last executing test programs:

48.059503987s ago: executing program 3 (id=568):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@getchain={0x24, 0x66, 0x0, 0x3, 0x2000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x8}, {0x0, 0xffff}}}, 0x86}}, 0x400c0)
getsockname$packet(r1, &(0x7f0000000740)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000700)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast2}]}}}]}, 0x48}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x74, 0x10, 0x401, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, 0x0, 0x4}, [@IFLA_LINKINFO={0x54, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x44, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x2}, @IFLA_IPTUN_FLOWINFO={0x8, 0x7, 0x7}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}, @IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_FLAGS={0x8, 0x8, 0x14}, @IFLA_IPTUN_TTL={0x5, 0x4, 0x96}]}}}]}, 0x74}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
syz_usb_connect(0x3, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100008e6a0d32048a1c15dd68f2010203010902120001000000000904720f0002060000246b17a2a332487b697c692ce50b766d1247eb6a1f73852a4c68ae3ee63c68a3dc9be828eb9c4de2420859b4f30e807fc75a0e651b242ddbe7b73756a240ceb8286140cc8e096c318e3e200bf2616e9ce4bafeb0c276f1472147b7435bc198a4233401c8dfc7de196f7fca4dc85ddde23891aa65736625b57bf2ef834133bb3e59adfdc9abc4653a6ea483c2687a2eb58f271c12fdd61da39badbfb8f9a3a316674a44015305a8a77f59d2cec9357b719e19253125f228d0861c69fa617f8163c8f2ef5539378252518e4bf4cfe2a89d1cfd11a248cdeb"], 0x0)
fchdir(r4)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000004900010928bd700018dcdf250a001c00", @ANYRES32, @ANYBLOB="0000000014000100fe80000000000000000000000000001f14000100fe8000000000000000000000000000bb080002"], 0x54}}, 0x0)
r6 = syz_open_procfs(r0, &(0x7f0000000400)='ns\x00')
readlinkat(r6, &(0x7f0000000100)='./mnt\x00', &(0x7f0000000440)=""/163, 0xa3)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x87, <r8=>r7, {0x5}}, '.\x00'})
setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r8, 0x84, 0x19, 0x0, 0xa0)

44.97027379s ago: executing program 3 (id=598):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'bridge_slave_0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@delchain={0x24, 0x64, 0x1, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x0, 0xa}, {}, {0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x4044048}, 0x20004804)
sendmsg$kcm(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="1c00000033000b17d25a80648cffff4003050000452300030e099450e430d324c20fee98fad9f2ed23006592a46d1a0bfd2caec3ac03631c7aaee22ff8fffe928dae451555f05633e87bfed6d7fd5317cea18c11f9550b6de80a7e2b9c081246495af502276bebfb9cd75ca1c4b8c16ee268e155116b7c484511849613305ce59d8a0eebbc5ae39d257da41a3cfe45bfdc84d1aaa81c0d19fcf7b31aa135c58b54ddfca512ae92a01f8628a3d6b17bf8af418934f3d5be0907", 0xb9}], 0x1}, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00')
pread64(r4, &(0x7f0000000080)=""/237, 0xed, 0x0)
r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
sendmsg$inet(r5, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x4000080)
mkdirat(0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', 0xb7)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='efs\x00', 0x0, 0x0)
setrlimit(0x7, &(0x7f0000000000)={0x4, 0x6})
r6 = syz_io_uring_setup(0xcf, &(0x7f0000000480)={0x0, 0x7f82, 0x800, 0x0, 0x34f, 0x0, r4}, 0x0, 0x0)
socket(0x2a, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r7, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000640)={&(0x7f0000000740)=ANY=[@ANYBLOB="70000000051400012dbd7000fcdbdf25080800030002000000080001000200000008000300020f7172060eac373200000008000300020000000800010081000000080003000300000008000100020000000800030000000000080001000200000008000300020000005095c3f1bd9fbef244e97c11f32c52dd67b4140dc9e5951289d2fb7c20fcb8d2ca472df1f575a20000000000d319a4112d92508fc929e5730212d3731e58a419219aa8426d9a575416efe722fbe756d2d51298dc0ff7a5c9206f8d174267192a0660c5e5b875cda2a1b2e2e618ec6b003fb24dd19ae7b6e56e63499c35b42bd2f937adba948a02f60d577698cfa3091203a82419a2b0f49e24de8106403ebee33e96d169545ca03c4bf6c1074d9fbf586a352241ed6a0feb5923443ef5885c0e109232d94b8615371714fecfa487b9d65f0ed1ef2459d9f9de90d48921a600185e26ce5d14d38f8a9dc7e0b821f26843244443920c0a1f79ff106d5d5e3d635d5b085a8ecada780ce9702b9885420423185c77ea283401cfd880c19d00000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
pread64(r0, &(0x7f0000000480)=""/172, 0xac, 0x800)
r8 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
io_setup(0x800, &(0x7f0000000500)=<r9=>0x0)
io_submit(r9, 0x2, &(0x7f00000004c0)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x47, r8, 0x0, 0x0, 0x5, 0x0, 0x2}])
syz_kvm_setup_cpu$x86(r8, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000240)="48b809000000000000000f23d80f21f835400000100f23f80f22900f0098d29f9fbc66430f383b9b030000003ce948b8fc000000000000000f23c80f21f8350000f0000f23f80f01c3b962020000b863d90000ba000000000f30430fc76d27c422f917bc81f4000000", 0x69}], 0x1, 0x30, &(0x7f0000000300)=[@vmwrite={0x8, 0x0, 0x16, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1}, @cr0={0x0, 0x20000003}], 0x2)

44.470790593s ago: executing program 3 (id=600):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
getsockopt(r0, 0x0, 0x5, &(0x7f0000000140)=""/181, &(0x7f0000000000)=0xb5)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYRESOCT, @ANYRES64, @ANYBLOB="44a8", @ANYRESDEC], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r5, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
writev(r5, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x0)
io_setup(0x8, &(0x7f00000002c0))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001440)={0x11, 0xb, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10)
r7 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000040))
ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect={0x5800})

43.440494692s ago: executing program 3 (id=604):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(camellia-generic)\x00'}, 0x58)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = socket$rxrpc(0x21, 0x2, 0x2)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4206, r2)
waitid(0x0, 0x0, 0x0, 0x4, 0x0)
accept4(r0, 0x0, 0x0, 0x0)

43.330855815s ago: executing program 3 (id=605):
getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000f00fc00000018000180140002006e657464657673696d300000000000000800060000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES64=r2], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) (fail_nth: 6)

43.040205982s ago: executing program 3 (id=609):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
ioctl$I2C_PEC(r1, 0x708, 0xffffffffffffffff)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000100)={0x1, 0x2, 0x2, &(0x7f00000000c0)={0x10, "fe385d991361090495d58c490b6a1ffd1b5343fba6170247e804aefad6fdbba137"}})
ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000040)={0x9, 0x7, 0x8})
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000700)=0x13)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x5)

42.949895544s ago: executing program 32 (id=609):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
ioctl$I2C_PEC(r1, 0x708, 0xffffffffffffffff)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000100)={0x1, 0x2, 0x2, &(0x7f00000000c0)={0x10, "fe385d991361090495d58c490b6a1ffd1b5343fba6170247e804aefad6fdbba137"}})
ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000040)={0x9, 0x7, 0x8})
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000700)=0x13)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x5)

3.993819602s ago: executing program 2 (id=796):
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
io_setup(0x19, &(0x7f00000009c0)=<r4=>0x0)
io_cancel(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffff6f, 0x0, 0x3}, 0x0)
r5 = dup(r3)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000380)=<r6=>0x0)
syz_io_uring_setup(0x5e2, &(0x7f00000003c0), &(0x7f0000000040)=<r7=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r7, r6, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4})
r8 = mq_open(&(0x7f000084dff0)='!sali\x1cqxte&\xac\xe87x\x00', 0x6e93ebbbcc0884f2, 0x12e, &(0x7f0000000300)={0x0, 0x1, 0x7})
mq_timedsend(r8, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r2}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="010300000100fddbdf2526"], 0x14}}, 0x0)
r10 = syz_open_dev$loop(&(0x7f00000000c0), 0x4005, 0x88000)
ioctl$LOOP_CONFIGURE(r10, 0x4c0a, &(0x7f0000001280)={r0, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea80000000000000000000000deff0000000000000000000000000000000800", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}})

3.584355019s ago: executing program 1 (id=799):
socket$inet6_udp(0xa, 0x2, 0x0)
syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x7f, 0xef0, 0x80, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r0 = socket$kcm(0x10, 0x2, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)="c841", 0x2}], 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x10b121)
r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x11)
writev(r2, &(0x7f0000000b00)=[{0x0}], 0x1)
r3 = dup(r1)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1})
io_uring_enter(0xffffffffffffffff, 0x2def, 0x4000, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r4, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10)
recvmmsg(r4, &(0x7f0000002480)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x0, 0x0)

2.955770994s ago: executing program 2 (id=805):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
mprotect(&(0x7f00000ff000/0x14000)=nil, 0x14000, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000040)=@ipv4_delroute={0x24, 0x1a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x80, 0x0, 0x0, 0x2}, [@RTA_IP_PROTO={0x5, 0x1b, 0x3a}]}, 0x24}}, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0x19, 0x20000000, 0x0)
mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='gfs2\x00', 0x10, &(0x7f0000000100)='barrier') (fail_nth: 2)

2.870358923s ago: executing program 4 (id=806):
r0 = syz_open_dev$loop(&(0x7f00000000c0), 0x4005, 0x88000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f040000000000000000008500000005000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180200000200000000000000000000008500000087000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085e100006b0000009500"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket(0x1e, 0x4, 0x0)
r3 = socket(0x1e, 0x2, 0x0)
dup3(r3, r2, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1)

2.799944107s ago: executing program 1 (id=807):
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000000)={0x6, 'ip6tnl0\x00', {}, 0x1})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000040)={0x0, 'macvlan1\x00', {0x1}, 0x8})

2.799575565s ago: executing program 4 (id=808):
r0 = socket$inet(0x2, 0x3, 0x4)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
close(0xffffffffffffffff)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, &(0x7f0000000500)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
syz_emit_ethernet(0x52, &(0x7f0000000000)={@broadcast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a27f2", 0x1c, 0x2c, 0x0, @remote, @local, {[@routing={0x3c, 0x0, 0x0, 0x5}], {{0x8000, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
unshare(0x64000600)
syz_usb_connect(0x3, 0x24, 0x0, 0x0)
ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000200)=&(0x7f0000000180))
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000180), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x40, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000640)={'filter\x00', 0x7, 0x4, 0x3c8, 0x10c, 0x10c, 0x0, 0x2e8, 0x2e8, 0x2e8, 0x4, 0x0, {[{{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @loopback, @loopback, 0x2}}}, {{@uncond, 0xbc, 0xfc}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "53a145c767671fcf0c243d543b9d83f0863f3aac810f97fea80e1b838805"}}, {{@uncond, 0xbc, 0xe0}, @unspec=@NFQUEUE1={0x24, 'NFQUEUE\x00', 0x1, {0x9, 0x7}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x414)
creat(&(0x7f00000002c0)='./file0\x00', 0x6)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500), 0x0, 0x1}}, 0x3c)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
setresuid(0xee00, 0xee00, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='xfrm0\x00', 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000080)=<r4=>0x0)
sendmsg(r0, &(0x7f0000000480)={&(0x7f00000002c0)=@nfc_llcp={0x27, r4, 0xffffffffffffffff, 0x6, 0xa, 0x7, "f3e1dd90a0ba9cbdd7985c55d2fe2eb86b3b6f29da265514103f0bc85d18069ca3543fe3cd2307d7fba63c308904b5647b0779e368d5c5d4cd66d4fa029f3b", 0x35}, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000001340)=ANY=[@ANYBLOB="7800000018010000050000006e9bcf3b2337e4df058ed41fdc9a1366fea5df5fc6ba9753b48c37128dd2eca84a9206654e6e067ac351a1ae3e89c701feb312935c09e2173a36a89dcecd12f90ea3f117d0702b2918f384bc824bd1a52a8bce97c97cab504cc5fd6af0a66a034ff7511de194b479deca00009c0000003a0000003e090000fc071f6c8389e560263bf5bccb342298cc5a88c2c377f615acae59430ca3ac496222f9c0dee50481f0232f7820faf72b533a385b7f9dd76f9af305b773a85b4503d04a05ce0b07c0ee7189c4d00f75b17059e4e3ef07456e91fd407f621be3882444bd2a1c2446d04381fdc87d3dcc6fe257eb2f345c737b1b6043ccacfd1a7feab2c5a9ecff3eec363ef9ce70e621cd0c100000ea0000000f000000c345365a1632fd2f572396c6996ef869d0fc33a2c855c2ce0c93e0e3b886935116d30432e67d6311eaa922f3507500a08eac20d0196d9e1f65cb911374e04dfbd615484627572837b3994f0c42464a720ea17dd45cc8a50e5ad9a84142fd698f83e1d3b6d66f084bb1ecef9bc8c9fbb452dddabbaa0fbb52a7d269b362199b11d53ba77b61d7fcd3b8505ccdc316ca6baeb56712cf95ab778874c180f2519d03c74ca2c1a6e289cceff8bfad64c3f23dab59fc8fc1fde1644070cf6e23c57a01436814794353709bd6c7ad41389b528bef74c11e0bbd39a954fb8a141cf22634005a6101a5a6877ca0f888f316912ac6b920fb392c0b89eee353722775ea19e8c72cfeb60b6131b0841b7affd61711df6bc8fa9ad61eabe0982ce86b94ff43f26c6f380e5f9011f8f829c42aa0e2b6633acb426d8dccad26ce5417bdc28b9838856db2afa538493932cbca37f3d4a607922ac9d57d39e5fa245be3e113a895b8798864ce760a072ed55bd85c54d55972719a1c095e743ed65eaafa938ddf9a6ce07cf6cd40669106234dfdf581f9e217bd26876d79ccc7a23ebb9f541fe0f85f1f279432aac999c6d79bd9ccf7bbf47994c454c12e296b6e2c1633b46a2ff815d678b384528474d779ed1e28b13069274aa68b0d392138751dc6eadcb959954ab643affa7a8b5b1118efef8fcc8f9a8279032aac0773b28f3c8e6a12b8e6a09f772a79e01d1b13ce5c7450b3a7d706fc71eb71bce128857881c79d78c85455de4e4e20e6ca0a7a1f5cb48d2b3740fd5e725622fdb74b904fe42e68bef910c9d8ac2f9fd6bea172ef41ac5aa63b0ca1b56a4dc884e0077a693c1eba227c500b1265b5ac2b2c2338d914c2b53f90e2e727704676cc0386c185297f809d4a088e802818004c0f3bde85f6d2b46172d5cef4b92d056cafc5a2047a3b8dc8e29a695306009cfcf0fa4fd7f3a080dd1bca604b775a677a2a3037741c5a1cb2fc7d65e44bf3b0335d930ed61caae2a081424d423f62f222ede536f5f1c57994adf284c443ff1d567e8f2503e385da6fe2e1699262ce1bc5d08e9040a287fc3bced6ab244cf873ba3bddff7f533f2be2747822d949648564b40f52c35c3f2e09d6131bdf4552106d2ca403b4ce1be6c8a91e5e75fdb8d458c7a43ec830486d227e4f23d683f82bf4b81d1040b82cb5092face3cbbcd92e56e21fd222745d265a7d521e81203348635afeb35b02690625b67b94fe7ed5edbb8abd3431d23d87e0df73984a613c88e359cf34e8537d973d5fd6a0c60596cbb0f1488417b7c29deb54467cd686e3f7daeae9aa9c28d61e6fdb8a3022cc8f646b72fb027dac4f79dc31f124d3bc127771d99f6f0dd3c655af3fdb17d1c4c7ea7e73c32515fa69a8d7227a2465ff65ea609bb9acd833ac65cdb38eeae3e46b934f004829ecdb7f5fa6679ed5e2272623ddf4f9fafe6db8bbb0a5fecfc1fac4abf80dbf52d6f8405e5494a5e264e96a0c939ed648c8e0222a0ac22fa9659588010ae7b8ff14cdbd0b759438b8e0ee01e2815f3b57cd05beb280db65f0c34ead720b11d330df9d2d7d68b007b2df3ca74aea380aa54aa33cfa9f22d1a7fccf6f532e2d6578d2b8b7f6325df678f271d4f8eb72d64d831601a545d9f03d707b1cc89a6aaba40d2b3537590842cc4cf6a56d8a516338c5c31169d8f8f6fbe6234f68d7e26452e7bbe2f89ac0e69c96d779ba918eabd4163f628e0abf1919951933de7af89b24988c53649fb7cd5c40eac413fab952481ce7afca1aacf16fdd9205d299253dbd2713c17448681de1f1e48167844a4f1f1c8d5b5c7b71c7e94d3d8ea04d0e2b6e1658896ab72d0be21ab5abf8088c1b966e81dbe1df96e1e721ab1712de78d4cb398e5ab7d8fd46f4ed65b2de809a0dbbfa9aa72ded56fdcb1baf0ac6b210ef7cf95501fa815686893dbbc268ade91052841ec810f2e1d2e0fc44c20cfff98bce018ad145d1b23db0ec4fe0dc7fd3311a47ed9e7f9f50bb6b76aa452dbf90b19e7dcc84232494fcc7c069a61081b87bec5d3ae03f6706ec0e892624fc4fa92385ac22ea6be62b16771c196bb3c3d595c05550c108ae1654e51a6cc534454ec3dda754c6436e7d57647ad1a21638492c8378162491c376589462d7b67405423d6affde859a1f6029c8f5c189e0bc82d0dae6fd323050d2983fae8048ecda7f4ccdcc6b06388e6c969aa65fb40079ed7d3841ddad39aa9345dda6e19f296cccb23090d729b2035abb46e7869577ae9825adffe6f3286a66e72ad959f902dfc8c3fa9663f94e948b2ce0f241d2e7baac0aede9b111b1a07f2648830167bb756d3be74bc57d1da497c31b05ed3555abd54253ae24b4db07015ca2457551eac437d246e705f91414d8099c5a778cc68cfbe77fa33c7f04fe8985c0156edbb22154e95b898ab849ef6eb9cc4a30700e345a4f6e29e81d898eb7d312478b6c9ae0294e68780c46f466a48e4656ef64b0a71b9b47f3a8fa0b1c5ebac7df979a3d81e4ee3aaeae4e7e990643a58a074440c6697a032d11485e93155c0feb452a61c221d5b795c8f5cdf0366f2f17283bda7a8554630c2ffa10f7a7862bb4d93e2ef8141116c595414df177ef86c76bf599e2be14ce183fa2435ff5c999d9ec592f9dec554dc0c05b3b908747d90e5ac07d4c2ee8e087f2bf74bf5c747a1d81e220f6e61a2146731cc8dfab6240fd2ffa70479004a96826a65cb4867fe4c71d0014ce80a17ce109db8cd84ef54a08f853d185d1f2b6e18e32e66b12a3244b653e3fd77b77e0d4a436005b8513c27bd8d6899b32a76d7a519aaa2ac24fb6100d3d7008bf2850f8fa2dee3ccb67c0612768ec6e12439556178ce644220f04f09b1c234058b9191377cb1fa019267b3186a71bf6fdd04b758eedb5848514cccbae0394eae9ef2726187c2e8aa98d782957f8ed3758e22a0757d1a3e3451c899bdc5d80293e63fbb8d372688e4f0b00fd57ef777824978a2cea2605c4490b525d7de0fbdc202814ad9ddac1a388bdbf5a63cc15b26dc73c4af3f1ab0e29c7f65957479bfd99fcb54b8d2a4ee156f71adad2815c0d731e5bfef3adc65b258808229c58663cfac1948192d9aab76fcd666a5d94aeacf32da062d53146f2c078cfa301fa339a49cb8919dadcc77198f295661e4df8ebe1696192e556d68081cd97c4e3934cf7d719f333f76f3f42edde55a34663e9464a13d775add635f0986ead35b2122c2440592a9a4f2ba0be4ebe6a7c7d62a91f28d75d55927ccaa925d93ce90d39c970df5859d52dd7dd243e515ffd3cbc38ef3958180f44a20be55dbcd40496f2d91685c05a374e4b3848728b7279ff8d049bc58556a3b3df8fc74817ea979794715b665f46387a68c00c07ee9659a2bea66457245625f5fc6dd7ff98a90485c48e3787255c0440c0e2e27d58df1e9431c22151fd09e4469d22f56781abf4190079701f89e4f03f409e3e4bab507317363b2451c8d9d424d5399f8008a652c48c329b0240ee61bd11c1ce3a99862a637f47628229537bd94f9c23e6121016493e43de0502afd4afae3682e2c2cbc6be54dbdcfb818219d95423c5c1d1a672a35a3169e7c7f4e05139af83e6e376a5898498fd17f73ab9cd3596b361730acfbabc39259608ac028c93d750bce85514bf97d4fb174dd2ab70d7029f73f4626c3aacc5f8178a51133d33ded64d1e1dfc6c8260ec5a1a1771c335905a57767c0e9623ce5d55de98ce6fd27fa8edc348713fb38a6e2bb1d4d52530ec4620d3ba445d37a890537e4a6fa22486176478c100fd72fce719b22db4d6e4a327fe07f4bc7c155a00844db5dc57ae2c7100687f02e490799e08a9b6ce174504e84a9d08ce5413125b4d657677afe679c25c40620a1eda3fa0623e8be152691feb9530f3dd71fe7ce15e3775e0a62730f31a01ede298a54bb7fd6100a381750a5b0bebe4671f2490d59e900214f3830b9293273c0307520625968829ca11972c70fbb58678a0bc1ee1c9a010159695a72fa6f7d9281cb2a81b8ff89b91586313591e54ac39a70b8eac150a80ca1ab019ef7ec997a9cf23f2100cef00ffe972237745fa53d00e98a7a14584b5669d64f3de19c2f3f9704042f635b3342b4a3a7ba5822aad55aa08236ac7858701ac02542b9880d0f6019626e2e86c8e8f11ad09e3d3397d57f3d68981a874ea7c000e2c16b37081f34981b11f85daf068bbe6767488eb00179755ecdffe4fe23137d7510cd7e0f7ab8cfa776980a48a6c731cbd795b0645e8cfad11c7c6bf43cca2344b9d44754f880f331fcede671cbb7ec81d9875c6f507e311166b40e25240e420b456065b5ffc9d5a49e19e776527ea2d238c9a3a7a009039ed096684e9e7dbd365660982dfeaf7e81ea00b1c1cea6433b88e42b60e22675f91ae1d3ecc4a408ee5f61be91a6a8d83e88a2d98245a1f3e76dbc1243b3b04018cdad700cf513899f6095abba0dd55a696be98803e839c341755522391adb6aa65d9ffe2b5c0be228a388dd83e6cec7f043bb79a30f8d9afa2c81ffbec0ba3c68f3e6d3a7fccc2f0835701f135e9da54c2e39cbfe6adb19069848d2f7e171618de06fe1ea9603a3b8e6338d05c3fca21c41891d2240761231d72df912555e2358acbe8cb132c90f91322f21c07425acb952b7af37319b0465c49a43831cb9d6933a41b9343736aaa3a1e00f4c8d9975cb01e14f7b16a86e808fff30f29b30fb0b6974714ef140d64ef80ccfd4499dacfda4f47f2653c50fabffb97fd5f50e973c97dd881fdc2129426d28f2f99a6c7b3168f0f1ee24ec04aeaf0e20051398f1e58871b30ac18de2ad00903fe28428d0b26236300cbe1e86409f1bee033419a7388605ea995d4184463bd4d2b4cad605ec5f4d19a740e24d27ca88c3a110fd03d84bb2782c94ba8f39e2091b7a4bc2f96d69b2d6d39683fe567c85155c2448281f5086851258311a56f82468029ef57590e14b93349f49ab6e1118ee5260648ee8b8b9d19d4d00ab64fb6f2b08827eb09177337775a25d99add075b6f74fa18e44c3da0646f7328dc5c0fba252c7b4c4e89b97e0cfbff59e01fc309000c602f843cae6df628e841d8f5e0dfebbab6ae871a363bd1806231cade4a8611e51447ec96a00e8abe07709b970371e6856e830841a7e4f43d7c8b2f2d9b9985367cb8de1e5772625fc66f74a0f04c41fcee94d800f6ff8057974501b76b437dffb87c7a148ca74ce8a6b54ecb13739eca2b29b914937d7b94f907d0d2a5745b4eb30df20ce3339ee4b49c09c89892a7a49e69610558b26a9283891ece6045ccf2a8bdbc70ae9cfdbe720235eec284f23317ea193f8e88a7d5c2b829fac1a6d72ddf9abd330df66ff3081625ee6fe9cc5213854d294325ce12ae7fad7e6eb1dfbc2bee7b4785aeb6431c155df1dff891594f4edbc8e8fc861120049160e93e393d43932b5588d7286c363ae84458946640d781f39cce8092fe8a0c5f4ad47105419deb385202014ffd115b65edd0678d5340dfdc18109382a46e4dcce53c3ca2b222d8b7ad5d3a2868a826c64d2d8f615eced968fc334f23cce5af7874940075f50c9f4a6f470bee9564fc358283688816da8856c95b7e0c8939a0744a6210d3eeb49ff336ed157b3da68e2ea361d50d02166624811c0215eda4fe87faab98e3e134bcc2e821885f8370ae5927d15e6d0f7fb3e4dfd4ae67dea7d60b26ada3b834ce8b727a9e381d7bed061be647edf2858e3e60b105a76a7d17da93cd7ba9fab3cb8e00"/4384], 0x1120}, 0x4000004)
sendmmsg$inet(r0, &(0x7f0000000040)=[{{&(0x7f0000000100)={0x2, 0x4e24, @private=0xa010101}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000140)="b36563641ba062e50364341af6ae632bbaf2c257088adaf589356696b9638bcb6ff4ef792c309a0dab23d16b39d8c17409c1f056bf0e9b077b8edbd66dde874ec89911ffc32fd8a64d832131f5ee07efaaa026b0253bc9f79079ae6e175c36bb8862a2079fefe4f940015e9418d78c6a0f5fd856656f96b114dea8af93c1672474f20ae834c37b8c9104", 0x8a}, {&(0x7f0000000340)="08033499cf8486e934cc565357fbd86436bd3437032772a16e1f010f2b643d1a7c45e306dfa0a3e59805627bf3e2c89ba916c7def2080293f5cd94512420ed826947908efb158a8fd472c1c0f8ce67d2de7b8666beff318bc7b001bf0843b8228955582e943122fe693e77bd6e53a9e24763af12f44ea7bbd9805142266f600860449c4f5242320dfdea4f0e56faebf8a62b8aa17d248fc4f49b7e80b403c658f3329ad7986d19bd688caae241393d83c46848c68f1f4251c176117cc90885fd045a95a1b7e71ff72d54fa8509a8f79ce6f69736c676af22577865577d78daad", 0xe0}, {&(0x7f0000000240)="1199b6c8f202f4c278dad26367eb8e435cb92210e88bd3335cd94920900453f65a4149b162fa192bd8b438b426a5d81c1d856749f0b1d9d658e64b6250a206cd7d545dfbfea248819279be842cdadf4654501ee4dc386706b1fb6b9923e63c83b64f029d41059158c3ab70be3e", 0x6d}, {&(0x7f0000000440)="3bc13a725ce5b4549c3be0b2aec6290d73c7d21b77b98e860a756a66a12844a85b34f3a03a506f21a7f34a5bdfdf4e401a0e4aac686fbe562d6f3d78732b3f54", 0x40}, {&(0x7f0000000f80)="9954e90c1f099efb573f25f1947cfced7a9a13d68bba57abbaa425c0e604914e744a97806ac1df055592bf941c0106447315d72e2b813c1b1837608e0efb041c02c05913585fb9239ea60011b089f91d7f3afc4d029abd13323d38039b620012e2f98d10a0e549350c3b295f98044c10e21f83924ec138afb7fe18531c8f6c410de13aa067aefae52ea22e9583bc44358c85b9a86950065463be865e8f301f5bfceae29c8883f00dd65bb945efa52da6835372ea7ce55aabff5a8a0bb175c1373760bd92225ca02a51c741d19110c04824a7283b08ab971344e96bfa60109b3a748a96bb9db26eb385e2e70b4b87fbd8d83840b2eb1589bbe505f6a62c322210dea23604107a4e5dbfe2bbbbcd4f1047706dc7aacd18d805cd35bbab57537c2d79424b159693fd10cd43fa7def7b35b44ddd890f3dd91489e79cf66fa61050adff4c95297052f09d23797bfcde603d362900aaa821af59a51c45d18ab22dad88e273d67aceb69e846c256fd3da33cf19d04b8537f3e11f87b9d0a4712628248f61a396950f18c9bdadbc59aef4d4778b383a3635257056f1811498c5cc4a33f457e4fe1fffe6c8e0029aeaf46f28e7e74dffdfa41553565475c1eafca2a8c83d8f0f27a646552f7a3c03ae8066f2be7399317ae86ad6955451f7a05dee17770a39d580ff94eef7f963e7f03977b46d963817d2184d1671f3df60c22d609ba5e0b510a04764e78023decc41795d7b35bf51e3338ec7bceb0c9c5cdafbf78f8a83a456221c4708f88bb4945fc81f1e2598a532d0d21f0cfe63b1f688a2d9246ed5ee9d4daab630246f69c6ea3689b45afc166f0bec56e08f69104fb8cff79b41d68b120dcab2c0aab0e541366607af1b2823f64a61342661582892e656d76c82436468cbf0f8d2e7741a7965c0722c6c97a438d2c2164b34e2f50d4b67a9f9f07a4b914d8f94df93f4988126484fc567b22e533100babdfafa1e3b9d8556703bcae0db0f7f8a5f8862909e218301efb8aa5d12a276677f05e7795557cb0fd234cb54d4d1e19664bcc3f67f8d231a324d0390f27eea4f9b435ab8ea45806a96106a811ab35b9c3d24474f98a5b1d28d42293427fa1d2cbe937f7e69d7f2ee1eb26c200f7655eb67e73cd4dd2d6c0bb8d7af2acd922ac7de1c3c75208ec0d8bb5899223ced6d848dbf83469802d429d5fd460e2f4f38bf3fec0a745f6d1669acc5389e4d731b66a43e4f4bcb0a861f07e3b24452bddae28bc678e6a0ed8dba83dc946a6f0be0f500362f9c230fd6d10d20cf21ed7709ca0d5cce1111e80bd1c3da6be33a62431407e8585b70", 0x3aa}], 0x5}}], 0x1, 0x0)

