: type=1800 audit(2000000553.317:27396): pid=11484 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1188" name="file1" dev="overlay" ino=1843 res=0 errno=0
[  330.495672][T11488] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1189'.
[  330.547374][T11488] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1189'.
[  330.552119][T11488] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1189'.
[  332.145379][ T6029] usb 9-1: USB disconnect, device number 9
[  332.188438][T11503] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1194'.
[  332.194818][T11503] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1194'.
[  332.198871][T11503] netlink: 'syz.4.1194': attribute type 6 has an invalid length.
[  332.854541][T11526] tmpfs: Unknown parameter 'nr_in�QDn��4'
[  334.016677][T11541] input: syz0 as /devices/virtual/input/input60
[  334.160361][   T61] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[  334.586623][   T61] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  334.591114][   T61] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  334.613666][   T61] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  334.617236][   T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.633848][T11547] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  334.660171][   T61] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  334.706319][T11568] blktrace: Concurrent blktraces are not allowed on sg0
[  335.202654][   T40] audit: type=1800 audit(2000000558.317:27397): pid=11574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1208" name="file1" dev="overlay" ino=1808 res=0 errno=0
[  335.846893][T11592] 9p: Unknown uid 00000000004294967295
[  336.020913][T11592] netlink: 196 bytes leftover after parsing attributes in process `syz.4.1212'.
[  336.063131][T11589] lo speed is unknown, defaulting to 1000
[  336.065111][T11589] lo speed is unknown, defaulting to 1000
[  336.068266][T11589] lo speed is unknown, defaulting to 1000
[  336.074240][T11589] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  336.080719][T11589] infiniband s�R4: RDMA CMA: cma_listen_on_dev, error -98
[  336.096129][T11589] lo speed is unknown, defaulting to 1000
[  336.099094][T11589] lo speed is unknown, defaulting to 1000
[  336.102568][T11589] lo speed is unknown, defaulting to 1000
[  336.105252][T11589] lo speed is unknown, defaulting to 1000
[  336.107962][T11589] lo speed is unknown, defaulting to 1000
[  336.110702][T11589] lo speed is unknown, defaulting to 1000
[  336.115358][   T61] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  336.279935][   T61] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  336.285116][   T61] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  336.288940][   T61] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  336.301109][   T61] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.312775][T11588] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  336.318860][   T61] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  336.435791][   T40] audit: type=1326 audit(2000000559.697:27398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11601 comm="syz.4.1215" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  336.452240][   T40] audit: type=1326 audit(2000000559.697:27399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11601 comm="syz.4.1215" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  336.463079][   T40] audit: type=1326 audit(2000000559.697:27400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11601 comm="syz.4.1215" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  336.470057][   T40] audit: type=1326 audit(2000000559.697:27401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11601 comm="syz.4.1215" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  336.478491][   T40] audit: type=1326 audit(2000000559.697:27402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11601 comm="syz.4.1215" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  336.485444][   T40] audit: type=1326 audit(2000000559.697:27403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11601 comm="syz.4.1215" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  336.494674][   T40] audit: type=1326 audit(2000000559.697:27404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11601 comm="syz.4.1215" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  336.501901][   T40] audit: type=1326 audit(2000000559.697:27405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11601 comm="syz.4.1215" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  336.510033][   T40] audit: type=1326 audit(2000000559.697:27406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11601 comm="syz.4.1215" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70de598 code=0x7ffc0000
[  337.168847][ T6028] usb 7-1: USB disconnect, device number 38
[  337.214196][   T73] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  337.218344][   T73] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.224190][   T73] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  337.242545][T11596] lo speed is unknown, defaulting to 1000
[  337.313405][   T73] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  337.317469][   T73] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.325690][   T73] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  337.406390][T11606] random: crng reseeded on system resumption
[  337.441866][   T73] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  337.448662][   T73] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.455277][   T73] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  337.587513][   T73] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  337.598087][   T73] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.605316][   T73] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  337.781733][   T73] bridge_slave_1: left allmulticast mode
[  337.783773][   T73] bridge_slave_1: left promiscuous mode
[  337.787135][   T73] bridge0: port 2(bridge_slave_1) entered disabled state
[  337.803159][   T73] bridge_slave_0: left allmulticast mode
[  337.804940][   T73] bridge_slave_0: left promiscuous mode
[  337.808044][   T73] bridge0: port 1(bridge_slave_0) entered disabled state
[  338.250407][T11604] input: syz0 as /devices/virtual/input/input61
[  338.619909][   T24] usb 6-1: USB disconnect, device number 35
[  338.790578][   T73] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  338.807114][   T73] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  338.813130][   T73] bond0 (unregistering): Released all slaves
[  338.871876][   T10] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  338.872983][T11623] lo speed is unknown, defaulting to 1000
[  339.078384][   T10] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  339.112061][   T10] usb 9-1: config 0 has no interfaces?
[  339.114378][   T10] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  339.146184][   T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.165830][   T10] usb 9-1: config 0 descriptor??
[  339.378785][   T73] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  339.381304][   T73] batman_adv: batadv0: Removing interface: batadv_slave_0
[  339.391946][T11619] fuse: Bad value for 'group_id'
[  339.393501][T11619] fuse: Bad value for 'group_id'
[  339.400224][   T73] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  339.403251][   T73] batman_adv: batadv0: Removing interface: batadv_slave_1
[  339.413055][   T10] usb 9-1: USB disconnect, device number 10
[  339.460663][   T73] veth1_macvtap: left promiscuous mode
[  339.462812][   T73] veth0_macvtap: left promiscuous mode
[  339.545728][T11623] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  340.251464][   T40] kauditd_printk_skb: 1560 callbacks suppressed
[  340.251477][   T40] audit: type=1800 audit(2000000563.237:28967): pid=11650 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1225" name="file1" dev="overlay" ino=1899 res=0 errno=0
[  340.888934][T11661] block device autoloading is deprecated and will be removed.
[  341.127909][   T73] team0 (unregistering): Port device team_slave_1 removed
[  341.136853][ T5952] Bluetooth: hci2: unexpected event for opcode 0x0404
[  341.270700][   T73] team0 (unregistering): Port device team_slave_0 removed
[  341.501557][   T61] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  341.674968][   T61] usb 9-1: Using ep0 maxpacket: 8
[  341.678613][   T61] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  341.682699][   T61] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  341.686175][   T61] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  341.690091][   T61] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  341.694501][   T61] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  341.698656][   T61] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  341.900738][T11656] tipc: Enabled bearer <eth:team0>, priority 0
[  341.920377][   T61] usb 9-1: GET_CAPABILITIES returned 0
[  341.932319][   T61] usbtmc 9-1:16.0: can't read capabilities
[  341.992392][T11677] binder: 11675:11677 ioctl c0306201 800003c0 returned -14
[  342.095398][T11689] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  342.098322][T11689] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  342.100940][T11689] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[  342.104967][T11687] 9pnet_virtio: no channels available for device ./file0/file0
[  342.141939][   T61] usb 9-1: USB disconnect, device number 11
[  343.125198][   T40] audit: type=1326 audit(2000000566.317:28968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11718 comm="syz.3.1239" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  343.131960][   T40] audit: type=1326 audit(2000000566.317:28969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11718 comm="syz.3.1239" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  343.138598][   T40] audit: type=1326 audit(2000000566.317:28970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11718 comm="syz.3.1239" exe="/syz-executor" sig=0 arch=40000003 syscall=184 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  343.151377][   T40] audit: type=1326 audit(2000000566.317:28971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11718 comm="syz.3.1239" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  343.162133][   T40] audit: type=1326 audit(2000000566.317:28972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11718 comm="syz.3.1239" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  343.168660][   T40] audit: type=1326 audit(2000000566.317:28973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11718 comm="syz.3.1239" exe="/syz-executor" sig=0 arch=40000003 syscall=334 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  343.175611][   T40] audit: type=1326 audit(2000000566.317:28974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11718 comm="syz.3.1239" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  343.182907][   T40] audit: type=1326 audit(2000000566.317:28975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11718 comm="syz.3.1239" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  343.189633][   T40] audit: type=1326 audit(2000000566.317:28976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11718 comm="syz.3.1239" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  344.277405][ T5952] Bluetooth: hci0: unexpected event for opcode 0x0404
[  344.453490][T11773] random: crng reseeded on system resumption
[  344.866077][T11794] tmpfs: Unknown parameter 'nr_in�QDn��4'
[  345.136384][T11797] lo speed is unknown, defaulting to 1000
[  345.920791][T11824] syz.3.1250: attempt to access beyond end of device
[  345.920791][T11824] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  345.925159][T11824] EXT4-fs (nbd3): unable to read superblock
[  346.908759][T11841] input: syz0 as /devices/virtual/input/input62
[  347.198502][ T7648] udevd[7648]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  347.775772][T11859] fuse: Unknown parameter 'f�3�5:qTjtW��v�i���\o�Q�qѼ2���aX}Y����@�a�o`bcW?�Sq��	���?g�t������{�L��厫%z+d�3>2�'
[  348.158973][T11861] lo speed is unknown, defaulting to 1000
[  348.379889][T11870] FAULT_INJECTION: forcing a failure.
