last executing test programs:

2m38.328616483s ago: executing program 0 (id=600):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
mbind(&(0x7f0000315000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000380)=0x6577, 0x1, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0)
recvmsg(r0, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x437aba2}], 0x1, 0x0, 0x46, 0x407006}, 0x104)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="000000010000fc00"])
ioctl$MEDIA_REQUEST_IOC_QUEUE(r2, 0x7c80, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='bic\x00', 0x4)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=<r5=>0x0)
setresuid(r5, 0xffffffffffffffff, 0x0)
quotactl_fd$Q_GETQUOTA(r0, 0xffffffff80000702, r5, &(0x7f00000001c0))
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00'})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
syz_open_procfs(0x0, 0x0)

2m36.962566311s ago: executing program 0 (id=604):
socket$inet_smc(0x2b, 0x1, 0x0)
socket$caif_stream(0x25, 0x1, 0x2)
syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x707b, 0x0, 0x3, 0x1c9}, &(0x7f00000003c0)=<r0=>0x0, &(0x7f0000000400)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000001000004080000000000000002000000200000000000000000000009030000000000000000000004"], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)=0x2)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x28, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x35}}}}}, 0x28}}, 0xc010)
ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a2, &(0x7f0000000000)='bridge0\x00')
syz_emit_ethernet(0x82, &(0x7f0000000300)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, @broadcast, @val={@val={0x88a8, 0x3, 0x1, 0x1}, {0x8100, 0x0, 0x0, 0x4}}, {@ipv6={0x86dd, @gre_packet={0x1, 0x6, "0961d3", 0x44, 0x2f, 0xff, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x1}, {0x0, 0x0, 0x1, 0x1}, {0x8, 0x88be, 0x1, {{0x6, 0x1, 0x8, 0x3, 0x0, 0x0, 0x3, 0x2}, 0x1, {0x9}}}, {0x8, 0x22eb, 0x4, {{0x1, 0x2, 0x74, 0x3, 0x1, 0x3, 0x7, 0x6}, 0x2, {0x9, 0xe, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1}}}}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x9, 0x0, 0x0, 0x0, 0x61, 0x11, 0x10}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x8}, @exit]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x4, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="180100001c0000000011845d00000095baace725ef99bb1476ecb42ba192ea1de39a3e7840242838c1e49076396dfe3c756c14e30d1debb9c2f1ac3cbdd817c9db17493d47da719e880c212efd3a3085874a7b525d06b85396130970b5aabb66e2a230818a6ce1b4fb06dc44f110f4953347959e793322f05ac219650b1d3f07925226a03d07780e6d0639ce7e206c781ed6fdd01adc8bef4b61b1629dfee0ad34f13e874dd7eed16dd16f4b8b96746d326893ba69065bca28733d0ecf40440c769b34c2e543b2ef766678644b678c36db81e4ed4c9cf2959ae213"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r6}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
setpriority(0x0, 0x0, 0xacf0165)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

2m36.028027575s ago: executing program 0 (id=609):
socket$inet_smc(0x2b, 0x1, 0x0)
socket$caif_stream(0x25, 0x1, 0x2)
r0 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7079, 0x0, 0x4, 0x316}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r0, 0x3516, 0xa1ff, 0x0, 0x0, 0x0)

2m35.88354003s ago: executing program 0 (id=610):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x0)
socket$kcm(0x2, 0x5, 0x84)
r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000340)='./bus\x00', 0x0, 0x1000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
memfd_secret(0x0)
mmap(&(0x7f000091c000/0x2000)=nil, 0x2000, 0x0, 0x10, r1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
setresuid(0x0, 0xee01, 0xffffffffffffffff)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0x1c, r4, 0x5, 0xffffffff, 0xa, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x808}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0xe)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r6 = socket(0x8, 0x3, 0x200001)
getsockopt$kcm_KCM_RECV_DISABLE(r6, 0x65, 0x7, 0x0, 0x20000000)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r6)
setsockopt$sock_attach_bpf(r5, 0x84, 0x77, 0x0, 0xffffffffffffff79)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)

2m35.293366354s ago: executing program 0 (id=611):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, 0x0)
r2 = syz_io_uring_setup(0x439b, 0x0, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000180)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0xa3d, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000400)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
r7 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r7, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_rose_SIOCRSCLRRT(r6, 0x89e4)
r8 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r8, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706006e652043617074557265272030303030303034303030303030303030303030300a2030303030303030303030303030303030303030300a4f4741494e1357c17f9431f5"], 0xb8)
r9 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r9, r8, 0x22)
socket$netlink(0x10, 0x3, 0x0)
read(r8, &(0x7f0000000100)=""/62, 0x3e)
splice(r5, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe6, 0xf3ff00000000)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x606100, 0x0)
close(r10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb010018000000000000001000000010000000020000070000000000000010000000000000000000"], 0x0, 0x2a, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
socket$netlink(0x10, 0x3, 0x0)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x40001)
sendmsg$NFT_BATCH(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}], {0x14}}, 0x64}}, 0x0)

2m35.093381374s ago: executing program 0 (id=615):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, 0x0)
r2 = syz_io_uring_setup(0x439b, 0x0, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000180)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0xa3d, 0x0, 0x5, 0x0, 0x0)
pipe(&(0x7f0000000400)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
r7 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r7, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_rose_SIOCRSCLRRT(r6, 0x89e4)
r8 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r8, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706006e652043617074557265272030303030303034303030303030303030303030300a2030303030303030303030303030303030303030300a4f4741494e1357c17f9431f5"], 0xb8)
r9 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r9, r8, 0x0)
socket$netlink(0x10, 0x3, 0x0)
read(r8, &(0x7f0000000100)=""/62, 0x3e)
splice(r5, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe6, 0xf3ff00000000)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x606100, 0x0)
close(r10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb010018000000000000001000000010000000020000070000000000000010000000000000000000"], 0x0, 0x2a, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
socket$netlink(0x10, 0x3, 0x14)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x40001)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000002140000001100010000001b00000000000000000a"], 0x64}}, 0x0)

2m35.087661685s ago: executing program 32 (id=615):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, 0x0)
r2 = syz_io_uring_setup(0x439b, 0x0, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000180)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0xa3d, 0x0, 0x5, 0x0, 0x0)
pipe(&(0x7f0000000400)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
r7 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r7, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_rose_SIOCRSCLRRT(r6, 0x89e4)
r8 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r8, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706006e652043617074557265272030303030303034303030303030303030303030300a2030303030303030303030303030303030303030300a4f4741494e1357c17f9431f5"], 0xb8)
r9 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r9, r8, 0x0)
socket$netlink(0x10, 0x3, 0x0)
read(r8, &(0x7f0000000100)=""/62, 0x3e)
splice(r5, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe6, 0xf3ff00000000)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x606100, 0x0)
close(r10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb010018000000000000001000000010000000020000070000000000000010000000000000000000"], 0x0, 0x2a, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
socket$netlink(0x10, 0x3, 0x14)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x40001)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000002140000001100010000001b00000000000000000a"], 0x64}}, 0x0)

58.491112525s ago: executing program 4 (id=1251):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req={0x200, 0xfffffff9, 0x0, 0x7f}, 0x10)
recvmmsg$unix(r0, &(0x7f0000001f40)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000180)=""/251, 0xfb}], 0x1}}], 0x1, 0x40010020, 0x0) (fail_nth: 2)

58.322268538s ago: executing program 4 (id=1252):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000"], 0x6c}}, 0x0)

58.279167432s ago: executing program 4 (id=1253):
socket$inet_smc(0x2b, 0x1, 0x0)
socket$caif_stream(0x25, 0x1, 0x2)
syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x707b, 0x0, 0x3, 0x1c9}, &(0x7f00000003c0)=<r0=>0x0, &(0x7f0000000400)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000001000004080000000000000002000000200000000000000000000009030000000000000000000004"], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
setpriority(0x0, 0x0, 0xacf0165)

57.961391395s ago: executing program 4 (id=1254):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
r4 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0})
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4)
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f0000000140)={0x1, r4})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000940))
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x20000)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40890)
memfd_create(0x0, 0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x410000002)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x3})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r7, 0xc008ae09, &(0x7f0000000080)=""/75)

55.962454143s ago: executing program 4 (id=1269):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00')
mkdir(&(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000440)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000500db3dfd0d00008400000005030000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29, <r2=>0xffffffffffffffff}, './file0\x00'})
write$vhost_msg(r0, &(0x7f0000000040)={0x796e6564, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x44)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x12, r2, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f00000000c0)=@IORING_OP_WRITE={0x17, 0x8, 0x4004, @fd_index=0x4, 0x2, &(0x7f0000000480)="4f8d9b93bfea45ada28b612b60f9a9d8718fec75f13d09fdd22b6da08658d2c1e4855108dfb1f4d706bce2eb39d4bfb093d89042d6ffcd5b32913c1cba549ca4d3b755c4cc10e823be1ae49a57f7a4d425195b3e782738109d622f7b93bc2c7e9f6a861921e7675d3973022fbd0bf179cc3040bf7063460acf560841445ee1f6b2da32005fc6baceb7598a2c74159c0775673ce73b1f32cd5b3488efdfe2d02e4ee43e0e30ec77b839e43dbafd22ebad3dfa375ddd670b9a81356d886b796f284f25d86b3745fa1ecf6033dfad01aa71b8ea0997659584a3b68e172e1a1b5975d4", 0xe1, 0x2, 0x0, {0x0, r4}})

55.882261577s ago: executing program 4 (id=1272):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='t=fd,rfdno=\x00', @ANYRESHEX=r1, @ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',\x00'])
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r1, 0xc0684113, &(0x7f0000000140)={0x0, 0xbe, 0xd, 0xe, 0x10000000, 0x6, 0x6, 0xa, 0xf46, 0x3, 0x19f})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x13, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc00c64b5, &(0x7f0000000100)={&(0x7f00000000c0)=[0x0, 0x0, 0x0], 0x3})
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r5, 0x0, 0x0)
connect$inet(r5, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
writev(r5, &(0x7f0000000200), 0x0)
recvmmsg(r5, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}}, {{0x0, 0x0, &(0x7f0000003bc0)=[{&(0x7f0000003a00)=""/190, 0xbe}], 0x1}}], 0x2, 0x40000121, 0x0)

40.52141905s ago: executing program 33 (id=1272):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='t=fd,rfdno=\x00', @ANYRESHEX=r1, @ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',\x00'])
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r1, 0xc0684113, &(0x7f0000000140)={0x0, 0xbe, 0xd, 0xe, 0x10000000, 0x6, 0x6, 0xa, 0xf46, 0x3, 0x19f})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x13, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc00c64b5, &(0x7f0000000100)={&(0x7f00000000c0)=[0x0, 0x0, 0x0], 0x3})
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r5, 0x0, 0x0)
connect$inet(r5, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
writev(r5, &(0x7f0000000200), 0x0)
recvmmsg(r5, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}}, {{0x0, 0x0, &(0x7f0000003bc0)=[{&(0x7f0000003a00)=""/190, 0xbe}], 0x1}}], 0x2, 0x40000121, 0x0)

4.671559572s ago: executing program 5 (id=1631):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000540)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x19)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
open(&(0x7f0000000040)='./file1\x00', 0x64941, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0)
syz_open_dev$evdev(&(0x7f0000000080), 0x3, 0x101142)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x8, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000"], 0x48)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r7, &(0x7f0000000480)=ANY=[@ANYRES32=r7], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0)

3.848267945s ago: executing program 5 (id=1634):
socket$inet_smc(0x2b, 0x1, 0x0)
socket$caif_stream(0x25, 0x1, 0x2)
syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x707b, 0x0, 0x3, 0x1c9}, &(0x7f00000003c0)=<r0=>0x0, &(0x7f0000000400))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000001000004080000000000000002000000200000000000000000000009030000000000000000000004"], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
setpriority(0x0, 0x0, 0xacf0165)

2.702003037s ago: executing program 5 (id=1644):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) (async)
capset(0x0, &(0x7f0000000140)={0x0, 0x0, 0x3, 0x81, 0xffffeff8}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0) (async)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000020000082505a1a44000010203010902"], 0x0)
ioctl$EVIOCRMFF(r0, 0xc0085508, &(0x7f0000000500)=0x1d) (async, rerun: 64)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) (async, rerun: 64)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040)) (async)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0xfe}]})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x2004cb], 0x0, 0x202})
ioctl$KVM_RUN(r1, 0xae80, 0x0)

2.551904521s ago: executing program 5 (id=1646):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
kexec_load(0x8000, 0x1, &(0x7f0000001300)=[{0x0, 0x0, 0x800, 0x2}], 0x380001)
mbind(&(0x7f0000315000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000380)=0x6577, 0x1, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4)
recvmsg(r0, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x437aba2}], 0x1, 0x0, 0x46, 0x407006}, 0x104)
r1 = dup(0xffffffffffffffff)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="000000010000fc00"])
ioctl$MEDIA_REQUEST_IOC_QUEUE(r1, 0x7c80, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
socket$packet(0x11, 0x3, 0x300)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
syz_open_procfs(0x0, 0x0)

2.551630587s ago: executing program 1 (id=1647):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={{0x3c}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5}], {0x14}}, 0x3c}}, 0x0)

2.481895918s ago: executing program 1 (id=1648):
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r0, 0x40046f41, 0x20000502)
mknodat$null(r0, &(0x7f00000000c0)='./file0\x00', 0xc000, 0x103)
truncate(&(0x7f0000000180)='./file0\x00', 0x5cf8)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ad56ad81da6664605ff02d09fbb6c5820fae9d0e000000ea54c1beef91f76cf8b12e40c49a624b685e0c9c16958bbcc8306d71d5da88fa", 0x37)

2.475318585s ago: executing program 1 (id=1649):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETS2(r1, 0x402c542b, &(0x7f0000000000)={0x40, 0xfffffffc, 0xb, 0xfffffffc, 0x9, "b5f201ffdf9857510d8d2ae135624d92a08f00"})
r2 = dup(r1)
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
setsockopt$inet6_dccp_buf(r3, 0x21, 0xf, 0x0, 0x0)
read$FUSE(r2, &(0x7f0000005100)={0x2020}, 0x2020)
r4 = syz_io_uring_setup(0xec8, &(0x7f0000000c00)={0x0, 0xfffffffc, 0x3, 0xfffffffd, 0x2f1}, 0x0, &(0x7f0000000600))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r4, 0x26b4, 0x10a3, 0x3, &(0x7f0000000100)={[0xffffff7ffffffffe]}, 0x8)
write$UHID_INPUT(r2, &(0x7f0000002080)={0xc, {"a2e3ad21ed0d52f91b5d340987f70e06d038e7ff7fc6e5539b3247298b089b070d356e090890e0878f0e1ac6e7049b334a959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b31070d075d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7beddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf3f2aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @local, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @local, @remote, @link_local, @remote}}}}, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x2)

2.321821091s ago: executing program 1 (id=1650):
r0 = socket(0x1e, 0x5, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000003c0)=@req3={0xa2, 0xffffff6d, 0x0, 0x0, 0x7, 0x3, 0x7}, 0x1c) (async)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r1, 0x107, 0x17, 0x0, &(0x7f0000000280)) (async)
close_range(r0, r1, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @sliced={0x0, [0x2, 0x0, 0x200, 0x3, 0x1951, 0x51d8, 0x7ff, 0x60f4, 0x100, 0x7, 0x8, 0x4, 0x1006, 0x8, 0xfffa, 0x0, 0x1, 0x9, 0x4, 0x71, 0x6, 0x1, 0x7, 0x7fff, 0xfffa, 0x5, 0x5, 0x8007, 0x0, 0xfd7d, 0x80, 0x3b, 0x401, 0xe, 0x6, 0xa, 0xfc, 0x5, 0x7, 0x0, 0x1, 0x9, 0x6, 0x3, 0x10, 0x0, 0x2, 0x5], 0x80000000}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async, rerun: 32)
sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x61) (async, rerun: 32)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='personality\x00')
close(r2) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async, rerun: 64)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (rerun: 64)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) (async, rerun: 64)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0) (rerun: 64)
r5 = openat$cgroup_ro(r4, &(0x7f0000000080)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0)
preadv(r5, 0x0, 0x0, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r6, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x12}, 0x1c) (async, rerun: 32)
setsockopt$SO_BINDTODEVICE_wg(r6, 0x1, 0x19, 0x0, 0x0) (async, rerun: 32)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r2, 0x6612) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
madvise(&(0x7f00002a2000/0x2000)=nil, 0x2000, 0x8) (async, rerun: 32)
syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff) (rerun: 32)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) (async)
syz_clone(0x20001000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)