2.73037209s ago: executing program 1 (id=809):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r2 = syz_open_dev$hidraw(&(0x7f0000002300), 0x1, 0x14a042)
ioctl$HIDIOCGRDESC(r2, 0x40305829, &(0x7f0000000000)={0xd, "7154bbc8aae250bd23544617d5"})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {}, 0x49, [0x0, 0x3, 0x403, 0x100000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0xffffffff, 0x0, 0x0, 0x0, 0x3, 0x3, 0x10000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000a, 0x0, 0x0, 0x80000007, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0xffffffff], [0x0, 0xa82, 0x0, 0x0, 0x2, 0x733, 0x3, 0xedc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2000000, 0x0, 0x0, 0x80000, 0x0, 0xfffffff8, 0x0, 0x0, 0x79, 0xfffffffd, 0x0, 0x0, 0x0, 0x2, 0x47, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x7fff0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x28220be6, 0x401, 0x0, 0x2, 0xfffffffc, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x20], [0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x7, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0xffffffff, 0x89, 0x0, 0x800, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x1, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x80008000, 0x0, 0xfffffffe, 0xfffffffc, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x351e, 0x0, 0xd, 0x0, 0x0, 0x6492, 0x8], [0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xd2a, 0x200000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x804, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x2, 0x0, 0x4, 0x0, 0xfd32, 0x6, 0x0, 0x0, 0x0, 0x23, 0x5, 0x9, 0x3ff, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffc, 0x0, 0x8000006, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x8000000, 0x4, 0x1, 0x0, 0x0, 0x100000]}, 0x45c)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r6 = dup(r5)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x7, 0x6, 0x81, '\x00', 0x3c})
ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f00000000c0)=0xffff)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a"], 0x0)
write$binfmt_script(r1, &(0x7f0000000400)={'#! ', './file0', [], 0xa, "1f411d2552ad52cb07410969e814977e4f2c4a80522094786c8673fb61cf8b86bda4de504f5a3c7c04055f1f70e4064d46b2bb9e5100d446bb6a"}, 0x2)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[], 0x28)
close(r1)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000180)=0x9, 0x2)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c0003003e040000001400018006000600800a000008001300ffffff7f00000000000000000000000000000018e9bef52e725123d05ba3eea36b4938fc9aeb25efbe441f5fbbc2193ea4f0bffe62dcc2e7b84d88b99ad12a45e3ce9580675336b1068b4ca8f0bd1a6c11ea684e0a7ffb91199b5f98f0f122401db3ab71f97543290669693b53f377984c4d58c9e4c327807fe63d3305cee08934f1dc68c565715e854aa835fc8abb5f47759dca257493d1cd82f35562790519e53d89adb5124bfdb8ea5109b663cd3b1e06a408fa3b3f51746de2fe3b0643329eff873a9d25e39aefd122880e0ae7980794afa4d7782932d41b256343834c53feaa74514233930000"], 0x2c}}, 0x0)

1.889794579s ago: executing program 2 (id=811):
r0 = syz_io_uring_setup(0x53f, &(0x7f0000000440)={0x0, 0x807734, 0x400, 0xfffffff8, 0xfe}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=@newtaction={0xec0, 0x30, 0xb, 0x0, 0x0, {}, [{0xeac, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x5}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_pedit={0xe60, 0x2, 0x0, 0x0, {{0xa}, {0xe34, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{0x0, 0x0, 0x0, 0x0, 0x4}, 0x1}, [{0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x6}, {0x3}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0xfffffffe}, {0x0, 0x0, 0x7fff, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x80000000}, {0x7}, {0xfffffffc}, {}, {}, {0x0, 0x3}, {}, {}, {}, {0x0, 0x2}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {0x0, 0x200}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {0x0, 0x2000, 0x40000}, {0x0, 0x0, 0x0, 0x0, 0xec0}, {0x0, 0x0, 0xa}, {0x2}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x1}, {}, {}, {}, {0x0, 0x0, 0x7f0}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5b}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x0, 0x200}, {}, {0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0xffffffff, 0x0, 0x1}, {}, {}, {}, {}, {0x0, 0xfffffffe}, {}, {0x0, 0x4, 0x0, 0x0, 0x20000}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8000000, 0x100, 0x8}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x0, 0x0, 0x0, 0x0, 0x10}, {0x0, 0x1, 0x0, 0x10}, {}, {}, {}, {0x0, 0xfffffffe, 0x2}, {}, {0x0, 0x2}, {}, {}, {}, {}, {}, {0x0, 0x3}, {0x2}, {0x0, 0x0, 0x2}, {0x0, 0xcb1, 0x0, 0x0, 0x3}, {}, {0x0, 0xffffffff, 0x0, 0x80000000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xd28d}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {0x0, 0x2}, {}, {}, {0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x200002}, {}, {0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0x0, 0x0, 0x70}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x10001}], [{}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {0x4}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {0x1, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {0x5}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {0x4}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x2}]}}, @TCA_PEDIT_KEYS_EX={0x10, 0x5, 0x0, 0x1, [{0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x391a04c0a5f5edad}]}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xec0}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001c000000bca30000000000002403000020feffff620af0fff8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2b, 0x0, 0x0, 0x200}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

1.830210146s ago: executing program 2 (id=812):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0xb8, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x5c, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x4}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x50, 0x3, "cec9858ff1f21000a5a438240c12e47289e8a95193fce4f447c5c4b0dfbdc34888d46f44a26ec751578bda04ac8607a0a5591470967b8c6a83bcf4955fa2b5aa73420d033999968ad5441147"}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0xb8}, 0x1, 0xc000000}, 0x0)

1.779801343s ago: executing program 2 (id=813):
r0 = landlock_create_ruleset(&(0x7f0000000140)={0x857a121816ae4ee1, 0x3, 0x1}, 0x18, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps_rollup\x00')
mlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x7, 0x4)
pread64(r1, &(0x7f0000000080)=""/196, 0xc4, 0x3)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)='X', 0x1, 0x10, &(0x7f0000000080)={0xa, 0x4e23, 0x1, @dev={0xfe, 0x80, '\x00', 0x33}, 0x6}, 0x1c)
sendmmsg$inet(r2, &(0x7f0000000c00)=[{{&(0x7f0000000640)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10, &(0x7f0000000b40)=[{&(0x7f0000000680)='\b', 0x1}], 0x1}}], 0x1, 0x14000)
setsockopt(r2, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8)
landlock_restrict_self(r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x146)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x206342)
close_range(r3, 0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000340)={0xaa4e, r3}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$usbmon(&(0x7f0000000040), 0x100000000, 0x80200)
ioctl$MON_IOCQ_URB_LEN(r1, 0x9201)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x200006)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
ioctl$int_in(r5, 0x5421, &(0x7f0000000100)=0x9)
connect$inet(r4, &(0x7f0000000580)={0x2, 0xfffa, @loopback}, 0x10)
write$P9_RMKDIR(r5, 0x0, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f00000005c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYRESDEC=r4], 0xc, 0x4}}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000c40)="18683983f82d65ecba197a88336cfa966391f1eec2150bc0a677cee66f8b11abafc55ec322723ca7cbab8cb6c6c966103d71a1d4602217496df527b021ba07983b32393fac9314782c8c9cb4cc623f1bd486d440dd381b26c5153e2e06b1e3a285ade6e62fa9b90f30b50e1c7ba5ab3e5ed8090c821484959e9767b471722f97a30fb29e5b59fb15957c1962912bdba693386827aadfcfd5a96550f9b6cfc97224d8a6fe00a7167b467f1d5adef9942c337b9e9d5bed778ab968700340d6164e9b98e30d465b625782331877dfcbf76d44279a70b00a126c5fc0efa1e0f4955c17d880c91af3661e7dda4700433cf9f530fde2bf7a41bded2c90ec7359e911bed39740314f48cab01c504cbea091f90428e0341d08d4398dafa40ad10ba13a527f878c79be453bcd5fad6667245647cf50211239003102a696e12e9a63922c160fde86cf4dd223df35c8bf8bc162b4927fc6a7560d2b413eeefc1c6a364012a736e13bc3634d8ebdd55593fb70ed263dcfd3527b495493022e300827706a515eba76ad70fd31895f7d83efe6381a2f718e1de690848378c3360974cee4b3308f023c233dab5644ef06ed949e8d85f5216dba5cc7c6baa8a6790e5823c062178a6f6bc119051f089c954c6c36d27135bdf630f047e63cc0fb0f7ff19a5bfae5d510ac15b3cd6f5fff50ae552d85cfde847dd7a4cbfeba5d445d4879ace0fe87bbc31b9d818c3a765487b56b1cccd980a4561f20990224cc53420c5f01ab7de0c3cd6e209bf3f2873464d6b8d9073d6cdb23767337ee44b06ad799b86a5200596bd67b11013f7078de22a693fe960b729172e49cbcda6adf6de3ffb6f3f6e58dccfbb8499f847218fc5768854fd631d7763827cffdd96f0d3534a33b02878198d6032d9774ed86fc5eaebbe6cff0d77a8fcf5c4a0d93147af654a43411a040b36ba4c75c922399fba450d2be413024cf0415d67c0175c77c0904441c9a5070277bce54a18b7080c9d95c872ad4c96ba076627877432e89b5a634fd01dda90209d9cca8ce4ca1e252567729e182c637a0790e79d3c0929c450864a0a70bfd4f41025c24d5a5721536a4c37ba258a6752abb3661b8f86f03c530bdf8b8acf2e2271b3c3a2c67f4657c4e865a833ecda2ea24eb67ded1a6065fe6f5537899ce9c9a83b4a43f8d2a54622e441e9afca74cf68968b83b8c43fc5ea56f0e1aece7a7ca4529b215ec04a41bfcbe2fbe5785f0e9b5ad2fd65274bd00c7a0623991f0108356fec5a18e43153d6de39b0a6059ce51e8f8156798a5f02c9240dc5549611ded8a6e562b98dfb6f4b0bf1330f57355d232324c1e6abe65d8e9a16c3cf48243cb06e6519ae04e0485515f98408c8877aef74f21cfebe00383f80965af9b3e1bca5aed10e97574b7e9322a24e33af8d97497f6b23853cf1aa58960ecf7c636f6c6a3b532b67f16d68b4bf6f83f3491f370afbdb8eb9b5f1abcafb31c9e62babd009a27f77bbd17779f5b7c292f8b1d289f1d4c2c8112a4b5618ccd77f5df38b278fbd1011bac400505af954a81fe68ac20175a596f3e488898c077bdca7bfa2f07baa5063ac7c6ba51e55ada2be6c6684c20654a4c1811d0f85d081d3169d565b3b623cecaca44fbf1649e583b40ce5deca7cc71fc8fd3f47f14069b055d60b23a27640917a7081ecf4f39d3dbec55d4af5f6f0a120503bf23d7b0760726da0022ceeb7beba2ddd6612f5226bb132659ba042db54e744f5c3ab9f49b9bc70d214db125e696bd71dc6231b3ef359f73b9aa9ab6381d7c89efae3dd65e35847aab45185f53455ceccbbff55c1e2e28ea06fadc7931332c4692e0908f12938fa5b86e3f035e445c1b28f41837def067ce5a3463139f3ba947cc1ed4587e07d88d27026cc51a7923f4f60cd9b5affabb16d92b8675a4c1ad48850e6a503c567e4daaaf7c3c30fee1537e2d5c3c191570f125ea3e1c5effa9ca8cea0edd13861ec9ee83885b91b2417d8d1f7fb78c5cfe0cc08a9f1e029f71d0a3e2e7b817f209dd69e0a04b0cff27e33623c432a198adaa563ca3e09f955aa466c33e5d53c0c3941f1ad91285f617aa1fbbe2076ecd8d16c3b5d0fdc1ce6060dd9e01928cb7ab24a9afb8c9ce4491898dc91d55fffbf4965f0a45c78c7f3cad9e6fa20e093997bd604419f0e2d1fd327d9f6e510754a9d94ddd77647ebe03c1c4b460619913b06cb60ce02d14128230cbe44029cf9e1c0753afbe61d34924609e20fd7ee6792f8298b42173fc14af6131ff48f83cb8ffb201bff81ffe6d483d9a806cc5ad7531b1dd7ce0b82c24d784d4d104628f71e771be596c3527cc5dfc102ee079da7ccf2ef1bf1235981c172169e767380c9ea446690bcfb5dca356f7de19edf7ac6b95b084bb5ba039aedf76d65377313a155bb6fe813bf9ba4b47b07cf79a81fd1c93dcb111e1a91a665c14f54c1e198939862be0407f245f9d07e7a37cc30038d7a3f3ca7ad99ec88c125b52423d5acecc860910507c2ac65d178609a1d0b95b5d5ba6d0866e4fde33875a7deda876e9f58e6b6cc0b32303e7d4bc56554fe4592d2eaafc1bc9f350209bda22f407861dac390926ba39967c8862de6a85d8dbc497ac3d5405d4a5f891bb01c2d0d4edb386ece82d326b5990799d9e106ed6a72dc032abf71a1e4c645a5a13fc8fdc8af4d56037acb9f612ec586a6a64656016f61f17a0e0fe5dcb7984e785f02866be6a424b2a6254d2b1704263e43f3d3fe53fe52ccb49d5d1ea2e00984d03b7ce9cf168826edc0a310061e7f7658540a3b488b96305657abd6cf79b9fc6ddd933b3976e0db8c7f02d3fa8c331e8fe032a31a0a70374af689b11d6a01b95072234505c36e3637d6999dc3d3a5db63d39fb554cd7aaefe9b09b8929ee414da9cdd371510807b2e273660ee538d7ee1ebb4bfc36ad89ae8645d3381a1a92f377395cbdb2e744f260cc198ac1b08179782486933ec9d0e2b9df8408da0e12efa888dbd8d6b82d0b479acc6124343f597065dedd264a434d2d46234d2a8eac1b3e7ec0ddfbd79a7f896f7e9c0b681b1ec85df1759da44216438de70b256e89364ea58e30b512266b509e6031159ee486a6eea74d3799c5e3df84c8cfc620a394e388357b9d3f982d8a42f5cf58763d32cd6f7d7c1223195febbdc35e24396bcc3689a33326702b215fd2b0e5385498aff4be520e30679cff78d925c55bc0e59acf653b37d044ee6c807f1e78b42d98f9aef419e1bcf1e7671fd909d38b1db1330ab56b366aa88ea87025a956d5719ebd44434fd18ee4e5b9c4c31d8074414dcc3b3cd4d436bdd86aee066932d6220235703b39949455da0f6c396ae117d40cd3bbb67e5560c4d2e13336094a66f2941b9178413736325efd92b6eaab95ac8fbc4619dcc8d2b5b6b00de06a2735ff4a03718d631a0b2a81969a5262cfbda6423e13cfe30e22d6ae68d17d236394884df3bc278053c762507b70254358c2d09fa7567adb5ad32482f2164ade594864bfb403b930633ccfea9047a98e5a29b28a3ac2aafa7152735ac519e2d0afb68ea3d03297a09a533d100c20bd9e2a691fda89d85b7cbd507b91ff534a8b9607bfa424d80f4a7a1dfc103742526a4c784d7b9bb17d910b493e60c37250d96bba82823674ae69f3efcdadf3232e91a1f274377c9778f7e63f9c9daca9f103c644a52a4bd0656e747c393288d3891740d3f1b70958a48b96cb78b958780516a81c748b4a0cb70bcb2d0ab3bc91cfc03238a73f3ee865e9933f3ee54171f8c4cfe36d9bad77911513755c633cf6e0198441c8f3c23ccd4a16014f1ce163b3dd24803e1fbb629a6222d7f3b968485586fe72a677f57b9700570bf56d97163d86688d0229100d355702a51771b0393a9809e7f47ffd33c4962b3ad74f74ffc6469ac245d15397b320971694899d5300edf51e3fc5f175c1c856ac79a861aa80eeb3c84ea681777fa8b457165f71841b1a51b6ab5487ad0e8ae8bab52a9b793722c2c3b67f480b2ef9a32e639d4c8135aefda4264fb9c018e190631aef0dc6d313c9f58a242c3aea86284edc9b1585cfb75e862940f9b10b9c3eb96aa5b208f101cc6d6bea65fd72854887b2dfd83182d8a1c5cda795ff78ed7673bbb224e13b2595a3d76584823736787824f7a9058e793911303ad6ea4c654cd04dc651436013efa644fe63fd7662df6cdc5f891bcd95f4f88c12db71e1efc2e6aad4ed9f519fecf107c1096ebdce368a6af3ff4d00e81b141cbe702ae9fd2ab75bc87f90a461ce0931f7f18a97dfa156bc6ee9c6629503400483e4227bc2426ec5fd5b1b7764817d6c338119f61490b8fcf51986eed8b18468f6fcfb53d97bd8da0976bb627462b5765f5841dd72c7b7a445724508924b744ef042f305a04b168929b72e51e5658c47f7815161b234cd74260fca64fe7ce9d014fc87b6a7d7a4e0dcee601165be1e2a4e1909fb86b93bc9a2e805723e7a19e8079ce28f7dcf86e87652290aee932448031c43696bdc4421afd65272dd170adb53fcfd791e751416d1a19b0854bedf3b7c0a3c58c0e28503d69adb5aa0e6e05e4d5608890c2d572534d88e3175b16884d61f927dad1ccd9a6666bc5f84d8943045aa6e58500e7470ac64f812d0cc88afca360140fd72871b98be60a928a396fcf334bed5ade0f1729ed19da486164260bfe67e859d9a35282d45b0a175d728f562ae18194d1f8526940b570c5665b3ae79033153557f934a8a42b1546c5c573573931cd809ad9e061944398ba2549145a188f5139db6dfa0267cb71c4604a552396c4219b75fae76d5d18fb917c6cb8f518c7b2f6bfeed0351600a7a621c6a72b2fb2894e4406f66651c2027340230993112cadc32ac322434f788d80892b97302c33425facff7332e75aa653cd3a22e078ee683a26d51af2c56715267dbe720352d16d897794d2bb5de8bdc260d52cbc34bc88ed194e037fe655a67d33b7e1019d6977ff321d780be47a2e2f528b0f9b5c7e2a4d0c9336c1ab1f3724be2fdc285b582678ccec04e6cdb1e7399cfe79560f1aa20b41abc51fbb99f33987fa2543b31c86e4884440a15cd97508e66deeafed06be74fd88a7826e20c40286b82721ea4ed2f7e0dda5bc91ae61223758d4f26fd2afb7a60690cf0e0a6cf8fe359152ac404b7560c7cddfb42f31c9dc470d8d3526357a9705ca4905bc0686b9c2fc18b4ddf55ab44d8f77a0dc37fdd1892cacaf4d99b5b9be5b4d9aa25b272a85021db24186b2749355cdb63486d3d95dab0f55324e65ac7441e43f9daa8e225a3b62a8e458e5b464d2d9e8c67d6108606363a3f299c92d343ef13ba50ca5640f65a67a6da465e587c5689277049fbf783822c5d40025b3742875610ba7ff9ff0303f6b241011ae4df040eb5ba48302b1e79cdc10e434911d196e84735be5a7a2d35eb697ab74d0c3ff1298aeb15e501037974cdaf758a151eaa70d12c1b28229723946c28bcf5c44836dd1ef4dd0cb11a4da920e4eaa10528721a2ac40fb5b9718184e5d3d8dc6cd207de8e842de5d14418fba849a2518b34aa22ace369f3c6bad387ec6cb1762f96f0afe86817ce1f4aa9c4bda135d43e8e623a2b612fdb354e055de7cce348faa2fef91335c80604edf1a9d138b62207ea5cd8937f8f72e3e7141d386cdc45093e1af0d3b2f26fadb4f543a6bdb08c48499f8ea907caf37bf8b83162d30ddd023aa80c33e184cc86d9286d32820df2917cb14e11ff79dbb46b854661833ad2536b71fd0076f7529c2d0a92dd36e36e6b930b5a7f072223", 0x1000}, {&(0x7f0000000380)="a7e39aa5bd963d867574245cccad45f181b4f74c4b2d433d5684f2bf5064111d500b4da2966295dcf213b32144d81c4deb7711f886283062e8d09140bf09749f022b8871b86254954d389e5ddf9d4ed2732e0587", 0x54}, {&(0x7f0000000400)="cec17dc21dad88267f4ac317912696964977b9fc72d0d2b0b8a3f3d3bb8901a7bcd3bc2891825191694db2ec1f42af9a587d213d84a46984740388e24743b20793dfa0e2c4ac5f1917b5ae888ec29ee4e69ecbaf1d53e2bcba67808f164ca1adcf76b03c1d8e9e6f404222fb69f46540c4ac5128e5e28545c2ad0bfe2ea9c3b6135232e6542d1ca8b54d859eaa5728ed5714967f3d0eb66560d86a47dd021771af6ad7a8591cf6525899d76b912abc993298c25618a8294e8593d1802d", 0xbd}, {&(0x7f00000004c0)="5041c53e7b9cc307ad975cfa56a4c784cd65c7cdedb6d3e63e7a900ea9dad9eaebedad92ad2147dc13002d782bdd662c3e17a218c16bde834161106fd18389f83cdd83f6f8d70cd23a3beee55393328ae659ad92a71eb0019a4df939a2a74440071ba3d5249467f64425ccb0c97fd13785dbc89934429c9f3a89329d8e256a21b4824130f33e", 0x86}, {&(0x7f0000000200)="59d660bfb316b9e5", 0x8}, {&(0x7f00000006c0)="c896f07814c0ff50da1af64807928235a3e30db643a6d3310645e3925db7dec70a3cd84834fee357d0a783c77aef0e81041a308ba2a97aee46294bc2af2788faec591a0e5186853bc0b24284c5ea9326f120f5cb829845478de7413161821dc91707d1eb95fe5688f8da735b28dba08d4993a0e280e866df5d2fb3a99384234a0a0276eb74e01a69ede72078d2df6440a8a221592c9ffecbe0fc464be7eb64a4e5494e526ff03611e697717187be1fc53cdab7322a25fcb62c68c0106db101e0c3a51dfd53ee333a3181d770e1", 0xcd}], 0x6, &(0x7f0000000600)}}], 0x2, 0x0)