[  348.379889][T11870] name failslab, interval 1, probability 0, space 0, times 0
[  348.384731][T11870] CPU: 2 UID: 0 PID: 11870 Comm: syz.1.1266 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  348.384748][T11870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  348.384754][T11870] Call Trace:
[  348.384758][T11870]  <TASK>
[  348.384762][T11870]  dump_stack_lvl+0x16c/0x1f0
[  348.384783][T11870]  should_fail_ex+0x512/0x640
[  348.384799][T11870]  ? __kvmalloc_node_noprof+0x124/0x620
[  348.384815][T11870]  should_failslab+0xc2/0x120
[  348.384826][T11870]  __kvmalloc_node_noprof+0x137/0x620
[  348.384840][T11870]  ? unix_prepare_fpl+0x211/0x320
[  348.384860][T11870]  ? unix_prepare_fpl+0x211/0x320
[  348.384874][T11870]  unix_prepare_fpl+0x211/0x320
[  348.384893][T11870]  unix_scm_to_skb+0x3ba/0x520
[  348.384908][T11870]  unix_dgram_sendmsg+0x440/0x1840
[  348.384926][T11870]  ? aa_sk_perm+0x2f4/0xb10
[  348.384938][T11870]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  348.384954][T11870]  ? __pfx_aa_sk_perm+0x10/0x10
[  348.384971][T11870]  ____sys_sendmsg+0xa95/0xc70
[  348.384992][T11870]  ? __pfx_____sys_sendmsg+0x10/0x10
[  348.385003][T11870]  ? get_compat_msghdr+0x11a/0x170
[  348.385016][T11870]  ? __pfx__kstrtoull+0x10/0x10
[  348.385032][T11870]  ___sys_sendmsg+0x134/0x1d0
[  348.385049][T11870]  ? __pfx____sys_sendmsg+0x10/0x10
[  348.385064][T11870]  ? __lock_acquire+0x622/0x1c90
[  348.385091][T11870]  ? __pfx___might_resched+0x10/0x10
[  348.385105][T11870]  __sys_sendmmsg+0x2f9/0x420
[  348.385116][T11870]  ? __pfx___sys_sendmmsg+0x10/0x10
[  348.385130][T11870]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  348.385148][T11870]  ? fput+0x70/0xf0
[  348.385162][T11870]  ? ksys_write+0x1ac/0x250
[  348.385181][T11870]  ? __pfx_ksys_write+0x10/0x10
[  348.385207][T11870]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  348.385226][T11870]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  348.385253][T11870]  __do_fast_syscall_32+0x7c/0x3a0
[  348.385272][T11870]  do_fast_syscall_32+0x32/0x80
[  348.385289][T11870]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  348.385321][T11870] RIP: 0023:0xf7f53579
[  348.385330][T11870] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  348.385340][T11870] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  348.385351][T11870] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000e40
[  348.385357][T11870] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  348.385363][T11870] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  348.385369][T11870] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  348.385375][T11870] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  348.385388][T11870]  </TASK>
[  348.611429][   T24] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  348.796029][   T24] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  348.981461][   T24] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  348.985512][   T24] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  348.989072][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.044502][T11864] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  349.065464][   T24] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  349.574046][T11884] tipc: Started in network mode
[  349.575697][T11884] tipc: Node identity 7f000001, cluster identity 4711
[  349.578384][T11884] tipc: Enabled bearer <udp:syz2>, priority 10
[  349.580855][T11886] tipc: Enabled bearer <eth:team0>, priority 0
[  349.625492][T11891] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1271'.
[  349.628377][T11891] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1271'.
[  349.696662][ T5985] usb 9-1: USB disconnect, device number 12
[  349.759397][T11893] input: syz1 as /devices/virtual/input/input63
[  349.767832][T11893] usb 1-1: USB disconnect, device number 2
[  349.947363][T11902] syz.3.1270: attempt to access beyond end of device
[  349.947363][T11902] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  349.952147][T11902] EXT4-fs (nbd3): unable to read superblock
[  350.069477][T11907] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  350.071649][T11907] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  350.074933][T11907] vhci_hcd vhci_hcd.0: Device attached
[  350.082127][T11907] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(6)
[  350.084198][T11907] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  350.086657][T11907] vhci_hcd vhci_hcd.0: Device attached
[  350.089158][T11910] vhci_hcd: cannot find a urb of seqnum 2047 max seqnum 0
[  350.094532][   T73] vhci_hcd: stop threads
[  350.096094][   T73] vhci_hcd: release socket
[  350.097549][   T73] vhci_hcd: disconnect device
[  350.100655][T11908] vhci_hcd: connection closed
[  350.103047][   T73] vhci_hcd: stop threads
[  350.106465][   T73] vhci_hcd: release socket
[  350.108050][   T73] vhci_hcd: disconnect device
[  350.705937][    T9] tipc: Node number set to 2130706433
[  351.259730][T11938] input: syz0 as /devices/virtual/input/input64
[  351.690731][T11967] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  351.924372][T11978] netlink: 'syz.4.1284': attribute type 1 has an invalid length.
[  351.942475][T11978] 8021q: adding VLAN 0 to HW filter on device bond1
[  351.959999][T11978] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1284'.
[  352.495661][T11978] bond1 (unregistering): Released all slaves
[  352.536444][T11980] input: syz0 as /devices/virtual/input/input65
[  352.800240][T11991] syz.1.1282 (11991): drop_caches: 2
[  352.971988][T11995] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  352.978973][T11995] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  352.998686][T11995] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  353.000667][T11995] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  353.004102][T11995] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  353.006532][T11995] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  354.728352][T12040] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  354.961539][ T5957] Bluetooth: hci2: command 0x0406 tx timeout
[  355.041414][ T5957] Bluetooth: hci3: command 0x0406 tx timeout
[  355.522424][T12060] : (slave syz_tun): Releasing backup interface
[  355.544341][T12060] bridge_slave_0: left allmulticast mode
[  355.546297][T12060] bridge_slave_0: left promiscuous mode
[  355.566221][T12060] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.584602][T12060] bridge_slave_1: left allmulticast mode
[  355.586635][T12060] bridge_slave_1: left promiscuous mode
[  355.589000][T12060] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.669341][T12060] : (slave bond_slave_0): Releasing backup interface
[  355.689599][T12060] bond_slave_0: left promiscuous mode
[  355.705572][T12060] : (slave bond_slave_1): Releasing backup interface
[  355.715574][T12060] bond_slave_1: left promiscuous mode
[  355.759922][T12060] team0: Port device team_slave_0 removed
[  355.790029][T12060] team0: Port device team_slave_1 removed
[  355.806029][T12060] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  355.813747][T12060] batman_adv: batadv0: Removing interface: batadv_slave_0
[  355.829392][T12060] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  355.844911][T12060] batman_adv: batadv0: Removing interface: batadv_slave_1
[  355.874643][T12060] team0: Port device vlan0 removed
[  355.888983][   T24] lo speed is unknown, defaulting to 1000
[  355.985398][   T40] kauditd_printk_skb: 25 callbacks suppressed
[  355.985410][   T40] audit: type=1326 audit(2000000579.247:29002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12065 comm="syz.2.1295" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f21598 code=0x7ffc0000
[  356.041505][   T40] audit: type=1326 audit(2000000579.247:29003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12065 comm="syz.2.1295" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f21598 code=0x7ffc0000
[  356.049244][   T40] audit: type=1326 audit(2000000579.247:29004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12065 comm="syz.2.1295" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  356.057330][   T40] audit: type=1326 audit(2000000579.247:29005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12065 comm="syz.2.1295" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  356.064414][   T40] audit: type=1326 audit(2000000579.247:29006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12065 comm="syz.2.1295" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f21598 code=0x7ffc0000
[  356.071070][   T40] audit: type=1326 audit(2000000579.247:29007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12065 comm="syz.2.1295" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  356.077654][   T40] audit: type=1326 audit(2000000579.247:29008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12065 comm="syz.2.1295" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  356.084288][   T40] audit: type=1326 audit(2000000579.247:29009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12065 comm="syz.2.1295" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f21598 code=0x7ffc0000
[  356.090842][   T40] audit: type=1326 audit(2000000579.247:29010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12065 comm="syz.2.1295" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  356.101267][   T40] audit: type=1326 audit(2000000579.247:29011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12065 comm="syz.2.1295" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  356.316149][T12084] bridge0: entered allmulticast mode
[  356.510235][T12094] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1299'.
[  356.534209][T12094] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1299'.
[  356.664764][T12091] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1301'.
[  357.061454][ T5957] Bluetooth: hci2: command 0x0406 tx timeout
[  357.131439][ T5957] Bluetooth: hci3: command 0x0406 tx timeout
[  357.200737][T12122] xt_ipcomp: unknown flags 12
[  357.544669][T12129] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1304'.
[  359.207304][ T5957] Bluetooth: hci3: command 0x0406 tx timeout
[  359.989502][T12181] ieee802154 phy0 wpan0: encryption failed: -22
[  360.823100][T12201] blktrace: Concurrent blktraces are not allowed on sg0
[  361.824891][T12210] input: syz0 as /devices/virtual/input/input66
[  361.975746][   T40] kauditd_printk_skb: 568 callbacks suppressed
[  361.975756][   T40] audit: type=1326 audit(2000000585.237:29580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12205 comm="syz.3.1320" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f17598 code=0x7ffc0000
[  361.992515][   T40] audit: type=1326 audit(2000000585.247:29581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12205 comm="syz.3.1320" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f17598 code=0x7ffc0000
[  362.005459][   T40] audit: type=1326 audit(2000000585.247:29582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12205 comm="syz.3.1320" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f17598 code=0x7ffc0000
[  362.019644][   T40] audit: type=1326 audit(2000000585.247:29583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12205 comm="syz.3.1320" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f17598 code=0x7ffc0000
[  362.031808][   T40] audit: type=1326 audit(2000000585.247:29584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12205 comm="syz.3.1320" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f17598 code=0x7ffc0000
[  362.041256][   T40] audit: type=1326 audit(2000000585.247:29585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12205 comm="syz.3.1320" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f17598 code=0x7ffc0000
[  362.078046][   T40] audit: type=1326 audit(2000000585.247:29586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12205 comm="syz.3.1320" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f17598 code=0x7ffc0000
[  362.101261][   T40] audit: type=1326 audit(2000000585.247:29587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12205 comm="syz.3.1320" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f17598 code=0x7ffc0000
[  362.118731][   T40] audit: type=1326 audit(2000000585.247:29588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12205 comm="syz.3.1320" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f17598 code=0x7ffc0000
[  362.126769][   T40] audit: type=1326 audit(2000000585.247:29589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12205 comm="syz.3.1320" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f17598 code=0x7ffc0000
[  362.287648][T12223] lo speed is unknown, defaulting to 1000
[  362.542923][T12236] lo speed is unknown, defaulting to 1000
[  362.690011][T12243] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1326'.