2.321415699s ago: executing program 2 (id=1651):
socket$inet(0x2, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
socket(0x1e, 0x1, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
io_submit(0x0, 0x0, &(0x7f0000000300))
r2 = io_uring_setup(0x3987, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
r3 = syz_io_uring_setup(0x5e2, 0x0, &(0x7f0000000180), 0x0)
io_uring_enter(r3, 0x53c8, 0x3, 0x2c, 0x0, 0x0)
ioctl$VIDIOC_G_AUDOUT(0xffffffffffffffff, 0x80345631, 0x0)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000680)={0x7ff}, 0x0, 0x0)
r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6gre0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0xfff1, &(0x7f0000000240)={&(0x7f0000000b40)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xb27f}]}}]}, 0x3c}}, 0x0)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x3c1, 0x3, 0x4d8, 0x300, 0x18c, 0x203, 0x300, 0x19030000, 0x408, 0x2e0, 0x2e0, 0x408, 0x2e0, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0x0, 0xff000000, 0xffffff00, 0xff], [], 'veth1_to_team\x00', 'bond0\x00', {0xff}, {0xff}, 0x6, 0xe, 0x6, 0x2}, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x213, [{}, {}, {}, {}, {}, {0x0, 0xfc}, {}, {}, {0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x17}, {0x0, 0xfe}, {0x0, 0xa6}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x2}, {0xfffe}, {0x359c}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x0, 0x0, 0x3}, {0x1}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84}, {0xfffd, 0x1, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfd}, {}, {}, {0x0, 0x2}, {}, {}, {}, {}, {0x4, 0x0, 0x0, 0xe}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@private=0xa010100, [0xff000000, 0x0, 0xffffff00, 0xff000000], 0x4e21, 0x4e22, 0x4e21, 0x4e22, 0x9, 0x40, 0x2, 0xffff, 0x5}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x538)

2.321152388s ago: executing program 1 (id=1652):
socket$inet_smc(0x2b, 0x1, 0x0)
socket$caif_stream(0x25, 0x1, 0x2)
syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x707b, 0x0, 0x3, 0x1c9}, &(0x7f00000003c0)=<r0=>0x0, &(0x7f0000000400))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000001000004080000000000000002000000200000000000000000000009030000000000000000000004"], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
setpriority(0x0, 0x0, 0xacf0165)

1.481937864s ago: executing program 3 (id=1654):
r0 = socket$kcm(0xa, 0x5, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x2, 0x1, 0x0, 0x3, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private0}}]}, 0x60}}, 0x0) (fail_nth: 10)
r2 = openat$sndtimer(0xffffff9c, &(0x7f0000001840), 0x400)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r2, 0x403c5404, &(0x7f0000001880)={{0x3, 0x0, 0x1, 0x3, 0x9}, 0x0, 0x3})
r3 = openat$binderfs(0xffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_THREAD_EXIT(r3, 0x40046208, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000000)=[{&(0x7f00000000c0)="80", 0x1}], 0x1, &(0x7f0000000640)=[{0x20, 0x84, 0x8, "fe8000000000000002"}], 0x20}, 0x41)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020300031200000000000000000000000400090088000000e3d36433c4920893924540ac18fabaf0c70000000000000005000600000000000a0000000000000000000000000000000000000000000000000000000000000002000100000000000000fbfc0000000005000500000000000a"], 0x90}, 0x1, 0x7}, 0x0)

1.401816461s ago: executing program 2 (id=1655):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="b70700000000000063119f00000000000700000000000000950000000000000086b223c17fd5c6311e80752befb60f283890ff0a97195cba4872b282cd13a47f256c1748557c"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc01cf509, 0x0)
mknod$loop(&(0x7f0000000100)='./file0\x00', 0x0, 0x1)
mount(&(0x7f0000000040)=@sr0, 0x0, 0x0, 0x0, 0x0)
read$snddsp(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x109000)
r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r5, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000440)={r6, 0x0, 0x0, 0x9, 0x0, [<r7=>0x0], [0xff, 0x0, 0x39a], [], [0x100000001]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r7, 0x0, <r8=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000200)={r6, 0x0, 0x0, 0x0, 0x0, [<r9=>0x0]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r8})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000040)={r9})
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r10, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)

1.401575935s ago: executing program 3 (id=1656):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000200)={'vcan0\x00', 0x800}) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000180))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) (async)
process_mrelease(0xffffffffffffffff, 0x0) (async)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r1, &(0x7f00000002c0)="f9", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private0}, 0x1c) (async)
openat$btrfs_control(0xffffff9c, &(0x7f0000000000), 0x100, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff) (async)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x40043311) (async)
r2 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r3, 0x50009405, &(0x7f0000000480))
prctl$PR_SCHED_CORE(0x3e, 0x80000000000001, 0x0, 0x2, 0x0) (async)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async)
syz_open_dev$radio(0x0, 0x0, 0x2)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000240)={0x3000001d})
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRESHEX=r3, @ANYRES32=0x0, @ANYBLOB="080000000000000014001280f6a8180b0001006d6163766c616e000c0002808800e285fc4f0f6b0f61632134a5d999f00a9d1f03f43ddf56c2a3000057040000000000008ffe5eae7149ced75a5b76e059b8", @ANYRESOCT=r4], 0x3c}}, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee9, 0x10010, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)

1.401135193s ago: executing program 1 (id=1657):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000140)={{0x6, @bcast, 0x2}, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose}, [@default, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
listen(r0, 0x1ad72f7)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb, [{}, {}, {0x80000000}, {}, {}, {}, {0x10000000}], 0x0, 0x0, 0x0, 0x2}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, 0x0, 0x24008004)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x3, 0x6, 0x4920e7af812c3f03, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
sendmsg$NFT_BATCH(r3, 0x0, 0x200548d0)
write$binfmt_misc(r3, 0x0, 0x0)
close(0xffffffffffffffff)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0)
ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f0000000180))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_PEER_REMOVE(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x30}}, 0x0)
r7 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000000040), 0x141000, 0x0)
ioctl$SNDCTL_DSP_NONBLOCK(r7, 0x500e, 0x0)
write$dsp(r5, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
syz_usb_connect(0x5, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
writev(r1, &(0x7f0000000440)=[{&(0x7f00000006c0)="42f48e256975df8aaaf1c15b56605da70f1d6a7ed7cb6a672cbd6ea762613235cb937b1a06dcb30d42bf0fbb08ec3dcd272516bf71a05edbe8cae5bebd9621c1225ea07339ab4698b538351927a0dceb016ebe5aca257b53071d76df53a65a9d4c0578625ecf5560de787c7b056d5f0f6aa037b0fbf4e2eae49a8746aba7deaf5ebb115801e9a9291272858ae8cbe092875dbfd901546850d5f1052f2aeaa38c7916e677ef9b6072ed09110714a81ca23dca2e83caa1757a5a1ab8fa97d179b49ff5f51f2a048673869b8d5e00427e69c9c52a524c3c7ee2c91b56f2d83f8e06cc7eced6", 0xe4}, {&(0x7f00000001c0)="cb83f2c6dd8a9607d0", 0x9}], 0x2)

1.1614399s ago: executing program 3 (id=1658):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETS2(r1, 0x402c542b, &(0x7f0000000000)={0x40, 0xfffffffc, 0xb, 0xfffffffc, 0x9, "b5f201ffdf9857510d8d2ae135624d92a08f00"})
r2 = dup(r1)
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
setsockopt$inet6_dccp_buf(r3, 0x21, 0xf, 0x0, 0x0)
read$FUSE(r2, &(0x7f0000005100)={0x2020}, 0x2020)
r4 = syz_io_uring_setup(0xec8, &(0x7f0000000c00)={0x0, 0xfffffffc, 0x3, 0xfffffffd, 0x2f1}, 0x0, &(0x7f0000000600))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r4, 0x26b4, 0x10a3, 0x3, &(0x7f0000000100)={[0xffffff7ffffffffe]}, 0x8)
write$UHID_INPUT(r2, &(0x7f0000002080)={0xc, {"a2e3ad21ed0d52f91b5d340987f70e06d038e7ff7fc6e5539b3247298b089b070d356e090890e0878f0e1ac6e7049b334a959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b31070d075d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7beddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf3f2aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @local, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @local, @remote, @link_local, @remote}}}}, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x2)

1.021661595s ago: executing program 2 (id=1659):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000808000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x4f)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x14, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2001, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x8000, 0x0, 0x0, 0x400}}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x60}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$tipc(0x1e, 0x5, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r5 = syz_open_dev$tty20(0xc, 0x4, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0x9, {"a2e3ad21ed0d09f90e3d090987f70e06d038e7ff7fc6e5539b0d3f0e8b099b3f36006c090890e0878f0e1ac6e7f89b334d959b4a9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0a6193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05959a71243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927eff7f3aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f05004b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee6157eb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de225727aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d78749a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8870b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae8489d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60299473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b00f1000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90d5943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
mknodat$loop(0xffffffffffffffff, &(0x7f0000001600)='./file1\x00', 0x2000, 0x0)
linkat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='uid_map\x00')
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{0x1}, &(0x7f0000000540), &(0x7f0000000580)='%pS    \x00'}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
write(r5, &(0x7f0000000600)="b18e09eb60a8a2cbccf607d033cfe374824862d1f61454e26ff079473368921fa49642a1816a72f002ec5bf0ebc720ffee37b51b9a88f1e087b9eb1a5cd03dc299a4a704007083f92c1dbf3b284f31082bee28c66b9cacab6502a2aeae4699ccf0ffe47de1131a12ba7c42cfe5e621082e396b67c34cc8baecc2667a699cafd42a1e0bb57ab0349273a870314984b098898e5d1cdb63eb03a02810ac7c91c576a57e01d78c7b706a174ad059da5797351d67528d5a5528cbd6f4ccc85154d20f5f06f6ea5aa251d5a4b5e7c3979395ba684cfa13fb7c87497dc88f41c45c8d9e9960fc", 0xe3)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x37, 0x301, 0x270bd24, 0x25dfdbf9, {0x5}}, 0x14}}, 0x0)

772.044906ms ago: executing program 3 (id=1660):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r0, 0x40046f41, 0x20000502)
mknodat$null(r0, &(0x7f00000000c0)='./file0\x00', 0xc000, 0x103)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000bfe000/0x400000)=nil, 0x400000, 0x0)
truncate(&(0x7f0000000180)='./file0\x00', 0x5cf8)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000300)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ad56ad81da6664605ff02d09fbb6c5820fae9d0e000000ea54c1beef91f76cf8b12e40c49a624b685e0c9c16958bbcc8306d71d5da88fa", 0x37)
mprotect(&(0x7f00000be000/0x1000)=nil, 0x1000, 0x4b9dff4d85a41277)
accept4(r1, 0x0, 0x0, 0x1800)
io_setup(0x3, &(0x7f0000000180))
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
setsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0)
mount(0x0, 0x0, &(0x7f0000000280)='tracefs\x00', 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000140), 0x2)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
userfaultfd(0x80001)
syz_open_dev$evdev(&(0x7f00000000c0), 0x1, 0x842b01)
map_shadow_stack(&(0x7f0000172000/0x4000)=nil, 0x4000, 0x1)

247.849027ms ago: executing program 5 (id=1661):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fdinfo\x00')
fchdir(r0)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000fbffffffffffffff80060000000000000006", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRESOCT=r0], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000240), 0x41d3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, 0x0, 0x10)
ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc044560f, &(0x7f0000000380)=@mmap={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "37bb54f0"}})
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000180)=0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x8804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_open_procfs(0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1e8640, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
sendfile(r4, r4, 0x0, 0x40008)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x52d8, &(0x7f0000000480)={0x0, 0xe02f, 0x8000, 0x2, 0x1a0}, 0x0, &(0x7f00000001c0))
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000200)={0x800041, 0x4, 0x2}, 0x10)
sendmsg$tipc(r5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r6, 0x541b, &(0x7f0000000040)={<r7=>0xffffffffffffffff, 0x0, 0x8, 0x1})
close_range(r7, 0xffffffffffffffff, 0x0)

150.498211ms ago: executing program 3 (id=1662):
mknod(&(0x7f0000000080)='./bus\x00', 0xc000, 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)='xfs\x00', 0x400080, &(0x7f00000001c0)='discard')

150.178533ms ago: executing program 2 (id=1663):
r0 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
add_key(&(0x7f0000000340)='dns_resolver\x00', 0x0, 0x0, 0xfeff, r0)

149.883477ms ago: executing program 2 (id=1664):
socket$nl_route(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000b80)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
r4 = syz_io_uring_setup(0x10c, &(0x7f0000000140)={0x0, 0x6d89, 0x8, 0x0, 0xf0}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_UNREGISTER_PBUF_RING(r4, 0x17, &(0x7f0000000300)={0x0, 0x0, 0x2}, 0x1)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @sliced={0x9, [0xce, 0x7, 0xe7, 0x2, 0x3, 0x8, 0x1, 0x8, 0x9, 0x2, 0xfff5, 0x0, 0x1000, 0x8, 0xd, 0x0, 0x8186, 0x3, 0x403, 0x75, 0x2, 0x7, 0x1, 0x8bb8, 0x1, 0xfff, 0x8, 0x1, 0x3ea2, 0x7fff, 0x208, 0x6, 0x8, 0x51, 0x3, 0x4, 0x4, 0x9, 0x7ff, 0x5, 0x5, 0x3, 0x5, 0x2, 0x401, 0x9, 0x2, 0x7]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800452800140000000000219078ac1e0001ac1414aa05009078051414bb460000000000000000000040c6dd7999f1ff9db82e0dd97c"], 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, &(0x7f00000004c0))
getegid()
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6}]})
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
msgget$private(0x0, 0x0)

149.542676ms ago: executing program 3 (id=1665):
socket$inet_smc(0x2b, 0x1, 0x0)
socket$caif_stream(0x25, 0x1, 0x2)
syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x707b, 0x0, 0x3, 0x1c9}, &(0x7f00000003c0)=<r0=>0x0, &(0x7f0000000400))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000001000004080000000000000002000000200000000000000000000009030000000000000000000004"], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
setpriority(0x0, 0x0, 0xacf0165)

213.911µs ago: executing program 5 (id=1666):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
mbind(&(0x7f0000315000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000380)=0x6577, 0x1, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4)
sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0)
recvmsg(r0, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x437aba2}], 0x1, 0x0, 0x46, 0x407006}, 0x104)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="00000001"])
ioctl$MEDIA_REQUEST_IOC_QUEUE(r2, 0x7c80, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='bic\x00', 0x4)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=<r5=>0x0)
setresuid(r5, 0xffffffffffffffff, 0x0)
quotactl_fd$Q_GETQUOTA(r0, 0xffffffff80000702, r5, &(0x7f00000001c0))
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00'})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
syz_open_procfs(0x0, 0x0)

0s ago: executing program 2 (id=1667):
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x541b, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$swradio(&(0x7f0000000180), 0x0, 0x2)
syz_open_procfs(0x0, &(0x7f0000000240)='wchan\x00')
openat$vsock(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = syz_open_dev$media(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, &(0x7f0000000040)=<r2=>0xffffffffffffffff)
pselect6(0x40, &(0x7f00000001c0)={0x2, 0xffffffffffffffff}, 0x0, &(0x7f0000000080)={0x3ff, 0x0, 0x7fffffffffffffff, 0x0, 0x3}, 0x0, 0x0)
ioctl$MEDIA_REQUEST_IOC_REINIT(r2, 0x7c81, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r4)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="fc7dff778c21a400", @ANYRES16=r5, @ANYBLOB="6b652cbd7000fcdbdf2530000000"], 0x14}, 0x1, 0x0, 0x0, 0x40001}, 0x8)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r6 = shmget(0x1, 0x3000, 0x10, &(0x7f00000b3000/0x3000)=nil)
shmctl$IPC_INFO(r6, 0x3, &(0x7f0000000000)=""/92)
flock(r2, 0x9)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddb357f7adf97affffffff7d1800"})
r7 = syz_open_pts(r3, 0x0)
ioctl$TIOCVHANGUP(r7, 0x5437, 0x0)
ioctl$TCSETA(r7, 0x5406, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x6, "0700f342368300"})
ioctl$TIOCGPTPEER(r3, 0x5441, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000140), 0x440000, 0x0)

0s ago: executing program 3 (id=1668):
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r0, 0x40186f40, 0x20000502)

kernel console output (not intermixed with test programs):