1.610631223s ago: executing program 0 (id=814):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
dup2(r1, r0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r0, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, &(0x7f0000000000)=[{&(0x7f0000000640)="58000000b600add427323b472545b4560afc0700ffff81000eb7d969200893b4550d8fcce405b2ecdd220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffff08ffffffffffffffffe7ee00316d907b4665e9d8008de4f8bbd42e819ce4befc8ad400d515b2bd15e6969ae154630958cd078ba62289932767df573ae145c797ff2bce52dbd9932c2d323c7ecad1c4fe9689ddafde94d9682607f9c0cdcfd5d1523229c85af0288c621c97dc9b7e52130340b4e224ccf2f2a552c9239b13a209fe03aa4c4253cd1dbda4e5ca09542f0d27448eb621a585ff4613a92ae0dd2c63", 0xf0}], 0x1)
writev(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r6, 0xfffffffc)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r9 = dup(r8)
write$6lowpan_enable(r9, &(0x7f0000000000)='0', 0xffffffffffffff0b)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x22, 0x301, 0x270bd24, 0x25dfdbfd, {0x1}}, 0x14}}, 0x0)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r11, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r12, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)

1.541328119s ago: executing program 4 (id=815):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="600000000206050000000000000000000000000005000100070000000900020073797a3000000000140007800800124040000000080013400000000014000300686173683a69702c706f72742c6970000500200002000000050004"], 0x60}}, 0x0)

1.370014107s ago: executing program 4 (id=816):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=@bridge_delneigh={0x34, 0x1c, 0xc07, 0x0, 0x0, {0x2, 0x0, 0x0, r2, 0x8}, [@NDA_DST_MAC={0xa}, @NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40840}, 0x20024090)
unshare(0x62040200)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f0000000140)={'filter\x00', 0x0, [0xffffff5c, 0x9, 0x9, 0x9, 0x7fffffff]}, &(0x7f00000001c0)=0x54)
r4 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r4, 0xc0185648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90b, 0x9e69, '\x00', @p_u32=&(0x7f0000000440)=0x9}})
getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f0000000380)={'raw\x00', 0x0, [0x1d3e, 0x5, 0x32, 0x100, 0x400000]}, &(0x7f0000000080)=0x54)
socket$netlink(0x10, 0x3, 0x0) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00'}) (async)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=@bridge_delneigh={0x34, 0x1c, 0xc07, 0x0, 0x0, {0x2, 0x0, 0x0, r2, 0x8}, [@NDA_DST_MAC={0xa}, @NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40840}, 0x20024090) (async)
unshare(0x62040200) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f0000000140)={'filter\x00', 0x0, [0xffffff5c, 0x9, 0x9, 0x9, 0x7fffffff]}, &(0x7f00000001c0)=0x54) (async)
openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
ioctl$VIDIOC_G_EXT_CTRLS(r4, 0xc0185648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90b, 0x9e69, '\x00', @p_u32=&(0x7f0000000440)=0x9}}) (async)
getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f0000000380)={'raw\x00', 0x0, [0x1d3e, 0x5, 0x32, 0x100, 0x400000]}, &(0x7f0000000080)=0x54) (async)

1.369684754s ago: executing program 0 (id=817):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002540)={{0x14, 0x10, 0x1, 0x0, 0xfffff000, {0xa}}, [@NFT_MSG_DELCHAIN={0x14, 0x5, 0xa, 0x101, 0x0, 0x0, {0x7}}, @NFT_MSG_NEWTABLE={0x2c, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x28, 0x2, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_TABLE_FLAGS={0x8}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x2}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_DELOBJ={0x14, 0x14, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0x3}}], {0x14}}, 0xc4}, 0x1, 0x0, 0x0, 0x40800}, 0x40)

1.320136116s ago: executing program 0 (id=818):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xcb)
setns(0xffffffffffffffff, 0x24020000)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f000000c280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b7c447bf9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e7fccfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992fecfc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, 0x0)
link(&(0x7f0000000280)='./file0/../file0/file0\x00', &(0x7f0000000400)='./file0/../file0/file0\x00')
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4}}, './file0/../file0/file0\x00'})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x54)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e8500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket(0x10, 0x803, 0x0)
prctl$PR_SET_MM(0x23, 0x5, &(0x7f00003fd000/0xc00000)=nil)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
lseek(r2, 0x289e0cb5, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000056000100000000f70000000007020000", @ANYRES32=<r3=>0xffffffffffffffff, @ANYBLOB="200001"], 0x38}}, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1800000013fff805fcffffffffffffff02780000", @ANYRES32=0x0], 0x18}}, 0x0)
r5 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
r6 = open(0x0, 0x1c1abe, 0x18a)
r7 = open(&(0x7f00000001c0)='./file0\x00', 0x14b042, 0x83)
ioctl$TIOCGSID(r7, 0x5429, &(0x7f0000000000)=<r8=>0x0)
prlimit64(r8, 0x9, &(0x7f0000000040)={0x7, 0xa80}, 0x0)
ftruncate(r7, 0x3000000)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYRESOCT=r3, @ANYRESHEX=r0, @ANYRES64=0x0], 0x5c}, 0x1, 0x0, 0x0, 0x810}, 0x0)
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPGETCONNLIST(r5, 0x800442d2, &(0x7f0000000440)={0x0, &(0x7f0000000640)})
sendfile(r6, r7, 0x0, 0x80000001)
open(&(0x7f00000000c0)='./bus\x00', 0x2100, 0x115)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

1.229437248s ago: executing program 0 (id=819):
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
io_setup(0x19, &(0x7f00000009c0)=<r4=>0x0)
io_cancel(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffff6f, 0x0, 0x3}, 0x0)
r5 = dup(r3)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000380))
syz_io_uring_setup(0x5e2, &(0x7f00000003c0), &(0x7f0000000040), &(0x7f0000000180))
r6 = mq_open(&(0x7f000084dff0)='!sali\x1cqxte&\xac\xe87x\x00', 0x6e93ebbbcc0884f2, 0x12e, &(0x7f0000000300)={0x0, 0x1, 0x7})
mq_timedsend(r6, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r2}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="010300000100fddbdf2526"], 0x14}}, 0x0)
r8 = syz_open_dev$loop(&(0x7f00000000c0), 0x4005, 0x88000)
ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f0000001280)={r0, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea80000000000000000000000deff0000000000000000000000000000000800", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}})

1.229194442s ago: executing program 1 (id=820):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="b08c0ca6846436edd3137518000000001c110800", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r1, 0x0, 0xc6e9}, 0x18)
r2 = socket$kcm(0x10, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x0, 0x0, 0x3f8, 0x0, 0x1a, 0x2, 0x3}, 0x9c)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0xd, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="af", 0x34000}], 0x1}}], 0x1, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="5c00000013006bcd9e3fe3dceb48aa31086b8703110000001fa1ff0000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

1.020350909s ago: executing program 4 (id=821):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x7, 0x0, 0x0, {{0x7}, {0xffffffffffffff5b, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ife={0x48, 0x3ffd, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4811)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0xb)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000200)={'erspan0\x00', &(0x7f0000000580)=@ethtool_eee={0x44}})
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f0000000040)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000180)=0x8)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x5, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="3c01000019000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb000000976c658147a0932a0000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000400000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000840005002001000000000000"], 0x13c}}, 0x0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_buf(r8, 0x0, 0x8008000000010, &(0x7f00000000c0)="17000000020001000003d68c5ee1768812003208020300ecff3f0002000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ab65761407a681f009cee4a5acb3da400001fb700674f39b44e33bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000"/180, 0x114)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xb}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r9, {0x4, 0xa}, {}, {0xfff2, 0xfff1}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
r10 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="01000000000000000000010000000500050001000000080004000000000005000600000000000800030001000000df756fc266b29925a5f87eea66faf002b81c4a183ae01092b538bea3e74aba20242304d3fe93cd895f3d53f0b74ce3bd38a4490565d09d265c13e712ec5ccd10ac208364bb0b387840787920fe5b688cc3f464f83ec12a49bb2438921e9e9792d5a36700ea205042"], 0x34}, 0x1, 0xf0ffff}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

910.251114ms ago: executing program 2 (id=822):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x8, &(0x7f0000000200)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x819e}, [@call={0x85, 0x0, 0x0, 0x29}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f00000003c0)="b874386d1929ebfd66cc265d21bc", 0x0, 0x1200000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000000)={0x5, 0x10000, 0x2})
r3 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r3, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f00000002c0)="1e4e", 0x2, 0x1, 0x0, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r4)
mount(&(0x7f0000000240)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)='configfs\x00', 0x4004, &(0x7f0000000300)='(\xff\xff\xff\x7f\x00\x00\x00\x00b')
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000007c0))
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000000), 0x0}, 0x1c)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
iopl(0x3)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = mq_open(&(0x7f0000000040)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!Tnux\x00', 0x6e93ebbbcc0884f2, 0xe1, &(0x7f0000000000)={0x0, 0x1, 0x8})
mq_timedreceive(r7, &(0x7f0000000180)=""/170, 0xaa, 0x9, 0x0)

840.139451ms ago: executing program 0 (id=823):
r0 = syz_open_dev$evdev(&(0x7f0000000440), 0x0, 0x2000)
ioctl$EVIOCGSND(r0, 0x8040451a, &(0x7f0000000480)=""/4096)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001500)=ANY=[@ANYBLOB="3800debb4aab8db5d4cd35bf4b5c03e5326db05186d210e5f00855f3ae612509a2d0d7af3c004cc03da19a9df98260a1089690f48f2485e6912d404bbcc04762e84ed1444944cc0fd60f1fdfc3134eae7ce343f3dc461896150f57fadc0f6018d63b157d631811f045a3b1904139eb4130777ee9a47792cf62d70ae75e20f52616d5c9171c6c9d7b1c3e458f055b20806fb4171c352b1a16e8916a1cc93d14da2f1215a9f15d349a7d7cb24085fac7", @ANYRESDEC=r1, @ANYBLOB="01000000000000000000050000000c00020000000000000000000c000600000000000000000004000780080001"], 0x38}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x7, 0x4, 0x3dc, 0x10c, 0x218, 0x218, 0x2fc, 0x2fc, 0x2fc, 0x4, 0x0, {[{{@arp={@multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0xffffff00, 0x2, 0x3, {@empty, {[0xff, 0xff, 0xff, 0x0, 0x0, 0xff]}}, {@mac=@remote, {[0xff, 0x0, 0xff, 0xff]}}, 0x8, 0x800, 0x5, 0x4, 0x7, 0x10, 'vlan0\x00', 'batadv_slave_1\x00', {0xff}, {0xff}, 0x0, 0x70d}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x1, 0xffffffff}}}, {{@arp={@broadcast, @multicast1, 0xff000000, 0x0, 0x1, 0x0, {@mac, {[0x0, 0x0, 0x0, 0xff]}}, {}, 0x7, 0xfffb, 0x1, 0x3, 0x5, 0x6, 'pim6reg1\x00', 'ipvlan0\x00', {}, {0xff}, 0x0, 0x50}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@random="59a2f242dbf9", @mac=@random="6480059adaaa", @multicast1, @multicast1, 0xf}}}, {{@arp={@broadcast, @remote, 0xff000000, 0xff, 0xd, 0xb, {@mac=@link_local, {[0x0, 0xff, 0xff, 0x0, 0xff, 0xff]}}, {@empty, {[0xff, 0x0, 0xff, 0xff, 0xff, 0xeac0fa4642fd1a49]}}, 0x0, 0x6, 0x2, 0x2, 0xc, 0x1, 'netdevsim0\x00', 'geneve0\x00', {}, {}, 0x0, 0x40}, 0xbc, 0xe4}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0xde4, 0xd, 0x2}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x428)

839.774987ms ago: executing program 0 (id=824):
socket$inet6_udp(0xa, 0x2, 0x0)
syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
writev(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x10b121)
r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x11)
writev(r2, &(0x7f0000000b00)=[{0x0}], 0x1)
r3 = dup(r1)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x49be, &(0x7f0000000380)={0x0, 0x37b0, 0x10100, 0x0, 0x2, 0x0, r3}, &(0x7f0000000240)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1})
io_uring_enter(r4, 0x2def, 0x4000, 0x0, 0x0, 0x0)
r7 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r7, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10)
recvmmsg(r7, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000280)=""/79, 0x4f}], 0x1}, 0x3}], 0x1, 0x0, 0x0)

280.023352ms ago: executing program 1 (id=825):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32=r0], 0x78}}, 0x20000800)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000001540)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x67, 0x0, 0x4, 0x11, 0x0, @empty, @empty}, {0x1, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x0, 0x0, @val=0x80}}}}}}}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="600000000206050000000000000000000000000005000100070000000900020073797a3000000000140007800800124040000000080013400000000014000300686173683a69702c706f72742c6970000500050002000000050004"], 0x60}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000180)={0xffffffffffffffff, 0x1, 0x8}, 0xc)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = syz_open_dev$vcsn(&(0x7f0000000a80), 0x8, 0x20000)
sendmsg$nl_crypto(r6, &(0x7f0000000f00)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000700)=ANY=[@ANYBLOB="82357f8b95eb80fb8523cd7f51e61cf4d9650c2fa889755dfb9dc02a0800bca83115813ddee4d1914f21d53abeddda21b508802e3542dc73a14a34ad"], 0x10}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000440)=@newqdisc={0x40, 0x24, 0xd0f, 0x0, 0x25dfdbfb, {0x60, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x14}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x3, 0xb, 0x2}}}}]}, 0x40}}, 0x0)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x4, 0x0, 0x1, 0xd, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000d80)={0x6, 0xe, &(0x7f0000000240)=@raw=[@ldst={0x0, 0x2, 0x4, 0x3, 0xb, 0xffffffffffffffc6, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x87}, @initr0={0x18, 0x0, 0x0, 0x0, 0x99, 0x0, 0x0, 0x0, 0x2}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x1}, @map_val={0x18, 0x0, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @ldst={0x3, 0x2, 0x2, 0xe, 0x2, 0x40, 0x1}], &(0x7f00000002c0)='GPL\x00', 0x6, 0x49, &(0x7f0000000940)=""/73, 0x40f00, 0x4, '\x00', r7, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x5, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f00000003c0)=[r8], &(0x7f0000000a40)=[{0x5, 0x1, 0xa}, {0x1, 0x5, 0xa}, {0x4, 0x1, 0x2, 0xb}, {0x2, 0x1, 0x9, 0x3}], 0x10, 0x1ff, @void, @value}, 0x94)
r9 = socket$inet6(0xa, 0x2, 0x3a)
sendmmsg$inet6(r9, &(0x7f0000001740)=[{{&(0x7f0000000380)={0xa, 0x0, 0x0, @remote}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000100)="a0002883781ecc0e", 0x8}], 0x1}}], 0x1, 0x0)
r10 = syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r10, 0xc0305720, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a68020000060a0b040000000000000000020000003c020480380201800a0001006d6174636800000028020280080002400000000114020300d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452032d5f166334739d1719a56de40cfa4be700f3261f81d45bd35d778bd4f724ee4ca57f2127aeeb0c75755d68fc6fa55f4825682ee95e581039823e5963beedc465b8b005623d90772b8b6ebd2498b0aff725a3eabb6c99cb2edfe10b9c33be8a971e08401bc0807e75a2ff376b7934473bc1f02bb512b77414daf260c9c7d4e1f0758b56ec5823892af310e6252fcfb1d9dbaddefdaa26f43f12f831fd221926d6536eefb641db46920ae0e48f3ff5de599714ba6510ce479d4116a519792281736f39c9fc0e10ef557392c43389271cebcf36543fcf6f83bf74b93ee4eb5e8c82e35bb4784cc1ed0ad291b16e8368487589f7590bf5896f340a36555a1cf69736da230a809176dbdfba3d47efb9a6932e5503d277532b7d4e6f7c7373a298e5843a9f74d5fd07fbc6ad22bc644ba9b3c94ec3c8f0b9321b16e5826b1f058f781760a5d4b6a8880202b41689139c37cd51f65a92d883f8901add03b650c9ec182fb565a4d657ebba9d6a5eb426b22d5933b72362e6ec327fb679aa8034b8b3b6680ad138be47652a3e77981187d2921cebfc1639aa280e3d38dba9b1af49ceded79c78a2d656b3a3e946e17e6257def6679f0700000000000000ecf4dbc7d1a332a8932ed7190f494f944b3f6b637502ddba609c6e45dcfad1db7c7dda3e2c755ddcf27132985442e9b8df16f96c82e708000100627066000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x290}}, 0x48810)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000040)={&(0x7f0000000480)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_DELOBJ={0x154, 0x14, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFTA_OBJ_USERDATA={0xd6, 0x8, "5b7dc37213fb86ad994fdaa5808e91f7145904900058030dce3c305f981b6d6b645094a78122f555d5217def519b292cb13250ae58c52f577e741d2e4dea30799296172697e8b3ba4307e9c8ce5d64e228594111d69f02c6a2d48d9b5eff148407c84f8da8d6ad42ec41e7876b7d3144979ebfa69e19e549aeb7ca8fa12a4a7bc69ad10a34c432f5d9bd76f59515fb5f6afe1b92f2e7094affd0cca8dfc684a7328bc09b46105833728fce7938bdf5e49f5f4cc371879222edf3459dde529cf087ff9eab98e98710396e4064c4a4e525b28b"}, @NFTA_OBJ_USERDATA={0x57, 0x8, "ebfea57198395b5f6064cc54f9dda8dda5af18f843fc40d942e327b98aa2ae0fa7389bb09c19f802d1e7ef5e089c4ab4242e4c4eb34196b494de06f716f63577c550386064ce18fb0eedbc1cd157ea4cf08a94"}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x9}]}, @NFT_MSG_DELOBJ={0x2c, 0x14, 0xa, 0x200, 0x0, 0x0, {0x7, 0x0, 0xa}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0xa4, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_USERDATA={0xd, 0xc, "88cfb7c0089a388c5c"}, @NFTA_CHAIN_USERDATA={0x74, 0xc, "04b204a533cf47458ae1c2a6530fd1e8e2d5f084dcf33281b9dd778bbfb70683e278cf71ffe8b1a22b8f4e3f54f373d7e520e51081a2d73a00b771d212d43eca375ed05fe90c3d0337777ed82ad209011cc3074ea77ace18bd6c5e7f55f36c61299219bc7dd4c0f52bc1c681911f6353"}]}, @NFT_MSG_NEWCHAIN={0x24, 0x3, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x270}, 0x1, 0x0, 0x0, 0x20040810}, 0x0)

76.771229ms ago: executing program 1 (id=826):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="02000000040000000800000001", @ANYRESHEX], 0x48) (async)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="02000000040000000800000001", @ANYRESHEX], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000080000000000000064ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000080000000000000064ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r1, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001440)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfffffffffffffcac, 0x0}}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x5}}, './file0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = socket(0x15, 0x5, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000056000100000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="100001000c71ac82aef3b09abfb26100"], 0x28}}, 0x0)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) (async)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
getsockopt(r3, 0x200000000114, 0x8, &(0x7f00000008c0)=""/7, &(0x7f0000000000)=0x7)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) (async)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
getsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0xf, 0x0, &(0x7f0000000080)) (async)
getsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0xf, 0x0, &(0x7f0000000080))
socket$packet(0x11, 0x3, 0x300)
unshare(0x68040200)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async)
r8 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x1) (async)
r9 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x1)
ioctl$LOOP_CTL_REMOVE(r8, 0x4c81, r9)
munlockall() (async)
munlockall()
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000006c0)={<r10=>0xffffffffffffffff})
sendmsg$tipc(r10, &(0x7f0000001880)={&(0x7f0000000700)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x3, 0x3}}, 0x10, 0x0}, 0x0)
socket$packet(0x11, 0x3, 0x300) (async)
r11 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_inet_SIOCSIFDSTADDR(r11, 0x8918, &(0x7f0000000040)={'veth0_to_batadv\x00', {0x2, 0x4e20, @empty}})

0s ago: executing program 4 (id=827):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x90)
setfsuid(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x6, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r2, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x109081, 0x0) (fail_nth: 9)
ioctl$SNAPSHOT_ATOMIC_RESTORE(r3, 0x3304)
openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x40802, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