[  362.693072][T12243] netlink: 'syz.4.1326': attribute type 5 has an invalid length.
[  362.695794][T12243] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1326'.
[  362.728182][T12243] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  362.731095][T12243] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  362.734266][T12243] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  362.737039][T12243] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  362.740220][T12243] geneve2: entered promiscuous mode
[  362.747855][T12243] geneve2: entered allmulticast mode
[  362.831538][ T5984] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[  362.991478][ T5984] usb 7-1: Using ep0 maxpacket: 8
[  362.994557][ T5984] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  362.998256][ T5984] usb 7-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  363.006780][ T5984] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  363.012081][ T5984] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.018108][ T5984] usbtmc 7-1:16.0: bulk endpoints not found
[  363.860728][T12259] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1330'.
[  364.314051][T12278] blktrace: Concurrent blktraces are not allowed on sg0
[  364.373603][T12284] netlink: 2028 bytes leftover after parsing attributes in process `syz.4.1333'.
[  364.377448][T12284] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1333'.
[  365.090271][T12289] ieee802154 phy0 wpan0: encryption failed: -22
[  365.544034][   T61] usb 7-1: USB disconnect, device number 39
[  365.604059][T12311] syz.3.1338: attempt to access beyond end of device
[  365.604059][T12311] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  365.605550][T12310] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  365.608398][T12311] EXT4-fs (nbd3): unable to read superblock
[  365.617272][T12310] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1341'.
[  366.311660][ T5984] usb 7-1: new high-speed USB device number 40 using dummy_hcd
[  367.016740][ T5984] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  367.020052][ T5984] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  367.031627][ T5984] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  367.034428][ T5984] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  367.048386][T12316] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  367.052286][ T5984] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  367.294431][   T61] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  367.459693][T12348] lo speed is unknown, defaulting to 1000
[  367.473479][   T61] usb 6-1: Using ep0 maxpacket: 8
[  367.478707][   T61] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  367.484762][   T61] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  367.487799][   T61] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  367.490923][   T61] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  367.499580][T12350] Bluetooth: MGMT ver 1.23
[  367.502355][   T61] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  367.505310][   T61] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.405954][   T61] usb 6-1: GET_CAPABILITIES returned 0
[  368.408408][   T61] usbtmc 6-1:16.0: can't read capabilities
[  368.424078][   T61] usb 6-1: USB disconnect, device number 36
[  368.552267][T12360] random: crng reseeded on system resumption
[  368.849684][ T6028] usb 7-1: USB disconnect, device number 40
[  369.275789][ T5957] Bluetooth: hci3: ISO packet for unknown connection handle 0
[  369.837406][T12385] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  370.581903][ T6011] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  370.743351][ T6011] usb 9-1: Using ep0 maxpacket: 8
[  370.759340][ T6011] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  370.778887][ T6011] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  370.782885][ T6011] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  370.786872][ T6011] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  370.791089][ T6011] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  370.794530][ T6011] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.963425][T12402] IPVS: sync thread started: state = BACKUP, mcast_ifn = ip6gretap0, syncid = 5, id = 0
[  371.060562][ T6011] usb 9-1: GET_CAPABILITIES returned 0
[  371.062556][ T6011] usbtmc 9-1:16.0: can't read capabilities
[  371.112352][T12412] loop6: detected capacity change from 0 to 7
[  371.116331][T12412] Dev loop6: unable to read RDB block 7
[  371.118671][T12412]  loop6: unable to read partition table
[  371.120742][T12412] loop6: partition table beyond EOD, truncated
[  371.123030][T12412] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  371.246043][   T24] usb 9-1: USB disconnect, device number 13
[  371.393551][T12415] ieee802154 phy0 wpan0: encryption failed: -22
[  373.047442][T12443] vivid-000: disconnect
[  373.080099][T12443] random: crng reseeded on system resumption
[  373.823477][T12457] loop6: detected capacity change from 0 to 7
[  373.828671][ T7648] Dev loop6: unable to read RDB block 7
[  373.830880][ T7648]  loop6: unable to read partition table
[  373.835467][ T7648] loop6: partition table beyond EOD, truncated
[  373.875902][T12457] Dev loop6: unable to read RDB block 7
[  373.878072][T12457]  loop6: unable to read partition table
[  373.880164][T12457] loop6: partition table beyond EOD, truncated
[  373.883701][T12441] vivid-000: reconnect
[  373.901596][T12457] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  373.932716][T12462] fuse: Bad value for 'fd'
[  373.934693][T12462] fuse: Unknown parameter 'f�3�5:qTjtW��v�i���\o�Q�qѼ2���aX}Y����@�a�o`bcW?�Sq��	���?g�t������{�L��厫%z+d�3>2�'
[  374.160534][T12467] netlink: 'syz.2.1382': attribute type 9 has an invalid length.
[  374.171394][T12467] netlink: 'syz.2.1382': attribute type 7 has an invalid length.
[  374.174933][T12467] netlink: 'syz.2.1382': attribute type 8 has an invalid length.
[  374.846136][T12470] input: syz0 as /devices/virtual/input/input68
[  375.292391][T12483] blktrace: Concurrent blktraces are not allowed on sg0
[  375.563677][T12487] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1387'.
[  375.609569][T12493] tipc: Started in network mode
[  375.611154][T12493] tipc: Node identity 7f000001, cluster identity 4711
[  375.614092][T12493] tipc: Enabled bearer <udp:syz2>, priority 10
[  375.618492][T12493] tipc: Enabled bearer <eth:team0>, priority 0
[  376.192166][T12500] loop6: detected capacity change from 0 to 524287999
[  376.271644][    C1] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 0
[  376.275026][    C1] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 0
[  376.291628][    C0] I/O error, dev loop6, sector 1034 op 0x1:(WRITE) flags 0x8800 phys_seg 128 prio class 0
[  376.295594][    C0] I/O error, dev loop6, sector 1034 op 0x1:(WRITE) flags 0x8800 phys_seg 128 prio class 0
[  376.299558][    C0] I/O error, dev loop6, sector 2066 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 0
[  376.303454][    C0] I/O error, dev loop6, sector 2066 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 0
[  376.307285][    C0] I/O error, dev loop6, sector 3090 op 0x1:(WRITE) flags 0x8800 phys_seg 128 prio class 0
[  376.311184][    C0] I/O error, dev loop6, sector 3090 op 0x1:(WRITE) flags 0x8800 phys_seg 128 prio class 0
[  376.315388][    C0] I/O error, dev loop6, sector 4114 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 0
[  376.319309][    C0] I/O error, dev loop6, sector 4114 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 0
[  376.421914][T12505] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1393'.
[  376.426963][T12505] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1393'.
[  376.731411][  T838] tipc: Node number set to 2130706433
[  377.692120][ T6011] kernel write not supported for file /dsp1 (pid: 6011 comm: kworker/1:3)
[  377.698363][T12515] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  377.703947][T12515] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  377.707838][T12515] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  377.711864][T12515] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  377.717354][T12515] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  377.721234][T12515] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  377.725609][T12515] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  377.728423][T12515] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  377.731695][T12515] geneve2: entered promiscuous mode
[  377.733501][T12515] geneve2: entered allmulticast mode
[  377.791557][  T838] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  377.958573][T12526] blktrace: Concurrent blktraces are not allowed on sg0
[  378.004739][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  378.007401][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  378.051582][  T838] usb 6-1: Using ep0 maxpacket: 8
[  378.055448][  T838] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  378.059671][  T838] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  378.064376][  T838] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  378.071690][  T838] usb 6-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  378.076818][  T838] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  378.079880][  T838] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.336340][  T838] usbtmc 6-1:16.0: bulk endpoints not found
[  378.398528][T12535] blktrace: Concurrent blktraces are not allowed on sg0
[  379.248027][T12542] syz.3.1403: attempt to access beyond end of device
[  379.248027][T12542] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  379.252374][T12542] EXT4-fs (nbd3): unable to read superblock
[  379.316526][   T73] bond0: (slave bond_slave_0): interface is now down
[  379.318881][   T73] bond0: (slave bond_slave_1): interface is now down
[  379.326487][   T73] bond0: (slave bridge0): interface is now down
[  379.332666][   T73] bond0: now running without any active interface!
[  379.364133][T12560] netlink: 9 bytes leftover after parsing attributes in process `syz.4.1409'.
[  379.402753][   T40] kauditd_printk_skb: 616 callbacks suppressed
[  379.402764][   T40] audit: type=1800 audit(2000000602.657:30206): pid=12557 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.2.1408" name="/" dev="sockfs" ino=49014 res=0 errno=0
[  380.001416][T12578] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1412'.
[  380.005879][T12578] netlink: 'syz.3.1412': attribute type 1 has an invalid length.