T10734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  265.693669][T10734] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  265.696438][T10734] usb usb9: usbfs: process 10734 (syz.4.1190) did not claim interface 0 before use
[  265.811969][ T6032] usb 9-1: USB disconnect, device number 15
[  266.398318][T10742] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1200'.
[  266.401556][T10742] nbd: must specify at least one socket
[  266.437420][   T39] audit: type=1326 audit(1736246667.725:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10745 comm="syz.3.1201" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf713e598 code=0x7ffc0000
[  266.437459][   T39] audit: type=1326 audit(1736246667.725:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10745 comm="syz.3.1201" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf713e598 code=0x7ffc0000
[  266.437487][   T39] audit: type=1326 audit(1736246667.725:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10745 comm="syz.3.1201" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf713e598 code=0x7ffc0000
[  266.437523][   T39] audit: type=1326 audit(1736246667.725:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10745 comm="syz.3.1201" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf713e598 code=0x7ffc0000
[  266.437548][   T39] audit: type=1326 audit(1736246667.725:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10745 comm="syz.3.1201" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf713e579 code=0x7ffc0000
[  266.437576][   T39] audit: type=1326 audit(1736246667.725:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10745 comm="syz.3.1201" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf713e598 code=0x7ffc0000
[  266.437607][   T39] audit: type=1326 audit(1736246667.725:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10745 comm="syz.3.1201" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf713e579 code=0x7ffc0000
[  266.437639][   T39] audit: type=1326 audit(1736246667.725:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10745 comm="syz.3.1201" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf713e579 code=0x7ffc0000
[  266.519995][T10749] netlink: 'syz.3.1202': attribute type 1 has an invalid length.
[  266.520009][T10749] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1202'.
[  266.558956][T10751] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1203'.
[  266.587593][T10751] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1203'.
[  266.832653][   T57] usb 6-1: new low-speed USB device number 45 using dummy_hcd
[  266.851470][T10759] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1205'.
[  266.856859][T10759] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1205'.
[  266.899707][T10759] Invalid source name
[  266.901095][T10759] UBIFS error (pid: 10759): cannot open "./file0", error -22
[  266.920261][ T1448] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  267.092967][   T57] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  267.095231][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  267.098417][   T57] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  267.101505][ T1448] usb 9-1: config 1 interface 0 altsetting 128 bulk endpoint 0x1 has invalid maxpacket 1023
[  267.102090][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  267.105007][ T1448] usb 9-1: config 1 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  267.108245][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  267.112365][ T1448] usb 9-1: config 1 interface 0 has no altsetting 0
[  267.116861][   T57] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  267.118678][ T1448] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  267.119266][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  267.122054][ T1448] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.125023][   T57] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  267.127401][ T1448] usb 9-1: Product: á �
[  267.132109][ T1448] usb 9-1: SerialNumber: 홫䠟붗懚�妽�튼홗芸ﲗᒭ簠��璩紓⢖�꘰걾ᭂꅱ䋜꘽믬와鈸�꾙⹸ⅾ埌穾믫剟埱컖�쀈鶚絕囗ꜘ굽한칗䵆�䤕�⎬�隬☰ိ㧯̩륬�幂꾣⸼Ꙓ렙鄣〨ᛮ嘂汄㶊뵩漣⥿穋賬㹢朗롅ꣃ瓓뜽�禋錪팣ﹺ쇷㌤볦њᙑ긥�鞾ꙡ牣⪀瑦꟩賄
[  267.145300][T10754] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  267.236957][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  267.240464][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  267.244654][   T57] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  267.246843][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  267.249903][   T57] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  267.253334][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  267.256537][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  267.264497][   T57] usb 6-1: string descriptor 0 read error: -22
[  267.266410][   T57] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  267.269080][   T57] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.280697][   T57] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  267.390632][ T1448] usb 9-1: USB disconnect, device number 16
[  267.478876][ T6032] usb 6-1: USB disconnect, device number 45
[  268.044096][T10771] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1209'.
[  268.046904][T10771] nbd: must specify at least one socket
[  268.147483][T10779] Driver unsupported XDP return value 0 on prog  (id 270) dev N/A, expect packet loss!
[  268.200586][T10782] netlink: 'syz.3.1213': attribute type 1 has an invalid length.
[  268.240167][   T63] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  268.433806][   T63] usb 9-1: config 0 has no interfaces?
[  268.436055][   T63] usb 9-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  268.439392][   T63] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.444310][   T63] usb 9-1: config 0 descriptor??
[  268.703733][T10790] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  268.706932][T10790] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  268.711653][T10790] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  268.715051][T10790] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  268.719209][T10790] usb usb9: usbfs: process 10790 (syz.4.1207) did not claim interface 0 before use
[  269.001631][ T6032] usb 9-1: USB disconnect, device number 17
[  269.229760][T10798] IPVS: set_ctl: invalid protocol: 20551 172.20.20.170:0
[  269.233878][   T35] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  269.391253][   T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  269.394052][   T35] usb 6-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  269.396653][   T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.399779][   T35] usb 6-1: config 0 descriptor??
[  269.535524][T10807] nbd: must specify at least one socket
[  269.540103][    T9] usb 8-1: new low-speed USB device number 46 using dummy_hcd
[  269.604756][T10793] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  269.608180][T10793] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  269.614419][   T35] usbhid 6-1:0.0: can't add hid device: -71
[  269.616234][   T35] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  269.623048][   T35] usb 6-1: USB disconnect, device number 46
[  269.687346][T10822] netlink: 'syz.4.1224': attribute type 1 has an invalid length.
[  269.708863][    T9] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[  269.711517][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  269.720229][    T9] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  269.724095][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  269.730155][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  269.734119][    T9] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[  269.739998][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  269.743156][    T9] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  269.749211][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  269.754484][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  269.759740][    T9] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[  269.763890][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  269.770483][    T9] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  269.774775][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  269.778961][    T9] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  269.792649][    T9] usb 8-1: string descriptor 0 read error: -22
[  269.794491][    T9] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  269.797186][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.802292][    T9] adutux 8-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  270.003549][    T9] usb 8-1: USB disconnect, device number 46
[  270.450143][   T63] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  270.612598][   T63] usb 6-1: config 0 has no interfaces?
[  270.617212][   T63] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  270.621466][   T39] kauditd_printk_skb: 231 callbacks suppressed
[  270.621477][   T39] audit: type=1326 audit(1736246671.915:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10840 comm="syz.3.1229" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf713e579 code=0x0
[  270.624190][   T63] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.636777][   T63] usb 6-1: config 0 descriptor??
[  270.858354][T10847] __nla_validate_parse: 4 callbacks suppressed
[  270.858365][T10847] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1230'.
[  270.862877][T10847] nbd: must specify at least one socket
[  270.893712][T10849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  270.897089][T10849] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  270.901471][T10849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  270.905126][T10849] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  270.909325][T10849] usb usb9: usbfs: process 10849 (syz.1.1227) did not claim interface 0 before use
[  270.972499][    T8] usb 6-1: USB disconnect, device number 47
[  271.710769][T10865] netlink: 'syz.2.1234': attribute type 1 has an invalid length.
[  271.713749][T10865] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1234'.
[  272.090202][   T63] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  272.252213][   T63] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  272.256050][   T63] usb 9-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  272.259697][   T63] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.264264][   T63] usb 9-1: config 0 descriptor??
[  272.447886][T10884] FAULT_INJECTION: forcing a failure.
[  272.447886][T10884] name failslab, interval 1, probability 0, space 0, times 0
[  272.454143][T10884] CPU: 3 UID: 0 PID: 10884 Comm: syz.3.1239 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  272.458096][T10884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  272.461661][T10884] Call Trace:
[  272.462905][T10884]  <TASK>
[  272.464041][T10884]  dump_stack_lvl+0x16c/0x1f0
[  272.465787][T10884]  should_fail_ex+0x497/0x5b0
[  272.467630][T10884]  ? fs_reclaim_acquire+0xae/0x150
[  272.469679][T10884]  should_failslab+0xc2/0x120
[  272.471483][T10884]  kmem_cache_alloc_node_noprof+0x72/0x3b0
[  272.473642][T10884]  ? __alloc_skb+0x2b3/0x380
[  272.475375][T10884]  ? bpf_lsm_capable+0x9/0x10
[  272.477211][T10884]  __alloc_skb+0x2b3/0x380
[  272.479090][T10884]  ? __pfx___alloc_skb+0x10/0x10
[  272.481096][T10884]  ? genl_rcv_msg+0x470/0x800
[  272.482740][T10884]  ? genl_rcv_msg+0x4bd/0x800
[  272.484522][T10884]  netlink_ack+0x164/0xb20
[  272.486227][T10884]  netlink_rcv_skb+0x327/0x410
[  272.488021][T10884]  ? __pfx_genl_rcv_msg+0x10/0x10
[  272.489792][T10884]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  272.491739][T10884]  ? down_read+0xc9/0x330
[  272.493372][T10884]  ? __pfx_down_read+0x10/0x10
[  272.495231][T10884]  ? netlink_deliver_tap+0x1ae/0xca0
[  272.497232][T10884]  genl_rcv+0x28/0x40
[  272.498782][T10884]  netlink_unicast+0x53c/0x7f0
[  272.500436][T10884]  ? __pfx_netlink_unicast+0x10/0x10
[  272.502381][T10884]  ? __phys_addr_symbol+0x30/0x80
[  272.504230][T10884]  ? __check_object_size+0x488/0x710
[  272.506075][T10884]  netlink_sendmsg+0x8b8/0xd70
[  272.507920][T10884]  ? __pfx_netlink_sendmsg+0x10/0x10
[  272.509803][T10884]  ____sys_sendmsg+0x9ae/0xb40
[  272.511607][T10884]  ? __pfx_____sys_sendmsg+0x10/0x10
[  272.513393][T10884]  ? get_compat_msghdr+0x11b/0x170
[  272.515272][T10884]  ___sys_sendmsg+0x135/0x1e0
[  272.517030][T10884]  ? __pfx____sys_sendmsg+0x10/0x10
[  272.518824][T10884]  ? __pfx_lock_release+0x10/0x10
[  272.520714][T10884]  ? trace_lock_acquire+0x14e/0x1f0
[  272.522675][T10884]  ? __fget_files+0x206/0x3a0
[  272.524428][T10884]  __sys_sendmsg+0x16e/0x220
[  272.526178][T10884]  ? __pfx___sys_sendmsg+0x10/0x10
[  272.528171][T10884]  __do_fast_syscall_32+0x73/0x120
[  272.530004][T10884]  do_fast_syscall_32+0x32/0x80
[  272.531872][T10884]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  272.534242][T10884] RIP: 0023:0xf713e579
[  272.535781][T10884] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  272.542728][T10884] RSP: 002b:00000000f513055c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  272.545613][T10884] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000240
[  272.548522][T10884] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  272.551202][T10884] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  272.554001][T10884] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  272.556783][T10884] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  272.559609][T10884]  </TASK>
[  272.564267][T10868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  272.567530][T10868] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  272.571947][   T63] usbhid 9-1:0.0: can't add hid device: -71
[  272.573740][   T63] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  272.581147][   T63] usb 9-1: USB disconnect, device number 18
[  272.910123][    T9] usb 8-1: new high-speed USB device number 47 using dummy_hcd
[  272.995608][T10902] netlink: 'syz.2.1244': attribute type 1 has an invalid length.
[  272.998411][T10902] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1244'.
[  273.083606][    T9] usb 8-1: config 0 has no interfaces?
[  273.086029][    T9] usb 8-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  273.089785][    T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.097383][    T9] usb 8-1: config 0 descriptor??
[  273.221620][T10905] FAULT_INJECTION: forcing a failure.
[  273.221620][T10905] name failslab, interval 1, probability 0, space 0, times 0
[  273.225489][T10905] CPU: 0 UID: 0 PID: 10905 Comm: syz.4.1245 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  273.229452][T10905] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  273.233058][T10905] Call Trace:
[  273.233998][T10905]  <TASK>
[  273.234854][T10905]  dump_stack_lvl+0x16c/0x1f0
[  273.236263][T10905]  should_fail_ex+0x497/0x5b0
[  273.237674][T10905]  ? run_filter+0x1a9/0x480
[  273.239133][T10905]  should_failslab+0xc2/0x120
[  273.240569][T10905]  kmem_cache_alloc_noprof+0x6e/0x3b0
[  273.242218][T10905]  ? skb_clone+0x190/0x3f0
[  273.243716][T10905]  skb_clone+0x190/0x3f0
[  273.244986][T10905]  packet_rcv+0x60d/0x15a0
[  273.246312][T10905]  ? __pfx_packet_rcv+0x10/0x10
[  273.247739][T10905]  dev_queue_xmit_nit+0x373/0xbc0
[  273.249306][T10905]  dev_hard_start_xmit+0x283/0x7b0
[  273.250935][T10905]  __dev_queue_xmit+0x7f0/0x43e0
[  273.252390][T10905]  ? __pfx___dev_queue_xmit+0x10/0x10
[  273.254100][T10905]  ? rcu_is_watching+0x12/0xc0
[  273.255701][T10905]  ? trace_kmem_cache_alloc+0x2d/0xd0
[  273.257259][T10905]  ? __copy_skb_header+0x2e8/0x5b0
[  273.258758][T10905]  ? __skb_clone+0x570/0x760
[  273.260379][T10905]  netlink_deliver_tap+0xa61/0xca0
[  273.261923][T10905]  netlink_unicast+0x5e1/0x7f0
[  273.263269][T10905]  ? __pfx_netlink_unicast+0x10/0x10
[  273.264739][T10905]  ? __phys_addr_symbol+0x30/0x80
[  273.266308][T10905]  ? __check_object_size+0x488/0x710
[  273.267873][T10905]  netlink_sendmsg+0x8b8/0xd70
[  273.267982][   T39] audit: type=1326 audit(1736246674.555:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10907 comm="syz.2.1246" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fd6579 code=0x0
[  273.269275][T10905]  ? __pfx_netlink_sendmsg+0x10/0x10
[  273.269297][T10905]  ____sys_sendmsg+0x9ae/0xb40
[  273.269309][T10905]  ? __pfx_____sys_sendmsg+0x10/0x10
[  273.282485][T10905]  ? get_compat_msghdr+0x11b/0x170
[  273.283965][T10905]  ___sys_sendmsg+0x135/0x1e0
[  273.285466][T10905]  ? __pfx____sys_sendmsg+0x10/0x10
[  273.286997][T10905]  ? __pfx_lock_release+0x10/0x10
[  273.288464][T10905]  ? trace_lock_acquire+0x14e/0x1f0
[  273.290438][T10905]  ? __fget_files+0x206/0x3a0
[  273.292335][T10905]  __sys_sendmsg+0x16e/0x220
[  273.294227][T10905]  ? __pfx___sys_sendmsg+0x10/0x10
[  273.296262][T10905]  __do_fast_syscall_32+0x73/0x120
[  273.298319][T10905]  do_fast_syscall_32+0x32/0x80
[  273.300304][T10905]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  273.302686][T10905] RIP: 0023:0xf7f34579
[  273.303959][T10905] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  273.309791][T10905] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  273.312988][T10905] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000440
[  273.316067][T10905] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  273.319243][T10905] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  273.322381][T10905] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  273.325499][T10905] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  273.328706][T10905]  </TASK>
[  273.337720][T10905] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1245'.
[  273.385355][T10911] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  273.388070][T10911] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  273.392206][T10911] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  273.396237][T10911] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  273.416599][T10911] usb usb9: usbfs: process 10911 (syz.3.1241) did not claim interface 0 before use
[  273.492353][    T9] usb 8-1: USB disconnect, device number 47
[  274.174505][T10927] FAULT_INJECTION: forcing a failure.
[  274.174505][T10927] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  274.179683][T10927] CPU: 3 UID: 0 PID: 10927 Comm: syz.4.1251 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  274.184044][T10927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  274.188286][T10927] Call Trace:
[  274.189648][T10927]  <TASK>
[  274.190838][T10927]  dump_stack_lvl+0x16c/0x1f0
[  274.192711][T10927]  should_fail_ex+0x497/0x5b0
[  274.194574][T10927]  _copy_to_iter+0x29b/0x1400