8]  __do_fast_syscall_32+0x73/0x120
[   80.268123][ T6758]  do_fast_syscall_32+0x32/0x80
[   80.268138][ T6758]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   80.268150][ T6758] RIP: 0023:0xf704e579
[   80.268158][ T6758] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   80.268167][ T6758] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   80.268177][ T6758] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c040aed5
[   80.268183][ T6758] RDX: 0000000080000480 RSI: 0000000000000000 RDI: 0000000000000000
[   80.268189][ T6758] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   80.268194][ T6758] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   80.268200][ T6758] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   80.268212][ T6758]  </TASK>
[   80.463080][ T6768] netlink: 76 bytes leftover after parsing attributes in process `syz.1.154'.
[   80.513735][ T6770] Invalid ELF header type: 3 != 1
[   80.604707][ T6778] netlink: 'syz.1.158': attribute type 1 has an invalid length.
[   80.626265][ T6778] 8021q: adding VLAN 0 to HW filter on device bond1
[   80.632704][ T6778] FAULT_INJECTION: forcing a failure.
[   80.632704][ T6778] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   80.638933][ T6778] CPU: 2 UID: 0 PID: 6778 Comm: syz.1.158 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[   80.638957][ T6778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.638966][ T6778] Call Trace:
[   80.638972][ T6778]  <TASK>
[   80.638978][ T6778]  dump_stack_lvl+0x16c/0x1f0
[   80.639005][ T6778]  should_fail_ex+0x512/0x640
[   80.639026][ T6778]  _copy_to_user+0x32/0xd0
[   80.639054][ T6778]  simple_read_from_buffer+0xcb/0x170
[   80.639080][ T6778]  proc_fail_nth_read+0x197/0x270
[   80.639105][ T6778]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   80.639129][ T6778]  ? rw_verify_area+0xcf/0x680
[   80.639154][ T6778]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   80.639178][ T6778]  vfs_read+0x1e4/0xc60
[   80.639199][ T6778]  ? __pfx___mutex_lock+0x10/0x10
[   80.639223][ T6778]  ? __pfx_vfs_read+0x10/0x10
[   80.639249][ T6778]  ? __fget_files+0x20e/0x3c0
[   80.639274][ T6778]  ksys_read+0x12a/0x250
[   80.639289][ T6778]  ? __pfx_ksys_read+0x10/0x10
[   80.639309][ T6778]  ? rcu_is_watching+0x12/0xc0
[   80.639340][ T6778]  __do_fast_syscall_32+0x73/0x120
[   80.639367][ T6778]  do_fast_syscall_32+0x32/0x80
[   80.639392][ T6778]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   80.639413][ T6778] RIP: 0023:0xf704e579
[   80.639425][ T6778] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   80.639438][ T6778] RSP: 002b:00000000f503e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   80.639453][ T6778] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f503e620
[   80.639463][ T6778] RDX: 000000000000000f RSI: 00000000f73b2ff4 RDI: 0000000000000000
[   80.639473][ T6778] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[   80.639483][ T6778] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[   80.639492][ T6778] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   80.639514][ T6778]  </TASK>
[   80.845760][ T6743] can0 (unregistered): slcan off ttyprintk.
[   81.035867][ T6799] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[   81.035867][ T6799]    program syz.2.161 not setting count and/or reply_len properly
[   81.203450][ T6806] netlink: 'syz.2.162': attribute type 1 has an invalid length.
[   81.216277][ T6806] 8021q: adding VLAN 0 to HW filter on device bond1
[   81.976713][ T6821] FAULT_INJECTION: forcing a failure.
[   81.976713][ T6821] name failslab, interval 1, probability 0, space 0, times 0
[   81.982644][ T6821] CPU: 3 UID: 0 PID: 6821 Comm: syz.1.168 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[   81.982667][ T6821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   81.982679][ T6821] Call Trace:
[   81.982685][ T6821]  <TASK>
[   81.982693][ T6821]  dump_stack_lvl+0x16c/0x1f0
[   81.982722][ T6821]  should_fail_ex+0x512/0x640
[   81.982739][ T6821]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[   81.982762][ T6821]  should_failslab+0xc2/0x120
[   81.982784][ T6821]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[   81.982804][ T6821]  ? __alloc_skb+0x2b2/0x380
[   81.982829][ T6821]  __alloc_skb+0x2b2/0x380
[   81.982847][ T6821]  ? __pfx___alloc_skb+0x10/0x10
[   81.982867][ T6821]  ? tcp_chrono_stop+0x95/0x420
[   81.982890][ T6821]  tcp_stream_alloc_skb+0x34/0x570
[   81.982917][ T6821]  tcp_connect+0xe75/0x5480
[   81.982945][ T6821]  ? __pfx_tcp_connect+0x10/0x10
[   81.982962][ T6821]  ? __pfx_tcp_fastopen_defer_connect+0x10/0x10
[   81.982988][ T6821]  ? inet6_hash_connect+0xe2/0x180
[   81.983017][ T6821]  tcp_v6_connect+0x155a/0x2150
[   81.983037][ T6821]  ? __pfx_stack_trace_save+0x10/0x10
[   81.983068][ T6821]  ? __pfx_tcp_v6_connect+0x10/0x10
[   81.983081][ T6821]  ? kasan_save_stack+0x42/0x60
[   81.983096][ T6821]  ? kasan_save_track+0x14/0x30
[   81.983111][ T6821]  ? tcp_sendmsg_locked+0x203a/0x38e0
[   81.983133][ T6821]  ? tcp_sendmsg+0x2e/0x50
[   81.983154][ T6821]  ? inet6_sendmsg+0xb9/0x140
[   81.983170][ T6821]  ? __sys_sendto+0x376/0x520
[   81.983184][ T6821]  ? __ia32_sys_sendto+0xdd/0x1b0
[   81.983200][ T6821]  ? __do_fast_syscall_32+0x73/0x120
[   81.983239][ T6821]  ? __inet_stream_connect+0x3c5/0x1020
[   81.983263][ T6821]  __inet_stream_connect+0x3c5/0x1020
[   81.983292][ T6821]  ? __pfx___inet_stream_connect+0x10/0x10
[   81.983328][ T6821]  tcp_sendmsg_fastopen+0x3ed/0x750
[   81.983359][ T6821]  tcp_sendmsg_locked+0x203a/0x38e0
[   81.983392][ T6821]  ? __lock_acquire+0xb8a/0x1c90
[   81.983420][ T6821]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[   81.983447][ T6821]  ? do_raw_spin_lock+0x12c/0x2b0
[   81.983470][ T6821]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   81.983497][ T6821]  ? __local_bh_enable_ip+0xa4/0x120
[   81.983518][ T6821]  tcp_sendmsg+0x2e/0x50
[   81.983540][ T6821]  ? __pfx_tcp_sendmsg+0x10/0x10
[   81.983563][ T6821]  inet6_sendmsg+0xb9/0x140
[   81.983580][ T6821]  __sys_sendto+0x376/0x520
[   81.983599][ T6821]  ? __pfx___sys_sendto+0x10/0x10
[   81.983637][ T6821]  ? ksys_write+0x1ac/0x250
[   81.983655][ T6821]  ? __pfx_ksys_write+0x10/0x10
[   81.983675][ T6821]  __ia32_sys_sendto+0xdd/0x1b0
[   81.983692][ T6821]  ? lockdep_hardirqs_on+0x7c/0x110
[   81.983715][ T6821]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[   81.983760][ T6821]  __do_fast_syscall_32+0x73/0x120
[   81.983788][ T6821]  do_fast_syscall_32+0x32/0x80
[   81.983812][ T6821]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   81.983834][ T6821] RIP: 0023:0xf704e579
[   81.983862][ T6821] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   81.983876][ T6821] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000171
[   81.983894][ T6821] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[   81.983905][ T6821] RDX: 0000000000000001 RSI: 0000000024008844 RDI: 00000000800001c0
[   81.983914][ T6821] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
[   81.983923][ T6821] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   81.983934][ T6821] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   81.983955][ T6821]  </TASK>
[   82.675485][ T6838] syz.1.172: attempt to access beyond end of device
[   82.675485][ T6838] loop1: rw=6144, sector=128, nr_sectors = 8 limit=0
[   82.681069][ T6838] gfs2: error -5 reading superblock
[   83.119499][ T6840] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[   83.119499][ T6840]    program syz.3.173 not setting count and/or reply_len properly
[   83.449618][ T6853] FAULT_INJECTION: forcing a failure.
[   83.449618][ T6853] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   83.453693][ T6853] CPU: 1 UID: 0 PID: 6853 Comm: syz.1.177 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[   83.453707][ T6853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   83.453714][ T6853] Call Trace:
[   83.453718][ T6853]  <TASK>
[   83.453722][ T6853]  dump_stack_lvl+0x16c/0x1f0
[   83.453740][ T6853]  should_fail_ex+0x512/0x640
[   83.453753][ T6853]  _copy_from_user+0x2e/0xd0
[   83.453765][ T6853]  kvm_arch_vcpu_ioctl+0x3b8/0x4f00
[   83.453781][ T6853]  ? is_bpf_text_address+0x94/0x1a0
[   83.453793][ T6853]  ? kernel_text_address+0x8d/0x100
[   83.453808][ T6853]  ? __kernel_text_address+0xd/0x40
[   83.453823][ T6853]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[   83.453854][ T6853]  ? stack_trace_save+0x8e/0xc0
[   83.453873][ T6853]  ? __lock_acquire+0xb8a/0x1c90
[   83.453886][ T6853]  ? kasan_save_stack+0x42/0x60
[   83.453897][ T6853]  ? kasan_save_track+0x14/0x30
[   83.453908][ T6853]  ? __mutex_trylock_common+0xe9/0x250
[   83.453922][ T6853]  ? __pfx___might_resched+0x10/0x10
[   83.453933][ T6853]  ? rcu_is_watching+0x12/0xc0
[   83.453949][ T6853]  ? trace_contention_end+0xdd/0x130
[   83.453961][ T6853]  ? __mutex_lock+0x1ca/0xb90
[   83.453976][ T6853]  ? kvm_vcpu_ioctl+0x27e/0x1680
[   83.453988][ T6853]  ? __pfx___mutex_lock+0x10/0x10
[   83.454007][ T6853]  ? kasan_quarantine_put+0x10a/0x240
[   83.454020][ T6853]  ? kvm_vcpu_ioctl+0x1232/0x1680
[   83.454029][ T6853]  kvm_vcpu_ioctl+0x1232/0x1680
[   83.454041][ T6853]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   83.454051][ T6853]  ? tomoyo_path_number_perm+0x18d/0x580
[   83.454067][ T6853]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   83.454080][ T6853]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   83.454094][ T6853]  ? do_vfs_ioctl+0x523/0x1a60
[   83.454108][ T6853]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   83.454133][ T6853]  kvm_vcpu_compat_ioctl+0x20f/0x3d0
[   83.454144][ T6853]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[   83.454155][ T6853]  ? __fget_files+0x20e/0x3c0
[   83.454164][ T6853]  ? __fput_deferred+0x310/0x370
[   83.454178][ T6853]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[   83.454195][ T6853]  __ia32_compat_sys_ioctl+0x23f/0x370
[   83.454211][ T6853]  __do_fast_syscall_32+0x73/0x120
[   83.454227][ T6853]  do_fast_syscall_32+0x32/0x80
[   83.454242][ T6853]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   83.454254][ T6853] RIP: 0023:0xf704e579
[   83.454262][ T6853] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   83.454272][ T6853] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   83.454281][ T6853] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000004048aecb
[   83.454288][ T6853] RDX: 0000000080000480 RSI: 0000000000000000 RDI: 0000000000000000
[   83.454294][ T6853] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   83.454299][ T6853] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   83.454305][ T6853] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   83.454317][ T6853]  </TASK>
[   83.496808][ T6856] can0: slcan on ttyprintk.
[   83.582530][ T6860] syz.3.174: attempt to access beyond end of device
[   83.582530][ T6860] loop3: rw=6144, sector=128, nr_sectors = 8 limit=0
[   83.588049][ T6860] gfs2: error -5 reading superblock
[   83.926701][ T6855] can0 (unregistered): slcan off ttyprintk.
[   84.426686][ T6889] 9pnet_virtio: no channels available for device ./file0/file0
[   84.653776][ T6891] netlink: 8 bytes leftover after parsing attributes in process `syz.3.183'.
[   85.754569][ T6914] 9pnet_virtio: no channels available for device ./file0/file0
[   85.987566][ T6925] netlink: 8 bytes leftover after parsing attributes in process `syz.1.190'.
[   86.852108][ T6928] 9pnet_virtio: no channels available for device ./file0/file0
[   86.869160][ T6930] netlink: 8 bytes leftover after parsing attributes in process `syz.0.201'.
[   86.872044][ T6930] netlink: 96 bytes leftover after parsing attributes in process `syz.0.201'.
[   86.877580][ T6930] netlink: 24 bytes leftover after parsing attributes in process `syz.0.201'.
[   86.881358][ T6930] vlan1: entered allmulticast mode
[   86.883494][ T6930] veth0_vlan: entered allmulticast mode
[   86.898503][ T6930] netlink: 8 bytes leftover after parsing attributes in process `syz.0.201'.
[   87.079291][ T6934] netlink: 8 bytes leftover after parsing attributes in process `syz.1.193'.
[   87.092291][ T6936] 9pnet_virtio: no channels available for device ./file0/file0
[   87.397538][ T6942] netlink: 8 bytes leftover after parsing attributes in process `syz.2.196'.
[   87.798443][ T6945] 9pnet_virtio: no channels available for device ./file0/file0
[   88.044236][ T6947] netlink: 8 bytes leftover after parsing attributes in process `syz.1.197'.
[   89.235729][ T6971] FAULT_INJECTION: forcing a failure.
[   89.235729][ T6971] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   89.240277][ T6971] CPU: 1 UID: 0 PID: 6971 Comm: syz.0.203 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[   89.240291][ T6971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   89.240298][ T6971] Call Trace:
[   89.240302][ T6971]  <TASK>
[   89.240306][ T6971]  dump_stack_lvl+0x16c/0x1f0
[   89.240330][ T6971]  should_fail_ex+0x512/0x640
[   89.240344][ T6971]  _copy_from_user+0x2e/0xd0
[   89.240356][ T6971]  get_compat_msghdr+0xa7/0x170
[   89.240368][ T6971]  ? __pfx_get_compat_msghdr+0x10/0x10
[   89.240380][ T6971]  ? __pfx__kstrtoull+0x10/0x10
[   89.240396][ T6971]  ___sys_sendmsg+0x1ae/0x1d0
[   89.240409][ T6971]  ? __pfx____sys_sendmsg+0x10/0x10
[   89.240427][ T6971]  ? find_held_lock+0x2b/0x80
[   89.240446][ T6971]  ? __pfx___might_resched+0x10/0x10
[   89.240459][ T6971]  __sys_sendmmsg+0x2f9/0x420
[   89.240472][ T6971]  ? __pfx___sys_sendmmsg+0x10/0x10
[   89.240505][ T6971]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   89.240526][ T6971]  ? fput+0x70/0xf0
[   89.240538][ T6971]  ? ksys_write+0x1ac/0x250
[   89.240548][ T6971]  ? __pfx_ksys_write+0x10/0x10
[   89.240560][ T6971]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[   89.240572][ T6971]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[   89.240587][ T6971]  __do_fast_syscall_32+0x73/0x120
[   89.240603][ T6971]  do_fast_syscall_32+0x32/0x80
[   89.240618][ T6971]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   89.240630][ T6971] RIP: 0023:0xf7fc1579
[   89.240639][ T6971] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   89.240648][ T6971] RSP: 002b:00000000f50c555c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[   89.240658][ T6971] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800020c0
[   89.240664][ T6971] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000000
[   89.240669][ T6971] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   89.240675][ T6971] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   89.240680][ T6971] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   89.240693][ T6971]  </TASK>
[   89.679225][ T6980] netlink: 40 bytes leftover after parsing attributes in process `syz.1.207'.
[   89.708864][ T6980] warning: `syz.1.207' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   89.721078][ T6980] 9pnet: p9_errstr2errno: server reported unknown error 
[   89.970414][ T6989] bridge_slave_0: left allmulticast mode
[   89.972670][ T6989] bridge_slave_0: left promiscuous mode
[   89.975620][ T6989] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.011965][ T6992] netlink: 'syz.3.206': attribute type 23 has an invalid length.
[   90.049037][ T6989] bridge_slave_1: left allmulticast mode
[   90.050919][ T6989] bridge_slave_1: left promiscuous mode
[   90.052966][ T6989] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.075095][ T6989] bond0: (slave bond_slave_0): Releasing backup interface
[   90.082736][ T6989] bond0: (slave bond_slave_1): Releasing backup interface
[   90.182122][ T6989] team0: Port device team_slave_0 removed
[   90.189632][ T6989] team0: Port device team_slave_1 removed
[   90.192149][ T6989] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   90.194722][ T6989] batman_adv: batadv0: Removing interface: batadv_slave_0
[   90.199058][ T6989] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   90.201444][ T6989] batman_adv: batadv0: Removing interface: batadv_slave_1
[   90.723406][ T7000] syz.0.210: attempt to access beyond end of device
[   90.723406][ T7000] loop0: rw=6144, sector=128, nr_sectors = 8 limit=0
[   90.728058][ T7000] gfs2: error -5 reading superblock
[   90.948916][ T7007] net_ratelimit: 2 callbacks suppressed
[   90.948972][ T7007] openvswitch: netlink: Key 32 has unexpected len 4 expected 2
[   90.949361][ T7005] netlink: 'syz.0.213': attribute type 2 has an invalid length.
[   91.121558][ T7022] loop2: detected capacity change from 0 to 7
[   91.134769][ T5950] Dev loop2: unable to read RDB block 7
[   91.138225][ T5950]  loop2: unable to read partition table
[   91.140645][ T5950] loop2: partition table beyond EOD, truncated
[   91.148181][ T7022] Dev loop2: unable to read RDB block 7
[   91.151252][ T7022]  loop2: unable to read partition table
[   91.153643][ T7022] loop2: partition table beyond EOD, truncated
[   91.169055][ T7022] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[   91.296837][ T7027] 9pnet_virtio: no channels available for device ./file0/file0
[   91.527841][ T7030] netlink: 8 bytes leftover after parsing attributes in process `syz.3.221'.
[   91.590337][ T7032] netlink: 104 bytes leftover after parsing attributes in process `syz.2.222'.
[   91.593338][ T7032] netlink: 104 bytes leftover after parsing attributes in process `syz.2.222'.
[   91.983593][ T7042] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[   91.983593][ T7042]    program syz.2.226 not setting count and/or reply_len properly
[   92.040566][ T7047] netlink: 'syz.2.228': attribute type 1 has an invalid length.
[   92.075216][ T7047] 8021q: adding VLAN 0 to HW filter on device bond2
[   92.085643][ T7047] bond2: entered promiscuous mode
[   92.190124][ T7054] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[   92.192548][ T7054] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   92.196625][ T7054] vhci_hcd vhci_hcd.0: Device attached
[   92.200700][ T7054] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(14)
[   92.203268][ T7054] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   92.205683][ T7054] vhci_hcd vhci_hcd.0: Device attached
[   92.207978][ T7054] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   92.212273][ T7054] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(18)
[   92.214241][ T7054] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[   92.216742][ T7054] vhci_hcd vhci_hcd.0: Device attached
[   92.228574][ T7054] vhci_hcd vhci_hcd.0: pdev(2) rhport(4) sockfd(20)
[   92.230913][ T7054] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[   92.233678][ T7054] vhci_hcd vhci_hcd.0: Device attached
[   92.237651][ T7054] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(22)
[   92.239448][ T7054] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[   92.246099][ T7054] vhci_hcd vhci_hcd.0: Device attached
[   92.254546][ T7054] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   92.258934][ T7054] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   92.261917][ T7054] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   92.267876][ T7054] vhci_hcd vhci_hcd.0: port 0 already used
[   92.271138][ T7070] Cannot find add_set index 0 as target
[   92.286569][ T7063] vhci_hcd: connection closed
[   92.286681][ T7059] vhci_hcd: connection closed
[   92.286705][ T7061] vhci_hcd: connection closed
[   92.288238][ T7055] vhci_hcd: connection closed
[   92.290539][ T7057] vhci_hcd: connection closed
[   92.292964][ T1140] vhci_hcd: stop threads
[   92.296441][ T1140] vhci_hcd: release socket
[   92.298097][ T1140] vhci_hcd: disconnect device
[   92.299596][ T1140] vhci_hcd: stop threads
[   92.300981][ T1140] vhci_hcd: release socket
[   92.302446][ T1140] vhci_hcd: disconnect device
[   92.306191][ T1140] vhci_hcd: stop threads
[   92.307550][ T1140] vhci_hcd: release socket
[   92.311146][ T1140] vhci_hcd: disconnect device
[   92.312907][ T1140] vhci_hcd: stop threads
[   92.315178][ T1140] vhci_hcd: release socket
[   92.316679][ T1140] vhci_hcd: disconnect device
[   92.318350][ T1140] vhci_hcd: stop threads
[   92.320079][ T1140] vhci_hcd: release socket
[   92.322103][ T1140] vhci_hcd: disconnect device
[   92.375432][   T60] vhci_hcd: vhci_device speed not set
[   92.997011][ T7083] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[   92.997011][ T7083]    program syz.2.236 not setting count and/or reply_len properly
[   93.021954][   T53] IPVS: starting estimator thread 0...
[   93.129094][ T7087] IPVS: using max 43 ests per chain, 103200 per kthread
[   94.398264][ T7117] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[   94.398264][ T7117]    program syz.1.246 not setting count and/or reply_len properly
[   94.425077][ T7126] 9pnet_virtio: no channels available for device ./file0/file0
[   94.633306][ T7131] netlink: 8 bytes leftover after parsing attributes in process `syz.2.248'.
[   95.143957][ T7136] can0: slcan on ttyprintk.
[   96.125115][ T7135] can0 (unregistered): slcan off ttyprintk.
[   96.246876][ T7158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.255'.
[   96.251007][ T7158] netlink: 104 bytes leftover after parsing attributes in process `syz.0.255'.
[   96.255056][ T7158] netlink: 104 bytes leftover after parsing attributes in process `syz.0.255'.
[   96.625820][ T7174] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[   96.625820][ T7174]    program syz.2.257 not setting count and/or reply_len properly
[   96.676249][  T837] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   96.856193][  T837] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[   96.859397][  T837] usb 5-1: config 220 has 1 interface, different from the descriptor's value: 3
[   96.868611][  T837] usb 5-1: config 220 interface 0 has no altsetting 0
[   96.874483][  T837] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[   96.877244][  T837] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.880591][ T7181] 9pnet_virtio: no channels available for device ./file0/file0
[   96.883347][  T837] usb 5-1: Product: syz
[   96.890251][  T837] usb 5-1: Manufacturer: syz
[   96.891811][  T837] usb 5-1: SerialNumber: syz
[   96.946371][ T7183] can0: slcan on ttyprintk.
[   97.087355][ T7189] netlink: 8 bytes leftover after parsing attributes in process `syz.3.260'.
[   97.145824][ T7161] process 'syz.0.256' launched './file0' with NULL argv: empty string added
[   97.393974][  T837] usb 5-1: Found UVC 0.00 device syz (8086:0b07)
[   97.396133][  T837] usb 5-1: No valid video chain found.
[   97.432441][ T7194] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   97.760720][  T837] usb 5-1: USB disconnect, device number 2
[   97.821414][ T7199] netlink: 4 bytes leftover after parsing attributes in process `syz.3.263'.
[   97.907547][ T7182] can0 (unregistered): slcan off ttyprintk.
[   97.995333][ T7210] lo: entered promiscuous mode
[   97.997259][ T7210] tunl0: entered promiscuous mode
[   97.999577][ T7210] gre0: entered promiscuous mode
[   98.001923][ T7210] gretap0: entered promiscuous mode
[   98.004433][ T7210] erspan0: entered promiscuous mode
[   98.006338][ T7210] ip_vti0: entered promiscuous mode
[   98.008386][ T7210] ip6_vti0: entered promiscuous mode
[   98.010396][ T7210] sit0: entered promiscuous mode
[   98.012720][ T7210] ip6tnl0: entered promiscuous mode
[   98.015094][ T7210] ip6gre0: entered promiscuous mode
[   98.017080][ T7210] syz_tun: entered promiscuous mode
[   98.019779][ T7210] ip6gretap0: entered promiscuous mode
[   98.023304][ T7210] bridge0: entered promiscuous mode
[   98.025914][ T7210] vcan0: entered promiscuous mode
[   98.027940][ T7210] bond0: entered promiscuous mode
[   98.031845][ T7210] team0: entered promiscuous mode
[   98.038642][ T7210] dummy0: entered promiscuous mode
[   98.044974][ T7210] nlmon0: entered promiscuous mode
[   98.093656][ T7210] caif0: entered promiscuous mode
[   98.105759][ T7210] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   98.174021][ T7208] binder: 7207:7208 ioctl c0306201 80000540 returned -22
[   98.405603][ T7203] netlink: 6 bytes leftover after parsing attributes in process `syz.3.264'.
[   98.408394][ T7203] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   98.473415][ T7221] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[   98.473415][ T7221]    program syz.1.267 not setting count and/or reply_len properly
[   98.934813][ T7235] syzkaller1: entered promiscuous mode
[   98.936741][ T7235] syzkaller1: entered allmulticast mode
[   98.982350][ T7242] netlink: 16 bytes leftover after parsing attributes in process `syz.0.273'.
[   98.998226][ T7244] can0: slcan on ttyprintk.
[   99.868508][ T7259] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[   99.868508][ T7259]    program syz.2.276 not setting count and/or reply_len properly
[   99.927389][ T7243] can0 (unregistered): slcan off ttyprintk.
[   99.997834][ T7273] FAULT_INJECTION: forcing a failure.
[   99.997834][ T7273] name failslab, interval 1, probability 0, space 0, times 0
[  100.001747][ T7273] CPU: 0 UID: 0 PID: 7273 Comm: syz.2.280 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  100.001762][ T7273] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  100.001768][ T7273] Call Trace:
[  100.001772][ T7273]  <TASK>
[  100.001776][ T7273]  dump_stack_lvl+0x16c/0x1f0
[  100.001797][ T7273]  should_fail_ex+0x512/0x640
[  100.001811][ T7273]  should_failslab+0xc2/0x120
[  100.001824][ T7273]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  100.001836][ T7273]  ? skb_clone+0x190/0x3f0
[  100.001851][ T7273]  skb_clone+0x190/0x3f0
[  100.001863][ T7273]  netlink_deliver_tap+0xabd/0xd30
[  100.001878][ T7273]  netlink_unicast+0x5df/0x7f0
[  100.001893][ T7273]  ? __pfx_netlink_unicast+0x10/0x10
[  100.001909][ T7273]  netlink_sendmsg+0x8d1/0xdd0
[  100.001924][ T7273]  ? __pfx_netlink_sendmsg+0x10/0x10
[  100.001937][ T7273]  ? __import_iovec+0x1dd/0x650
[  100.001952][ T7273]  ____sys_sendmsg+0xa98/0xc70
[  100.001968][ T7273]  ? __pfx_____sys_sendmsg+0x10/0x10
[  100.001982][ T7273]  ? get_compat_msghdr+0x11a/0x170
[  100.001999][ T7273]  ___sys_sendmsg+0x134/0x1d0
[  100.002011][ T7273]  ? __pfx____sys_sendmsg+0x10/0x10
[  100.002021][ T7273]  ? __lock_acquire+0x622/0x1c90
[  100.002053][ T7273]  __sys_sendmsg+0x16d/0x220
[  100.002065][ T7273]  ? __pfx___sys_sendmsg+0x10/0x10
[  100.002076][ T7273]  ? __pfx_bpf_trace_run2+0x10/0x10
[  100.002091][ T7273]  ? syscall_trace_enter+0x1cb/0x260
[  100.002106][ T7273]  ? rcu_is_watching+0x12/0xc0
[  100.002122][ T7273]  __do_fast_syscall_32+0x73/0x120
[  100.002138][ T7273]  do_fast_syscall_32+0x32/0x80
[  100.002152][ T7273]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  100.002165][ T7273] RIP: 0023:0xf7f76579
[  100.002173][ T7273] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  100.002183][ T7273] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  100.002193][ T7273] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000540
[  100.002199][ T7273] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  100.002204][ T7273] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  100.002210][ T7273] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  100.002215][ T7273] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  100.002227][ T7273]  </TASK>
[  100.177594][ T7285] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  100.184017][ T7285] syzkaller1: entered promiscuous mode
[  100.185742][ T7285] syzkaller1: entered allmulticast mode
[  100.248079][ T7282] netlink: 248 bytes leftover after parsing attributes in process `syz.0.282'.
[  100.262830][ T7284] netlink: 248 bytes leftover after parsing attributes in process `syz.0.282'.
[  100.317431][ T7288] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  100.317431][ T7288]    program syz.2.281 not setting count and/or reply_len properly
[  100.575592][ T7297] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  100.575592][ T7297]    program syz.0.286 not setting count and/or reply_len properly
[  100.855457][ T7311] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  100.855457][ T7311]    program syz.2.287 not setting count and/or reply_len properly
[  101.421249][ T7342] random: crng reseeded on system resumption
[  102.247338][ T7356] netlink: 4 bytes leftover after parsing attributes in process `syz.2.294'.
[  103.952840][ T7375] netlink: 60 bytes leftover after parsing attributes in process `syz.0.300'.
[  104.010394][ T7379] netlink: 12 bytes leftover after parsing attributes in process `syz.0.301'.
[  104.021401][ T7379] 8021q: adding VLAN 0 to HW filter on device bond1
[  104.085030][ T7385] =======================================================
[  104.085030][ T7385] WARNING: The mand mount option has been deprecated and
[  104.085030][ T7385]          and is ignored by this kernel. Remove the mand
[  104.085030][ T7385]          option from the mount to silence this warning.
[  104.085030][ T7385] =======================================================
[  104.125671][ T7385] netfs: Couldn't get user pages (rc=-14)
[  104.325559][ T7394] 9pnet_virtio: no channels available for device ./file0/file0
[  104.453703][ T7388] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  104.453703][ T7388]    program syz.1.304 not setting count and/or reply_len properly
[  104.722152][ T7401] netlink: 4 bytes leftover after parsing attributes in process `syz.1.308'.
[  104.872411][ T7395] netlink: 8 bytes leftover after parsing attributes in process `syz.3.306'.
[  105.037321][ T7411] ip6t_srh: unknown srh match flags  FF3F
[  105.067058][ T7407] capability: warning: `syz.1.310' uses deprecated v2 capabilities in a way that may be insecure
[  105.298676][ T7422] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  105.299768][ T7423] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  105.525471][ T7422] /dev/sr0: Can't open blockdev
[  105.833733][ T7430] syz.3.317: attempt to access beyond end of device
[  105.833733][ T7430] loop3: rw=6144, sector=128, nr_sectors = 8 limit=0
[  105.838067][ T7430] gfs2: error -5 reading superblock
[  105.885035][ T7423] /dev/sr0: Can't open blockdev
[  105.940041][ T7432] mmap: syz.0.318 (7432) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  106.007022][ T7438] 9pnet: Found fid 0 not clunked
[  106.060246][ T7438] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  106.354368][ T7442] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  106.354368][ T7442]    program syz.2.320 not setting count and/or reply_len properly
[  106.438749][ T7444] netlink: 4 bytes leftover after parsing attributes in process `syz.0.321'.
[  106.676635][ T7444] hsr_slave_1 (unregistering): left promiscuous mode
[  106.970691][ T7459] loop2: detected capacity change from 0 to 7
[  106.977986][ T7459] Dev loop2: unable to read RDB block 7
[  106.980338][ T7459]  loop2: unable to read partition table
[  106.982327][ T7459] loop2: partition table beyond EOD, truncated
[  106.988758][ T7459] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  107.418301][ T7472] 9pnet_virtio: no channels available for device ./file0/file0