[  380.038698][T12578] 8021q: adding VLAN 0 to HW filter on device bond1
[  380.073239][T12578] 8021q: adding VLAN 0 to HW filter on device bond1
[  380.076138][T12578] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  380.085224][T12578] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  380.196945][T12567] input: syz0 as /devices/virtual/input/input69
[  380.598353][ T6011] usb 6-1: USB disconnect, device number 37
[  380.842795][T12601] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  380.860230][T12601] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  380.966117][T12619] netlink: 216 bytes leftover after parsing attributes in process `syz.4.1419'.
[  380.969013][T12619] netlink: 216 bytes leftover after parsing attributes in process `syz.4.1419'.
[  381.944060][T12638] tipc: Enabled bearer <udp:syz2>, priority 10
[  382.005191][T12641] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  382.146702][T12639] input: syz0 as /devices/virtual/input/input70
[  382.337934][T12650] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1431'.
[  382.341138][T12650] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1431'.
[  382.859056][T12667] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  382.864651][T12667] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  382.869906][T12667] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  382.882430][T12668] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  382.886441][T12667] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  382.890128][T12668] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  382.898696][T12668] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  382.903633][T12668] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  383.091450][ T5984] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  383.262643][ T5984] usb 9-1: Using ep0 maxpacket: 32
[  383.267337][ T5984] usb 9-1: config 11 has an invalid interface number: 106 but max is 0
[  383.270953][ T5984] usb 9-1: config 11 has no interface number 0
[  383.273955][ T5984] usb 9-1: config 11 interface 106 altsetting 236 endpoint 0xB has invalid maxpacket 1023, setting to 64
[  383.278470][ T5984] usb 9-1: config 11 interface 106 altsetting 236 has a duplicate endpoint with address 0xB, skipping
[  383.283052][ T5984] usb 9-1: config 11 interface 106 altsetting 236 bulk endpoint 0x7 has invalid maxpacket 1024
[  383.288171][ T5984] usb 9-1: config 11 interface 106 altsetting 236 has an invalid descriptor for endpoint zero, skipping
[  383.288201][ T5984] usb 9-1: config 11 interface 106 altsetting 236 endpoint 0x8F has invalid maxpacket 1024, setting to 64
[  383.288222][ T5984] usb 9-1: config 11 interface 106 altsetting 236 bulk endpoint 0xA has invalid maxpacket 64
[  383.301483][ T5984] usb 9-1: config 11 interface 106 altsetting 236 has an invalid descriptor for endpoint zero, skipping
[  383.305190][ T5984] usb 9-1: config 11 interface 106 altsetting 236 has a duplicate endpoint with address 0x4, skipping
[  383.309293][ T5984] usb 9-1: config 11 interface 106 has no altsetting 0
[  383.314320][ T5984] usb 9-1: New USB device found, idVendor=19d2, idProduct=0123, bcdDevice=3f.32
[  383.317355][ T5984] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.319874][ T5984] usb 9-1: Product: Ё
[  383.321498][ T5984] usb 9-1: Manufacturer: 쿀㪅ך皕䴰⥝왏擖ⴼ㦌ңጃ㞋鰔鲷녤鵹泸啞ﾆ毦擕秧࢚ƞ
[  383.325710][ T5984] usb 9-1: SerialNumber: ᳱ㋝箛픍⎋롯㓚旵瑺ᙞᘶ顝듰뻥륵ᒲ䛙雔밢Ⓧ픳Ꮮ騱堃掭ﷺᔬ婃簙퇧ỷ鴿춸巚咺亿澳捜밺톀裊᥆ູ⠽烏꬀檑鳯
[  383.336305][T12666] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  383.339420][T12666] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  383.548217][ T5984] option 9-1:11.106: GSM modem (1-port) converter detected
[  383.558896][ T5984] usb 9-1: USB disconnect, device number 14
[  383.564719][ T5984] option 9-1:11.106: device disconnected
[  384.183614][T12684] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1440'.
[  384.186329][T12684] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1440'.
[  384.236504][T12687] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1439'.
[  384.246395][T12687] afs: Unknown parameter 'e�QI@Ss�
�n@"""�#�J�7��t��fd�M����Dx�e����x�)'��5d1�QX!{����+��.���3���`�~d!�m���ث�����3M���3�b/Z˗<��ַ�%��h'
[  384.588742][T12693] syz.2.1442: attempt to access beyond end of device
[  384.588742][T12693] nbd2: rw=4096, sector=2, nr_sectors = 2 limit=0
[  384.592993][T12693] EXT4-fs (nbd2): unable to read superblock
[  385.363436][T12709] syz.1.1446: attempt to access beyond end of device
[  385.363436][T12709] nbd1: rw=4096, sector=2, nr_sectors = 2 limit=0
[  385.367683][T12709] EXT4-fs (nbd1): unable to read superblock
[  385.370480][ T6011] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  385.410150][T12707] blktrace: Concurrent blktraces are not allowed on sg0
[  385.543481][ T6011] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  385.547726][ T6011] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  385.551619][ T6011] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  385.554805][ T6011] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  385.566301][T12699] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  385.578872][ T6011] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  385.999188][T12713] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1448'.
[  386.330172][  T838] usb 9-1: USB disconnect, device number 15
[  387.204650][ T5957] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  387.214238][T12744] lo speed is unknown, defaulting to 1000
[  387.409918][T12731] input: syz0 as /devices/virtual/input/input71
[  387.586068][T12750] lo speed is unknown, defaulting to 1000
[  388.115947][T12765] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  388.171393][ T6011] usb 9-1: new full-speed USB device number 16 using dummy_hcd
[  388.332971][ T6011] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  388.336190][ T6011] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 2
[  388.338930][ T6011] usb 9-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  388.341849][ T6011] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.345967][ T6011] usb 9-1: config 0 descriptor??
[  388.350993][ T6011] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  388.353452][ T6011] dvb-usb: bulk message failed: -22 (3/0)
[  388.363676][ T6011] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  388.370756][ T6011] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  388.375479][ T6011] usb 9-1: media controller created
[  388.378333][ T6011] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  388.384942][ T6011] dvb-usb: bulk message failed: -22 (6/0)
[  388.386898][ T6011] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  388.390588][ T6011] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb9/9-1/input/input72
[  388.397509][ T6011] dvb-usb: schedule remote query interval to 150 msecs.
[  388.399696][ T6011] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  388.564268][   T61] usb 9-1: USB disconnect, device number 16
[  388.599366][T12778] input: syz0 as /devices/virtual/input/input73
[  388.624225][   T61] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  388.750181][T12784] netlink: 'syz.1.1469': attribute type 11 has an invalid length.
[  389.154403][T12792] fuse: Unknown parameter 'f�3�5:qTjtW��v�i���\o�Q�qѼ2���aX}Y����@�a�o`bcW?�Sq��	���?g�t������{�L��厫%z+d�3>2�'
[  389.190315][T12794] tipc: Started in network mode
[  389.192442][T12794] tipc: Node identity 7f000001, cluster identity 4711
[  389.195459][T12794] tipc: Enabled bearer <udp:syz2>, priority 10
[  389.251494][  T838] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  389.404250][  T838] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  389.408124][  T838] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  389.411516][  T838] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  389.415148][  T838] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  389.419659][T12790] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  389.424435][  T838] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  389.771610][ T5985] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[  389.940613][ T5985] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  389.945326][ T5985] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  389.949663][ T5985] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  389.953925][ T5985] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  389.970082][T12801] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  389.992040][ T5985] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  390.211518][   T10] tipc: Node number set to 2130706433
[  391.680656][T10816] usb 7-1: USB disconnect, device number 41
[  392.053873][  T838] usb 6-1: USB disconnect, device number 38
[  392.159000][ T5984] IPVS: starting estimator thread 0...
[  392.177120][T12826] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  392.177256][T12831] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  392.186526][T12831] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  392.272742][T12828] IPVS: using max 44 ests per chain, 105600 per kthread
[  392.421382][  T838] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  392.571539][  T838] usb 6-1: Using ep0 maxpacket: 8
[  392.575730][  T838] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  392.579756][  T838] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  392.584104][  T838] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  392.588553][  T838] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  392.594248][  T838] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  392.598033][  T838] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.751425][ T6029] usb 7-1: new high-speed USB device number 42 using dummy_hcd
[  392.806923][  T838] usb 6-1: GET_CAPABILITIES returned 0
[  392.808780][  T838] usbtmc 6-1:16.0: can't read capabilities
[  392.904861][ T6029] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  392.908667][ T6029] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  392.911974][ T6029] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  392.914943][ T6029] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.920391][T12843] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  392.925773][ T6029] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  393.007991][ T6029] usb 6-1: USB disconnect, device number 39
[  394.135933][T12872] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  394.139777][T12872] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  394.268770][   T40] audit: type=1326 audit(2000000617.527:30207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12880 comm="syz.3.1494" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  394.286261][   T40] audit: type=1326 audit(2000000617.547:30208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12880 comm="syz.3.1494" exe="/syz-executor" sig=0 arch=40000003 syscall=321 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  394.374220][   T40] audit: type=1326 audit(2000000617.547:30209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12880 comm="syz.3.1494" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  394.381035][   T40] audit: type=1326 audit(2000000617.547:30210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12880 comm="syz.3.1494" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  394.387915][   T40] audit: type=1326 audit(2000000617.547:30211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12880 comm="syz.3.1494" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  394.394490][   T40] audit: type=1326 audit(2000000617.547:30212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12880 comm="syz.3.1494" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  394.400864][   T40] audit: type=1326 audit(2000000617.547:30213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12880 comm="syz.3.1494" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  394.407723][   T40] audit: type=1326 audit(2000000617.547:30214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12880 comm="syz.3.1494" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  394.414563][   T40] audit: type=1326 audit(2000000617.547:30215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12880 comm="syz.3.1494" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  394.421199][   T40] audit: type=1326 audit(2000000617.547:30216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12880 comm="syz.3.1494" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000
[  394.867499][   T24] usb 7-1: USB disconnect, device number 42
[  395.408961][T12896] syz.1.1492: attempt to access beyond end of device
[  395.408961][T12896] nbd1: rw=4096, sector=2, nr_sectors = 2 limit=0
[  395.413216][T12896] EXT4-fs (nbd1): unable to read superblock
[  395.477668][T12898] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1495'.