[  274.196076][T10927]  ? trace_lock_acquire+0x14e/0x1f0
[  274.197592][T10927]  ? __pfx__copy_to_iter+0x10/0x10
[  274.199068][T10927]  ? __virt_addr_valid+0x1a4/0x590
[  274.200588][T10927]  ? __virt_addr_valid+0x5e/0x590
[  274.202059][T10927]  ? __phys_addr_symbol+0x30/0x80
[  274.203536][T10927]  ? __check_object_size+0x488/0x710
[  274.205578][T10927]  simple_copy_to_iter+0x4f/0x80
[  274.207637][T10927]  __skb_datagram_iter+0x122/0x8c0
[  274.209341][T10927]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  274.210993][T10927]  ? rcu_is_watching+0x12/0xc0
[  274.212403][T10927]  skb_copy_datagram_iter+0x40/0x50
[  274.213911][T10927]  tipc_recvmsg+0x45b/0xfd0
[  274.215486][T10927]  ? __pfx_tipc_recvmsg+0x10/0x10
[  274.216955][T10927]  ? find_held_lock+0x2d/0x110
[  274.218343][T10927]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  274.219889][T10927]  sock_recvmsg+0x1f6/0x250
[  274.221218][T10927]  ____sys_recvmsg+0x219/0x6b0
[  274.222622][T10927]  ? __pfx_____sys_recvmsg+0x10/0x10
[  274.224218][T10927]  ___sys_recvmsg+0x115/0x1a0
[  274.225577][T10927]  ? __pfx____sys_recvmsg+0x10/0x10
[  274.227088][T10927]  ? __fget_files+0x1fc/0x3a0
[  274.228459][T10927]  ? trace_lock_acquire+0x14e/0x1f0
[  274.229959][T10927]  ? __fget_files+0x206/0x3a0
[  274.231359][T10927]  do_recvmmsg+0x55d/0x740
[  274.232656][T10927]  ? __pfx_do_recvmmsg+0x10/0x10
[  274.234135][T10927]  ? vfs_write+0x306/0x1150
[  274.235727][T10927]  ? __fget_files+0x206/0x3a0
[  274.237093][T10927]  __sys_recvmmsg+0x21e/0x280
[  274.238472][T10927]  ? __pfx___sys_recvmmsg+0x10/0x10
[  274.239989][T10927]  ? __pfx_ksys_write+0x10/0x10
[  274.241431][T10927]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  274.243242][T10927]  ? lockdep_hardirqs_on+0x7c/0x110
[  274.245055][T10927]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  274.247202][T10927]  __do_fast_syscall_32+0x73/0x120
[  274.248701][T10927]  do_fast_syscall_32+0x32/0x80
[  274.250110][T10927]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  274.252210][T10927] RIP: 0023:0xf7f34579
[  274.253457][T10927] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  274.259293][T10927] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  274.261740][T10927] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020001f40
[  274.264060][T10927] RDX: 0000000000000001 RSI: 0000000040010020 RDI: 0000000000000000
[  274.266440][T10927] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  274.269082][T10927] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  274.271435][T10927] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  274.273939][T10927]  </TASK>
[  274.327243][T10929] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1252'.
[  274.331568][T10929] nbd: must specify at least one socket
[  274.685539][T10937] netlink: 'syz.1.1255': attribute type 1 has an invalid length.
[  274.688737][T10937] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1255'.
[  275.218934][T10952] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1259'.
[  275.281153][T10956] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1259'.
[  275.385016][T10952] FAULT_INJECTION: forcing a failure.
[  275.385016][T10952] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  275.393331][T10956] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  275.396296][T10952] CPU: 2 UID: 0 PID: 10952 Comm: syz.3.1259 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  275.400089][T10952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  275.403534][T10952] Call Trace:
[  275.404765][T10952]  <TASK>
[  275.405631][T10952]  dump_stack_lvl+0x16c/0x1f0
[  275.406995][T10952]  should_fail_ex+0x497/0x5b0
[  275.408388][T10952]  _copy_from_user+0x2e/0xd0
[  275.409742][T10952]  copy_from_buffer+0x86/0xb0
[  275.411105][T10952]  copy_uabi_to_xstate+0xb5/0x670
[  275.412576][T10952]  ? find_held_lock+0x2d/0x110
[  275.413968][T10952]  ? __pfx_copy_uabi_to_xstate+0x10/0x10
[  275.415589][T10952]  ? __pfx_lock_release+0x10/0x10
[  275.417034][T10952]  ? trace_lock_acquire+0x14e/0x1f0
[  275.418533][T10952]  ? __local_bh_enable_ip+0xa4/0x120
[  275.420172][T10952]  __fpu_restore_sig+0x1062/0x1430
[  275.421693][T10952]  ? lock_acquire.part.0+0x11b/0x380
[  275.423431][T10952]  ? __pfx___fpu_restore_sig+0x10/0x10
[  275.425131][T10952]  ? lock_acquire+0x2f/0xb0
[  275.426589][T10952]  ? __might_fault+0xe3/0x190
[  275.428016][T10952]  fpu__restore_sig+0x113/0x190
[  275.429533][T10952]  ia32_restore_sigcontext+0x40f/0x5d0
[  275.431084][T10952]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  275.432791][T10952]  ? __pfx_lock_release+0x10/0x10
[  275.434220][T10952]  ? _raw_spin_unlock_irq+0x23/0x50
[  275.435708][T10952]  ? lockdep_hardirqs_on+0x7c/0x110
[  275.437203][T10952]  __do_compat_sys_sigreturn+0x14b/0x200
[  275.438780][T10952]  ? __pfx___do_compat_sys_sigreturn+0x10/0x10
[  275.440572][T10952]  do_int80_emulation+0x104/0x200
[  275.442013][T10952]  asm_int80_emulation+0x1a/0x20
[  275.443445][T10952] RIP: 0023:0xf713e579
[  275.444618][T10952] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  275.450218][T10952] RSP: 002b:00000000f513055c EFLAGS: 00000296
[  275.452074][T10952] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  275.454228][T10952] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
[  275.456455][T10952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  275.458677][T10952] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  275.461050][T10952] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  275.463362][T10952]  </TASK>
[  275.478995][T10951] tipc: Disabling bearer <eth:syzkaller0>
[  275.590216][ T1448] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[  275.740112][ T1448] usb 6-1: Using ep0 maxpacket: 16
[  275.742883][ T1448] usb 6-1: config 0 has no interfaces?
[  275.746273][ T1448] usb 6-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=90.c4
[  275.749007][ T1448] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  275.752852][ T1448] usb 6-1: Product: syz
[  275.754119][ T1448] usb 6-1: Manufacturer: syz
[  275.755616][ T1448] usb 6-1: SerialNumber: syz
[  275.758213][ T1448] usb 6-1: config 0 descriptor??
[  275.901285][T10966] netlink: 'syz.2.1263': attribute type 10 has an invalid length.
[  275.911643][T10966] 8021q: adding VLAN 0 to HW filter on device team0
[  275.916872][T10966] 
: (slave team0): Enslaving as an active interface with an up link
[  275.957282][T10968] sp0: Synchronizing with TNC
[  275.969379][ T1448] usb 6-1: USB disconnect, device number 48
[  276.472196][T10975] netlink: 'syz.2.1266': attribute type 1 has an invalid length.
[  276.474609][T10975] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1266'.
[  276.519423][T10977] FAULT_INJECTION: forcing a failure.
[  276.519423][T10977] name failslab, interval 1, probability 0, space 0, times 0
[  276.524831][T10977] CPU: 3 UID: 0 PID: 10977 Comm: syz.1.1267 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  276.529040][T10977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  276.533332][T10977] Call Trace:
[  276.534666][T10977]  <TASK>
[  276.535833][T10977]  dump_stack_lvl+0x16c/0x1f0
[  276.537680][T10977]  should_fail_ex+0x497/0x5b0
[  276.539523][T10977]  ? fs_reclaim_acquire+0xae/0x150
[  276.541547][T10977]  should_failslab+0xc2/0x120
[  276.543400][T10977]  __kmalloc_noprof+0xce/0x4f0
[  276.545282][T10977]  ? is_bpf_text_address+0x8a/0x1a0
[  276.547395][T10977]  ? tomoyo_encode2+0x100/0x3e0
[  276.549385][T10977]  tomoyo_encode2+0x100/0x3e0
[  276.551284][T10977]  ? bpf_ksym_find+0x124/0x1c0
[  276.553234][T10977]  tomoyo_encode+0x2c/0x40
[  276.555052][T10977]  tomoyo_mount_acl+0x145/0x880
[  276.557016][T10977]  ? hlock_class+0x4e/0x130
[  276.558890][T10977]  ? __lock_acquire+0x15a9/0x3c40
[  276.560955][T10977]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  276.563123][T10977]  ? __pfx___lock_acquire+0x10/0x10
[  276.565185][T10977]  ? stack_trace_save+0x95/0xd0
[  276.566945][T10977]  ? __pfx_lock_release+0x10/0x10
[  276.568974][T10977]  ? trace_lock_acquire+0x14e/0x1f0
[  276.571059][T10977]  ? tomoyo_mount_permission+0x149/0x420
[  276.573352][T10977]  ? lock_acquire+0x2f/0xb0
[  276.575227][T10977]  ? tomoyo_mount_permission+0x149/0x420
[  276.577474][T10977]  tomoyo_mount_permission+0x16e/0x420
[  276.579650][T10977]  ? tomoyo_mount_permission+0x149/0x420
[  276.581535][T10977]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  276.583261][T10977]  ? get_current_fs_domain+0x184/0x1f0
[  276.585227][T10977]  security_sb_mount+0x9b/0x260
[  276.587226][T10977]  path_mount+0x129/0x1f00
[  276.589013][T10977]  ? kmem_cache_free+0x152/0x4c0
[  276.591018][T10977]  ? __pfx_path_mount+0x10/0x10
[  276.592564][T10977]  ? putname+0x13c/0x180
[  276.593789][T10977]  __ia32_sys_mount+0x292/0x310
[  276.595189][T10977]  ? __pfx___ia32_sys_mount+0x10/0x10
[  276.596724][T10977]  __do_fast_syscall_32+0x73/0x120
[  276.598341][T10977]  do_fast_syscall_32+0x32/0x80
[  276.599795][T10977]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  276.601634][T10977] RIP: 0023:0xf7fb3579
[  276.602798][T10977] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  276.608228][T10977] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  276.610595][T10977] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000000
[  276.612845][T10977] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 00000000200005c0
[  276.615083][T10977] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  276.617339][T10977] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  276.619600][T10977] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  276.621866][T10977]  </TASK>
[  276.894024][T10991] FAULT_INJECTION: forcing a failure.
[  276.894024][T10991] name failslab, interval 1, probability 0, space 0, times 0
[  276.897685][T10991] CPU: 1 UID: 0 PID: 10991 Comm: syz.2.1274 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  276.900847][T10991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  276.903967][T10991] Call Trace:
[  276.905029][T10991]  <TASK>
[  276.905969][T10991]  dump_stack_lvl+0x16c/0x1f0
[  276.907364][T10991]  should_fail_ex+0x497/0x5b0
[  276.908748][T10991]  ? fs_reclaim_acquire+0xae/0x150
[  276.910250][T10991]  should_failslab+0xc2/0x120
[  276.911627][T10991]  __kmalloc_noprof+0xce/0x4f0
[  276.912993][T10991]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  276.915082][T10991]  ? lockdep_hardirqs_on+0x7c/0x110
[  276.916618][T10991]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  276.918654][T10991]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  276.920258][T10991]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  276.922055][T10991]  ? genl_get_cmd+0x195/0x580
[  276.923439][T10991]  ? bpf_lsm_capable+0x9/0x10
[  276.924746][T10991]  ? security_capable+0x7e/0x260
[  276.926193][T10991]  ? ns_capable+0xd7/0x110
[  276.927500][T10991]  genl_rcv_msg+0x565/0x800
[  276.928823][T10991]  ? __pfx_genl_rcv_msg+0x10/0x10
[  276.930285][T10991]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  276.931847][T10991]  ? __pfx_nl80211_tdls_mgmt+0x10/0x10
[  276.933620][T10991]  ? __pfx_nl80211_post_doit+0x10/0x10
[  276.935217][T10991]  netlink_rcv_skb+0x165/0x410
[  276.936630][T10991]  ? __pfx_genl_rcv_msg+0x10/0x10
[  276.938098][T10991]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  276.939661][T10991]  ? down_read+0xc9/0x330
[  276.940972][T10991]  ? __pfx_down_read+0x10/0x10
[  276.942374][T10991]  ? netlink_deliver_tap+0x1ae/0xca0
[  276.943926][T10991]  genl_rcv+0x28/0x40
[  276.945100][T10991]  netlink_unicast+0x53c/0x7f0
[  276.946534][T10991]  ? __pfx_netlink_unicast+0x10/0x10
[  276.948120][T10991]  ? __phys_addr_symbol+0x30/0x80
[  276.949976][T10991]  ? __check_object_size+0x488/0x710
[  276.951659][T10991]  netlink_sendmsg+0x8b8/0xd70
[  276.953029][T10991]  ? __pfx_netlink_sendmsg+0x10/0x10
[  276.954489][T10991]  ____sys_sendmsg+0x9ae/0xb40
[  276.956093][T10991]  ? __pfx_____sys_sendmsg+0x10/0x10
[  276.957599][T10991]  ? get_compat_msghdr+0x11b/0x170
[  276.959120][T10991]  ___sys_sendmsg+0x135/0x1e0
[  276.960681][T10991]  ? __pfx____sys_sendmsg+0x10/0x10
[  276.962489][T10991]  ? __pfx_lock_release+0x10/0x10
[  276.964201][T10991]  ? trace_lock_acquire+0x14e/0x1f0
[  276.966057][T10991]  ? __fget_files+0x206/0x3a0
[  276.967543][T10991]  __sys_sendmsg+0x16e/0x220
[  276.969308][T10991]  ? __pfx___sys_sendmsg+0x10/0x10
[  276.971176][T10991]  __do_fast_syscall_32+0x73/0x120
[  276.973144][T10991]  do_fast_syscall_32+0x32/0x80
[  276.974979][T10991]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  276.977321][T10991] RIP: 0023:0xf7fd6579
[  276.978863][T10991] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  276.985757][T10991] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  276.988706][T10991] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000480
[  276.991510][T10991] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  276.994315][T10991] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  276.996881][T10991] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  276.999279][T10991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  277.001524][T10991]  </TASK>
[  277.174494][T10997] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1275'.
[  277.240113][T10999] FAULT_INJECTION: forcing a failure.
[  277.240113][T10999] name failslab, interval 1, probability 0, space 0, times 0
[  277.244226][T10999] CPU: 1 UID: 0 PID: 10999 Comm: syz.2.1275 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  277.247219][T10999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  277.251178][T10999] Call Trace:
[  277.252520][T10999]  <TASK>
[  277.253695][T10999]  dump_stack_lvl+0x16c/0x1f0
[  277.255554][T10999]  should_fail_ex+0x497/0x5b0
[  277.257345][T10999]  should_failslab+0xc2/0x120
[  277.259223][T10999]  __kmalloc_cache_noprof+0x68/0x420
[  277.261303][T10999]  ? l2cap_chan_put+0x216/0x2c0
[  277.263179][T10999]  l2cap_chan_create+0x44/0x920
[  277.265035][T10999]  lowpan_control_write+0x41a/0x740
[  277.267057][T10999]  ? __pfx_lowpan_control_write+0x10/0x10
[  277.269287][T10999]  ? debugfs_file_get+0x21c/0x5c0
[  277.271298][T10999]  ? rcu_is_watching+0x12/0xc0
[  277.273194][T10999]  ? trace_lock_acquire+0x14e/0x1f0
[  277.275282][T10999]  full_proxy_write+0xfb/0x1b0
[  277.277180][T10999]  ? __pfx_full_proxy_write+0x10/0x10
[  277.279450][T10999]  vfs_write+0x24c/0x1150
[  277.281142][T10999]  ? __fget_files+0x1fc/0x3a0
[  277.283032][T10999]  ? __pfx___mutex_lock+0x10/0x10
[  277.285077][T10999]  ? __pfx_vfs_write+0x10/0x10
[  277.287014][T10999]  ? __fget_files+0x206/0x3a0
[  277.288925][T10999]  ksys_write+0x12b/0x250
[  277.290662][T10999]  ? __pfx_ksys_write+0x10/0x10
[  277.292627][T10999]  __do_fast_syscall_32+0x73/0x120
[  277.294692][T10999]  do_fast_syscall_32+0x32/0x80
[  277.296643][T10999]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  277.299175][T10999] RIP: 0023:0xf7fd6579
[  277.300904][T10999] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  277.308510][T10999] RSP: 002b:00000000f50e455c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  277.311450][T10999] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000180
[  277.313894][T10999] RDX: 000000000000001b RSI: 0000000000000000 RDI: 0000000000000000
[  277.316175][T10999] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  277.318760][T10999] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  277.321487][T10999] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  277.324034][T10999]  </TASK>
[  278.210146][   T57] usb 8-1: new high-speed USB device number 48 using dummy_hcd
[  278.284675][   T39] audit: type=1800 audit(1736246679.575:391): pid=11013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1279" name="bus" dev="overlay" ino=1710 res=0 errno=0
[  278.360182][   T57] usb 8-1: Using ep0 maxpacket: 32
[  278.364822][   T57] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  278.383463][   T57] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  278.386955][   T57] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  278.390125][   T57] usb 8-1: Product: syz
[  278.391758][   T57] usb 8-1: Manufacturer: syz
[  278.393628][   T57] usb 8-1: SerialNumber: syz
[  278.402532][   T57] usb 8-1: config 0 descriptor??
[  278.407047][T11005] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  278.614166][    T8] usb 8-1: USB disconnect, device number 48
[  280.326119][   T39] audit: type=1800 audit(1736246681.615:392): pid=11061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1293" name="bus" dev="overlay" ino=1770 res=0 errno=0
[  280.717152][   T39] audit: type=1800 audit(1736246682.005:393): pid=11065 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1294" name="bus" dev="overlay" ino=1747 res=0 errno=0
[  281.058030][T11069] netlink: 'syz.3.1295': attribute type 1 has an invalid length.
[  281.083508][T11069] 8021q: adding VLAN 0 to HW filter on device bond0
[  281.104342][T11069] bond0: (slave gretap1): making interface the new active one
[  281.108350][T11069] bond0: (slave gretap1): Enslaving as an active interface with an up link
[  281.226600][T11073] netlink: 892 bytes leftover after parsing attributes in process `syz.3.1296'.
[  281.518917][T11084] random: crng reseeded on system resumption
[  281.588990][T11084] FAULT_INJECTION: forcing a failure.
[  281.588990][T11084] name failslab, interval 1, probability 0, space 0, times 0
[  281.652292][T11084] CPU: 1 UID: 0 PID: 11084 Comm: syz.1.1297 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  281.656660][T11084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  281.661112][T11084] Call Trace:
[  281.662448][T11084]  <TASK>
[  281.663663][T11084]  dump_stack_lvl+0x16c/0x1f0
[  281.665593][T11084]  should_fail_ex+0x497/0x5b0
[  281.667536][T11084]  ? fs_reclaim_acquire+0xae/0x150
[  281.669607][T11084]  should_failslab+0xc2/0x120
[  281.671556][T11084]  __kmalloc_cache_noprof+0x68/0x420
[  281.673716][T11084]  ? blocking_notifier_call_chain_robust+0xf7/0x170
[  281.676465][T11084]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  281.679282][T11084]  create_basic_memory_bitmaps+0x9f/0x680
[  281.681588][T11084]  snapshot_open+0x235/0x2b0
[  281.683528][T11084]  ? __pfx_snapshot_open+0x10/0x10
[  281.685603][T11084]  misc_open+0x35a/0x420
[  281.687348][T11084]  ? __pfx_misc_open+0x10/0x10
[  281.689280][T11084]  chrdev_open+0x237/0x6a0
[  281.691091][T11084]  ? __pfx_apparmor_file_open+0x10/0x10
[  281.693243][T11084]  ? __pfx_chrdev_open+0x10/0x10
[  281.695229][T11084]  do_dentry_open+0xf59/0x1ea0