[  107.663211][ T7476] netlink: 8 bytes leftover after parsing attributes in process `syz.1.329'.
[  107.976063][ T7482] FAULT_INJECTION: forcing a failure.
[  107.976063][ T7482] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  107.980339][ T7482] CPU: 2 UID: 0 PID: 7482 Comm: syz.2.331 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  107.980355][ T7482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  107.980362][ T7482] Call Trace:
[  107.980365][ T7482]  <TASK>
[  107.980369][ T7482]  dump_stack_lvl+0x16c/0x1f0
[  107.980388][ T7482]  should_fail_ex+0x512/0x640
[  107.980402][ T7482]  _copy_to_user+0x32/0xd0
[  107.980415][ T7482]  simple_read_from_buffer+0xcb/0x170
[  107.980432][ T7482]  proc_fail_nth_read+0x197/0x270
[  107.980447][ T7482]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  107.980463][ T7482]  ? rw_verify_area+0xcf/0x680
[  107.980478][ T7482]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  107.980492][ T7482]  vfs_read+0x1e4/0xc60
[  107.980504][ T7482]  ? __pfx___mutex_lock+0x10/0x10
[  107.980519][ T7482]  ? __pfx_vfs_read+0x10/0x10
[  107.980532][ T7482]  ? __fget_files+0x20e/0x3c0
[  107.980545][ T7482]  ksys_read+0x12a/0x250
[  107.980555][ T7482]  ? __pfx_ksys_read+0x10/0x10
[  107.980564][ T7482]  ? syscall_trace_enter+0x1cb/0x260
[  107.980578][ T7482]  ? rcu_is_watching+0x12/0xc0
[  107.980594][ T7482]  __do_fast_syscall_32+0x73/0x120
[  107.980610][ T7482]  do_fast_syscall_32+0x32/0x80
[  107.980625][ T7482]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  107.980638][ T7482] RIP: 0023:0xf7f76579
[  107.980647][ T7482] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  107.980656][ T7482] RSP: 002b:00000000f5096590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  107.980666][ T7482] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5096620
[  107.980672][ T7482] RDX: 000000000000000f RSI: 00000000f7402ff4 RDI: 0000000000000000
[  107.980678][ T7482] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  107.980683][ T7482] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  107.980689][ T7482] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  107.980701][ T7482]  </TASK>
[  108.030881][ T7478] raw_sendmsg: syz.0.330 forgot to set AF_INET. Fix it!
[  108.056525][ T7486] binder: BINDER_SET_CONTEXT_MGR already set
[  108.058513][ T7486] binder: 7485:7486 ioctl 4018620d 80000040 returned -16
[  108.061169][ T7486] binder: 7485:7486 ioctl c0306201 80000180 returned -14
[  108.649024][ T7497] FAULT_INJECTION: forcing a failure.
[  108.649024][ T7497] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  108.653184][ T7497] CPU: 1 UID: 0 PID: 7497 Comm: syz.1.336 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  108.653198][ T7497] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  108.653205][ T7497] Call Trace:
[  108.653209][ T7497]  <TASK>
[  108.653214][ T7497]  dump_stack_lvl+0x16c/0x1f0
[  108.653232][ T7497]  should_fail_ex+0x512/0x640
[  108.653245][ T7497]  _copy_from_user+0x2e/0xd0
[  108.653258][ T7497]  get_compat_msghdr+0xa7/0x170
[  108.653270][ T7497]  ? __pfx_get_compat_msghdr+0x10/0x10
[  108.653283][ T7497]  ? __lock_acquire+0x622/0x1c90
[  108.653296][ T7497]  ___sys_recvmsg+0x191/0x1a0
[  108.653309][ T7497]  ? __pfx____sys_recvmsg+0x10/0x10
[  108.653327][ T7497]  ? get_pid_task+0xa0/0x250
[  108.653343][ T7497]  do_recvmmsg+0x55d/0x750
[  108.653356][ T7497]  ? __pfx_do_recvmmsg+0x10/0x10
[  108.653380][ T7497]  __sys_recvmmsg+0x21c/0x280
[  108.653392][ T7497]  ? __pfx___sys_recvmmsg+0x10/0x10
[  108.653405][ T7497]  ? syscall_trace_enter+0x1cb/0x260
[  108.653421][ T7497]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  108.653433][ T7497]  ? syscall_trace_enter+0xee/0x260
[  108.653446][ T7497]  __do_fast_syscall_32+0x73/0x120
[  108.653462][ T7497]  do_fast_syscall_32+0x32/0x80
[  108.653477][ T7497]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  108.653490][ T7497] RIP: 0023:0xf704e579
[  108.653498][ T7497] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  108.653507][ T7497] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  108.653517][ T7497] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080002440
[  108.653523][ T7497] RDX: 00000000ffffff67 RSI: 0000000000000000 RDI: 0000000000000000
[  108.653529][ T7497] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  108.653534][ T7497] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  108.653540][ T7497] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  108.653556][ T7497]  </TASK>
[  109.485857][ T7506] netlink: 'syz.1.339': attribute type 1 has an invalid length.
[  109.514192][ T7506] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  110.246299][ T7523] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  110.246299][ T7523]    program syz.3.346 not setting count and/or reply_len properly
[  110.357928][ T7527] random: crng reseeded on system resumption
[  110.467670][ T7529] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  111.255323][ T7536] 9pnet_virtio: no channels available for device ./file0/file0
[  111.451637][ T7542] netlink: 8 bytes leftover after parsing attributes in process `syz.3.350'.
[  112.243554][ T7561] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  112.243554][ T7561]    program syz.0.353 not setting count and/or reply_len properly
[  112.481543][ T7577] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  112.786966][ T7581] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  112.786966][ T7581]    program syz.0.360 not setting count and/or reply_len properly
[  112.964220][ T7598] netlink: 4 bytes leftover after parsing attributes in process `syz.2.364'.
[  113.273979][ T1019] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  113.373581][ T7610] syz.1.367: attempt to access beyond end of device
[  113.373581][ T7610] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  113.378233][ T7610] efs: cannot read volume header
[  113.414122][ T1019] usb 7-1: device descriptor read/64, error -71
[  113.521852][ T7612] netlink: 24 bytes leftover after parsing attributes in process `syz.1.368'.
[  113.526157][ T7612] netlink: 24 bytes leftover after parsing attributes in process `syz.1.368'.
[  113.533537][ T7612] Driver unsupported XDP return value 0 on prog  (id 101) dev N/A, expect packet loss!
[  113.713969][ T1019] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  113.843940][ T1019] usb 7-1: device descriptor read/64, error -71
[  113.955140][ T1019] usb usb7-port1: attempt power cycle
[  114.074075][ T7619] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.369'.
[  114.081515][ T7615] netlink: 32 bytes leftover after parsing attributes in process `syz.1.369'.
[  114.237116][ T7628] gtp0: entered promiscuous mode
[  114.239160][ T7628] team0: Port device gtp0 added
[  114.249367][ T7622] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  114.249367][ T7622]    program syz.0.370 not setting count and/or reply_len properly
[  114.344201][ T1019] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  114.361374][ T7639] 9pnet_virtio: no channels available for device ./file0/file0
[  114.364436][ T1019] usb 7-1: device descriptor read/8, error -71
[  114.602476][ T7662] netlink: 8 bytes leftover after parsing attributes in process `syz.0.376'.
[  114.633958][ T1019] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  114.654467][ T1019] usb 7-1: device descriptor read/8, error -71
[  114.769566][ T1019] usb usb7-port1: unable to enumerate USB device
[  114.868398][ T7663] xt_ipcomp: unknown flags 12
[  115.016031][ T7663] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only
[  115.021297][ T7663] Bluetooth: MGMT ver 1.23
[  116.837535][ T7711] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  116.837535][ T7711]    program syz.1.384 not setting count and/or reply_len properly
[  117.082477][ T7715] FAULT_INJECTION: forcing a failure.
[  117.082477][ T7715] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  117.088521][ T7715] CPU: 2 UID: 0 PID: 7715 Comm: syz.3.387 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  117.088544][ T7715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  117.088554][ T7715] Call Trace:
[  117.088560][ T7715]  <TASK>
[  117.088567][ T7715]  dump_stack_lvl+0x16c/0x1f0
[  117.088595][ T7715]  should_fail_ex+0x512/0x640
[  117.088616][ T7715]  _copy_from_iter+0x29f/0x16f0
[  117.088640][ T7715]  ? __pfx__copy_from_iter+0x10/0x10
[  117.088659][ T7715]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  117.088682][ T7715]  skb_copy_datagram_from_iter+0x124/0x740
[  117.088701][ T7715]  ? dev_get_by_index+0x17c/0x380
[  117.088724][ T7715]  packet_sendmsg+0x224b/0x5720
[  117.088763][ T7715]  ? __pfx___might_resched+0x10/0x10
[  117.088778][ T7715]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  117.088804][ T7715]  ? __pfx_packet_sendmsg+0x10/0x10
[  117.088827][ T7715]  ? __might_fault+0xe3/0x190
[  117.088847][ T7715]  ? aa_pivotroot+0xa20/0x1090
[  117.088879][ T7715]  __sys_sendto+0x4a0/0x520
[  117.088897][ T7715]  ? __pfx___sys_sendto+0x10/0x10
[  117.088940][ T7715]  ? find_held_lock+0x2b/0x80
[  117.088966][ T7715]  ? syscall_trace_enter+0x1cb/0x260
[  117.088990][ T7715]  __ia32_sys_sendto+0xdd/0x1b0
[  117.089007][ T7715]  ? syscall_trace_enter+0xee/0x260
[  117.089030][ T7715]  __do_fast_syscall_32+0x73/0x120
[  117.089057][ T7715]  do_fast_syscall_32+0x32/0x80
[  117.089081][ T7715]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  117.089102][ T7715] RIP: 0023:0xf7f55579
[  117.089115][ T7715] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  117.089130][ T7715] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171
[  117.089146][ T7715] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000440
[  117.089156][ T7715] RDX: 000000000000000e RSI: 0000000000000020 RDI: 0000000080000140
[  117.089166][ T7715] RBP: 0000000000000014 R08: 0000000000000000 R09: 0000000000000000
[  117.089175][ T7715] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  117.089185][ T7715] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  117.089207][ T7715]  </TASK>
[  117.108813][ T5940] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  117.110424][ T5941] Bluetooth: hci0: command 0x0c1a tx timeout
[  117.462870][ T7723] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  118.289570][ T7740] trusted_key: syz.3.394 sent an empty control message without MSG_MORE.
[  118.328216][ T7739] can0: slcan on ttyprintk.
[  118.904619][ T7738] can0 (unregistered): slcan off ttyprintk.
[  119.721923][ T7786] vim2m vim2m.0: Fourcc format (0x47524247) invalid.
[  120.006039][ T7790] netlink: 'syz.1.404': attribute type 1 has an invalid length.
[  120.186835][   T40] audit: type=1326 audit(1748334062.218:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7793 comm="syz.1.405" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf704e579 code=0x0
[  120.225176][ T7797] FAULT_INJECTION: forcing a failure.
[  120.225176][ T7797] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  120.229241][ T7797] CPU: 1 UID: 0 PID: 7797 Comm: syz.3.406 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  120.229256][ T7797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  120.229263][ T7797] Call Trace:
[  120.229266][ T7797]  <TASK>
[  120.229271][ T7797]  dump_stack_lvl+0x16c/0x1f0
[  120.229289][ T7797]  should_fail_ex+0x512/0x640
[  120.229302][ T7797]  __kvm_read_guest_page+0x186/0x250
[  120.229315][ T7797]  kvm_fetch_guest_virt+0x128/0x1a0
[  120.229333][ T7797]  __do_insn_fetch_bytes+0x41e/0x6d0
[  120.229349][ T7797]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[  120.229368][ T7797]  x86_decode_insn+0xb90/0x5540
[  120.229383][ T7797]  ? vmx_segment_cache_test_set+0x14b/0x400
[  120.229398][ T7797]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  120.229411][ T7797]  ? __pfx_x86_decode_insn+0x10/0x10
[  120.229421][ T7797]  ? vmx_cache_reg+0x333/0x5e0
[  120.229433][ T7797]  ? kvm_register_read_raw+0xe9/0x240
[  120.229448][ T7797]  ? init_decode_cache+0xd/0x210
[  120.229458][ T7797]  ? init_emulate_ctxt+0x337/0x510
[  120.229469][ T7797]  ? __pfx_init_emulate_ctxt+0x10/0x10
[  120.229482][ T7797]  ? kvm_multiple_exception+0x379/0x750
[  120.229500][ T7797]  x86_emulate_instruction+0x9b2/0x1a90
[  120.229519][ T7797]  ? handle_exception_nmi+0x84e/0x1740
[  120.229535][ T7797]  handle_ud+0x103/0x280
[  120.229549][ T7797]  ? __pfx_handle_ud+0x10/0x10
[  120.229565][ T7797]  ? __lock_acquire+0xb8a/0x1c90
[  120.229578][ T7797]  ? __vmx_complete_interrupts+0x111/0x4e0
[  120.229596][ T7797]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  120.229610][ T7797]  handle_exception_nmi+0x856/0x1740
[  120.229626][ T7797]  ? __pfx_handle_exception_nmi+0x10/0x10
[  120.229641][ T7797]  vmx_handle_exit+0x6a8/0x1d20
[  120.229658][ T7797]  vcpu_run+0x30ba/0x5390
[  120.229673][ T7797]  ? __pfx_vcpu_run+0x10/0x10
[  120.229685][ T7797]  ? fpu_swap_kvm_fpstate+0x1be/0x410
[  120.229700][ T7797]  ? __local_bh_enable_ip+0xa4/0x120
[  120.229712][ T7797]  ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0
[  120.229722][ T7797]  kvm_arch_vcpu_ioctl_run+0x51e/0x18c0
[  120.229736][ T7797]  kvm_vcpu_ioctl+0x5e9/0x1680
[  120.229748][ T7797]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  120.229758][ T7797]  ? tomoyo_path_number_perm+0x18d/0x580
[  120.229774][ T7797]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  120.229787][ T7797]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  120.229800][ T7797]  ? do_vfs_ioctl+0x523/0x1a60
[  120.229815][ T7797]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  120.229839][ T7797]  kvm_vcpu_compat_ioctl+0x20f/0x3d0
[  120.229850][ T7797]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  120.229861][ T7797]  ? __fget_files+0x20e/0x3c0
[  120.229874][ T7797]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  120.229885][ T7797]  __ia32_compat_sys_ioctl+0x23f/0x370
[  120.229901][ T7797]  __do_fast_syscall_32+0x73/0x120
[  120.229917][ T7797]  do_fast_syscall_32+0x32/0x80
[  120.229932][ T7797]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  120.229944][ T7797] RIP: 0023:0xf7f55579
[  120.229953][ T7797] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  120.229962][ T7797] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  120.229972][ T7797] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000000000ae80
[  120.229978][ T7797] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  120.229983][ T7797] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  120.229989][ T7797] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  120.229994][ T7797] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  120.230007][ T7797]  </TASK>
[  121.263455][ T7811] can0: slcan on ttyprintk.
[  121.914759][ T7810] can0 (unregistered): slcan off ttyprintk.
[  121.989276][ T7837] netlink: 8 bytes leftover after parsing attributes in process `syz.1.413'.
[  122.072436][   T40] audit: type=1326 audit(1748334064.098:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7845 comm="syz.0.415" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x0
[  122.343534][ T7854] 9pnet_virtio: no channels available for device ./file0/file0
[  122.576125][ T7860] netlink: 8 bytes leftover after parsing attributes in process `syz.3.417'.
[  123.104317][ T7871] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  123.104317][ T7871]    program syz.0.422 not setting count and/or reply_len properly
[  123.397287][ T7873] netlink: 68 bytes leftover after parsing attributes in process `syz.3.423'.
[  123.416933][ T7879] can0: slcan on ttyprintk.
[  123.463376][ T7882] batman_adv: batadv0: Adding interface: dummy0
[  123.467076][ T7882] batman_adv: batadv0: Interface activated: dummy0
[  124.026123][ T7896] 9pnet_virtio: no channels available for device ./file0/file0
[  124.134014][ T7894] netlink: 'syz.2.427': attribute type 10 has an invalid length.
[  124.145082][ T7894] veth0_vlan: left promiscuous mode
[  124.148914][ T7894] veth0_vlan: entered promiscuous mode
[  124.153264][ T7894] team0: Device veth0_vlan failed to register rx_handler
[  124.194183][ T7878] can0 (unregistered): slcan off ttyprintk.
[  124.324226][ T7903] netlink: 8 bytes leftover after parsing attributes in process `syz.3.428'.
[  124.908751][ T7920] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  124.908751][ T7920]    program syz.2.432 not setting count and/or reply_len properly
[  125.009820][  T837] libceph: connect (1)[c::]:6789 error -101
[  125.012345][  T837] libceph: mon0 (1)[c::]:6789 connect error
[  125.018072][  T837] libceph: connect (1)[c::]:6789 error -101
[  125.020299][  T837] libceph: mon0 (1)[c::]:6789 connect error
[  125.275405][  T837] libceph: connect (1)[c::]:6789 error -101
[  125.277727][  T837] libceph: mon0 (1)[c::]:6789 connect error
[  125.370955][ T7936] 9pnet_virtio: no channels available for device ./file0/file0
[  125.621424][ T7938] netlink: 8 bytes leftover after parsing attributes in process `syz.0.437'.
[  125.786276][  T837] libceph: connect (1)[c::]:6789 error -101
[  125.788468][  T837] libceph: mon0 (1)[c::]:6789 connect error
[  125.828050][ T7925] ceph: No mds server is up or the cluster is laggy
[  126.588421][ T7949] fuse: Invalid rootmode
[  126.595469][ T7951] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  126.595469][ T7951]    program syz.3.442 not setting count and/or reply_len properly
[  128.003931][   T10] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  128.223985][   T10] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  128.264467][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  128.267206][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  128.270466][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  128.281461][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  128.284231][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  128.287424][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  128.293128][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  128.301402][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  128.313903][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  128.316739][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  128.319410][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  128.322627][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  128.334783][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  128.337545][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  128.340994][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  128.344471][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  128.347632][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  128.350991][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  128.354295][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  128.357486][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  128.360793][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  128.364634][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  128.367378][   T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  128.370746][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  128.401438][   T10] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  128.404534][   T10] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  128.407287][   T10] usb 6-1: Product: syz
[  128.408626][   T10] usb 6-1: Manufacturer: syz
[  128.410077][   T10] usb 6-1: SerialNumber: syz
[  128.454365][   T10] usb 6-1: config 0 descriptor??
[  128.471245][   T10] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0
[  128.770930][    C0] usb 6-1: yurex_control_callback - control failed: -2
[  128.816326][ T5977] usb 6-1: USB disconnect, device number 2
[  128.821846][ T5977] yurex 6-1:0.0: USB YUREX #0 now disconnected
[  129.065495][ T8003] can0: slcan on ttyprintk.
[  129.636016][ T8015] FAULT_INJECTION: forcing a failure.
[  129.636016][ T8015] name failslab, interval 1, probability 0, space 0, times 0
[  129.640199][ T8015] CPU: 2 UID: 0 PID: 8015 Comm: syz.1.459 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  129.640214][ T8015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  129.640220][ T8015] Call Trace:
[  129.640224][ T8015]  <TASK>
[  129.640228][ T8015]  dump_stack_lvl+0x16c/0x1f0
[  129.640246][ T8015]  should_fail_ex+0x512/0x640
[  129.640260][ T8015]  should_failslab+0xc2/0x120
[  129.640273][ T8015]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  129.640286][ T8015]  ? skb_clone+0x190/0x3f0
[  129.640300][ T8015]  skb_clone+0x190/0x3f0
[  129.640312][ T8015]  netlink_deliver_tap+0xabd/0xd30
[  129.640329][ T8015]  netlink_unicast+0x5df/0x7f0
[  129.640343][ T8015]  ? __pfx_netlink_unicast+0x10/0x10
[  129.640360][ T8015]  netlink_sendmsg+0x8d1/0xdd0
[  129.640375][ T8015]  ? __pfx_netlink_sendmsg+0x10/0x10
[  129.640389][ T8015]  ? __import_iovec+0x1dd/0x650
[  129.640404][ T8015]  ____sys_sendmsg+0xa98/0xc70
[  129.640420][ T8015]  ? __pfx_____sys_sendmsg+0x10/0x10
[  129.640434][ T8015]  ? get_compat_msghdr+0x11a/0x170
[  129.640451][ T8015]  ___sys_sendmsg+0x134/0x1d0
[  129.640464][ T8015]  ? __pfx____sys_sendmsg+0x10/0x10
[  129.640474][ T8015]  ? __lock_acquire+0x622/0x1c90
[  129.640502][ T8015]  __sys_sendmsg+0x16d/0x220
[  129.640514][ T8015]  ? __pfx___sys_sendmsg+0x10/0x10
[  129.640526][ T8015]  ? __pfx_bpf_trace_run2+0x10/0x10
[  129.640541][ T8015]  ? syscall_trace_enter+0x1cb/0x260
[  129.640556][ T8015]  ? rcu_is_watching+0x12/0xc0
[  129.640572][ T8015]  __do_fast_syscall_32+0x73/0x120
[  129.640588][ T8015]  do_fast_syscall_32+0x32/0x80
[  129.640602][ T8015]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  129.640616][ T8015] RIP: 0023:0xf704e579
[  129.640624][ T8015] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  129.640634][ T8015] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  129.640644][ T8015] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800004c0
[  129.640650][ T8015] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  129.640655][ T8015] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  129.640661][ T8015] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  129.640666][ T8015] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  129.640679][ T8015]  </TASK>
[  129.759264][ T8013] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  129.759264][ T8013]    program syz.3.458 not setting count and/or reply_len properly
[  129.816238][ T8021] netlink: 8 bytes leftover after parsing attributes in process `syz.3.461'.
[  129.819139][ T8021] netlink: 4 bytes leftover after parsing attributes in process `syz.3.461'.
[  129.822028][ T8021] netlink: 'syz.3.461': attribute type 1 has an invalid length.
[  130.215475][ T8002] can0 (unregistered): slcan off ttyprintk.
[  130.359822][ T8035] tipc: Started in network mode
[  130.362080][ T8035] tipc: Node identity ac14140f, cluster identity 4711
[  130.374661][ T8035] tipc: New replicast peer: 255.255.255.255
[  130.377746][ T8035] tipc: Enabled bearer <udp:syz2>, priority 10
[  130.744012][ T8047] nbd0: detected capacity change from 0 to 67108884
[  130.747440][ T8052] block nbd0: Send control failed (result -89)
[  130.749601][ T8052] block nbd0: Request send failed, requeueing
[  130.756599][ T5941] block nbd0: Receive control failed (result -32)
[  130.762039][ T6503] block nbd0: Dead connection, failed to find a fallback
[  130.764833][ T6503] block nbd0: shutting down sockets
[  130.767478][ T6503] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  130.770664][ T6503] Buffer I/O error on dev nbd0, logical block 0, async page read
[  130.775863][ T8052] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  130.778813][ T8052] Buffer I/O error on dev nbd0, logical block 0, async page read
[  130.781605][ T8052] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  130.786017][ T8052] Buffer I/O error on dev nbd0, logical block 0, async page read
[  130.790647][ T8052] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  130.793551][ T8052] Buffer I/O error on dev nbd0, logical block 0, async page read
[  130.800494][ T8052] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  130.803470][ T8052] Buffer I/O error on dev nbd0, logical block 0, async page read
[  130.806744][ T8052] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  130.809720][ T8052] Buffer I/O error on dev nbd0, logical block 0, async page read
[  130.812753][ T8052] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  130.815967][ T8052] Buffer I/O error on dev nbd0, logical block 0, async page read
[  130.818453][ T8052] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  130.821291][ T8052] Buffer I/O error on dev nbd0, logical block 0, async page read
[  130.823806][ T8052] ldm_validate_partition_table(): Disk read failed.
[  130.826954][ T8052] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  130.829894][ T8052] Buffer I/O error on dev nbd0, logical block 0, async page read
[  130.832397][ T8052] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  130.835694][ T8052] Buffer I/O error on dev nbd0, logical block 0, async page read
[  130.838460][ T8052] Dev nbd0: unable to read RDB block 0
[  130.841043][ T8052]  nbd0: unable to read partition table
[  130.845722][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  130.848166][ T5950] ldm_validate_partition_table(): Disk read failed.
[  130.852518][ T5950] Dev nbd0: unable to read RDB block 0
[  130.855442][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=33554441, location=33554441
[  130.856588][ T5950]  nbd0: unable to read partition table
[  130.858960][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=33554185, location=33554185
[  130.864367][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=33554440, location=33554440
[  130.869045][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=33554184, location=33554184
[  130.870852][ T5950] ldm_validate_partition_table(): Disk read failed.
[  130.872563][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=33554439, location=33554439
[  130.879140][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=33554183, location=33554183
[  130.889365][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=33554291, location=33554291
[  130.893600][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=33554035, location=33554035
[  130.896282][ T5950] Dev nbd0: unable to read RDB block 0
[  130.900540][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=33554289, location=33554289
[  130.900876][ T5950]  nbd0: unable to read partition table
[  130.909427][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=33554033, location=33554033
[  130.912917][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  130.917207][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  130.920358][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=16777220, location=16777220
[  130.923796][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=16776964, location=16776964
[  130.927253][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=16777219, location=16777219
[  130.930647][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=16776963, location=16776963
[  130.934000][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=16777218, location=16777218
[  130.937297][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=16776962, location=16776962
[  130.940749][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=16777070, location=16777070
[  130.943801][ T8055] bridge_slave_0: left allmulticast mode
[  130.946057][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=16776814, location=16776814
[  130.949798][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=16777068, location=16777068
[  130.950701][ T8055] bridge_slave_0: left promiscuous mode
[  130.953331][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=16776812, location=16776812
[  130.957030][ T8055] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.959706][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  130.966451][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  130.970128][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=8388609, location=8388609
[  130.973611][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=8388353, location=8388353
[  130.977176][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=8388608, location=8388608
[  130.980695][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=8388352, location=8388352
[  130.983665][ T8055] bridge_slave_1: left allmulticast mode
[  130.983682][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=8388607, location=8388607
[  130.988165][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=8388351, location=8388351
[  130.992968][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=8388459, location=8388459
[  130.993563][ T8057] netlink: 788 bytes leftover after parsing attributes in process `syz.2.465'.
[  130.996971][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=8388203, location=8388203
[  130.999875][ T8055] bridge_slave_1: left promiscuous mode
[  131.004516][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=8388457, location=8388457
[  131.008843][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=8388201, location=8388201
[  131.011648][ T8055] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.012815][ T8052] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  131.017344][ T8052] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  131.027467][ T8055] bond0: (slave bond_slave_0): Releasing backup interface
[  131.036613][ T8055] bond0: (slave bond_slave_1): Releasing backup interface
[  131.081740][ T8055] team0: Port device team_slave_0 removed
[  131.099412][ T8055] team0: Port device team_slave_1 removed
[  131.104718][ T8055] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  131.107180][ T8055] batman_adv: batadv0: Removing interface: batadv_slave_0
[  131.111847][ T8055] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  131.114974][ T8055] batman_adv: batadv0: Removing interface: batadv_slave_1
[  131.525267][   T53] tipc: Node number set to 2886997007
[  131.734222][ T8068] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.470'.
[  131.744435][   T60] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  132.072023][ T8070] /dev/sg0: Can't lookup blockdev
[  132.162190][ T8074] netlink: 8 bytes leftover after parsing attributes in process `syz.2.473'.
[  132.291403][ T8077] netlink: 8 bytes leftover after parsing attributes in process `syz.3.472'.
[  132.298005][ T8077] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  132.365946][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[  132.368009][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[  132.521108][ T8083] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  132.521108][ T8083]    program syz.0.476 not setting count and/or reply_len properly
[  132.614439][ T8088] IPVS: length: 72 != 8
[  132.656236][ T8087] block nbd0: shutting down sockets
[  132.720885][ T8086] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  132.720885][ T8086]    program syz.1.477 not setting count and/or reply_len properly