[  395.482233][T12898] netlink: 'syz.4.1495': attribute type 1 has an invalid length.
[  395.486560][T12898] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1495'.
[  395.525718][T12898] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1495'.
[  395.646401][T12906] netlink: 216 bytes leftover after parsing attributes in process `syz.1.1498'.
[  395.649387][T12906] netlink: 216 bytes leftover after parsing attributes in process `syz.1.1498'.
[  395.709355][T12910] netlink: 'syz.1.1499': attribute type 11 has an invalid length.
[  396.686434][T12932] blktrace: Concurrent blktraces are not allowed on sg0
[  396.745705][T12938] netlink: 216 bytes leftover after parsing attributes in process `syz.4.1507'.
[  396.749621][T12938] netlink: 216 bytes leftover after parsing attributes in process `syz.4.1507'.
[  396.871509][ T6011] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  397.052817][ T6011] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  397.056361][ T6011] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  397.059469][ T6011] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  397.063187][ T6011] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.069045][T12920] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  397.073905][ T6011] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  398.353668][   T10] usb 6-1: USB disconnect, device number 40
[  398.902394][T12960] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1515'.
[  398.918668][T12961] sp0: Synchronizing with TNC
[  398.945807][T12961] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1514'.
[  400.820963][T12991] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2
[  401.022961][T12997] sp0: Synchronizing with TNC
[  401.036835][T12997] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1525'.
[  401.091477][   T10] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[  402.152718][   T10] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  402.156406][   T10] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  402.159458][   T10] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  402.162354][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.166665][T12993] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  402.172785][   T10] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  402.335334][T13009] lo speed is unknown, defaulting to 1000
[  402.711481][  T838] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  402.873972][  T838] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  402.877649][  T838] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  402.880777][  T838] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  402.881445][ T5952] Bluetooth: hci4: command 0x1003 tx timeout
[  402.887188][  T838] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.893351][T13013] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  402.898790][  T838] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  402.931467][ T5957] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  402.997943][T13016] fuse: Unknown parameter 'f�3�5:qTjtW��v�i���\o�Q�qѼ2���aX}Y����@�a�o`bcW?�Sq��	���?g�t������{�L��厫%z+d�3>2�'
[  403.860749][   T10] usb 7-1: USB disconnect, device number 43
[  404.131638][T13032] can0: slcan on ptm0.
[  404.191765][T13031] can0 (unregistered): slcan off ptm0.
[  404.507020][T13040] syz.4.1539: attempt to access beyond end of device
[  404.507020][T13040] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0
[  404.511132][T13040] EXT4-fs (nbd4): unable to read superblock
[  405.632247][  T838] usb 6-1: USB disconnect, device number 41
[  405.713959][T13049] lo speed is unknown, defaulting to 1000
[  406.305203][T13065] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1546'.
[  406.676869][   T40] kauditd_printk_skb: 77 callbacks suppressed
[  406.676881][   T40] audit: type=1326 audit(2000000629.917:30294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13068 comm="syz.2.1547" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  406.721802][   T40] audit: type=1326 audit(2000000629.917:30295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13068 comm="syz.2.1547" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  406.755732][   T40] audit: type=1326 audit(2000000629.917:30296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13068 comm="syz.2.1547" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  406.767455][   T40] audit: type=1326 audit(2000000629.917:30297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13068 comm="syz.2.1547" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  406.778779][   T40] audit: type=1326 audit(2000000629.917:30298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13068 comm="syz.2.1547" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  406.798086][   T40] audit: type=1326 audit(2000000629.917:30299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13068 comm="syz.2.1547" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  406.823791][   T40] audit: type=1326 audit(2000000629.927:30300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13068 comm="syz.2.1547" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  406.842229][   T40] audit: type=1326 audit(2000000629.927:30301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13068 comm="syz.2.1547" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  406.852418][T13070] e1000e 0000:00:02.0 eth1: NIC Link is Down
[  406.854748][   T40] audit: type=1326 audit(2000000629.927:30302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13068 comm="syz.2.1547" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  406.869250][   T40] audit: type=1326 audit(2000000629.927:30303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13068 comm="syz.2.1547" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  407.127309][T13096] lo speed is unknown, defaulting to 1000
[  407.368694][T13113] lo speed is unknown, defaulting to 1000
[  407.481428][   T10] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  407.720034][T13128] tmpfs: Unknown parameter 'nr_in�Q'
[  407.843261][   T10] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  407.846418][   T10] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  407.849628][   T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  407.852482][   T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  407.855898][   T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  407.861029][   T10] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  407.864097][   T10] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  407.866767][   T10] usb 6-1: Product: syz
[  407.868175][   T10] usb 6-1: Manufacturer: syz
[  407.875200][   T10] cdc_wdm 6-1:1.0: skipping garbage
[  407.876997][   T10] cdc_wdm 6-1:1.0: skipping garbage
[  407.880159][   T10] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  407.882686][   T10] cdc_wdm 6-1:1.0: Unknown control protocol
[  409.352141][T13175] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  409.355484][T13175] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  409.627222][T13178] netlink: 'syz.3.1561': attribute type 11 has an invalid length.
[  410.186787][T13193] lo speed is unknown, defaulting to 1000
[  410.239718][   T24] usb 6-1: USB disconnect, device number 42
[  410.620414][T13203] syz.3.1566: attempt to access beyond end of device
[  410.620414][T13203] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  410.624734][T13203] EXT4-fs (nbd3): unable to read superblock
[  411.394055][T13219] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1568'.
[  411.403506][T13208] syz.2.1567: attempt to access beyond end of device
[  411.403506][T13208] nbd2: rw=4096, sector=2, nr_sectors = 2 limit=0
[  411.408298][T13208] EXT4-fs (nbd2): unable to read superblock
[  411.429095][T13223] Invalid source name
[  411.431447][T13224] Invalid source name
[  411.651211][T13231] tmpfs: Unknown parameter 'nr_in�Q'
[  411.706277][T13233] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1573'.
[  412.314522][T13243] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1576'.
[  412.486682][T13248] fuse: Unknown parameter 'grou00000000000000000000'
[  412.492496][T13248] fuse: Unknown parameter 'f�3�5:qTjtW��v�i���\o�Q�qѼ2���aX}Y����@�a�o`bcW?�Sq��	���?g�t������{�L��厫%z+d�3>2�'
[  412.548549][T13254] netlink: 'syz.4.1580': attribute type 10 has an invalid length.
[  412.849707][T13262] netlink: 'syz.3.1581': attribute type 11 has an invalid length.
[  412.852346][T13262] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1581'.
[  413.231886][T13273] syz.4.1583: attempt to access beyond end of device
[  413.231886][T13273] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0
[  413.236191][T13273] EXT4-fs (nbd4): unable to read superblock
[  413.730708][T13291] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  413.734629][T13291] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  413.789011][T13294] FAULT_INJECTION: forcing a failure.
[  413.789011][T13294] name failslab, interval 1, probability 0, space 0, times 0
[  413.794743][T13294] CPU: 3 UID: 0 PID: 13294 Comm: syz.1.1590 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  413.794764][T13294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  413.794775][T13294] Call Trace:
[  413.794780][T13294]  <TASK>
[  413.794786][T13294]  dump_stack_lvl+0x16c/0x1f0
[  413.794817][T13294]  should_fail_ex+0x512/0x640
[  413.794845][T13294]  should_failslab+0xc2/0x120
[  413.794885][T13294]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  413.794911][T13294]  ? lock_acquire+0x179/0x350
[  413.794930][T13294]  ? __alloc_skb+0x2b2/0x380
[  413.794958][T13294]  __alloc_skb+0x2b2/0x380
[  413.794981][T13294]  ? __pfx___alloc_skb+0x10/0x10
[  413.795009][T13294]  ? __sock_queue_rcv_skb+0x582/0xa80
[  413.795029][T13294]  create_monitor_event+0x61/0x8e0
[  413.795045][T13294]  ? sock_queue_rcv_skb_reason+0x7d/0xe0
[  413.795062][T13294]  hci_sock_bind+0x1110/0x14c0
[  413.795086][T13294]  ? __pfx_hci_sock_bind+0x10/0x10
[  413.795110][T13294]  __sys_bind+0x1a7/0x260
[  413.795133][T13294]  ? __pfx___sys_bind+0x10/0x10
[  413.795150][T13294]  ? __fget_files+0x20e/0x3c0
[  413.795182][T13294]  ? __pfx_ksys_write+0x10/0x10
[  413.795210][T13294]  __ia32_sys_bind+0x71/0xb0
[  413.795230][T13294]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  413.795256][T13294]  __do_fast_syscall_32+0x7c/0x3a0
[  413.795273][T13294]  do_fast_syscall_32+0x32/0x80
[  413.795288][T13294]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  413.795309][T13294] RIP: 0023:0xf7f53579
[  413.795321][T13294] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  413.795337][T13294] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000169
[  413.795352][T13294] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040
[  413.795363][T13294] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000000
[  413.795372][T13294] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  413.795380][T13294] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  413.795391][T13294] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  413.795413][T13294]  </TASK>
[  413.820902][T13289] input: syz0 as /devices/virtual/input/input74
[  413.916863][T13295] tmpfs: Unknown parameter 'nr_in�Q'
[  414.077183][T13300] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  414.079823][T13300] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  414.086655][T13300] vhci_hcd vhci_hcd.0: Device attached
[  414.091057][T13300] netlink: 'syz.1.1592': attribute type 1 has an invalid length.