[  281.697088][T11084]  ? __pfx_chrdev_open+0x10/0x10
[  281.699089][T11084]  ? inode_permission+0xdd/0x5f0
[  281.701110][T11084]  vfs_open+0x82/0x3f0
[  281.702965][T11084]  ? may_open+0x1f2/0x400
[  281.704750][T11084]  path_openat+0x1e6a/0x2d60
[  281.706631][T11084]  ? __pfx_path_openat+0x10/0x10
[  281.708538][T11084]  ? __pfx___lock_acquire+0x10/0x10
[  281.710642][T11084]  ? lock_acquire.part.0+0x11b/0x380
[  281.712781][T11084]  ? find_held_lock+0x2d/0x110
[  281.714735][T11084]  do_filp_open+0x20c/0x470
[  281.716588][T11084]  ? __pfx_do_filp_open+0x10/0x10
[  281.718621][T11084]  ? find_held_lock+0x2d/0x110
[  281.720588][T11084]  ? alloc_fd+0x41f/0x760
[  281.722350][T11084]  do_sys_openat2+0x17a/0x1e0
[  281.724297][T11084]  ? __pfx_do_sys_openat2+0x10/0x10
[  281.726386][T11084]  ? __pfx___schedule+0x10/0x10
[  281.728386][T11084]  ? __fget_files+0x206/0x3a0
[  281.730293][T11084]  __ia32_compat_sys_openat+0x16e/0x210
[  281.732534][T11084]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  281.734990][T11084]  ? ksys_write+0x1ba/0x250
[  281.736849][T11084]  __do_fast_syscall_32+0x73/0x120
[  281.738924][T11084]  do_fast_syscall_32+0x32/0x80
[  281.740924][T11084]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  281.743483][T11084] RIP: 0023:0xf7fb3579
[  281.745142][T11084] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  281.752782][T11084] RSP: 002b:00000000f50c455c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  281.755960][T11084] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000340
[  281.758255][T11084] RDX: 00000000bf02e77b RSI: 0000000000000000 RDI: 0000000000000000
[  281.760644][T11084] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  281.762809][T11084] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  281.764857][T11084] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  281.766982][T11084]  </TASK>
[  281.871801][T11092] FAULT_INJECTION: forcing a failure.
[  281.871801][T11092] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  281.875623][T11092] CPU: 3 UID: 0 PID: 11092 Comm: syz.2.1301 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  281.878807][T11092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  281.881960][T11092] Call Trace:
[  281.882938][T11092]  <TASK>
[  281.883821][T11092]  dump_stack_lvl+0x16c/0x1f0
[  281.885219][T11092]  should_fail_ex+0x497/0x5b0
[  281.886634][T11092]  _copy_to_user+0x32/0xd0
[  281.887965][T11092]  simple_read_from_buffer+0xd0/0x160
[  281.889548][T11092]  proc_fail_nth_read+0x198/0x270
[  281.891310][T11092]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  281.893111][T11092]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  281.894784][T11092]  vfs_read+0x1df/0xbe0
[  281.895999][T11092]  ? __fget_files+0x1fc/0x3a0
[  281.897308][T11092]  ? __pfx___mutex_lock+0x10/0x10
[  281.898775][T11092]  ? __pfx_vfs_read+0x10/0x10
[  281.900229][T11092]  ? __fget_files+0x206/0x3a0
[  281.901680][T11092]  ksys_read+0x12b/0x250
[  281.902944][T11092]  ? __pfx_ksys_read+0x10/0x10
[  281.904382][T11092]  __do_fast_syscall_32+0x73/0x120
[  281.905941][T11092]  do_fast_syscall_32+0x32/0x80
[  281.907394][T11092]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  281.909275][T11092] RIP: 0023:0xf7fd6579
[  281.910536][T11092] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  281.916247][T11092] RSP: 002b:00000000f5126590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  281.918700][T11092] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5126620
[  281.921191][T11092] RDX: 000000000000000f RSI: 00000000f7463ff4 RDI: 0000000000000000
[  281.923581][T11092] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  281.925955][T11092] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  281.928278][T11092] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  281.930807][T11092]  </TASK>
[  282.510656][T11099] netlink: 'syz.1.1303': attribute type 4 has an invalid length.
[  282.513117][T11099] netlink: 'syz.1.1303': attribute type 4 has an invalid length.
[  282.516538][ T5987] lo speed is unknown, defaulting to 1000
[  282.969704][T11122] lo speed is unknown, defaulting to 1000
[  282.972074][T11122] lo speed is unknown, defaulting to 1000
[  283.306835][T11129] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1310'.
[  283.914882][T11139] FAULT_INJECTION: forcing a failure.
[  283.914882][T11139] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  283.918779][T11139] CPU: 1 UID: 0 PID: 11139 Comm: syz.2.1314 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  283.922068][T11139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  283.925114][T11139] Call Trace:
[  283.926093][T11139]  <TASK>
[  283.926952][T11139]  dump_stack_lvl+0x16c/0x1f0
[  283.928328][T11139]  should_fail_ex+0x497/0x5b0
[  283.929756][T11139]  _copy_from_user+0x2e/0xd0
[  283.931265][T11139]  ucma_connect+0x112/0x3f0
[  283.932578][T11139]  ? __pfx_ucma_connect+0x10/0x10
[  283.934030][T11139]  ? __mutex_unlock_slowpath+0x164/0x690
[  283.935576][T11139]  ? __might_fault+0xe3/0x190
[  283.936941][T11139]  ? __pfx_ucma_connect+0x10/0x10
[  283.938386][T11139]  ucma_write+0x1f9/0x330
[  283.940095][T11139]  ? __pfx_ucma_write+0x10/0x10
[  283.942096][T11139]  ? bpf_lsm_file_permission+0x9/0x10
[  283.944281][T11139]  ? security_file_permission+0x71/0x210
[  283.946523][T11139]  ? iov_iter_advance+0x1e3/0x6c0
[  283.948509][T11139]  ? __pfx_ucma_write+0x10/0x10
[  283.950198][T11139]  vfs_writev+0x6da/0xdd0
[  283.951709][T11139]  ? find_held_lock+0x2d/0x110
[  283.953311][T11139]  ? __pfx_vfs_writev+0x10/0x10
[  283.954833][T11139]  ? find_held_lock+0x2d/0x110
[  283.956363][T11139]  ? __pfx_lock_release+0x10/0x10
[  283.957966][T11139]  ? trace_lock_acquire+0x14e/0x1f0
[  283.959728][T11139]  ? __fget_files+0x206/0x3a0
[  283.961369][T11139]  ? do_writev+0x297/0x340
[  283.962898][T11139]  do_writev+0x297/0x340
[  283.964363][T11139]  ? __pfx_do_writev+0x10/0x10
[  283.966029][T11139]  __do_fast_syscall_32+0x73/0x120
[  283.967795][T11139]  do_fast_syscall_32+0x32/0x80
[  283.969473][T11139]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  283.971675][T11139] RIP: 0023:0xf7fd6579
[  283.973095][T11139] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  283.979558][T11139] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[  283.982414][T11139] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
[  283.985109][T11139] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000
[  283.987830][T11139] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  283.990552][T11139] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  283.993265][T11139] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  283.995967][T11139]  </TASK>
[  284.330212][   T63] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[  284.482048][   T63] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  284.485033][   T63] usb 7-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  284.485047][   T63] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.485846][   T63] usb 7-1: config 0 descriptor??
[  284.696814][T11145] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  284.699487][T11145] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  284.708014][   T63] usbhid 7-1:0.0: can't add hid device: -71
[  284.709856][   T63] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  284.713315][   T63] usb 7-1: USB disconnect, device number 41
[  284.973312][T11156] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  285.302831][T11161] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1320'.
[  285.560263][    T9] usb 7-1: new low-speed USB device number 42 using dummy_hcd
[  285.565643][T11164] netlink: 'syz.3.1321': attribute type 1 has an invalid length.
[  285.568727][T11164] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1321'.
[  285.721313][    T9] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  285.723472][    T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  285.726774][    T9] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  285.750367][    T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  285.753571][    T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  285.761114][    T9] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  285.763297][    T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  285.766495][    T9] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  285.769962][    T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  285.780249][    T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  285.784251][    T9] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  285.786634][    T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  285.789986][    T9] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  285.794247][    T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  285.798119][    T9] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  285.805051][    T9] usb 7-1: string descriptor 0 read error: -22
[  285.807370][    T9] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  285.820279][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.833421][    T9] adutux 7-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  286.034588][    T9] usb 7-1: USB disconnect, device number 42
[  286.293704][T11181] lo speed is unknown, defaulting to 1000
[  286.297025][T11181] lo speed is unknown, defaulting to 1000
[  286.599741][T11187] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1327'.
[  286.860917][ T6032] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[  287.031753][ T6032] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  287.035388][ T6032] usb 7-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  287.038888][ T6032] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.049676][ T6032] usb 7-1: config 0 descriptor??
[  287.254743][T11189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  287.257481][T11189] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  287.262556][ T6032] usbhid 7-1:0.0: can't add hid device: -71
[  287.264466][ T6032] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  287.270237][ T6032] usb 7-1: USB disconnect, device number 43
[  288.089183][   T39] audit: type=1800 audit(1736246689.375:394): pid=11200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1330" name="bus" dev="overlay" ino=1821 res=0 errno=0
[  289.724069][   T39] audit: type=1326 audit(1736246691.015:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11210 comm="syz.2.1334" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fd6579 code=0x0
[  289.757135][T11213] netlink: 'syz.3.1333': attribute type 1 has an invalid length.
[  289.759524][T11213] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1333'.
[  289.882143][   T39] audit: type=1326 audit(1736246691.175:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11218 comm="syz.1.1335" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fb3579 code=0x0
[  290.163002][T11228] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1336'.
[  290.400277][ T6189] usb 8-1: new low-speed USB device number 49 using dummy_hcd
[  290.571275][ T6189] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[  290.573480][ T6189] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  290.576806][ T6189] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  290.580977][ T6189] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  290.584155][ T6189] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  290.588479][ T6189] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[  290.590768][ T6189] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  290.593831][ T6189] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  290.597152][ T6189] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  290.600390][ T6189] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  290.604243][ T6189] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[  290.606428][ T6189] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  290.609435][ T6189] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  290.612815][ T6189] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  290.616067][ T6189] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  290.623341][ T6189] usb 8-1: string descriptor 0 read error: -22
[  290.625165][ T6189] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  290.627827][ T6189] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.633865][ T6189] adutux 8-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  290.837642][    T8] usb 8-1: USB disconnect, device number 49
[  291.491974][T11239] qnx6: unable to set blocksize
[  291.572086][T11242] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1340'.
[  291.650239][   T57] usb 8-1: new high-speed USB device number 50 using dummy_hcd
[  291.810213][ T6032] usb 7-1: new low-speed USB device number 44 using dummy_hcd
[  291.841503][   T57] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  291.844293][   T57] usb 8-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  291.846798][   T57] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.870480][   T57] usb 8-1: config 0 descriptor??
[  291.963447][ T6032] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  291.966385][ T6032] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  291.970714][ T6032] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  291.975358][ T6032] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  291.979583][ T6032] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  291.985064][ T6032] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  291.988091][ T6032] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  291.992307][ T6032] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  291.996971][ T6032] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  292.001507][ T6032] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  292.006884][ T6032] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  292.009769][ T6032] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  292.014415][ T6032] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  292.018924][ T6032] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  292.023610][ T6032] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  292.030824][ T6032] usb 7-1: string descriptor 0 read error: -22
[  292.033254][ T6032] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  292.037066][ T6032] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  292.044648][ T6032] adutux 7-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  292.111705][T11236] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  292.114647][T11236] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  292.132521][   T57] usbhid 8-1:0.0: can't add hid device: -71
[  292.134406][   T57] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  292.160250][   T57] usb 8-1: USB disconnect, device number 50
[  292.249388][ T6032] usb 7-1: USB disconnect, device number 44
[  292.251785][ T5953] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  292.258064][ T5953] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  292.261788][ T5953] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  292.267279][ T5953] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  292.270632][ T5953] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  292.278496][ T5953] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  292.294089][   T66] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  292.299090][   T66] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  292.306965][   T66] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  292.310622][   T66] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  292.313517][   T66] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  292.315701][   T66] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  292.336660][T11244] lo speed is unknown, defaulting to 1000
[  292.338703][T11244] lo speed is unknown, defaulting to 1000
[  292.419512][   T91] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.429410][T11244] chnl_net:caif_netlink_parms(): no params data found
[  292.526806][   T91] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.553063][T11244] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.556168][T11244] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.559207][T11244] bridge_slave_0: entered allmulticast mode
[  292.563472][T11244] bridge_slave_0: entered promiscuous mode
[  292.567434][T11244] bridge0: port 2(bridge_slave_1) entered blocking state
[  292.570578][T11244] bridge0: port 2(bridge_slave_1) entered disabled state
[  292.573348][T11244] bridge_slave_1: entered allmulticast mode
[  292.576334][T11244] bridge_slave_1: entered promiscuous mode
[  292.614167][   T91] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.647888][T11244] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  292.653346][T11244] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  292.655106][T11258] fuse: Unknown parameter 'grouÀDÄÑ00000000000000000000'
[  292.675711][T11261] netlink: 'syz.3.1344': attribute type 1 has an invalid length.
[  292.678118][T11261] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1344'.
[  292.692012][T11244] team0: Port device team_slave_0 added
[  292.694820][T11244] team0: Port device team_slave_1 added
[  292.731966][   T91] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.739089][T11244] batman_adv: batadv0: Adding interface: batadv_slave_0
[  292.741949][T11244] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.749286][T11244] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  292.754819][T11244] batman_adv: batadv0: Adding interface: batadv_slave_1
[  292.757319][T11244] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.764857][T11244] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  292.830627][T11244] hsr_slave_0: entered promiscuous mode
[  292.833501][T11244] hsr_slave_1: entered promiscuous mode
[  292.836266][T11244] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  292.839133][T11244] Cannot create hsr debugfs directory
[  293.214153][   T91] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  293.219306][   T91] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  293.224417][   T91] bond0 (unregistering): Released all slaves
[  293.234406][T11266] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1346'.
[  293.240712][ T6189] usb 7-1: new low-speed USB device number 45 using dummy_hcd