[  132.830914][   T40] audit: type=1326 audit(1748334074.858:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8090 comm="syz.2.481" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f76579 code=0x0
[  132.883546][ T8097] netlink: 'syz.2.481': attribute type 2 has an invalid length.
[  132.893998][ T8097] netlink: 8 bytes leftover after parsing attributes in process `syz.2.481'.
[  133.108009][ T8091] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  133.108009][ T8091]    program syz.1.480 not setting count and/or reply_len properly
[  133.407581][ T8115] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  133.407581][ T8115]    program syz.3.487 not setting count and/or reply_len properly
[  133.510448][ T8122] netfs: Couldn't get user pages (rc=-14)
[  133.544383][ T8119] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  133.544383][ T8119]    program syz.1.488 not setting count and/or reply_len properly
[  133.645769][ T8127] kAFS: No cell specified
[  133.646675][ T8128] kAFS: No cell specified
[  134.755532][ T8146] FAULT_INJECTION: forcing a failure.
[  134.755532][ T8146] name failslab, interval 1, probability 0, space 0, times 0
[  134.759813][ T8146] CPU: 0 UID: 0 PID: 8146 Comm: syz.2.496 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  134.759828][ T8146] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  134.759846][ T8146] Call Trace:
[  134.759851][ T8146]  <TASK>
[  134.759855][ T8146]  dump_stack_lvl+0x16c/0x1f0
[  134.759874][ T8146]  should_fail_ex+0x512/0x640
[  134.759886][ T8146]  ? fs_reclaim_acquire+0xae/0x150
[  134.759903][ T8146]  ? tomoyo_encode2+0x100/0x3e0
[  134.759918][ T8146]  should_failslab+0xc2/0x120
[  134.759933][ T8146]  __kmalloc_noprof+0xd2/0x510
[  134.759948][ T8146]  tomoyo_encode2+0x100/0x3e0
[  134.759966][ T8146]  tomoyo_encode+0x29/0x50
[  134.759981][ T8146]  tomoyo_realpath_from_path+0x18f/0x6e0
[  134.759999][ T8146]  ? tomoyo_profile+0x47/0x60
[  134.760012][ T8146]  tomoyo_path_number_perm+0x245/0x580
[  134.760026][ T8146]  ? tomoyo_path_number_perm+0x237/0x580
[  134.760041][ T8146]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  134.760070][ T8146]  ? find_held_lock+0x2b/0x80
[  134.760085][ T8146]  ? hook_file_ioctl_common+0x145/0x410
[  134.760100][ T8146]  ? __fget_files+0x204/0x3c0
[  134.760112][ T8146]  ? __fget_files+0x20e/0x3c0
[  134.760124][ T8146]  security_file_ioctl_compat+0x9b/0x240
[  134.760141][ T8146]  __ia32_compat_sys_ioctl+0xc3/0x370
[  134.760159][ T8146]  __do_fast_syscall_32+0x73/0x120
[  134.760176][ T8146]  do_fast_syscall_32+0x32/0x80
[  134.760191][ T8146]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  134.760204][ T8146] RIP: 0023:0xf7f76579
[  134.760213][ T8146] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  134.760223][ T8146] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  134.760233][ T8146] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0606610
[  134.760240][ T8146] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000
[  134.760246][ T8146] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  134.760251][ T8146] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  134.760257][ T8146] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  134.760269][ T8146]  </TASK>
[  134.760316][ T8146] ERROR: Out of memory at tomoyo_realpath_from_path.
[  135.053614][ T8148] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  135.053614][ T8148]    program syz.2.497 not setting count and/or reply_len properly
[  135.185766][ T8160] Bluetooth: hci4: Frame reassembly failed (-84)
[  135.280876][ T8157] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  135.280876][ T8157]    program syz.0.499 not setting count and/or reply_len properly
[  137.075736][ T8181] FAULT_INJECTION: forcing a failure.
[  137.075736][ T8181] name failslab, interval 1, probability 0, space 0, times 0
[  137.079704][ T8181] CPU: 2 UID: 0 PID: 8181 Comm: syz.3.507 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  137.079718][ T8181] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  137.079725][ T8181] Call Trace:
[  137.079729][ T8181]  <TASK>
[  137.079734][ T8181]  dump_stack_lvl+0x16c/0x1f0
[  137.079752][ T8181]  should_fail_ex+0x512/0x640
[  137.079763][ T8181]  ? __kmalloc_node_noprof+0xc5/0x500
[  137.079776][ T8181]  should_failslab+0xc2/0x120
[  137.079789][ T8181]  __kmalloc_node_noprof+0xd8/0x500
[  137.079800][ T8181]  ? crypto_alg_lookup+0x113/0x1e0
[  137.079813][ T8181]  ? crypto_alloc_tfmmem.isra.0+0x38/0x110
[  137.079828][ T8181]  ? __pfx_crypto_alg_extsize+0x10/0x10
[  137.079843][ T8181]  crypto_alloc_tfmmem.isra.0+0x38/0x110
[  137.079857][ T8181]  crypto_create_tfm_node+0x85/0x350
[  137.079872][ T8181]  crypto_alloc_tfm_node+0x102/0x260
[  137.079888][ T8181]  __keyctl_dh_compute+0x2b7/0x10e0
[  137.079907][ T8181]  ? __pfx___keyctl_dh_compute+0x10/0x10
[  137.079924][ T8181]  ? __lock_acquire+0xb8a/0x1c90
[  137.079938][ T8181]  ? get_pid_task+0x106/0x250
[  137.079961][ T8181]  compat_keyctl_dh_compute+0x143/0x1c0
[  137.079976][ T8181]  ? __pfx_compat_keyctl_dh_compute+0x10/0x10
[  137.079991][ T8181]  ? bpf_trace_run2+0x265/0x590
[  137.080005][ T8181]  ? bpf_trace_run2+0x2a5/0x590
[  137.080018][ T8181]  ? find_held_lock+0x2b/0x80
[  137.080035][ T8181]  __ia32_compat_sys_keyctl+0x347/0x540
[  137.080052][ T8181]  __do_fast_syscall_32+0x73/0x120
[  137.080068][ T8181]  do_fast_syscall_32+0x32/0x80
[  137.080082][ T8181]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  137.080095][ T8181] RIP: 0023:0xf7f55579
[  137.080103][ T8181] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  137.080113][ T8181] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000120
[  137.080123][ T8181] RAX: ffffffffffffffda RBX: 0000000000000017 RCX: 0000000080000340
[  137.080129][ T8181] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000080000000
[  137.080135][ T8181] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  137.080140][ T8181] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  137.080146][ T8181] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  137.080158][ T8181]  </TASK>
[  137.080163][ T8181] could not allocate digest TFM handle blake2b-256
[  137.230351][ T8184] capability: warning: `syz.3.508' uses 32-bit capabilities (legacy support in use)
[  137.233993][ T5940] Bluetooth: hci4: command 0x1003 tx timeout
[  137.234153][ T5941] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  137.409004][ T8190] kvm: Disabled LAPIC found during irq injection
[  137.412423][ T8190] netlink: 8 bytes leftover after parsing attributes in process `syz.1.510'.
[  137.417119][ T8190] dlm: plock device version mismatch: kernel (1.2.0), user (4207673345.1574799195.3139252685)
[  137.544323][ T8187] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  137.544323][ T8187]    program syz.2.509 not setting count and/or reply_len properly
[  137.767942][ T8199] 9pnet_virtio: no channels available for device ./file0/file0
[  138.029397][ T8201] netlink: 8 bytes leftover after parsing attributes in process `syz.1.513'.
[  138.495492][ T8214] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  138.495492][ T8214]    program syz.3.516 not setting count and/or reply_len properly
[  138.849687][ T8226] netlink: 4 bytes leftover after parsing attributes in process `syz.3.521'.
[  138.994729][ T8223] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  138.994729][ T8223]    program syz.2.520 not setting count and/or reply_len properly
[  139.349696][ T8238] 9pnet_virtio: no channels available for device ./file0/file0
[  139.382691][ T8239] netlink: 20 bytes leftover after parsing attributes in process `syz.2.524'.
[  139.762665][ T8241] netlink: 8 bytes leftover after parsing attributes in process `syz.0.525'.
[  140.149214][ T8243] netlink: 'syz.3.526': attribute type 4 has an invalid length.
[  140.152456][ T8243] netlink: 17 bytes leftover after parsing attributes in process `syz.3.526'.
[  140.161671][ T8243] netlink: 4 bytes leftover after parsing attributes in process `syz.3.526'.
[  140.467982][ T8251] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  140.467982][ T8251]    program syz.0.529 not setting count and/or reply_len properly
[  140.739958][ T8261] FAULT_INJECTION: forcing a failure.
[  140.739958][ T8261] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  140.745474][ T8261] CPU: 1 UID: 0 PID: 8261 Comm: syz.0.531 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  140.745505][ T8261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  140.745513][ T8261] Call Trace:
[  140.745517][ T8261]  <TASK>
[  140.745522][ T8261]  dump_stack_lvl+0x16c/0x1f0
[  140.745557][ T8261]  should_fail_ex+0x512/0x640
[  140.745575][ T8261]  _copy_from_iter+0x29f/0x16f0
[  140.745590][ T8261]  ? __pfx__copy_from_iter+0x10/0x10
[  140.745604][ T8261]  ? find_held_lock+0x2b/0x80
[  140.745622][ T8261]  tun_get_user+0x240/0x3b80
[  140.745638][ T8261]  ? __pfx_tun_get_user+0x10/0x10
[  140.745647][ T8261]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  140.745663][ T8261]  ? find_held_lock+0x2b/0x80
[  140.745677][ T8261]  ? tun_get+0x191/0x370
[  140.745695][ T8261]  tun_chr_write_iter+0xdc/0x210
[  140.745706][ T8261]  vfs_write+0x6c7/0x1150
[  140.745717][ T8261]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  140.745728][ T8261]  ? __pfx_vfs_write+0x10/0x10
[  140.745736][ T8261]  ? find_held_lock+0x2b/0x80
[  140.745759][ T8261]  ksys_write+0x12a/0x250
[  140.745769][ T8261]  ? __pfx_ksys_write+0x10/0x10
[  140.745777][ T8261]  ? syscall_trace_enter+0x1cb/0x260
[  140.745792][ T8261]  ? rcu_is_watching+0x12/0xc0
[  140.745809][ T8261]  __do_fast_syscall_32+0x73/0x120
[  140.745825][ T8261]  do_fast_syscall_32+0x32/0x80
[  140.745840][ T8261]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  140.745853][ T8261] RIP: 0023:0xf7fc1579
[  140.745861][ T8261] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  140.745871][ T8261] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  140.745881][ T8261] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000280
[  140.745887][ T8261] RDX: 000000000000004e RSI: 0000000000000000 RDI: 0000000000000000
[  140.745893][ T8261] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  140.745899][ T8261] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  140.745904][ T8261] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  140.745917][ T8261]  </TASK>
[  141.380055][ T8272] FAULT_INJECTION: forcing a failure.
[  141.380055][ T8272] name failslab, interval 1, probability 0, space 0, times 0
[  141.384472][ T8272] CPU: 0 UID: 0 PID: 8272 Comm: syz.3.535 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  141.384492][ T8272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  141.384499][ T8272] Call Trace:
[  141.384513][ T8272]  <TASK>
[  141.384519][ T8272]  dump_stack_lvl+0x16c/0x1f0
[  141.384537][ T8272]  should_fail_ex+0x512/0x640
[  141.384548][ T8272]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  141.384562][ T8272]  should_failslab+0xc2/0x120
[  141.384587][ T8272]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  141.384598][ T8272]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  141.384611][ T8272]  ? radix_tree_node_alloc.constprop.0+0x7c/0x350
[  141.384627][ T8272]  radix_tree_node_alloc.constprop.0+0x7c/0x350
[  141.384643][ T8272]  idr_get_free+0x528/0xa30
[  141.384662][ T8272]  idr_alloc_u32+0x190/0x2f0
[  141.384676][ T8272]  ? __pfx_idr_alloc_u32+0x10/0x10
[  141.384691][ T8272]  ? tcf_exts_init_ex+0x1bc/0x610
[  141.384704][ T8272]  basic_change+0xcb1/0x1400
[  141.384719][ T8272]  ? __pfx_basic_change+0x10/0x10
[  141.384738][ T8272]  ? __pfx_basic_change+0x10/0x10
[  141.384750][ T8272]  tc_new_tfilter+0xa32/0x2340
[  141.384771][ T8272]  ? __pfx_tc_new_tfilter+0x10/0x10
[  141.384787][ T8272]  ? kfree_skbmem+0x1a4/0x1f0
[  141.384812][ T8272]  ? find_held_lock+0x2b/0x80
[  141.384828][ T8272]  ? __pfx_tc_new_tfilter+0x10/0x10
[  141.384840][ T8272]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  141.384853][ T8272]  ? __pfx_tc_new_tfilter+0x10/0x10
[  141.384867][ T8272]  rtnetlink_rcv_msg+0x95b/0xe90
[  141.384880][ T8272]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  141.384899][ T8272]  netlink_rcv_skb+0x16a/0x440
[  141.384913][ T8272]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  141.384927][ T8272]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  141.384947][ T8272]  ? netlink_deliver_tap+0x1ae/0xd30
[  141.384962][ T8272]  netlink_unicast+0x53d/0x7f0
[  141.384976][ T8272]  ? __pfx_netlink_unicast+0x10/0x10
[  141.384993][ T8272]  netlink_sendmsg+0x8d1/0xdd0
[  141.385008][ T8272]  ? __pfx_netlink_sendmsg+0x10/0x10
[  141.385021][ T8272]  ? __import_iovec+0x1dd/0x650
[  141.385037][ T8272]  ____sys_sendmsg+0xa98/0xc70
[  141.385054][ T8272]  ? __pfx_____sys_sendmsg+0x10/0x10
[  141.385068][ T8272]  ? get_compat_msghdr+0x11a/0x170
[  141.385086][ T8272]  ___sys_sendmsg+0x134/0x1d0
[  141.385098][ T8272]  ? __pfx____sys_sendmsg+0x10/0x10
[  141.385109][ T8272]  ? __lock_acquire+0x622/0x1c90
[  141.385137][ T8272]  __sys_sendmsg+0x16d/0x220
[  141.385149][ T8272]  ? __pfx___sys_sendmsg+0x10/0x10
[  141.385161][ T8272]  ? __pfx_bpf_trace_run2+0x10/0x10
[  141.385176][ T8272]  ? syscall_trace_enter+0x1cb/0x260
[  141.385191][ T8272]  ? rcu_is_watching+0x12/0xc0
[  141.385207][ T8272]  __do_fast_syscall_32+0x73/0x120
[  141.385223][ T8272]  do_fast_syscall_32+0x32/0x80
[  141.385238][ T8272]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  141.385250][ T8272] RIP: 0023:0xf7f55579
[  141.385258][ T8272] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  141.385268][ T8272] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  141.385278][ T8272] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080006040
[  141.385285][ T8272] RDX: 0000000020001880 RSI: 0000000000000000 RDI: 0000000000000000
[  141.385291][ T8272] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  141.385296][ T8272] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  141.385302][ T8272] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  141.385314][ T8272]  </TASK>
[  141.490557][    C0] vkms_vblank_simulate: vblank timer overrun
[  141.912739][ T8291] lo speed is unknown, defaulting to 1000
[  141.915555][ T8291] lo speed is unknown, defaulting to 1000
[  141.922584][ T8291] lo speed is unknown, defaulting to 1000
[  141.930905][ T8291] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  141.943234][ T8291] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  141.970952][ T8293] netlink: 180 bytes leftover after parsing attributes in process `syz.3.539'.
[  141.972517][ T8291] lo speed is unknown, defaulting to 1000
[  142.000456][ T8291] lo speed is unknown, defaulting to 1000
[  142.003559][ T8291] lo speed is unknown, defaulting to 1000
[  142.009449][ T8291] lo speed is unknown, defaulting to 1000
[  142.015028][ T8291] lo speed is unknown, defaulting to 1000
[  142.591238][ T8305] lo speed is unknown, defaulting to 1000
[  142.666162][ T8312] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  142.695404][ T8307] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  143.660906][ T8329] syz.1.550: attempt to access beyond end of device
[  143.660906][ T8329] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  143.665151][ T8329] efs: cannot read volume header
[  145.850845][ T8362] syz.3.559: attempt to access beyond end of device
[  145.850845][ T8362] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[  145.864144][ T8362] efs: cannot read volume header
[  147.019047][ T8377] x_tables: ip_tables: policy.0 match: invalid size 312 (kernel) != (user) 0
[  147.455395][   T10] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  147.583938][   T10] usb 8-1: device descriptor read/64, error -71
[  147.853985][   T10] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  147.887758][ T8409] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  147.887758][ T8409]    program syz.1.572 not setting count and/or reply_len properly
[  148.104381][   T10] usb 8-1: device descriptor read/64, error -71
[  148.215128][   T10] usb usb8-port1: attempt power cycle
[  148.331900][ T8411] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  148.331900][ T8411]    program syz.1.573 not setting count and/or reply_len properly
[  148.412795][ T8424] can0: slcan on ttyprintk.
[  148.657400][ T8422] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  148.657400][ T8422]    program syz.2.577 not setting count and/or reply_len properly
[  148.844579][   T10] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  148.869481][ T8434] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  148.869481][ T8434]    program syz.2.581 not setting count and/or reply_len properly
[  148.877280][   T10] usb 8-1: device descriptor read/8, error -71
[  149.114056][   T10] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  149.134560][   T10] usb 8-1: device descriptor read/8, error -71
[  149.244276][   T10] usb usb8-port1: unable to enumerate USB device
[  149.366002][ T8423] can0 (unregistered): slcan off ttyprintk.
[  149.444945][ T8454] netlink: 24 bytes leftover after parsing attributes in process `syz.1.584'.
[  149.449217][ T8455] netlink: 24 bytes leftover after parsing attributes in process `syz.1.584'.
[  149.594801][ T8468] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.597752][ T8468] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.802862][ T8470] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  149.802862][ T8470]    program syz.1.589 not setting count and/or reply_len properly
[  149.846905][ T8475] netlink: 16 bytes leftover after parsing attributes in process `syz.1.591'.
[  149.853360][ T1140] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  149.856186][ T1140] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  149.870654][ T8473] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  149.870654][ T8473]    program syz.0.590 not setting count and/or reply_len properly
[  149.878607][   T29] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  150.106864][ T8491] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan0, syncid = 1, id = 0
[  150.174004][ T5976] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  150.287039][ T8496] syz.3.598: attempt to access beyond end of device
[  150.287039][ T8496] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[  150.292286][ T8496] efs: cannot read volume header
[  150.297563][ T8498] 9pnet_virtio: no channels available for device ./file0/file0
[  150.527148][ T8502] netlink: 8 bytes leftover after parsing attributes in process `syz.1.599'.
[  151.317423][ T5976] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  151.331139][ T8509] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  151.940966][ T8523] netlink: 348 bytes leftover after parsing attributes in process `syz.0.606'.
[  152.210245][ T8528] netlink: 'syz.0.607': attribute type 1 has an invalid length.
[  152.214333][ T8527] syz.1.608: attempt to access beyond end of device
[  152.214333][ T8527] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  152.218876][ T8527] efs: cannot read volume header
[  152.250626][ T8528] 8021q: adding VLAN 0 to HW filter on device bond2
[  152.282144][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.291580][ T8528] bond2: entered promiscuous mode
[  152.383539][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.427855][ T5940] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  152.435006][ T5940] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  152.440621][ T5940] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  152.444498][ T5940] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  152.447605][ T5940] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  152.460902][ T8541] netlink: 'syz.0.613': attribute type 153 has an invalid length.
[  152.476217][ T8541] netlink: 28 bytes leftover after parsing attributes in process `syz.0.613'.
[  152.480693][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.487528][ T8536] lo speed is unknown, defaulting to 1000
[  152.556165][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.612715][ T8536] chnl_net:caif_netlink_parms(): no params data found
[  152.963297][   T13] gtp0 (unregistering): left promiscuous mode
[  152.967451][   T13] team0: Port device gtp0 removed
[  153.118834][   T13] bond0 (unregistering): Released all slaves
[  153.127204][   T13] bond1 (unregistering): Released all slaves
[  153.136984][ T8536] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.139656][ T8536] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.142096][ T8536] bridge_slave_0: entered allmulticast mode
[  153.146640][ T8536] bridge_slave_0: entered promiscuous mode
[  153.150248][ T8536] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.152535][ T8536] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.155234][ T8536] bridge_slave_1: entered allmulticast mode
[  153.157881][ T8536] bridge_slave_1: entered promiscuous mode
[  153.225955][ T8536] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  153.232036][ T8536] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  153.489379][ T8536] team0: Port device team_slave_0 added
[  153.500806][ T8536] team0: Port device team_slave_1 added
[  153.586097][ T8536] batman_adv: batadv0: Adding interface: batadv_slave_0
[  153.588386][ T8536] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.598284][ T8536] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  153.602911][ T8536] batman_adv: batadv0: Adding interface: batadv_slave_1
[  153.605364][ T8536] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.613413][ T8536] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  153.744472][ T8536] hsr_slave_0: entered promiscuous mode
[  153.746827][ T8536] hsr_slave_1: entered promiscuous mode
[  153.749025][ T8536] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  153.752140][ T8536] Cannot create hsr debugfs directory
[  153.822828][ T8570] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  153.822828][ T8570]    program syz.1.616 not setting count and/or reply_len properly
[  153.834380][   T13] hsr_slave_0: left promiscuous mode
[  153.837862][   T13] hsr_slave_1: left promiscuous mode
[  153.840896][   T13] batman_adv: batadv0: Interface deactivated: dummy0
[  153.843764][   T13] batman_adv: batadv0: Removing interface: dummy0
[  153.879782][   T13] veth1_macvtap: left promiscuous mode
[  153.883265][   T13] veth0_macvtap: left promiscuous mode
[  153.886645][   T13] veth1_vlan: left promiscuous mode
[  153.888974][   T13] veth0_vlan: left promiscuous mode
[  153.954059][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  154.076808][ T8586] xt_CT: You must specify a L4 protocol and not use inversions on it
[  154.527208][ T5941] Bluetooth: hci2: command tx timeout
[  155.620185][ T8599] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  155.620185][ T8599]    program syz.0.625 not setting count and/or reply_len properly
[  155.891806][ T8536] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  155.906231][ T8536] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  155.957715][ T8536] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  155.981665][ T8536] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  156.017669][ T8624] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  156.181679][   T40] audit: type=1326 audit(1748334098.208:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8608 comm="syz.0.630" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x0
[  156.193110][ T8536] 8021q: adding VLAN 0 to HW filter on device bond0
[  156.249837][ T8536] 8021q: adding VLAN 0 to HW filter on device team0
[  156.261689][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.264909][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  156.271806][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.274180][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  156.470224][ T8536] 8021q: adding VLAN 0 to HW filter on device batadv0
[  156.594319][ T5941] Bluetooth: hci2: command tx timeout
[  156.749559][ T8536] veth0_vlan: entered promiscuous mode
[  156.760281][ T8536] veth1_vlan: entered promiscuous mode
[  156.775989][ T8536] veth0_macvtap: entered promiscuous mode
[  156.780311][ T8536] veth1_macvtap: entered promiscuous mode
[  156.791971][ T8536] batman_adv: batadv0: Interface activated: batadv_slave_0
[  156.805629][ T8536] batman_adv: batadv0: Interface activated: batadv_slave_1
[  156.819850][ T8536] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  156.823367][ T8536] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  156.833328][ T8536] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  156.843607][ T8536] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  157.282129][ T8667] lo speed is unknown, defaulting to 1000
[  157.292483][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  157.297520][   T40] audit: type=1800 audit(1748334099.058:8): pid=8671 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.633" name="file0" dev="overlay" ino=858 res=0 errno=0
[  157.304924][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  157.337983][ T1183] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  157.340543][ T1183] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  157.561576][ T8679] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  157.561576][ T8679]    program syz.2.635 not setting count and/or reply_len properly
[  157.680143][ T8686] random: crng reseeded on system resumption
[  157.683413][ T8686] FAULT_INJECTION: forcing a failure.
[  157.683413][ T8686] name failslab, interval 1, probability 0, space 0, times 0
[  157.687662][ T8686] CPU: 2 UID: 0 PID: 8686 Comm: syz.4.610 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  157.687677][ T8686] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  157.687684][ T8686] Call Trace:
[  157.687688][ T8686]  <TASK>
[  157.687692][ T8686]  dump_stack_lvl+0x116/0x1f0
[  157.687711][ T8686]  should_fail_ex+0x512/0x640
[  157.687726][ T8686]  should_failslab+0xc2/0x120
[  157.687739][ T8686]  __kmalloc_cache_noprof+0x6a/0x3e0
[  157.687750][ T8686]  ? alloc_fw_cache_entry+0x3f/0xd0
[  157.687765][ T8686]  ? __pfx_fw_name_devm_release+0x10/0x10
[  157.687778][ T8686]  alloc_fw_cache_entry+0x3f/0xd0
[  157.687791][ T8686]  dev_create_fw_entry+0x3d/0x150
[  157.687804][ T8686]  ? __pfx_fw_name_devm_release+0x10/0x10
[  157.687816][ T8686]  devres_for_each_res+0x173/0x1d0
[  157.687827][ T8686]  ? __pfx_devm_name_match+0x10/0x10
[  157.687838][ T8686]  ? __pfx_dev_create_fw_entry+0x10/0x10
[  157.687852][ T8686]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  157.687865][ T8686]  dev_cache_fw_image+0xa2/0x490
[  157.687879][ T8686]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  157.687893][ T8686]  ? dev_cache_fw_image+0x398/0x490
[  157.687906][ T8686]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  157.687919][ T8686]  dpm_for_each_dev+0x5a/0xb0
[  157.687932][ T8686]  fw_pm_notify+0x81/0x150
[  157.687944][ T8686]  notifier_call_chain+0xbc/0x410
[  157.687954][ T8686]  ? __pfx_fw_pm_notify+0x10/0x10
[  157.687969][ T8686]  blocking_notifier_call_chain_robust+0xc8/0x160
[  157.687981][ T8686]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  157.687997][ T8686]  pm_notifier_call_chain_robust+0x27/0x60
[  157.688010][ T8686]  snapshot_open+0x218/0x2b0
[  157.688020][ T8686]  ? __pfx_snapshot_open+0x10/0x10
[  157.688031][ T8686]  misc_open+0x35d/0x420
[  157.688045][ T8686]  ? __pfx_misc_open+0x10/0x10
[  157.688058][ T8686]  chrdev_open+0x234/0x6a0
[  157.688070][ T8686]  ? __pfx_apparmor_file_open+0x10/0x10
[  157.688085][ T8686]  ? __pfx_chrdev_open+0x10/0x10
[  157.688097][ T8686]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  157.688127][ T8686]  do_dentry_open+0x744/0x1c10
[  157.688139][ T8686]  ? __pfx_chrdev_open+0x10/0x10
[  157.688152][ T8686]  vfs_open+0x82/0x3f0
[  157.688167][ T8686]  path_openat+0x1de4/0x2cb0
[  157.688182][ T8686]  ? __pfx_path_openat+0x10/0x10
[  157.688193][ T8686]  ? __lock_acquire+0xb8a/0x1c90
[  157.688206][ T8686]  do_filp_open+0x20b/0x470
[  157.688217][ T8686]  ? __pfx_do_filp_open+0x10/0x10
[  157.688241][ T8686]  ? alloc_fd+0x471/0x7d0
[  157.688254][ T8686]  do_sys_openat2+0x11b/0x1d0
[  157.688268][ T8686]  ? __pfx_do_sys_openat2+0x10/0x10
[  157.688283][ T8686]  ? bpf_trace_run2+0x2a5/0x590
[  157.688297][ T8686]  __ia32_compat_sys_openat+0x16d/0x210
[  157.688312][ T8686]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  157.688327][ T8686]  ? syscall_trace_enter+0x1cb/0x260
[  157.688342][ T8686]  ? rcu_is_watching+0x12/0xc0
[  157.688358][ T8686]  __do_fast_syscall_32+0x73/0x120
[  157.688374][ T8686]  do_fast_syscall_32+0x32/0x80
[  157.688389][ T8686]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  157.688402][ T8686] RIP: 0023:0xf70ae579
[  157.688411][ T8686] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  157.688421][ T8686] RSP: 002b:00000000f507d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  157.688430][ T8686] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000040
[  157.688437][ T8686] RDX: 0000000000109081 RSI: 0000000000000000 RDI: 0000000000000000
[  157.688443][ T8686] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  157.688448][ T8686] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  157.688454][ T8686] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  157.688467][ T8686]  </TASK>
[  158.512008][ T8714] lo speed is unknown, defaulting to 1000
[  158.667770][ T8714] 9pnet_virtio: no channels available for device syz
[  158.684035][ T5941] Bluetooth: hci2: command tx timeout
[  159.291605][ T8732] lo speed is unknown, defaulting to 1000
[  159.320531][   T40] audit: type=1326 audit(1748334101.348:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8730 comm="syz.0.643" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc1579 code=0x0
[  159.380402][ T8734] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  159.380402][ T8734]    program syz.4.644 not setting count and/or reply_len properly
[  159.726681][   T34] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  159.884007][   T34] usb 5-1: Using ep0 maxpacket: 8
[  159.902910][   T34] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  159.914978][   T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  159.933943][   T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  159.938845][   T34] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  159.945216][   T34] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  159.954056][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.168331][   T34] usb 5-1: GET_CAPABILITIES returned 0
[  160.170093][   T34] usbtmc 5-1:16.0: can't read capabilities
[  160.373958][   T34] usb 5-1: USB disconnect, device number 3
[  160.754100][ T5941] Bluetooth: hci2: command tx timeout
[  160.868466][ T8767] syz.0.655 (8767): drop_caches: 2
[  160.870495][ T8767] syz.0.655 (8767): drop_caches: 2