[  414.094184][T13300] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1592'.
[  414.099981][T13302] vhci_hcd: connection closed
[  414.103570][   T85] vhci_hcd: stop threads
[  414.106664][   T85] vhci_hcd: release socket
[  414.108111][   T85] vhci_hcd: disconnect device
[  414.838027][   T85] Bluetooth: hci4: Frame reassembly failed (-84)
[  414.848676][T13319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  415.097827][T13324] syz.2.1598: attempt to access beyond end of device
[  415.097827][T13324] nbd2: rw=4096, sector=2, nr_sectors = 2 limit=0
[  415.102230][T13324] EXT4-fs (nbd2): unable to read superblock
[  415.491255][T13335] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1603'.
[  415.981416][ T6029] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[  416.131437][ T6029] usb 7-1: Using ep0 maxpacket: 8
[  416.135178][ T6029] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  416.138781][ T6029] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  416.144879][ T6029] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  416.152769][ T6029] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  416.158709][ T6029] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  416.169015][ T6029] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.381549][ T6029] usb 7-1: GET_CAPABILITIES returned 0
[  416.383942][ T6029] usbtmc 7-1:16.0: can't read capabilities
[  416.760439][ T6029] usb 7-1: USB disconnect, device number 44
[  416.881413][ T5952] Bluetooth: hci4: command 0x1003 tx timeout
[  416.883930][ T5957] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  417.085594][T13359] fuse: Unknown parameter 'group_i00000000000000000000'
[  417.088683][T13359] fuse: Unknown parameter 'f�3�5:qTjtW��v�i���\o�Q�qѼ2���aX}Y����@�a�o`bcW?�Sq��	���?g�t������{�L��厫%z+d�3>2�'
[  417.159165][T13360] lo speed is unknown, defaulting to 1000
[  417.374852][T13370] syz.4.1613: attempt to access beyond end of device
[  417.374852][T13370] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0
[  417.379025][T13370] EXT4-fs (nbd4): unable to read superblock
[  417.686280][T13374] lo speed is unknown, defaulting to 1000
[  417.951380][   T10] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  418.012142][T13381] input: syz1 as /devices/virtual/input/input75
[  418.113121][   T10] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  418.121402][   T10] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  418.125535][   T10] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  418.136962][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.197320][T13393] Invalid logical block size (16646144)
[  418.304072][T13376] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  418.307945][   T10] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  418.445797][T13400] syz.4.1619: attempt to access beyond end of device
[  418.445797][T13400] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0
[  418.449997][T13400] EXT4-fs (nbd4): unable to read superblock
[  418.481504][  T838] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[  418.959369][  T838] usb 7-1: Using ep0 maxpacket: 8
[  418.964681][  T838] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  418.967779][  T838] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  418.970755][  T838] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  419.008175][  T838] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  419.021081][  T838] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  419.025285][  T838] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.233763][  T838] usb 7-1: GET_CAPABILITIES returned 0
[  419.235666][  T838] usbtmc 7-1:16.0: can't read capabilities
[  419.435084][    C3] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  419.440403][  T838] usb 7-1: USB disconnect, device number 45
[  420.746529][T13455] lo speed is unknown, defaulting to 1000
[  420.768761][   T10] usb 6-1: USB disconnect, device number 43
[  422.092665][T13523] input: syz0 as /devices/virtual/input/input76
[  422.304759][T13538] bridge0: port 3(syz_tun) entered blocking state
[  422.307139][T13538] bridge0: port 3(syz_tun) entered disabled state
[  422.309776][T13538] syz_tun: entered allmulticast mode
[  422.322278][T13538] syz_tun: entered promiscuous mode
[  422.322999][T13538] bridge0: port 3(syz_tun) entered blocking state
[  422.323153][T13538] bridge0: port 3(syz_tun) entered forwarding state
[  422.340976][T13537] tmpfs: Unknown parameter 'nr_in�QDn��'
[  423.968188][  T838] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  424.499024][T13593] lo speed is unknown, defaulting to 1000
[  424.612879][  T838] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  424.616330][  T838] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  424.631440][  T838] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  424.634366][  T838] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.643348][T13567] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  424.647806][  T838] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  424.963144][T13606] input: syz0 as /devices/virtual/input/input78
[  425.761230][T13628] tmpfs: Unknown parameter 'nr_in�QDn��4'
[  425.922452][  T838] usb 6-1: USB disconnect, device number 44
[  426.520329][T13652] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  426.795195][T13668] lo speed is unknown, defaulting to 1000
[  427.063783][T13673] tmpfs: Unknown parameter 'nr_in�QDn��4'
[  427.531927][   T47] Bluetooth: hci4: Frame reassembly failed (-84)
[  427.533959][   T47] Bluetooth: hci4: Frame reassembly failed (-84)
[  427.535981][   T46] Bluetooth: hci4: Frame reassembly failed (-84)
[  427.541920][T13679] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  428.087098][T13685] lo speed is unknown, defaulting to 1000
[  428.794427][T13694] binder: 13693:13694 ioctl c0306201 80000080 returned -14
[  429.120029][T13704] syz.1.1694: attempt to access beyond end of device
[  429.120029][T13704] nbd1: rw=4096, sector=2, nr_sectors = 2 limit=0
[  429.125124][T13704] EXT4-fs (nbd1): unable to read superblock
[  429.602311][ T5952] Bluetooth: hci4: command 0x1003 tx timeout
[  429.602491][ T5957] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  429.782507][T13723] lo speed is unknown, defaulting to 1000
[  429.938836][T13729] blktrace: Concurrent blktraces are not allowed on sg0
[  430.222540][T13739] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1700'.
[  430.299565][T13739] bridge2: port 1(ip6gretap1) entered blocking state
[  430.301923][T13739] bridge2: port 1(ip6gretap1) entered disabled state
[  430.304142][T13739] ip6gretap1: entered allmulticast mode
[  430.306645][T13739] ip6gretap1: entered promiscuous mode
[  430.547286][   T40] kauditd_printk_skb: 22 callbacks suppressed
[  430.547299][   T40] audit: type=1326 audit(2000000653.807:30326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13750 comm="syz.2.1703" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x0
[  430.761452][  T838] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  430.924737][  T838] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  430.929011][  T838] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  430.932160][  T838] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  430.935017][  T838] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.944239][T13756] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  430.945785][T13767] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  430.948706][  T838] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  430.952176][T13767] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  431.349053][T13779] team0: Device gtp0 is up. Set it down before adding it as a team port
[  431.724701][T13791] netlink: 'syz.2.1709': attribute type 9 has an invalid length.
[  431.935353][T13796] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1710'.
[  432.466236][T13814] lo speed is unknown, defaulting to 1000
[  432.939162][T13820] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1714'.
[  433.248620][T13824] random: crng reseeded on system resumption
[  433.332842][ T6029] usb 9-1: USB disconnect, device number 17
[  433.381534][T13827] blktrace: Concurrent blktraces are not allowed on sg0
[  433.500673][T13830] IPVS: sync thread started: state = MASTER, mcast_ifn = sit0, syncid = 0, id = 0
[  433.915559][T13840] lo speed is unknown, defaulting to 1000
[  433.941418][ T6029] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  434.101451][ T6029] usb 6-1: Using ep0 maxpacket: 8
[  434.109398][ T6029] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  434.116270][ T6029] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  434.119722][ T6029] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  434.123278][ T6029] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  434.127726][ T6029] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  434.135646][ T6029] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  434.185779][T13857] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1721'.
[  434.189546][T13857] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1721'.
[  434.347620][ T6029] usb 6-1: GET_CAPABILITIES returned 0
[  434.349499][ T6029] usbtmc 6-1:16.0: can't read capabilities
[  434.551547][    T9] usb 6-1: USB disconnect, device number 45
[  435.119449][T13895] bridge_slave_0: left allmulticast mode
[  435.121485][T13895] bridge_slave_0: left promiscuous mode
[  435.124380][T13895] bridge0: port 1(bridge_slave_0) entered disabled state
[  435.132803][T13895] bridge_slave_1: left allmulticast mode
[  435.135262][T13895] bridge_slave_1: left promiscuous mode
[  435.137806][T13895] bridge0: port 2(bridge_slave_1) entered disabled state
[  435.148684][T13895] bond0: (slave bond_slave_0): Releasing backup interface
[  435.154388][T13895] bond0: (slave bond_slave_1): Releasing backup interface
[  435.189394][T13895] team0: Port device team_slave_0 removed
[  435.196806][T13895] team0: Port device team_slave_1 removed
[  435.199034][T13895] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  435.202277][T13895] batman_adv: batadv0: Removing interface: batadv_slave_0
[  435.205498][T13898] netlink: 'syz.1.1728': attribute type 10 has an invalid length.