[  293.341953][T11244] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  293.351644][T11244] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  293.394896][ T6189] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  293.397539][ T6189] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  293.401801][ T6189] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  293.406443][T11244] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  293.406453][ T6189] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  293.413728][ T6189] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  293.414487][T11244] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  293.418856][ T6189] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  293.422812][ T6189] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  293.426593][ T6189] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  293.433749][ T6189] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  293.437602][ T6189] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  293.448090][ T6189] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  293.453373][ T6189] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  293.456454][ T6189] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  293.459743][ T6189] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  293.469656][ T6189] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  293.479669][ T6189] usb 7-1: string descriptor 0 read error: -22
[  293.482864][ T6189] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  293.485486][ T6189] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  293.490729][ T6189] adutux 7-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  293.529855][T11244] 8021q: adding VLAN 0 to HW filter on device bond0
[  293.538097][T11244] 8021q: adding VLAN 0 to HW filter on device team0
[  293.542762][ T1168] bridge0: port 1(bridge_slave_0) entered blocking state
[  293.544803][ T1168] bridge0: port 1(bridge_slave_0) entered forwarding state
[  293.553584][ T1168] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.555609][ T1168] bridge0: port 2(bridge_slave_1) entered forwarding state
[  293.577573][   T91] hsr_slave_0: left promiscuous mode
[  293.579765][   T91] hsr_slave_1: left promiscuous mode
[  293.582330][   T91] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  293.584547][   T91] batman_adv: batadv0: Removing interface: batadv_slave_0
[  293.587077][   T91] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  293.589245][   T91] batman_adv: batadv0: Removing interface: batadv_slave_1
[  293.614059][   T91] veth1_macvtap: left promiscuous mode
[  293.617881][   T91] veth0_macvtap: left promiscuous mode
[  293.620868][   T91] veth1_vlan: left promiscuous mode
[  293.622936][   T91] veth0_vlan: left promiscuous mode
[  293.693462][   T35] usb 7-1: USB disconnect, device number 45
[  293.711461][    T9] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[  293.873539][    T9] usb 6-1: config 0 has no interfaces?
[  293.875171][    T9] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  293.877719][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.881988][    T9] usb 6-1: config 0 descriptor??
[  294.137586][T11291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  294.141332][T11291] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  294.146576][T11291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  294.149248][T11291] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  294.152470][T11285] usb usb9: usbfs: process 11285 (syz.1.1349) did not claim interface 0 before use
[  294.224255][ T6189] usb 6-1: USB disconnect, device number 49
[  294.248193][T11294] netlink: 'syz.2.1352': attribute type 1 has an invalid length.
[  294.312973][   T35] usb 8-1: new high-speed USB device number 51 using dummy_hcd
[  294.400338][   T66] Bluetooth: hci3: command tx timeout
[  294.505808][   T35] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  294.509549][   T35] usb 8-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  294.512778][   T35] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.515945][   T35] usb 8-1: config 0 descriptor??
[  294.728715][T11290] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  294.731927][T11290] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  294.828553][T11298] futex_wake_op: syz.1.1353 tries to shift op by -1; fix this program
[  295.014425][   T35] usbhid 8-1:0.0: can't add hid device: -71
[  295.016267][   T35] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  295.021231][   T35] usb 8-1: USB disconnect, device number 51
[  295.034807][T11294] 8021q: adding VLAN 0 to HW filter on device bond0
[  295.055480][T11295] bond0: (slave gretap1): making interface the new active one
[  295.061999][T11295] bond0: (slave gretap1): Enslaving as an active interface with an up link
[  295.162461][T11244] 8021q: adding VLAN 0 to HW filter on device batadv0
[  295.167189][T11311] netlink: 'syz.2.1354': attribute type 1 has an invalid length.
[  295.169495][T11311] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1354'.
[  295.335720][T11244] veth0_vlan: entered promiscuous mode
[  295.343977][T11244] veth1_vlan: entered promiscuous mode
[  295.367783][   T91] IPVS: stop unused estimator thread 0...
[  295.368676][T11244] veth0_macvtap: entered promiscuous mode
[  295.377770][T11244] veth1_macvtap: entered promiscuous mode
[  295.385701][T11244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  295.388732][T11244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  295.393800][T11244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  295.396816][T11244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  295.400861][T11244] batman_adv: batadv0: Interface activated: batadv_slave_0
[  295.406456][T11244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  295.409509][T11244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  295.414594][T11244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  295.417655][T11244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  295.421850][T11244] batman_adv: batadv0: Interface activated: batadv_slave_1
[  295.426419][T11244] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  295.428982][T11244] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  295.434885][T11244] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  295.437458][T11244] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  295.495279][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  295.498702][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  295.506364][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  295.508806][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  296.480202][   T66] Bluetooth: hci3: command tx timeout
[  296.725250][T11396] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.768703][T11404] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1367'.
[  296.774666][T11404] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1367'.
[  296.854927][T11396] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.986718][T11396] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.060141][ T5990] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  297.122206][T11396] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.212380][ T5990] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  297.215325][ T5990] usb 10-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  297.218005][ T5990] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.225901][ T5990] usb 10-1: config 0 descriptor??
[  297.236592][T11396] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  297.243679][T11396] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  297.248217][T11396] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  297.253330][T11396] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  297.353990][T11438] 9pnet_fd: Insufficient options for proto=fd
[  297.358910][T11436] FAULT_INJECTION: forcing a failure.
[  297.358910][T11436] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  297.368397][T11436] CPU: 1 UID: 0 PID: 11436 Comm: syz.2.1375 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  297.372130][T11436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  297.376060][T11436] Call Trace:
[  297.377432][T11436]  <TASK>
[  297.378431][T11436]  dump_stack_lvl+0x16c/0x1f0
[  297.380311][T11436]  should_fail_ex+0x497/0x5b0
[  297.382232][T11436]  _copy_to_user+0x32/0xd0
[  297.384055][T11436]  simple_read_from_buffer+0xd0/0x160
[  297.386231][T11436]  proc_fail_nth_read+0x198/0x270
[  297.388145][T11436]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  297.389728][T11436]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  297.391325][T11436]  vfs_read+0x1df/0xbe0
[  297.392527][T11436]  ? __fget_files+0x1fc/0x3a0
[  297.393882][T11436]  ? __pfx___mutex_lock+0x10/0x10
[  297.395345][T11436]  ? __pfx_vfs_read+0x10/0x10
[  297.396711][T11436]  ? __fget_files+0x206/0x3a0
[  297.398141][T11436]  ksys_read+0x12b/0x250
[  297.399383][T11436]  ? __pfx_ksys_read+0x10/0x10
[  297.400773][T11436]  __do_fast_syscall_32+0x73/0x120
[  297.402246][T11436]  do_fast_syscall_32+0x32/0x80
[  297.403655][T11436]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  297.405475][T11436] RIP: 0023:0xf7fd6579
[  297.406658][T11436] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  297.412502][T11436] RSP: 002b:00000000f5126590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  297.415138][T11436] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5126620
[  297.417479][T11436] RDX: 000000000000000f RSI: 00000000f7463ff4 RDI: 0000000000000000
[  297.419918][T11436] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  297.422260][T11436] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  297.424615][T11436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  297.426959][T11436]  </TASK>
[  297.441611][T11407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  297.452186][T11407] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  297.456457][ T5990] usbhid 10-1:0.0: can't add hid device: -71
[  297.458364][ T5990] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  297.465799][ T5990] usb 10-1: USB disconnect, device number 2
[  298.460160][ T5987] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  298.662418][ T5987] usb 10-1: config 0 has no interfaces?
[  298.664667][ T5987] usb 10-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  298.667489][ T5987] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.671622][ T5987] usb 10-1: config 0 descriptor??
[  298.820463][   T63] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[  298.823283][ T1448] usb 8-1: new high-speed USB device number 52 using dummy_hcd
[  298.928465][T11498] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  298.931847][T11498] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  298.935504][T11498] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  298.938137][T11498] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  298.942337][T11484] usb usb9: usbfs: process 11484 (syz.5.1389) did not claim interface 0 before use
[  299.001162][   T63] usb 6-1: Using ep0 maxpacket: 8
[  299.007326][ T1448] usb 8-1: config 0 has no interfaces?
[  299.009075][ T1448] usb 8-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  299.012086][ T1448] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.015019][ T5990] usb 10-1: USB disconnect, device number 3
[  299.015288][   T63] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  299.019566][   T63] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  299.023121][   T63] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  299.025948][   T63] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  299.029763][   T63] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  299.032639][   T63] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.035979][ T1448] usb 8-1: config 0 descriptor??
[  299.133422][T11512] netlink: 'syz.2.1395': attribute type 1 has an invalid length.
[  299.158834][T11512] vlan2: entered allmulticast mode
[  299.161785][T11512] bond3: entered allmulticast mode
[  299.167233][T11512] bond3: left allmulticast mode
[  299.248490][   T63] usb 6-1: GET_CAPABILITIES returned 0
[  299.250247][   T63] usbtmc 6-1:16.0: can't read capabilities
[  299.301939][T11516] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  299.305328][T11516] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  299.312095][T11516] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  299.314965][T11516] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  299.318812][T11516] usb usb9: usbfs: process 11516 (syz.3.1390) did not claim interface 0 before use
[  299.382081][ T5990] usb 8-1: USB disconnect, device number 52
[  299.459233][   T35] libceph: connect (1)[c::]:6789 error -101
[  299.461174][   T35] libceph: mon0 (1)[c::]:6789 connect error
[  299.565046][T11488] ceph: No mds server is up or the cluster is laggy
[  299.569122][T11529] random: crng reseeded on system resumption
[  299.584228][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  299.630902][    T9] usb 6-1: USB disconnect, device number 50
[  299.729389][T11531] lo speed is unknown, defaulting to 1000
[  299.731700][T11531] lo speed is unknown, defaulting to 1000
[  300.277235][T11562] fuse: Bad value for 'fd'
[  300.337995][T11563] fuse: Bad value for 'fd'
[  300.628850][T11575] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1412'.
[  300.865739][   T39] audit: type=1326 audit(1736246702.155:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11587 comm="syz.2.1416" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fd6579 code=0x0
[  300.963882][T11594] lo speed is unknown, defaulting to 1000
[  300.974825][T11594] lo speed is unknown, defaulting to 1000
[  301.040255][T11595] tmpfs: Bad value for 'mpol'
[  301.450162][   T66] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  301.453672][   T66] Bluetooth: hci3: Injecting HCI hardware error event
[  301.458443][   T66] Bluetooth: hci3: hardware error 0x00
[  301.710883][T11603] FAULT_INJECTION: forcing a failure.
[  301.710883][T11603] name failslab, interval 1, probability 0, space 0, times 0
[  301.714466][T11603] CPU: 2 UID: 0 PID: 11603 Comm: syz.3.1419 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  301.717498][T11603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  301.720605][T11603] Call Trace:
[  301.721577][T11603]  <TASK>
[  301.722441][T11603]  dump_stack_lvl+0x16c/0x1f0
[  301.723796][T11603]  should_fail_ex+0x497/0x5b0
[  301.725156][T11603]  ? fs_reclaim_acquire+0xae/0x150
[  301.726639][T11603]  should_failslab+0xc2/0x120
[  301.728010][T11603]  __kmalloc_noprof+0xce/0x4f0
[  301.729359][T11603]  ? __pfx_perf_event_init_task+0x10/0x10
[  301.731010][T11603]  ? audit_alloc+0xa3/0x7b0
[  301.732343][T11603]  ? lsm_blob_alloc+0x68/0x90
[  301.733711][T11603]  lsm_blob_alloc+0x68/0x90
[  301.735045][T11603]  security_task_alloc+0x2d/0x260
[  301.736497][T11603]  copy_process+0x211f/0x6f20
[  301.737865][T11603]  ? __pfx_copy_process+0x10/0x10
[  301.739323][T11603]  ? __might_fault+0xe3/0x190
[  301.740688][T11603]  ? _copy_from_user+0x59/0xd0
[  301.742010][T11603]  kernel_clone+0xfd/0x960
[  301.743385][T11603]  ? __pfx_kernel_clone+0x10/0x10
[  301.744809][T11603]  __do_sys_clone3+0x1f9/0x270
[  301.746203][T11603]  ? __pfx___do_sys_clone3+0x10/0x10
[  301.747735][T11603]  ? do_user_addr_fault+0xe50/0x13f0
[  301.749261][T11603]  __do_fast_syscall_32+0x73/0x120
[  301.750768][T11603]  do_fast_syscall_32+0x32/0x80
[  301.752197][T11603]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  301.754023][T11603] RIP: 0023:0xf713e579
[  301.755255][T11603] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  301.760742][T11603] RSP: 002b:00000000f513042c EFLAGS: 00000286 ORIG_RAX: 00000000000001b3
[  301.763156][T11603] RAX: ffffffffffffffda RBX: 00000000f5130460 RCX: 0000000000000058
[  301.765521][T11603] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  301.767790][T11603] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  301.770033][T11603] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  301.772349][T11603] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  301.774625][T11603]  </TASK>
[  301.802029][   T39] audit: type=1326 audit(1736246703.095:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11604 comm="syz.1.1420" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fb3579 code=0x0
[  301.829184][T11612] FAULT_INJECTION: forcing a failure.
[  301.829184][T11612] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  301.833720][T11612] CPU: 3 UID: 0 PID: 11612 Comm: syz.5.1423 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  301.836843][T11612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  301.839951][T11612] Call Trace:
[  301.840939][T11612]  <TASK>
[  301.841794][T11612]  dump_stack_lvl+0x16c/0x1f0
[  301.843166][T11612]  should_fail_ex+0x497/0x5b0
[  301.844527][T11612]  _copy_to_user+0x32/0xd0
[  301.845827][T11612]  simple_read_from_buffer+0xd0/0x160
[  301.847376][T11612]  proc_fail_nth_read+0x198/0x270
[  301.848835][T11612]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  301.850427][T11612]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  301.852020][T11612]  vfs_read+0x1df/0xbe0
[  301.853203][T11612]  ? __fget_files+0x1fc/0x3a0
[  301.854561][T11612]  ? __pfx___mutex_lock+0x10/0x10
[  301.856016][T11612]  ? __pfx_vfs_read+0x10/0x10
[  301.857376][T11612]  ? __fget_files+0x206/0x3a0
[  301.858733][T11612]  ksys_read+0x12b/0x250
[  301.859965][T11612]  ? __pfx_ksys_read+0x10/0x10
[  301.861368][T11612]  __do_fast_syscall_32+0x73/0x120
[  301.862842][T11612]  do_fast_syscall_32+0x32/0x80
[  301.864260][T11612]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  301.866069][T11612] RIP: 0023:0xf706e579
[  301.867275][T11612] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  301.872739][T11612] RSP: 002b:00000000f5060590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  301.875126][T11612] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f5060620
[  301.877372][T11612] RDX: 000000000000000f RSI: 00000000f73a3ff4 RDI: 0000000000000000
[  301.879648][T11612] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  301.882104][T11612] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  301.884365][T11612] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  301.886631][T11612]  </TASK>
[  301.887652][    C3] vkms_vblank_simulate: vblank timer overrun
[  302.040278][ T6189] usb 8-1: new high-speed USB device number 53 using dummy_hcd
[  302.180186][ T6189] usb 8-1: device descriptor read/64, error -71
[  302.284378][T11627] FAULT_INJECTION: forcing a failure.