[  160.964954][ T8773] netlink: 4 bytes leftover after parsing attributes in process `syz.1.653'.
[  160.977932][ T8773] netlink: 4 bytes leftover after parsing attributes in process `syz.1.653'.
[  161.048650][ T8773] netlink: 4 bytes leftover after parsing attributes in process `syz.1.653'.
[  161.101312][ T8771] e1000e 0000:00:02.0 eth1: NIC Link is Down
[  161.608488][ T8787] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.656'.
[  161.613352][ T8787] netlink: 32 bytes leftover after parsing attributes in process `syz.0.656'.
[  162.385268][ T8794] input: syz0 as /devices/virtual/input/input5
[  162.444024][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  162.546101][ T8802] lo speed is unknown, defaulting to 1000
[  163.126232][ T8837] lo speed is unknown, defaulting to 1000
[  163.558589][ T8837] 9pnet_virtio: no channels available for device syz
[  163.685569][ T8856] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  164.253979][ T1019] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  164.371694][ T8866] FAULT_INJECTION: forcing a failure.
[  164.371694][ T8866] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  164.379592][ T8866] CPU: 2 UID: 0 PID: 8866 Comm: syz.0.668 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  164.379618][ T8866] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  164.379629][ T8866] Call Trace:
[  164.379635][ T8866]  <TASK>
[  164.379643][ T8866]  dump_stack_lvl+0x16c/0x1f0
[  164.379672][ T8866]  should_fail_ex+0x512/0x640
[  164.379695][ T8866]  __kvm_read_guest_page+0x186/0x250
[  164.379719][ T8866]  kvm_fetch_guest_virt+0x128/0x1a0
[  164.379748][ T8866]  __do_insn_fetch_bytes+0x41e/0x6d0
[  164.379778][ T8866]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[  164.379812][ T8866]  x86_decode_insn+0xb90/0x5540
[  164.379840][ T8866]  ? vmx_segment_cache_test_set+0x14b/0x400
[  164.379863][ T8866]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  164.379885][ T8866]  ? __pfx_x86_decode_insn+0x10/0x10
[  164.379901][ T8866]  ? vmx_cache_reg+0x333/0x5e0
[  164.379921][ T8866]  ? kvm_register_read_raw+0xe9/0x240
[  164.379948][ T8866]  ? init_decode_cache+0xd/0x210
[  164.379965][ T8866]  ? init_emulate_ctxt+0x337/0x510
[  164.379984][ T8866]  ? __pfx_init_emulate_ctxt+0x10/0x10
[  164.380008][ T8866]  ? kvm_multiple_exception+0x379/0x750
[  164.380039][ T8866]  x86_emulate_instruction+0x9b2/0x1a90
[  164.380072][ T8866]  ? __pfx___schedule+0x10/0x10
[  164.380097][ T8866]  handle_ud+0x103/0x280
[  164.380122][ T8866]  ? __pfx_handle_ud+0x10/0x10
[  164.380150][ T8866]  ? __lock_acquire+0xb8a/0x1c90
[  164.380172][ T8866]  ? __vmx_complete_interrupts+0x111/0x4e0
[  164.380197][ T8866]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  164.380222][ T8866]  handle_exception_nmi+0x856/0x1740
[  164.380250][ T8866]  ? __pfx_handle_exception_nmi+0x10/0x10
[  164.380274][ T8866]  vmx_handle_exit+0x6a8/0x1d20
[  164.380305][ T8866]  vcpu_run+0x30ba/0x5390
[  164.380336][ T8866]  ? __pfx_vcpu_run+0x10/0x10
[  164.380358][ T8866]  ? fpu_swap_kvm_fpstate+0x1be/0x410
[  164.380383][ T8866]  ? __local_bh_enable_ip+0xa4/0x120
[  164.380406][ T8866]  ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0
[  164.380421][ T8866]  kvm_arch_vcpu_ioctl_run+0x51e/0x18c0
[  164.380447][ T8866]  kvm_vcpu_ioctl+0x5e9/0x1680
[  164.380473][ T8866]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  164.380492][ T8866]  ? tomoyo_path_number_perm+0x18d/0x580
[  164.380519][ T8866]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  164.380541][ T8866]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  164.380564][ T8866]  ? do_vfs_ioctl+0x523/0x1a60
[  164.380589][ T8866]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  164.380652][ T8866]  kvm_vcpu_compat_ioctl+0x20f/0x3d0
[  164.380674][ T8866]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  164.380693][ T8866]  ? __fget_files+0x20e/0x3c0
[  164.380715][ T8866]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  164.380734][ T8866]  __ia32_compat_sys_ioctl+0x23f/0x370
[  164.380763][ T8866]  __do_fast_syscall_32+0x73/0x120
[  164.380790][ T8866]  do_fast_syscall_32+0x32/0x80
[  164.380814][ T8866]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  164.380835][ T8866] RIP: 0023:0xf7fc1579
[  164.380849][ T8866] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  164.380865][ T8866] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  164.380881][ T8866] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000000000ae80
[  164.380891][ T8866] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  164.380901][ T8866] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  164.380910][ T8866] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  164.380919][ T8866] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  164.380943][ T8866]  </TASK>
[  164.406479][ T1019] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  164.536442][ T1019] usb 7-1: config 220 has 1 interface, different from the descriptor's value: 3
[  164.539363][ T1019] usb 7-1: config 220 interface 0 has no altsetting 0
[  164.544935][ T1019] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  164.547910][ T1019] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.550532][ T1019] usb 7-1: Product: syz
[  164.551904][ T1019] usb 7-1: Manufacturer: syz
[  164.553379][ T1019] usb 7-1: SerialNumber: syz
[  164.777395][ T1019] usb 7-1: Found UVC 0.00 device syz (8086:0b07)
[  164.780204][ T1019] usb 7-1: No valid video chain found.
[  164.787219][ T1019] usb 7-1: USB disconnect, device number 6
[  165.615345][ T8890] lo speed is unknown, defaulting to 1000
[  166.458732][ T8908] can0: slcan on ttyprintk.
[  166.469858][ T8909] lo: entered allmulticast mode
[  166.476050][ T8909] lo: left allmulticast mode
[  166.764294][ T8920] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  166.764294][ T8920]    program syz.1.681 not setting count and/or reply_len properly
[  166.876049][ T8906] can0 (unregistered): slcan off ttyprintk.
[  167.117319][ T8940] lo speed is unknown, defaulting to 1000
[  167.761677][ T8964] netlink: 12 bytes leftover after parsing attributes in process `syz.4.691'.
[  168.403538][ T8974] evm: overlay not supported
[  169.432888][ T8991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.699'.
[  169.540423][ T8998] 9pnet_virtio: no channels available for device ./file0/file0
[  169.723901][ T9001] netlink: 8 bytes leftover after parsing attributes in process `syz.1.700'.
[  169.803977][   T63] Bluetooth: hci2: command tx timeout
[  170.273992][   T63] Bluetooth: hci1: command 0x0406 tx timeout
[  170.275953][ T5946] Bluetooth: hci3: command 0x0406 tx timeout
[  170.276055][ T5938] Bluetooth: hci0: command 0x0c1a tx timeout
[  171.183691][ T9055] netlink: 256 bytes leftover after parsing attributes in process `syz.0.706'.
[  171.311549][ T9059] lo speed is unknown, defaulting to 1000
[  172.124228][ T9074] 9pnet_virtio: no channels available for device ./file0/file0
[  172.276754][ T9077] netlink: 8 bytes leftover after parsing attributes in process `syz.2.711'.
[  172.455036][ T9076] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  172.455036][ T9076]    program syz.0.712 not setting count and/or reply_len properly
[  172.813622][ T9092] netlink: 8 bytes leftover after parsing attributes in process `syz.0.716'.
[  173.447938][ T9096] ref_ctr_offset mismatch. inode: 0x5b offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xc
[  173.977352][ T9109] can0: slcan on ttyprintk.
[  174.595976][ T9108] can0 (unregistered): slcan off ttyprintk.
[  176.274526][ T9153] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  176.274526][ T9153]    program syz.0.728 not setting count and/or reply_len properly
[  176.455357][ T9160] can0: slcan on ttyprintk.
[  176.465351][ T9157] lo speed is unknown, defaulting to 1000
[  177.344704][ T9159] can0 (unregistered): slcan off ttyprintk.
[  178.434565][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  178.694938][ T9205] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  178.694938][ T9205]    program syz.4.736 not setting count and/or reply_len properly
[  178.915610][ T9211] syz.4.738: attempt to access beyond end of device
[  178.915610][ T9211] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  178.921385][ T9211] efs: cannot read volume header
[  179.473946][ T5975] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  179.584180][   T34] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  179.645957][ T5975] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  179.649974][ T5975] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  179.655001][ T5975] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  179.663615][ T5975] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  179.668160][ T5975] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.671371][ T5975] usb 7-1: Product: syz
[  179.672976][ T5975] usb 7-1: Manufacturer: syz
[  179.676099][ T5975] usb 7-1: SerialNumber: syz
[  179.736179][   T34] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  179.740531][   T34] usb 6-1: config 220 has 1 interface, different from the descriptor's value: 3
[  179.746016][   T34] usb 6-1: config 220 interface 0 has no altsetting 0
[  179.752194][   T34] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  179.755692][   T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.758826][   T34] usb 6-1: Product: syz
[  179.760515][   T34] usb 6-1: Manufacturer: syz
[  179.762168][   T34] usb 6-1: SerialNumber: syz
[  179.894917][ T5975] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  180.167520][    T9] usb 7-1: USB disconnect, device number 7
[  180.170249][ T9225] usblp0:failed reading printer status (-71)
[  180.177329][    T9] usblp0: removed
[  180.307049][   T34] usb 6-1: Found UVC 0.00 device syz (8086:0b07)
[  180.583741][   T34] usb 6-1: No valid video chain found.
[  180.592619][   T34] usb 6-1: USB disconnect, device number 3
[  180.782266][ T9250] FAULT_INJECTION: forcing a failure.
[  180.782266][ T9250] name failslab, interval 1, probability 0, space 0, times 0
[  180.789145][ T9250] CPU: 3 UID: 0 PID: 9250 Comm: syz.2.750 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  180.789169][ T9250] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  180.789180][ T9250] Call Trace:
[  180.789187][ T9250]  <TASK>
[  180.789193][ T9250]  dump_stack_lvl+0x16c/0x1f0
[  180.789223][ T9250]  should_fail_ex+0x512/0x640
[  180.789240][ T9250]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  180.789261][ T9250]  should_failslab+0xc2/0x120
[  180.789282][ T9250]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  180.789306][ T9250]  ? __might_fault+0xe3/0x190
[  180.789322][ T9250]  ? __might_fault+0x13b/0x190
[  180.789338][ T9250]  ? getname_flags.part.0+0x4c/0x550
[  180.789364][ T9250]  getname_flags.part.0+0x4c/0x550
[  180.789390][ T9250]  getname_flags+0x93/0xf0
[  180.789418][ T9250]  user_path_at+0x24/0x60
[  180.789433][ T9250]  __ia32_sys_mount+0x1fb/0x310
[  180.789452][ T9250]  ? __pfx___ia32_sys_mount+0x10/0x10
[  180.789469][ T9250]  ? syscall_trace_enter+0x1cb/0x260
[  180.789494][ T9250]  ? rcu_is_watching+0x12/0xc0
[  180.789519][ T9250]  __do_fast_syscall_32+0x73/0x120
[  180.789545][ T9250]  do_fast_syscall_32+0x32/0x80
[  180.789571][ T9250]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  180.789590][ T9250] RIP: 0023:0xf7f76579
[  180.789601][ T9250] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  180.789616][ T9250] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  180.789631][ T9250] RAX: ffffffffffffffda RBX: 0000000080000140 RCX: 0000000080000040
[  180.789641][ T9250] RDX: 00000000800000c0 RSI: 0000000000200000 RDI: 0000000000000000
[  180.789649][ T9250] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  180.789657][ T9250] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  180.789667][ T9250] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  180.789688][ T9250]  </TASK>
[  181.255877][ T9250] /dev/sr0: Can't open blockdev
[  181.296329][ T9258] loop7: detected capacity change from 0 to 7
[  181.298505][   T40] audit: type=1326 audit(1748334123.328:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9257 comm="syz.2.751" exe="/syz-executor" sig=9 arch=40000003 syscall=172 compat=1 ip=0xf7f76579 code=0x0
[  181.301563][    C1] blk_print_req_error: 178 callbacks suppressed
[  181.301574][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  181.309869][    C1] buffer_io_error: 138 callbacks suppressed
[  181.309877][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  181.316266][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  181.319355][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  181.322086][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  181.325992][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[  181.329557][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  181.332564][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  181.335644][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  181.338849][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  181.341500][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  181.344553][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  181.347196][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  181.350969][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  181.354419][ T9259] ldm_validate_partition_table(): Disk read failed.
[  181.356815][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  181.360542][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  181.364277][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  181.367987][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  181.371275][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  181.374176][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  181.376720][ T9259] Dev loop7: unable to read RDB block 0
[  181.379147][ T9259]  loop7: unable to read partition table
[  181.381150][ T9259] loop7: partition table beyond EOD, truncated
[  181.454653][ T9263] : entered promiscuous mode
[  181.714148][    T9] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  181.866494][    T9] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  181.870159][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  181.874720][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  181.878443][    T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  181.884223][    T9] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  181.887438][    T9] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  181.890159][    T9] usb 7-1: Manufacturer: syz
[  181.893489][    T9] usb 7-1: config 0 descriptor??
[  182.502444][    T9] usbhid 7-1:0.0: can't add hid device: -71
[  182.505625][    T9] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  182.511462][    T9] usb 7-1: USB disconnect, device number 8
[  182.805070][ T9285] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  182.817429][ T9285] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  182.912656][ T9287] netlink: 20 bytes leftover after parsing attributes in process `syz.1.759'.
[  183.407782][ T9302] 9pnet_virtio: no channels available for device ./file0/file0
[  183.811676][ T9305] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  183.811676][ T9305]    program syz.4.764 not setting count and/or reply_len properly
[  184.225065][ T9310] netlink: 'syz.2.765': attribute type 1 has an invalid length.
[  184.243006][ T9310] 8021q: adding VLAN 0 to HW filter on device bond3
[  184.275548][ T9315] can0: slcan on ttyprintk.
[  184.712405][ T9319] lo speed is unknown, defaulting to 1000
[  184.815862][ T9336] netlink: 'syz.2.770': attribute type 23 has an invalid length.
[  184.994103][ T9314] can0 (unregistered): slcan off ttyprintk.
[  186.003490][ T9354] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  187.515595][ T9388] netlink: 104 bytes leftover after parsing attributes in process `syz.0.781'.
[  187.519362][ T9388] netlink: 104 bytes leftover after parsing attributes in process `syz.0.781'.
[  187.565712][ T9390] can0: slcan on ttyprintk.
[  188.027198][ T9398] netlink: 12 bytes leftover after parsing attributes in process `syz.0.784'.
[  188.326170][ T9407] netlink: 4 bytes leftover after parsing attributes in process `syz.2.785'.
[  189.235714][ T9389] can0 (unregistered): slcan off ttyprintk.
[  189.320833][ T9426] syzkaller1: entered promiscuous mode
[  189.322439][ T9426] syzkaller1: entered allmulticast mode
[  189.565054][ T9432] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  189.565054][ T9432]    program syz.1.791 not setting count and/or reply_len properly
[  189.572850][ T9438] lo speed is unknown, defaulting to 1000
[  191.559052][ T9457] efs: device does not support 512 byte blocks
[  191.561159][ T9457] device does not support 512 byte blocks
[  191.561159][ T9457] 
[  191.720740][ T9459] can0: slcan on ttyprintk.
[  191.791909][ T9462] netlink: 'syz.0.800': attribute type 1 has an invalid length.
[  191.837511][ T9462] 8021q: adding VLAN 0 to HW filter on device bond3
[  191.854225][ T9462] bond3: entered promiscuous mode
[  192.135054][ T9474] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[  192.135054][ T9474]    program syz.4.802 not setting count and/or reply_len properly
[  192.322998][ T9458] can0 (unregistered): slcan off ttyprintk.
[  192.482150][ T9493] lo speed is unknown, defaulting to 1000
[  192.713453][ T9501] FAULT_INJECTION: forcing a failure.
[  192.713453][ T9501] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  192.722848][ T9501] CPU: 1 UID: 0 PID: 9501 Comm: syz.2.805 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  192.722886][ T9501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  192.722897][ T9501] Call Trace:
[  192.722904][ T9501]  <TASK>
[  192.722911][ T9501]  dump_stack_lvl+0x16c/0x1f0
[  192.722947][ T9501]  should_fail_ex+0x512/0x640
[  192.722970][ T9501]  _copy_from_user+0x2e/0xd0
[  192.722992][ T9501]  memdup_user+0x6b/0xe0
[  192.723015][ T9501]  strndup_user+0x78/0xe0
[  192.723036][ T9501]  __ia32_sys_mount+0x137/0x310
[  192.723058][ T9501]  ? __pfx___ia32_sys_mount+0x10/0x10
[  192.723076][ T9501]  ? syscall_trace_enter+0x1cb/0x260
[  192.723096][ T9501]  ? rcu_is_watching+0x12/0xc0
[  192.723121][ T9501]  __do_fast_syscall_32+0x73/0x120
[  192.723148][ T9501]  do_fast_syscall_32+0x32/0x80
[  192.723170][ T9501]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  192.723191][ T9501] RIP: 0023:0xf7f76579
[  192.723206][ T9501] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  192.723221][ T9501] RSP: 002b:00000000f505455c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  192.723238][ T9501] RAX: ffffffffffffffda RBX: 0000000080000040 RCX: 0000000080000080
[  192.723248][ T9501] RDX: 00000000800000c0 RSI: 0000000000000010 RDI: 0000000080000100
[  192.723256][ T9501] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  192.723263][ T9501] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  192.723270][ T9501] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  192.723292][ T9501]  </TASK>
[  192.789576][    C1] vkms_vblank_simulate: vblank timer overrun
[  192.914360][   T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  193.085243][   T10] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  193.088495][   T10] usb 6-1: config 220 has 1 interface, different from the descriptor's value: 3
[  193.091334][   T10] usb 6-1: config 220 interface 0 has no altsetting 0
[  193.095288][   T10] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  193.098115][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.100638][   T10] usb 6-1: Product: syz
[  193.101978][   T10] usb 6-1: Manufacturer: syz
[  193.103464][   T10] usb 6-1: SerialNumber: syz
[  193.335447][   T10] usb 6-1: Found UVC 0.00 device syz (8086:0b07)
[  193.338095][   T10] usb 6-1: No valid video chain found.
[  193.350453][   T10] usb 6-1: USB disconnect, device number 4
[  193.797376][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[  193.799378][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[  193.850697][ T9521] lo speed is unknown, defaulting to 1000
[  193.901743][ T9529] overlayfs: failed to resolve './file0': -2
[  194.060609][ T9535] netlink: 'syz.1.820': attribute type 10 has an invalid length.
[  194.063335][ T9535] netlink: 40 bytes leftover after parsing attributes in process `syz.1.820'.
[  194.067877][ T9535] dummy0: entered promiscuous mode
[  194.070134][ T9535] bridge0: port 3(dummy0) entered blocking state
[  194.072361][ T9535] bridge0: port 3(dummy0) entered disabled state
[  194.075159][ T9535] dummy0: entered allmulticast mode
[  194.467926][ T9547] netlink: 4 bytes leftover after parsing attributes in process `syz.4.821'.
[  194.989535][ T9548] can0: slcan on ttyprintk.
[  195.005654][ T9550] netlink: 64 bytes leftover after parsing attributes in process `syz.1.825'.
[  195.292749][ T9559] random: crng reseeded on system resumption
[  195.294906][ T9559] FAULT_INJECTION: forcing a failure.
[  195.294906][ T9559] name failslab, interval 1, probability 0, space 0, times 0
[  195.298958][ T9559] CPU: 2 UID: 0 PID: 9559 Comm: syz.4.827 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  195.298973][ T9559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  195.298980][ T9559] Call Trace:
[  195.298985][ T9559]  <TASK>
[  195.298989][ T9559]  dump_stack_lvl+0x16c/0x1f0
[  195.299009][ T9559]  should_fail_ex+0x512/0x640
[  195.299022][ T9559]  should_failslab+0xc2/0x120
[  195.299036][ T9559]  __kmalloc_cache_noprof+0x6a/0x3e0
[  195.299046][ T9559]  ? do_raw_spin_lock+0x12c/0x2b0
[  195.299060][ T9559]  ? find_held_lock+0x2b/0x80
[  195.299078][ T9559]  ? async_schedule_node_domain+0x54/0x120
[  195.299104][ T9559]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  195.299122][ T9559]  async_schedule_node_domain+0x54/0x120
[  195.299147][ T9559]  dev_cache_fw_image+0x38e/0x490
[  195.299162][ T9559]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  195.299178][ T9559]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  195.299191][ T9559]  dpm_for_each_dev+0x5a/0xb0
[  195.299204][ T9559]  fw_pm_notify+0x81/0x150
[  195.299216][ T9559]  notifier_call_chain+0xbc/0x410
[  195.299226][ T9559]  ? __pfx_fw_pm_notify+0x10/0x10
[  195.299240][ T9559]  blocking_notifier_call_chain_robust+0xc8/0x160
[  195.299253][ T9559]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  195.299269][ T9559]  pm_notifier_call_chain_robust+0x27/0x60
[  195.299282][ T9559]  snapshot_open+0x218/0x2b0
[  195.299292][ T9559]  ? __pfx_snapshot_open+0x10/0x10
[  195.299302][ T9559]  misc_open+0x35d/0x420
[  195.299317][ T9559]  ? __pfx_misc_open+0x10/0x10
[  195.299330][ T9559]  chrdev_open+0x234/0x6a0
[  195.299341][ T9559]  ? __pfx_apparmor_file_open+0x10/0x10
[  195.299356][ T9559]  ? __pfx_chrdev_open+0x10/0x10
[  195.299368][ T9559]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  195.299387][ T9559]  do_dentry_open+0x744/0x1c10
[  195.299399][ T9559]  ? __pfx_chrdev_open+0x10/0x10
[  195.299413][ T9559]  vfs_open+0x82/0x3f0
[  195.299428][ T9559]  path_openat+0x1de4/0x2cb0
[  195.299443][ T9559]  ? __pfx_path_openat+0x10/0x10
[  195.299454][ T9559]  ? __lock_acquire+0xb8a/0x1c90
[  195.299467][ T9559]  do_filp_open+0x20b/0x470
[  195.299478][ T9559]  ? __pfx_do_filp_open+0x10/0x10
[  195.299499][ T9559]  ? alloc_fd+0x471/0x7d0
[  195.299512][ T9559]  do_sys_openat2+0x11b/0x1d0
[  195.299526][ T9559]  ? __pfx_do_sys_openat2+0x10/0x10
[  195.299541][ T9559]  ? bpf_trace_run2+0x2a5/0x590
[  195.299555][ T9559]  __ia32_compat_sys_openat+0x16d/0x210
[  195.299570][ T9559]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  195.299586][ T9559]  ? syscall_trace_enter+0x1cb/0x260
[  195.299601][ T9559]  ? rcu_is_watching+0x12/0xc0
[  195.299617][ T9559]  __do_fast_syscall_32+0x73/0x120
[  195.299634][ T9559]  do_fast_syscall_32+0x32/0x80
[  195.299649][ T9559]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  195.299662][ T9559] RIP: 0023:0xf70ae579
[  195.299671][ T9559] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  195.299681][ T9559] RSP: 002b:00000000f507d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  195.299691][ T9559] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000040
[  195.299697][ T9559] RDX: 0000000000109081 RSI: 0000000000000000 RDI: 0000000000000000
[  195.299704][ T9559] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  195.299709][ T9559] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  195.299715][ T9559] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  195.299728][ T9559]  </TASK>
[  195.423753][ T9559] 
[  195.424562][ T9559] ============================================
[  195.426466][ T9559] WARNING: possible recursive locking detected
[  195.428415][ T9559] 6.15.0-syzkaller-01958-g785cdec46e92 #0 Not tainted
[  195.431579][ T9559] --------------------------------------------
[  195.434127][ T9559] syz.4.827/9559 is trying to acquire lock:
[  195.436151][ T9559] ffffffff8f304188 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x4e/0x640
[  195.438867][ T9559] 
[  195.438867][ T9559] but task is already holding lock:
[  195.441678][ T9559] ffffffff8f304188 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150
[  195.444382][ T9559] 
[  195.444382][ T9559] other info that might help us debug this:
[  195.446893][ T9559]  Possible unsafe locking scenario:
[  195.446893][ T9559] 
[  195.449247][ T9559]        CPU0
[  195.450333][ T9559]        ----
[  195.451410][ T9559]   lock(fw_lock);
[  195.452602][ T9559]   lock(fw_lock);
[  195.453816][ T9559] 
[  195.453816][ T9559]  *** DEADLOCK ***
[  195.453816][ T9559] 
[  195.456339][ T9559]  May be due to missing lock nesting notation
[  195.456339][ T9559] 
[  195.458904][ T9559] 5 locks held by syz.4.827/9559:
[  195.460509][ T9559]  #0: ffffffff8f0f4908 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420
[  195.463157][ T9559]  #1: ffffffff8e286068 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0
[  195.466316][ T9559]  #2: ffffffff8e2c60d0 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160
[  195.469959][ T9559]  #3: ffffffff8f304188 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150
[  195.472679][ T9559]  #4: ffffffff8f2feda8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0
[  195.475636][ T9559] 
[  195.475636][ T9559] stack backtrace:
[  195.477473][ T9559] CPU: 2 UID: 0 PID: 9559 Comm: syz.4.827 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
[  195.477487][ T9559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  195.477493][ T9559] Call Trace:
[  195.477497][ T9559]  <TASK>
[  195.477502][ T9559]  dump_stack_lvl+0x116/0x1f0
[  195.477519][ T9559]  print_deadlock_bug+0x1e9/0x240
[  195.477530][ T9559]  __lock_acquire+0x1106/0x1c90
[  195.477542][ T9559]  ? __kasan_slab_free+0x51/0x70
[  195.477554][ T9559]  lock_acquire+0x179/0x350
[  195.477565][ T9559]  ? assign_fw+0x4e/0x640
[  195.477578][ T9559]  ? __pfx___might_resched+0x10/0x10
[  195.477587][ T9559]  ? do_sys_openat2+0x11b/0x1d0
[  195.477600][ T9559]  ? __ia32_compat_sys_openat+0x16d/0x210
[  195.477614][ T9559]  ? __do_fast_syscall_32+0x73/0x120
[  195.477629][ T9559]  __mutex_lock+0x199/0xb90
[  195.477643][ T9559]  ? assign_fw+0x4e/0x640
[  195.477656][ T9559]  ? assign_fw+0x4e/0x640
[  195.477668][ T9559]  ? __pfx___mutex_lock+0x10/0x10
[  195.477683][ T9559]  ? kasan_quarantine_put+0x10a/0x240
[  195.477694][ T9559]  ? lockdep_hardirqs_on+0x7c/0x110
[  195.477708][ T9559]  ? assign_fw+0x4e/0x640
[  195.477719][ T9559]  assign_fw+0x4e/0x640
[  195.477731][ T9559]  ? _request_firmware+0x957/0x1470
[  195.477744][ T9559]  _request_firmware+0x988/0x1470
[  195.477759][ T9559]  ? __pfx__request_firmware+0x10/0x10
[  195.477773][ T9559]  ? dump_stack_lvl+0x185/0x1f0
[  195.477785][ T9559]  ? lockdep_hardirqs_on+0x7c/0x110
[  195.477799][ T9559]  __async_dev_cache_fw_image+0xb1/0x340
[  195.477813][ T9559]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  195.477827][ T9559]  ? mark_held_locks+0x49/0x80
[  195.477837][ T9559]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  195.477850][ T9559]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  195.477864][ T9559]  async_schedule_node_domain+0xd4/0x120
[  195.477887][ T9559]  dev_cache_fw_image+0x38e/0x490
[  195.477900][ T9559]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  195.477914][ T9559]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  195.477926][ T9559]  dpm_for_each_dev+0x5a/0xb0
[  195.477938][ T9559]  fw_pm_notify+0x81/0x150
[  195.477949][ T9559]  notifier_call_chain+0xbc/0x410
[  195.477958][ T9559]  ? __pfx_fw_pm_notify+0x10/0x10
[  195.477971][ T9559]  blocking_notifier_call_chain_robust+0xc8/0x160
[  195.477983][ T9559]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  195.477996][ T9559]  pm_notifier_call_chain_robust+0x27/0x60
[  195.478008][ T9559]  snapshot_open+0x218/0x2b0
[  195.478018][ T9559]  ? __pfx_snapshot_open+0x10/0x10
[  195.478027][ T9559]  misc_open+0x35d/0x420
[  195.478040][ T9559]  ? __pfx_misc_open+0x10/0x10
[  195.478053][ T9559]  chrdev_open+0x234/0x6a0
[  195.478063][ T9559]  ? __pfx_apparmor_file_open+0x10/0x10
[  195.478078][ T9559]  ? __pfx_chrdev_open+0x10/0x10
[  195.478089][ T9559]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  195.478106][ T9559]  do_dentry_open+0x744/0x1c10
[  195.478117][ T9559]  ? __pfx_chrdev_open+0x10/0x10
[  195.478128][ T9559]  vfs_open+0x82/0x3f0
[  195.478141][ T9559]  path_openat+0x1de4/0x2cb0
[  195.478153][ T9559]  ? __pfx_path_openat+0x10/0x10
[  195.478163][ T9559]  ? __lock_acquire+0xb8a/0x1c90
[  195.478174][ T9559]  do_filp_open+0x20b/0x470
[  195.478183][ T9559]  ? __pfx_do_filp_open+0x10/0x10
[  195.478197][ T9559]  ? alloc_fd+0x471/0x7d0
[  195.478207][ T9559]  do_sys_openat2+0x11b/0x1d0
[  195.478220][ T9559]  ? __pfx_do_sys_openat2+0x10/0x10
[  195.478233][ T9559]  ? bpf_trace_run2+0x2a5/0x590
[  195.478246][ T9559]  __ia32_compat_sys_openat+0x16d/0x210
[  195.478260][ T9559]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  195.478274][ T9559]  ? syscall_trace_enter+0x1cb/0x260
[  195.478288][ T9559]  ? rcu_is_watching+0x12/0xc0
[  195.478303][ T9559]  __do_fast_syscall_32+0x73/0x120
[  195.478318][ T9559]  do_fast_syscall_32+0x32/0x80
[  195.478332][ T9559]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  195.478345][ T9559] RIP: 0023:0xf70ae579
[  195.478353][ T9559] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  195.478363][ T9559] RSP: 002b:00000000f507d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  195.478373][ T9559] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000040
[  195.478379][ T9559] RDX: 0000000000109081 RSI: 0000000000000000 RDI: 0000000000000000
[  195.478385][ T9559] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  195.478390][ T9559] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  195.478396][ T9559] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  195.478405][ T9559]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)