[  435.206123][T13895] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  435.232050][T13895] batman_adv: batadv0: Removing interface: batadv_slave_1
[  435.241955][T13895] bond1: (slave vxcan3): Releasing backup interface
[  435.244038][T13895] vxcan3: left promiscuous mode
[  435.258937][ T1139] tipc: Resetting bearer <eth:team0>
[  435.276755][T13898] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  435.511747][ T6029] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  435.591427][  T838] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  435.610200][T13906] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  435.737273][ T6029] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  435.740771][ T6029] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  435.744629][ T6029] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  435.747755][ T6029] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  435.754633][T13901] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  435.763850][ T6029] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  435.768204][  T838] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  435.772108][  T838] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  435.775135][  T838] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  435.777895][  T838] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  435.786808][T13904] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  435.795429][  T838] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  435.939365][T13912] syz.3.1732: attempt to access beyond end of device
[  435.939365][T13912] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  435.943591][T13912] EXT4-fs (nbd3): unable to read superblock
[  438.336952][    T9] usb 9-1: USB disconnect, device number 18
[  438.411513][  T838] usb 6-1: USB disconnect, device number 46
[  438.460880][T13922] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  438.535906][ T5957] Bluetooth: hci2: unexpected event for opcode 0x2024
[  438.564210][T13932] blktrace: Concurrent blktraces are not allowed on sg0
[  439.126574][T13950] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  439.444834][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  440.881487][ T1421] ==================================================================
[  440.884030][ T1421] BUG: KASAN: slab-use-after-free in handle_tx+0x5dc/0x630
[  440.886270][ T1421] Read of size 1 at addr ffff88802aa34490 by task aoe_tx0/1421
[  440.889286][ T1421] 
[  440.890519][ T1421] CPU: 2 UID: 0 PID: 1421 Comm: aoe_tx0 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  440.890534][ T1421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  440.890541][ T1421] Call Trace:
[  440.890547][ T1421]  <TASK>
[  440.890552][ T1421]  dump_stack_lvl+0x116/0x1f0
[  440.890571][ T1421]  print_report+0xcd/0x680
[  440.890582][ T1421]  ? __virt_addr_valid+0x81/0x610
[  440.890593][ T1421]  ? __phys_addr+0xe8/0x180
[  440.890603][ T1421]  ? handle_tx+0x5dc/0x630
[  440.890612][ T1421]  kasan_report+0xe0/0x110
[  440.890640][ T1421]  ? handle_tx+0x5dc/0x630
[  440.890651][ T1421]  handle_tx+0x5dc/0x630
[  440.890662][ T1421]  dev_hard_start_xmit+0x94/0x740
[  440.890678][ T1421]  __dev_queue_xmit+0x7eb/0x43e0
[  440.890694][ T1421]  ? finish_task_switch.isra.0+0x221/0xc10
[  440.890705][ T1421]  ? rcu_is_watching+0x12/0xc0
[  440.890715][ T1421]  ? __pfx___dev_queue_xmit+0x10/0x10
[  440.890730][ T1421]  ? __lock_acquire+0xb8a/0x1c90
[  440.890743][ T1421]  ? __lock_acquire+0xb8a/0x1c90
[  440.890757][ T1421]  ? do_raw_spin_lock+0x12c/0x2b0
[  440.890774][ T1421]  ? rcu_is_watching+0x12/0xc0
[  440.890785][ T1421]  tx+0xcc/0x190
[  440.890796][ T1421]  ? __pfx_tx+0x10/0x10
[  440.890810][ T1421]  kthread+0x1e1/0x3e0
[  440.890820][ T1421]  ? find_held_lock+0x2b/0x80
[  440.890831][ T1421]  ? __pfx_kthread+0x10/0x10
[  440.890841][ T1421]  ? __pfx_default_wake_function+0x10/0x10
[  440.890851][ T1421]  ? lockdep_hardirqs_on+0x7c/0x110
[  440.890866][ T1421]  ? __kthread_parkme+0x19e/0x250
[  440.890878][ T1421]  ? __pfx_kthread+0x10/0x10
[  440.890887][ T1421]  kthread+0x3c2/0x780
[  440.890901][ T1421]  ? __pfx_kthread+0x10/0x10
[  440.890914][ T1421]  ? rcu_is_watching+0x12/0xc0
[  440.890924][ T1421]  ? __pfx_kthread+0x10/0x10
[  440.890937][ T1421]  ret_from_fork+0x5d4/0x6f0
[  440.890951][ T1421]  ? __pfx_kthread+0x10/0x10
[  440.890964][ T1421]  ret_from_fork_asm+0x1a/0x30
[  440.890978][ T1421]  </TASK>
[  440.890982][ T1421] 
[  440.950354][ T1421] Allocated by task 13938:
[  440.951797][ T1421]  kasan_save_stack+0x33/0x60
[  440.953293][ T1421]  kasan_save_track+0x14/0x30
[  440.954794][ T1421]  __kasan_kmalloc+0xaa/0xb0
[  440.956259][ T1421]  alloc_tty_struct+0x96/0x8c0
[  440.957779][ T1421]  tty_init_dev.part.0+0x1e/0x500
[  440.959374][ T1421]  tty_open+0xa50/0xf90
[  440.960684][ T1421]  chrdev_open+0x231/0x6a0
[  440.962104][ T1421]  do_dentry_open+0x744/0x1c10
[  440.963615][ T1421]  vfs_open+0x82/0x3f0
[  440.964905][ T1421]  path_openat+0x1de4/0x2cb0
[  440.966368][ T1421]  do_filp_open+0x20b/0x470
[  440.967838][ T1421]  do_sys_openat2+0x11b/0x1d0
[  440.969321][ T1421]  __ia32_compat_sys_openat+0x16d/0x210
[  440.971078][ T1421]  __do_fast_syscall_32+0x7c/0x3a0
[  440.972669][ T1421]  do_fast_syscall_32+0x32/0x80
[  440.974188][ T1421]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  440.976175][ T1421] 
[  440.976957][ T1421] Freed by task 6011:
[  440.978222][ T1421]  kasan_save_stack+0x33/0x60
[  440.979716][ T1421]  kasan_save_track+0x14/0x30
[  440.981218][ T1421]  kasan_save_free_info+0x3b/0x60
[  440.982812][ T1421]  __kasan_slab_free+0x51/0x70
[  440.984324][ T1421]  kfree+0x2b4/0x4d0
[  440.985569][ T1421]  process_one_work+0x9cf/0x1b70
[  440.987154][ T1421]  worker_thread+0x6c8/0xf10
[  440.988628][ T1421]  kthread+0x3c2/0x780
[  440.989922][ T1421]  ret_from_fork+0x5d4/0x6f0
[  440.991428][ T1421]  ret_from_fork_asm+0x1a/0x30
[  440.992942][ T1421] 
[  440.993710][ T1421] Last potentially related work creation:
[  440.995487][ T1421]  kasan_save_stack+0x33/0x60
[  440.996989][ T1421]  kasan_record_aux_stack+0xa7/0xc0
[  440.998658][ T1421]  insert_work+0x36/0x230
[  441.000027][ T1421]  __queue_work+0x97e/0x10f0
[  441.001490][ T1421]  queue_work_on+0x1a4/0x1f0
[  441.002965][ T1421]  release_tty+0x4de/0x5d0
[  441.004375][ T1421]  tty_release_struct+0xb7/0xe0
[  441.005910][ T1421]  tty_release+0xe2d/0x1430
[  441.007361][ T1421]  __fput+0x402/0xb70
[  441.008637][ T1421]  task_work_run+0x150/0x240
[  441.010099][ T1421]  exit_to_user_mode_loop+0xeb/0x110
[  441.011773][ T1421]  __do_fast_syscall_32+0x2ac/0x3a0
[  441.013409][ T1421]  do_fast_syscall_32+0x32/0x80
[  441.014951][ T1421]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  441.016940][ T1421] 
[  441.017712][ T1421] The buggy address belongs to the object at ffff88802aa34000
[  441.017712][ T1421]  which belongs to the cache kmalloc-cg-2k of size 2048
[  441.022125][ T1421] The buggy address is located 1168 bytes inside of
[  441.022125][ T1421]  freed 2048-byte region [ffff88802aa34000, ffff88802aa34800)
[  441.026373][ T1421] 
[  441.027163][ T1421] The buggy address belongs to the physical page:
[  441.029161][ T1421] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802aa30000 pfn:0x2aa30
[  441.032261][ T1421] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  441.034868][ T1421] memcg:ffff8880281e2b81
[  441.036207][ T1421] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  441.038698][ T1421] page_type: f5(slab)
[  441.039965][ T1421] raw: 00fff00000000040 ffff88801b44c140 0000000000000000 dead000000000001
[  441.042638][ T1421] raw: ffff88802aa30000 0000000000080007 00000000f5000000 ffff8880281e2b81
[  441.045288][ T1421] head: 00fff00000000040 ffff88801b44c140 0000000000000000 dead000000000001
[  441.047986][ T1421] head: ffff88802aa30000 0000000000080007 00000000f5000000 ffff8880281e2b81
[  441.050662][ T1421] head: 00fff00000000003 ffffea0000aa8c01 00000000ffffffff 00000000ffffffff
[  441.053335][ T1421] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  441.056012][ T1421] page dumped because: kasan: bad access detected
[  441.058009][ T1421] page_owner tracks the page as allocated
[  441.059792][ T1421] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 11596, tgid 11584 (syz.3.1210), ts 337261218181, free_ts 337043810596
[  441.066310][ T1421]  post_alloc_hook+0x1c0/0x230
[  441.067863][ T1421]  get_page_from_freelist+0x1321/0x3890
[  441.069579][ T1421]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  441.071444][ T1421]  alloc_pages_mpol+0x1fb/0x550
[  441.072884][ T1421]  new_slab+0x23b/0x330
[  441.074041][ T1421]  ___slab_alloc+0xd9c/0x1940
[  441.075504][ T1421]  __slab_alloc.constprop.0+0x56/0xb0
[  441.077190][ T1421]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[  441.079098][ T1421]  kmemdup_noprof+0x29/0x60
[  441.080470][ T1421]  neigh_sysctl_register+0xb2/0x670