[  302.284378][T11627] name failslab, interval 1, probability 0, space 0, times 0
[  302.289249][T11627] CPU: 2 UID: 0 PID: 11627 Comm: syz.5.1427 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  302.293410][T11627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  302.297616][T11627] Call Trace:
[  302.298756][T11627]  <TASK>
[  302.299638][T11627]  dump_stack_lvl+0x16c/0x1f0
[  302.301229][T11627]  should_fail_ex+0x497/0x5b0
[  302.302849][T11627]  ? fs_reclaim_acquire+0xae/0x150
[  302.304462][T11627]  should_failslab+0xc2/0x120
[  302.305941][T11627]  kmem_cache_alloc_node_noprof+0x72/0x3b0
[  302.307690][T11627]  ? nf_tables_abort+0x1482/0x3ce0
[  302.309170][T11627]  ? __alloc_skb+0x2b3/0x380
[  302.310516][T11627]  __alloc_skb+0x2b3/0x380
[  302.311817][T11627]  ? __pfx___alloc_skb+0x10/0x10
[  302.313250][T11627]  ? __pfx_nf_tables_abort+0x10/0x10
[  302.314780][T11627]  netlink_ack+0x164/0xb20
[  302.316218][T11627]  ? kasan_save_track+0x14/0x30
[  302.318228][T11627]  nfnetlink_rcv_batch+0x1628/0x24e0
[  302.320283][T11627]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  302.321899][T11627]  ? __pfx_lock_release+0x10/0x10
[  302.323369][T11627]  ? __local_bh_enable_ip+0xa4/0x120
[  302.324898][T11627]  ? lockdep_hardirqs_on+0x7c/0x110
[  302.326451][T11627]  ? __pfx___dev_queue_xmit+0x10/0x10
[  302.328250][T11627]  ? __nla_parse+0x40/0x60
[  302.330086][T11627]  nfnetlink_rcv+0x3c3/0x430
[  302.332004][T11627]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  302.334091][T11627]  netlink_unicast+0x53c/0x7f0
[  302.336050][T11627]  ? __pfx_netlink_unicast+0x10/0x10
[  302.337700][T11627]  ? __phys_addr_symbol+0x30/0x80
[  302.339472][T11627]  ? __check_object_size+0x488/0x710
[  302.341650][T11627]  netlink_sendmsg+0x8b8/0xd70
[  302.343554][T11627]  ? __pfx_netlink_sendmsg+0x10/0x10
[  302.345690][T11627]  ____sys_sendmsg+0x9ae/0xb40
[  302.347621][T11627]  ? __pfx_____sys_sendmsg+0x10/0x10
[  302.349651][T11627]  ? get_compat_msghdr+0x11b/0x170
[  302.351681][T11627]  ___sys_sendmsg+0x135/0x1e0
[  302.353548][T11627]  ? __pfx____sys_sendmsg+0x10/0x10
[  302.355645][T11627]  ? __pfx_lock_release+0x10/0x10
[  302.357628][T11627]  ? trace_lock_acquire+0x14e/0x1f0
[  302.359687][T11627]  ? __fget_files+0x206/0x3a0
[  302.361545][T11627]  __sys_sendmsg+0x16e/0x220
[  302.363369][T11627]  ? __pfx___sys_sendmsg+0x10/0x10
[  302.365357][T11627]  __do_fast_syscall_32+0x73/0x120
[  302.367428][T11627]  do_fast_syscall_32+0x32/0x80
[  302.369401][T11627]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  302.371757][T11627] RIP: 0023:0xf706e579
[  302.373365][T11627] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  302.380941][T11627] RSP: 002b:00000000f506055c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  302.384282][T11627] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
[  302.387417][T11627] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  302.390555][T11627] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  302.393694][T11627] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  302.396197][T11627] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  302.399105][T11627]  </TASK>
[  302.540189][ T6189] usb 8-1: new high-speed USB device number 54 using dummy_hcd
[  302.593906][T11644] netlink: 'syz.5.1433': attribute type 1 has an invalid length.
[  302.596937][T11644] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1433'.
[  302.680240][ T6189] usb 8-1: device descriptor read/64, error -71
[  302.790536][ T6189] usb usb8-port1: attempt power cycle
[  303.130216][ T6189] usb 8-1: new high-speed USB device number 55 using dummy_hcd
[  303.150530][ T6189] usb 8-1: device descriptor read/8, error -71
[  303.400117][ T6189] usb 8-1: new high-speed USB device number 56 using dummy_hcd
[  303.420601][ T6189] usb 8-1: device descriptor read/8, error -71
[  303.426881][T11666] overlayfs: failed to resolve './file1': -2
[  303.531444][ T6189] usb usb8-port1: unable to enumerate USB device
[  303.601949][   T66] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  304.637978][T11687] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1444'.
[  304.643471][T11687] FAULT_INJECTION: forcing a failure.
[  304.643471][T11687] name failslab, interval 1, probability 0, space 0, times 0
[  304.647110][T11687] CPU: 2 UID: 0 PID: 11687 Comm: syz.2.1444 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  304.650193][T11687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  304.654164][T11687] Call Trace:
[  304.655329][T11687]  <TASK>
[  304.656206][T11687]  dump_stack_lvl+0x16c/0x1f0
[  304.657599][T11687]  should_fail_ex+0x497/0x5b0
[  304.658977][T11687]  ? fs_reclaim_acquire+0xae/0x150
[  304.660458][T11687]  should_failslab+0xc2/0x120
[  304.661867][T11687]  __kmalloc_node_noprof+0xd1/0x520
[  304.663550][T11687]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  304.665117][T11687]  __kvmalloc_node_noprof+0xad/0x1a0
[  304.666711][T11687]  alloc_netdev_mqs+0xc4e/0x1320
[  304.668145][T11687]  rtnl_create_link+0xbed/0xf10
[  304.669502][T11687]  rtnl_newlink+0x14e6/0x1d70
[  304.670880][T11687]  ? __pfx_rtnl_newlink+0x10/0x10
[  304.672366][T11687]  ? __pfx___lock_acquire+0x10/0x10
[  304.673952][T11687]  ? kmem_cache_free+0x152/0x4c0
[  304.675550][T11687]  ? aa_get_newest_label+0x376/0x680
[  304.677100][T11687]  ? find_held_lock+0x2d/0x110
[  304.678508][T11687]  ? find_held_lock+0x2d/0x110
[  304.680017][T11687]  ? rtnetlink_rcv_msg+0x93a/0xea0
[  304.682057][T11687]  ? __pfx_lock_release+0x10/0x10
[  304.683795][T11687]  ? trace_lock_acquire+0x14e/0x1f0
[  304.685412][T11687]  ? __pfx_rtnl_newlink+0x10/0x10
[  304.687042][T11687]  rtnetlink_rcv_msg+0x95b/0xea0
[  304.688535][T11687]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  304.690585][T11687]  ? __pfx___dev_queue_xmit+0x10/0x10
[  304.692665][T11687]  netlink_rcv_skb+0x165/0x410
[  304.694589][T11687]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  304.696347][T11687]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  304.697909][T11687]  ? netlink_deliver_tap+0x1ae/0xca0
[  304.699487][T11687]  netlink_unicast+0x53c/0x7f0
[  304.700923][T11687]  ? __pfx_netlink_unicast+0x10/0x10
[  304.702472][T11687]  ? __phys_addr_symbol+0x30/0x80
[  304.704013][T11687]  ? __check_object_size+0x488/0x710
[  304.705634][T11687]  netlink_sendmsg+0x8b8/0xd70
[  304.707098][T11687]  ? __pfx_netlink_sendmsg+0x10/0x10
[  304.708676][T11687]  ____sys_sendmsg+0x9ae/0xb40
[  304.710106][T11687]  ? __pfx_____sys_sendmsg+0x10/0x10
[  304.711663][T11687]  ? get_compat_msghdr+0x11b/0x170
[  304.713139][T11687]  ___sys_sendmsg+0x135/0x1e0
[  304.714525][T11687]  ? __pfx____sys_sendmsg+0x10/0x10
[  304.716152][T11687]  ? __pfx_lock_release+0x10/0x10
[  304.717683][T11687]  ? trace_lock_acquire+0x14e/0x1f0
[  304.719224][T11687]  ? __fget_files+0x206/0x3a0
[  304.720653][T11687]  __sys_sendmsg+0x16e/0x220
[  304.722021][T11687]  ? __pfx___sys_sendmsg+0x10/0x10
[  304.723548][T11687]  __do_fast_syscall_32+0x73/0x120
[  304.725079][T11687]  do_fast_syscall_32+0x32/0x80
[  304.726618][T11687]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  304.728540][T11687] RIP: 0023:0xf7fd6579
[  304.729741][T11687] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  304.735105][T11687] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  304.737610][T11687] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000280
[  304.739953][T11687] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  304.742282][T11687] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  304.744609][T11687] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  304.746956][T11687] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  304.749921][T11687]  </TASK>
[  305.537300][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[  305.722124][T11727] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1455'.
[  305.776467][T11729] netlink: 'syz.5.1456': attribute type 1 has an invalid length.
[  305.784282][T11729] 8021q: adding VLAN 0 to HW filter on device bond1
[  305.787069][T11729] FAULT_INJECTION: forcing a failure.
[  305.787069][T11729] name failslab, interval 1, probability 0, space 0, times 0
[  305.790935][T11729] CPU: 2 UID: 0 PID: 11729 Comm: syz.5.1456 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  305.793959][T11729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  305.796968][T11729] Call Trace:
[  305.797937][T11729]  <TASK>
[  305.798796][T11729]  dump_stack_lvl+0x16c/0x1f0
[  305.800197][T11729]  should_fail_ex+0x497/0x5b0
[  305.801690][T11729]  ? __pfx_lock_release+0x10/0x10
[  305.803157][T11729]  should_failslab+0xc2/0x120
[  305.804527][T11729]  __kmalloc_cache_noprof+0x68/0x420
[  305.806071][T11729]  __hw_addr_add_ex+0x310/0x700
[  305.807511][T11729]  dev_addr_init+0x13b/0x230
[  305.808846][T11729]  ? __pfx_dev_addr_init+0x10/0x10
[  305.810310][T11729]  alloc_netdev_mqs+0x330/0x1320
[  305.811751][T11729]  ? __pfx_ipgre_tap_setup+0x10/0x10
[  305.813279][T11729]  rtnl_create_link+0xbed/0xf10
[  305.814669][T11729]  rtnl_newlink+0x14e6/0x1d70
[  305.816046][T11729]  ? __pfx_rtnl_newlink+0x10/0x10
[  305.817502][T11729]  ? __pfx___lock_acquire+0x10/0x10
[  305.819005][T11729]  ? kmem_cache_free+0x152/0x4c0
[  305.820515][T11729]  ? aa_get_newest_label+0x376/0x680
[  305.822075][T11729]  ? find_held_lock+0x2d/0x110
[  305.823470][T11729]  ? find_held_lock+0x2d/0x110
[  305.824855][T11729]  ? rtnetlink_rcv_msg+0x93a/0xea0
[  305.826341][T11729]  ? __pfx_lock_release+0x10/0x10
[  305.827801][T11729]  ? trace_lock_acquire+0x14e/0x1f0
[  305.829312][T11729]  ? __pfx_rtnl_newlink+0x10/0x10
[  305.831069][T11729]  rtnetlink_rcv_msg+0x95b/0xea0
[  305.832562][T11729]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  305.834120][T11729]  ? __pfx___dev_queue_xmit+0x10/0x10
[  305.835718][T11729]  netlink_rcv_skb+0x165/0x410
[  305.837062][T11729]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  305.838578][T11729]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  305.840159][T11729]  ? netlink_deliver_tap+0x1ae/0xca0
[  305.841676][T11729]  netlink_unicast+0x53c/0x7f0
[  305.843070][T11729]  ? __pfx_netlink_unicast+0x10/0x10
[  305.844588][T11729]  ? __phys_addr_symbol+0x30/0x80
[  305.846045][T11729]  ? __check_object_size+0x488/0x710
[  305.847584][T11729]  netlink_sendmsg+0x8b8/0xd70
[  305.848953][T11729]  ? __pfx_netlink_sendmsg+0x10/0x10
[  305.850659][T11729]  ____sys_sendmsg+0x9ae/0xb40
[  305.852083][T11729]  ? __pfx_____sys_sendmsg+0x10/0x10
[  305.853597][T11729]  ? get_compat_msghdr+0x11b/0x170
[  305.855034][T11729]  ___sys_sendmsg+0x135/0x1e0
[  305.856376][T11729]  ? __pfx____sys_sendmsg+0x10/0x10
[  305.857845][T11729]  ? __pfx_lock_release+0x10/0x10
[  305.859312][T11729]  ? trace_lock_acquire+0x14e/0x1f0
[  305.860843][T11729]  ? __fget_files+0x206/0x3a0
[  305.862243][T11729]  __sys_sendmsg+0x16e/0x220
[  305.863982][T11729]  ? __pfx___sys_sendmsg+0x10/0x10
[  305.865846][T11729]  __do_fast_syscall_32+0x73/0x120
[  305.867728][T11729]  do_fast_syscall_32+0x32/0x80
[  305.869200][T11729]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  305.871067][T11729] RIP: 0023:0xf706e579
[  305.872225][T11729] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  305.877761][T11729] RSP: 002b:00000000f506055c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  305.880336][T11729] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000a80
[  305.883109][T11729] RDX: 0000000000008080 RSI: 0000000000000000 RDI: 0000000000000000
[  305.885326][T11729] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  305.887506][T11729] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  305.889883][T11729] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  305.892022][T11729]  </TASK>
[  306.394661][T11754] netlink: 'syz.5.1460': attribute type 2 has an invalid length.
[  306.449696][T11756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1462'.
[  306.498573][T11758] netlink: 'syz.3.1463': attribute type 21 has an invalid length.
[  306.501445][T11758] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1463'.
[  306.649577][T11768] xt_policy: input policy not valid in POSTROUTING and OUTPUT
[  306.813362][ T5990] usb 8-1: new high-speed USB device number 57 using dummy_hcd
[  306.970099][ T5990] usb 8-1: Using ep0 maxpacket: 8
[  306.974017][ T5990] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  306.994814][ T5990] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  306.998576][ T5990] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  306.999602][T11777] VFS: could not find a valid V7 on nullb0.
[  307.002707][ T5990] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  307.008102][ T5990] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  307.013169][ T5990] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  307.020234][ T5990] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.032016][ T5990] usbtmc 8-1:16.0: probe with driver usbtmc failed with error -22
[  307.239966][ T5990] usb 8-1: USB disconnect, device number 57
[  307.300970][T11804] lo speed is unknown, defaulting to 1000
[  307.304420][T11804] lo speed is unknown, defaulting to 1000
[  307.650129][   T30] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  307.815021][   T30] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  307.818737][   T30] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  307.822766][   T30] usb 10-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  307.830489][   T30] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  307.834319][   T30] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  307.837675][   T30] usb 10-1: Product: syz
[  307.839523][   T30] usb 10-1: Manufacturer: syz
[  307.845253][   T30] cdc_wdm 10-1:1.0: skipping garbage
[  307.847779][   T30] cdc_wdm 10-1:1.0: probe with driver cdc_wdm failed with error -22
[  307.968453][T11832] netlink: 'syz.3.1482': attribute type 10 has an invalid length.
[  307.976128][T11832] syz_tun: entered promiscuous mode
[  308.085123][T11842] FAULT_INJECTION: forcing a failure.
[  308.085123][T11842] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  308.089906][T11842] CPU: 3 UID: 0 PID: 11842 Comm: syz.3.1486 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  308.090162][ T5987] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[  308.093007][T11842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  308.098315][T11842] Call Trace:
[  308.099301][T11842]  <TASK>
[  308.100188][T11842]  dump_stack_lvl+0x16c/0x1f0
[  308.101654][T11842]  should_fail_ex+0x497/0x5b0
[  308.103039][T11842]  _copy_from_user+0x2e/0xd0
[  308.104514][T11842]  set_selection_user+0x84/0xf0
[  308.106447][T11842]  ? __pfx_set_selection_user+0x10/0x10
[  308.108606][T11842]  ? __cgroup_bpf_check_dev_permission+0x30/0x990
[  308.111222][T11842]  ? security_capable+0x7e/0x260
[  308.113171][T11842]  tioclinux+0x38f/0x5f0
[  308.114863][T11842]  vt_ioctl+0x1fc2/0x2fd0
[  308.116595][T11842]  ? __pfx_vt_ioctl+0x10/0x10
[  308.118492][T11842]  ? aa_get_newest_label+0x376/0x680
[  308.120474][T11842]  ? __pfx_aa_get_newest_label+0x10/0x10
[  308.122717][T11842]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  308.124779][T11842]  ? apparmor_capable+0x114/0x1d0
[  308.126841][T11842]  ? bpf_lsm_capable+0x9/0x10
[  308.128823][T11842]  ? security_capable+0x7e/0x260
[  308.130848][T11842]  vt_compat_ioctl+0x1c3/0x4e0
[  308.132823][T11842]  ? __pfx_vt_compat_ioctl+0x10/0x10
[  308.135041][T11842]  ? __fget_files+0x206/0x3a0
[  308.136428][T11842]  ? __pfx_vt_compat_ioctl+0x10/0x10
[  308.137963][T11842]  tty_compat_ioctl+0x2ee/0x4d0
[  308.139421][T11842]  ? __pfx_tty_compat_ioctl+0x10/0x10
[  308.141107][T11842]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  308.142935][T11842]  __do_fast_syscall_32+0x73/0x120
[  308.144527][T11842]  do_fast_syscall_32+0x32/0x80
[  308.146086][T11842]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  308.148012][T11842] RIP: 0023:0xf713e579
[  308.149246][T11842] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  308.155711][T11842] RSP: 002b:00000000f513055c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  308.158086][T11842] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000541c
[  308.160360][T11842] RDX: 0000000020001900 RSI: 0000000000000000 RDI: 0000000000000000
[  308.162615][T11842] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  308.164881][T11842] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  308.167396][T11842] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  308.169662][T11842]  </TASK>
[  308.170686][    C3] vkms_vblank_simulate: vblank timer overrun
[  308.209242][   T30] usb 10-1: USB disconnect, device number 4
[  308.241187][ T5987] usb 7-1: Using ep0 maxpacket: 8
[  308.244201][ T5987] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  308.247148][ T5987] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  308.251064][ T5987] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  308.253950][ T5987] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  308.257865][ T5987] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  308.260761][ T5987] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.270152][  T831] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[  308.472766][ T5987] usb 7-1: GET_CAPABILITIES returned 0
[  308.475782][ T5987] usbtmc 7-1:16.0: can't read capabilities
[  308.614209][  T831] usb 6-1: config 0 has no interfaces?
[  308.615830][  T831] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  308.618360][  T831] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.621676][  T831] usb 6-1: config 0 descriptor??
[  308.678970][ T6032] libceph: connect (1)[c::]:6789 error -101
[  308.680908][ T6032] libceph: mon0 (1)[c::]:6789 connect error
[  308.779941][T11821] ceph: No mds server is up or the cluster is laggy
[  308.780315][T11860] random: crng reseeded on system resumption
[  308.791388][    C2] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  308.809821][ T6189] usb 7-1: USB disconnect, device number 46
[  308.879774][T11861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  308.882677][T11861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  308.885920][T11861] usb usb9: usbfs: process 11861 (syz.1.1484) did not claim interface 0 before use
[  308.951935][ T6032] usb 6-1: USB disconnect, device number 51
[  309.458810][T11879] syz.2.1490: attempt to access beyond end of device
[  309.458810][T11879] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0
[  309.598522][T11894] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1493'.