VM DIAGNOSIS:
08:22:17  Registers:
info registers vcpu 0

CPU#0
RAX=00000000004c8464 RBX=0000000000000000 RCX=ffffffff8b717649 RDX=ffffed100564663e
RSI=ffffffff8bf4f940 RDI=ffffffff81910ff1 RBP=fffffbfff1c12ee8 RSP=ffffffff8e007e08
R8 =0000000000000000 R9 =ffffed100564663d R10=ffff88802b2331eb R11=0000000000000001
R12=0000000000000000 R13=ffffffff8e097740 R14=ffffffff90865550 R15=0000000000000000
RIP=ffffffff8b715f0f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977b1000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000008002c000 CR3=0000000026272000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=000000000534c002 Opmask01=0000000000000000 Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000563b84419c50 0000563b84419c50
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd071937b0 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6c737973007325 2e73250064252e73 2500656c6f736e6f 632f7665642f000a
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a49565c56005600 0b56000041000b56 000040494a564b4a 460a5340410a000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 636e79736120205d 3935353954205b5d 3232313939322e35 393120205b203a6c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343130322f31302f 343020312b32316f 70627e322d332e36 312e312d6e616962
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65642d332e36312e 3120534f4942202c 2939303032202c39 484349202b203533
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5128204350206472 61646e6174532055 4d4551203a656d61 6e20657261776472
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6148205d39353539 54205b5d33373938 39322e3539312020 5b203a6c656e7265
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000001 RBX=ffff8880250f2138 RCX=ffffffff81c292af RDX=0000000000000000
RSI=ffffffff8bf4f940 RDI=ffffffff8dcf4da8 RBP=0000000000000293 RSP=ffffc9000319fb48
R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff90865557 R11=0000000000000000
R12=ffff8880250f2138 R13=0000000000000293 R14=0000000000000001 R15=ffff88802521c000
RIP=ffffffff819768ba RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880978b1000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000805e4000 CR3=0000000049cde000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000000002e RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8552de85 RDI=ffffffff9ae1bc40 RBP=ffffffff9ae1bc00 RSP=ffffc90004666d10
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=000000000000002e R14=ffffffff9ae1bc00 R15=ffffffff8552de20
RIP=ffffffff8552deaf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880979b1000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f505cda4 CR3=00000000605f4000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=0000000000000003 RCX=ffffffff81c292af RDX=0000000000000000
RSI=0000000000000008 RDI=ffffffff90865550 RBP=ffffc90004f27bc8 RSP=ffffc90004f27b00
R8 =0000000000000000 R9 =ffffed1004a1e567 R10=ffff8880250f2b3b R11=0000000000000001
R12=ffff888021030000 R13=ffff888021030000 R14=ffff8880247f7458 R15=ffff88806733ee00
RIP=ffffffff822014ed RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097ab1000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080003000 CR3=00000000605f4000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000