[  441.082077][ T1421]  addrconf_sysctl_register+0xb9/0x1f0
[  441.083789][ T1421]  ipv6_add_dev+0xb39/0x15f0
[  441.085248][ T1421]  addrconf_notify+0x53e/0x19e0
[  441.086791][ T1421]  notifier_call_chain+0xbc/0x410
[  441.088397][ T1421]  call_netdevice_notifiers_info+0xbe/0x140
[  441.090247][ T1421]  register_netdevice+0x182e/0x2270
[  441.091887][ T1421] page last free pid 13 tgid 13 stack trace:
[  441.093746][ T1421]  __free_frozen_pages+0x7fe/0x1180
[  441.095389][ T1421]  __folio_put+0x329/0x450
[  441.096809][ T1421]  skb_release_data+0x7fb/0x9c0
[  441.098348][ T1421]  __kfree_skb+0x4f/0x70
[  441.099693][ T1421]  tcp_write_queue_purge+0x18d/0xd80
[  441.101349][ T1421]  tcp_done_with_error+0x4f/0xc0
[  441.102915][ T1421]  tcp_retransmit_timer+0x22f7/0x3ef0
[  441.104591][ T1421]  tcp_write_timer_handler+0x56f/0xaa0
[  441.106292][ T1421]  tcp_write_timer+0x157/0x2f0
[  441.107829][ T1421]  call_timer_fn+0x197/0x620
[  441.109286][ T1421]  __run_timers+0x6ef/0x960
[  441.110724][ T1421]  run_timer_base+0x114/0x190
[  441.112214][ T1421]  run_timer_softirq+0x1a/0x40
[  441.113703][ T1421]  handle_softirqs+0x219/0x8e0
[  441.115211][ T1421]  __irq_exit_rcu+0x109/0x170
[  441.116687][ T1421]  irq_exit_rcu+0x9/0x30
[  441.118040][ T1421] 
[  441.118820][ T1421] Memory state around the buggy address:
[  441.120553][ T1421]  ffff88802aa34380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  441.122926][ T1421]  ffff88802aa34400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  441.125408][ T1421] >ffff88802aa34480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  441.127915][ T1421]                          ^
[  441.129367][ T1421]  ffff88802aa34500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  441.131876][ T1421]  ffff88802aa34580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  441.134327][ T1421] ==================================================================
[  441.137652][    C2] hpet: Lost 15 RTC interrupts
[  441.139899][ T1421] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  441.142111][ T1421] CPU: 2 UID: 0 PID: 1421 Comm: aoe_tx0 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  441.145703][ T1421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  441.149044][ T1421] Call Trace:
[  441.150107][ T1421]  <TASK>
[  441.151083][ T1421]  dump_stack_lvl+0x3d/0x1f0
[  441.152546][ T1421]  panic+0x71c/0x800
[  441.153794][ T1421]  ? __pfx_panic+0x10/0x10
[  441.155219][ T1421]  ? irqentry_exit+0x3b/0x90
[  441.156680][ T1421]  ? lockdep_hardirqs_on+0x7c/0x110
[  441.158323][ T1421]  ? handle_tx+0x5dc/0x630
[  441.159745][ T1421]  ? check_panic_on_warn+0x1f/0xb0
[  441.161388][ T1421]  ? handle_tx+0x5dc/0x630
[  441.162806][ T1421]  check_panic_on_warn+0xab/0xb0
[  441.164366][ T1421]  end_report+0x107/0x170
[  441.165738][ T1421]  kasan_report+0xee/0x110
[  441.167163][ T1421]  ? handle_tx+0x5dc/0x630
[  441.168584][ T1421]  handle_tx+0x5dc/0x630
[  441.169920][ T1421]  dev_hard_start_xmit+0x94/0x740
[  441.171543][ T1421]  __dev_queue_xmit+0x7eb/0x43e0
[  441.173099][ T1421]  ? finish_task_switch.isra.0+0x221/0xc10
[  441.174922][ T1421]  ? rcu_is_watching+0x12/0xc0
[  441.176421][ T1421]  ? __pfx___dev_queue_xmit+0x10/0x10
[  441.178111][ T1421]  ? __lock_acquire+0xb8a/0x1c90
[  441.179698][ T1421]  ? __lock_acquire+0xb8a/0x1c90
[  441.181281][ T1421]  ? do_raw_spin_lock+0x12c/0x2b0
[  441.182875][ T1421]  ? rcu_is_watching+0x12/0xc0
[  441.184380][ T1421]  tx+0xcc/0x190
[  441.185525][ T1421]  ? __pfx_tx+0x10/0x10
[  441.186852][ T1421]  kthread+0x1e1/0x3e0
[  441.188163][ T1421]  ? find_held_lock+0x2b/0x80
[  441.189644][ T1421]  ? __pfx_kthread+0x10/0x10
[  441.191143][ T1421]  ? __pfx_default_wake_function+0x10/0x10
[  441.192961][ T1421]  ? lockdep_hardirqs_on+0x7c/0x110
[  441.194588][ T1421]  ? __kthread_parkme+0x19e/0x250
[  441.196175][ T1421]  ? __pfx_kthread+0x10/0x10
[  441.197640][ T1421]  kthread+0x3c2/0x780
[  441.198949][ T1421]  ? __pfx_kthread+0x10/0x10
[  441.200412][ T1421]  ? rcu_is_watching+0x12/0xc0
[  441.201952][ T1421]  ? __pfx_kthread+0x10/0x10
[  441.203421][ T1421]  ret_from_fork+0x5d4/0x6f0
[  441.204881][ T1421]  ? __pfx_kthread+0x10/0x10
[  441.206260][ T1421]  ret_from_fork_asm+0x1a/0x30
[  441.207722][ T1421]  </TASK>
[  441.209427][ T1421] Kernel Offset: disabled
[  441.210806][ T1421] Rebooting in 86400 seconds..

VM DIAGNOSIS:
22:25:30  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=0000000000000003 RCX=0000000000000002 RDX=ffff88801d69c880
RSI=ffffffff8169e3e1 RDI=ffffffff8bf55a60 RBP=ffff88804ea0e140 RSP=ffffc900001b76a8
R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff90882757 R11=0000000000000001
R12=0000000000000003 R13=0000000000000003 R14=ffff88802b23cd40 R15=ffffed1009d41c28
RIP=ffffffff8b7bd7cf RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097762000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000031fdbffc CR3=000000004aefb000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000b000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000012847d9 RBX=0000000000000001 RCX=ffffffff8b7bec69 RDX=0000000000000000
RSI=ffffffff8dc12cca RDI=ffffffff8bf55a60 RBP=ffffed1003b5c488 RSP=ffffc9000046fdf8
R8 =0000000000000001 R9 =ffffed1005666645 R10=ffff88802b33322b R11=0000000000000001
R12=0000000000000001 R13=ffff88801dae2440 R14=ffffffff90882750 R15=0000000000000000
RIP=ffffffff8b7bd7cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097862000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002f11eff8 CR3=000000004aefb000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0f7349a7ebe87e22 a09df200e88ad371
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2c7174c609831e1c 2fc21eecdcd48e85
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b63d9575fdd5335 a66155efeb35ea2e
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 fa9930f4d93b92b7 d41db1a95780fcdd
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001040
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 010b4567000007c0 6adc00001bab0000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 010b4dc8010c167d 000007e2010c1b9b
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 010b9dca7e8f0000 9d24000069f20000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1d0000007aca0000 000028f4147c0000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 96c4bca7001d8976 48a3bba532425b59
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d66c320afd2eb8c3 ea034a5f78ae12da
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000000005d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8557d3d5 RDI=ffffffff9ae6ca80 RBP=ffffffff9ae6ca40 RSP=ffffc9000797f458
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000032343154
R12=0000000000000000 R13=000000000000005d R14=ffffffff9ae6ca40 R15=ffffffff8557d370
RIP=ffffffff8557d3ff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097962000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000008000f000 CR3=000000000e182000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000931e87 RBX=0000000000000003 RCX=ffffffff8b7bec69 RDX=0000000000000000
RSI=ffffffff8dc12cca RDI=ffffffff8bf55a60 RBP=ffffed10037e1000 RSP=ffffc9000048fdf8
R8 =0000000000000001 R9 =ffffed10056a6645 R10=ffff88802b53322b R11=0000000000000001
R12=0000000000000003 R13=ffff88801bf08000 R14=ffffffff90882750 R15=0000000000000000
RIP=ffffffff8b7bd7cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097a62000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002f500ffc CR3=000000006c42b000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000fff Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d7c57837437159d4 c9d773b1fd553388
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b6ea498017c60f03 f9ef0a796d806bcd
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 31d6177ea411b884 1ced2bce51537277
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 21ea898f347fef59 f800000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 c200000000000000 0000000000000001
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0001020304050607 08090a0b0c0d0e0f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 cda419f600000000 0000001200000001
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ace48a1aca3ab34b ad49c1b16323e409
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8a69b7d80b612c0f 36fd52ff68568ecc
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 45a611187c950d8b ecb7d19d15bb3f62
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7ad43cb4d8aa5154 9a5280ac3e054e45
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 cda419f600000000 0000001200000008
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8779fc74e77d77ee c37ed04c7b3ddee3
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6d51d6d828f7c7c0 5462ca4bb8d51bd6
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8a69b7d80b612c0f 36fd52ff68568ecc
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c200000000000000 0000000000000001 c200000000000000 0000000000000001