[  310.900369][   T30] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[  311.053160][   T30] usb 7-1: config 0 has no interfaces?
[  311.054775][   T30] usb 7-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  311.057400][   T30] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  311.065095][   T30] usb 7-1: config 0 descriptor??
[  311.321103][T11926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  311.323822][T11926] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  311.330401][T11926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  311.333533][T11926] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  311.336362][T11926] usb usb9: usbfs: process 11926 (syz.2.1499) did not claim interface 0 before use
[  311.425537][   T30] usb 7-1: USB disconnect, device number 47
[  312.080908][T11937] ALSA: mixer_oss: invalid OSS volume '00000000000000000000'
[  312.083096][T11937] ALSA: mixer_oss: invalid OSS volume 'OGAINWÁ”1õ'
[  312.143858][   T39] audit: type=1326 audit(1736246713.435:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11948 comm="syz.1.1504" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  312.172093][   T39] audit: type=1326 audit(1736246713.435:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11948 comm="syz.1.1504" exe="/syz-executor" sig=0 arch=40000003 syscall=258 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  312.178937][   T39] audit: type=1326 audit(1736246713.435:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11948 comm="syz.1.1504" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  312.192136][   T39] audit: type=1326 audit(1736246713.435:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11948 comm="syz.1.1504" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  312.198131][   T39] audit: type=1326 audit(1736246713.435:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11948 comm="syz.1.1504" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  312.221295][   T39] audit: type=1326 audit(1736246713.435:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11948 comm="syz.1.1504" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  312.244493][   T39] audit: type=1326 audit(1736246713.435:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11948 comm="syz.1.1504" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  312.274702][   T39] audit: type=1326 audit(1736246713.435:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11948 comm="syz.1.1504" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  312.295935][   T39] audit: type=1326 audit(1736246713.435:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11948 comm="syz.1.1504" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  312.313944][   T39] audit: type=1326 audit(1736246713.435:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11948 comm="syz.1.1504" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fb3579 code=0x7ffc0000
[  312.540160][    T9] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  312.701052][    T9] usb 10-1: Using ep0 maxpacket: 8
[  312.717734][    T9] usb 10-1: New USB device found, idVendor=061d, idProduct=c120, bcdDevice=e3.67
[  312.721926][    T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.752116][    T9] usb 10-1: config 0 descriptor??
[  312.768068][    T9] quatech2 10-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected
[  312.999399][T11953] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  313.010092][    T9] usb 10-1: qt2_attach - failed to power on unit: -71
[  313.012447][    T9] quatech2 10-1:0.0: probe with driver quatech2 failed with error -71
[  313.077054][    T9] usb 10-1: USB disconnect, device number 5
[  313.781008][T11983] ubi0: attaching mtd0
[  313.782762][T11983] ubi0: scanning is finished
[  313.828223][T11983] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  313.830434][T11983] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  313.832476][T11983] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  313.834448][T11983] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  313.836554][T11983] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  313.838515][T11983] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  313.840951][T11983] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 1458916826
[  313.843752][T11983] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  313.847231][T11985] ubi0: background thread "ubi_bgt0d" started, PID 11985
[  313.910162][T11987] veth0_to_bridge: entered promiscuous mode
[  313.912392][T11987] veth0_to_bridge: left promiscuous mode
[  313.954262][T11987] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1514'.
[  314.430137][   T63] usb 10-1: new low-speed USB device number 6 using dummy_hcd
[  314.478993][    T9] IPVS: starting estimator thread 0...
[  314.482650][T11998] cgroup: fork rejected by pids controller in /syz3
[  314.573377][T12012] IPVS: using max 22 ests per chain, 52800 per kthread
[  314.594122][T12034] lo speed is unknown, defaulting to 1000
[  314.597883][T12034] lo speed is unknown, defaulting to 1000
[  314.830199][   T63] usb 10-1: Invalid ep0 maxpacket: 32
[  314.954281][T12038] ubi0: detaching mtd0
[  314.957662][T12038] ubi0: mtd0 is detached
[  314.980512][   T63] usb 10-1: new low-speed USB device number 7 using dummy_hcd
[  315.130149][   T63] usb 10-1: Invalid ep0 maxpacket: 32
[  315.133931][   T63] usb usb10-port1: attempt power cycle
[  315.401334][T12050] macvlan1: entered promiscuous mode
[  315.404149][T12050] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1525'.
[  315.451789][T12050] macvlan1 (unregistering): left promiscuous mode
[  315.483532][   T63] usb 10-1: new low-speed USB device number 8 using dummy_hcd
[  315.512119][   T63] usb 10-1: Invalid ep0 maxpacket: 32
[  315.730208][   T63] usb 10-1: new low-speed USB device number 9 using dummy_hcd
[  315.760925][   T63] usb 10-1: Invalid ep0 maxpacket: 32
[  315.764430][   T63] usb usb10-port1: unable to enumerate USB device
[  316.561991][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  316.563906][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  316.793830][T12066] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1529'.
[  317.013917][T12072] sch_tbf: burst 4398 is lower than device lo mtu (11337746) !
[  317.225285][T12076] Mount JFS Failure: -22
[  317.226690][T12076] jfs_mount failed w/return code = -22
[  317.289400][T12082] pim6reg: entered allmulticast mode
[  317.900827][ T1132] af_packet: tpacket_rcv: packet too big, clamped from 46 to 4294967272. macoff=96
[  318.200079][   T39] kauditd_printk_skb: 14 callbacks suppressed
[  318.200091][   T39] audit: type=1326 audit(1736246719.465:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12102 comm="syz.5.1541" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf706e579 code=0x0
[  318.452572][T12109] lo speed is unknown, defaulting to 1000
[  318.455688][T12109] lo speed is unknown, defaulting to 1000
[  319.306342][T12119] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1544'.
[  319.774079][T12133] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  320.372438][T12142] lo speed is unknown, defaulting to 1000
[  320.376181][T12142] lo speed is unknown, defaulting to 1000
[  320.792573][T12160] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1556'.
[  320.912461][T12168] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1558'.
[  320.925581][T12168] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  320.929239][T12168] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  320.933338][T12168] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  320.936815][T12168] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  322.616654][T12200] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1566'.
[  322.944665][T12253] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1575'.
[  322.987605][T12257] FAULT_INJECTION: forcing a failure.
[  322.987605][T12257] name failslab, interval 1, probability 0, space 0, times 0
[  322.992712][T12257] CPU: 0 UID: 0 PID: 12257 Comm: syz.2.1577 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  322.995863][T12257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  322.999018][T12257] Call Trace:
[  323.000038][T12257]  <TASK>
[  323.000920][T12257]  dump_stack_lvl+0x16c/0x1f0
[  323.002313][T12257]  should_fail_ex+0x497/0x5b0
[  323.003729][T12257]  should_failslab+0xc2/0x120
[  323.005498][T12257]  kmem_cache_alloc_noprof+0x6e/0x3b0
[  323.007519][T12257]  ? skb_clone+0x190/0x3f0
[  323.009204][T12257]  skb_clone+0x190/0x3f0
[  323.010815][T12257]  netlink_deliver_tap+0xafd/0xca0
[  323.012732][T12257]  netlink_unicast+0x6b4/0x7f0
[  323.014518][T12257]  ? __pfx_netlink_unicast+0x10/0x10
[  323.016489][T12257]  ? genl_rcv_msg+0x4bd/0x800
[  323.018283][T12257]  netlink_ack+0x6a5/0xb20
[  323.019969][T12257]  netlink_rcv_skb+0x327/0x410
[  323.021756][T12257]  ? __pfx_genl_rcv_msg+0x10/0x10
[  323.023650][T12257]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  323.025634][T12257]  ? down_read+0xc9/0x330
[  323.027259][T12257]  ? __pfx_down_read+0x10/0x10
[  323.029052][T12257]  ? netlink_deliver_tap+0x1ae/0xca0
[  323.031061][T12257]  genl_rcv+0x28/0x40
[  323.032555][T12257]  netlink_unicast+0x53c/0x7f0
[  323.034363][T12257]  ? __pfx_netlink_unicast+0x10/0x10
[  323.036338][T12257]  ? __phys_addr_symbol+0x30/0x80
[  323.038216][T12257]  ? __check_object_size+0x488/0x710
[  323.040200][T12257]  netlink_sendmsg+0x8b8/0xd70
[  323.042014][T12257]  ? __pfx_netlink_sendmsg+0x10/0x10
[  323.044010][T12257]  ____sys_sendmsg+0x9ae/0xb40
[  323.045817][T12257]  ? __pfx_____sys_sendmsg+0x10/0x10
[  323.047791][T12257]  ? get_compat_msghdr+0x11b/0x170
[  323.049706][T12257]  ___sys_sendmsg+0x135/0x1e0
[  323.051503][T12257]  ? __pfx____sys_sendmsg+0x10/0x10
[  323.053453][T12257]  ? __pfx_lock_release+0x10/0x10
[  323.055331][T12257]  ? trace_lock_acquire+0x14e/0x1f0
[  323.057278][T12257]  ? __fget_files+0x206/0x3a0
[  323.059057][T12257]  __sys_sendmsg+0x16e/0x220
[  323.060899][T12257]  ? __pfx___sys_sendmsg+0x10/0x10
[  323.062726][T12257]  __do_fast_syscall_32+0x73/0x120
[  323.064296][T12257]  do_fast_syscall_32+0x32/0x80
[  323.065733][T12257]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  323.067579][T12257] RIP: 0023:0xf7fd6579
[  323.068770][T12257] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  323.074263][T12257] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  323.076662][T12257] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000480
[  323.078949][T12257] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  323.081217][T12257] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  323.083496][T12257] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  323.085800][T12257] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  323.088108][T12257]  </TASK>
[  324.429035][T12294] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1587'.
[  325.006782][T12321] FAULT_INJECTION: forcing a failure.
[  325.006782][T12321] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  325.010825][T12321] CPU: 0 UID: 0 PID: 12321 Comm: syz.2.1598 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  325.013892][T12321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  325.016985][T12321] Call Trace:
[  325.017953][T12321]  <TASK>
[  325.018822][T12321]  dump_stack_lvl+0x16c/0x1f0
[  325.020235][T12321]  should_fail_ex+0x497/0x5b0
[  325.021600][T12321]  _copy_to_user+0x32/0xd0
[  325.022892][T12321]  simple_read_from_buffer+0xd0/0x160
[  325.024434][T12321]  proc_fail_nth_read+0x198/0x270
[  325.025895][T12321]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  325.027528][T12321]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  325.029126][T12321]  vfs_read+0x1df/0xbe0
[  325.030360][T12321]  ? __fget_files+0x1fc/0x3a0
[  325.031730][T12321]  ? __pfx___mutex_lock+0x10/0x10
[  325.033181][T12321]  ? __pfx_vfs_read+0x10/0x10
[  325.034549][T12321]  ? __fget_files+0x206/0x3a0
[  325.035931][T12321]  ksys_read+0x12b/0x250
[  325.037156][T12321]  ? __pfx_ksys_read+0x10/0x10
[  325.038541][T12321]  __do_fast_syscall_32+0x73/0x120
[  325.040044][T12321]  do_fast_syscall_32+0x32/0x80
[  325.041449][T12321]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  325.043269][T12321] RIP: 0023:0xf7fd6579
[  325.044450][T12321] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  325.049940][T12321] RSP: 002b:00000000f5126590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  325.052474][T12321] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f5126620
[  325.054735][T12321] RDX: 000000000000000f RSI: 00000000f7463ff4 RDI: 0000000000000000
[  325.057005][T12321] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  325.059263][T12321] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  325.061519][T12321] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  325.063783][T12321]  </TASK>
[  325.159331][T12326] lo speed is unknown, defaulting to 1000
[  325.163049][T12326] lo speed is unknown, defaulting to 1000
[  325.842840][T12346] XFS (nullb0): Invalid superblock magic number
[  326.928146][T12388] XFS (nullb0): Invalid superblock magic number
[  327.556193][T12417] vivid-000: disconnect
[  327.803412][T12436] netlink: 'syz.5.1629': attribute type 1 has an invalid length.
[  327.808282][T12436] 8021q: adding VLAN 0 to HW filter on device bond2
[  327.834392][T12436] 8021q: adding VLAN 0 to HW filter on device bond2
[  327.836503][T12436] bond2: (slave vcan1): The slave device specified does not support setting the MAC address
[  327.846312][T12436] bond2: (slave vcan1): Error -95 calling set_mac_address
[  327.868460][T12445] 8021q: adding VLAN 0 to HW filter on device batadv1
[  327.872635][T12445] bond2: (slave batadv1): making interface the new active one
[  327.875200][T12445] bond2: (slave batadv1): Enslaving as an active interface with an up link
[  327.972801][T12455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  328.024515][    T9] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[  328.028145][T12455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  328.032700][    T9] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[  328.037007][ T1168] wlan1: authenticated
[  328.041354][ T1168] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[  328.081722][   T45] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1)
[  328.084394][   T45] wlan1: associated
[  328.084840][T12455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  328.216871][T12471] binder: 12469:12471 ioctl c0306201 200003c0 returned -22
[  329.133196][T12495] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1639'.
[  329.547115][ T5987] usb 8-1: new high-speed USB device number 58 using dummy_hcd
[  329.824927][T12516] FAULT_INJECTION: forcing a failure.
[  329.824927][T12516] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  329.829976][T12516] CPU: 3 UID: 0 PID: 12516 Comm: syz.1.1643 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  329.833977][T12516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  329.837599][T12516] Call Trace:
[  329.838571][T12516]  <TASK>
[  329.839448][T12516]  dump_stack_lvl+0x16c/0x1f0
[  329.841116][T12516]  should_fail_ex+0x497/0x5b0
[  329.843054][T12516]  _copy_from_user+0x2e/0xd0
[  329.844753][T12516]  kstrtouint_from_user+0xd7/0x1c0
[  329.846287][T12516]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  329.847940][T12516]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  329.849506][T12516]  proc_fail_nth_write+0x84/0x250
[  329.851291][T12516]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  329.853448][T12516]  ? ksys_write+0x12b/0x250
[  329.855226][T12516]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  329.857105][T12516]  vfs_write+0x24c/0x1150
[  329.858326][T12516]  ? __fget_files+0x1fc/0x3a0
[  329.859737][T12516]  ? __pfx___mutex_lock+0x10/0x10
[  329.861580][T12516]  ? __pfx_vfs_write+0x10/0x10
[  329.863481][T12516]  ? __fget_files+0x206/0x3a0
[  329.865016][T12516]  ksys_write+0x12b/0x250
[  329.866230][T12516]  ? __pfx_ksys_write+0x10/0x10
[  329.867629][T12516]  __do_fast_syscall_32+0x73/0x120
[  329.869082][T12516]  do_fast_syscall_32+0x32/0x80
[  329.870500][T12516]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  329.872243][T12516] RIP: 0023:0xf7fb3579
[  329.873381][T12516] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  329.878726][T12516] RSP: 002b:00000000f5106590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  329.881426][T12516] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5106620
[  329.884270][T12516] RDX: 0000000000000001 RSI: 00000000f7443ff4 RDI: 0000000000000000
[  329.886536][T12516] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  329.888853][T12516] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  329.891127][T12516] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  329.893372][T12516]  </TASK>
[  329.920143][ T5987] usb 8-1: Using ep0 maxpacket: 8
[  329.923313][ T5987] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  329.926184][ T5987] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  329.929693][ T5987] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  329.933454][ T5987] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  329.938313][ T5987] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  329.942538][ T5987] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.153040][ T5987] usb 8-1: GET_CAPABILITIES returned 0
[  330.155211][ T5987] usbtmc 8-1:16.0: can't read capabilities
[  330.465699][T12499] ceph: No mds server is up or the cluster is laggy
[  330.466609][T12552] random: crng reseeded on system resumption
[  330.477512][    C3] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  330.486162][    T8] usb 8-1: USB disconnect, device number 58
[  331.106777][T12561] FAULT_INJECTION: forcing a failure.
[  331.106777][T12561] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  331.117904][T12561] CPU: 0 UID: 0 PID: 12561 Comm: syz.3.1654 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  331.120972][T12561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  331.124047][T12561] Call Trace:
[  331.125042][T12561]  <TASK>
[  331.125916][T12561]  dump_stack_lvl+0x16c/0x1f0
[  331.127305][T12561]  should_fail_ex+0x497/0x5b0
[  331.128677][T12561]  _copy_to_user+0x32/0xd0
[  331.129982][T12561]  simple_read_from_buffer+0xd0/0x160
[  331.131517][T12561]  proc_fail_nth_read+0x198/0x270
[  331.132974][T12561]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  331.134584][T12561]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  331.136181][T12561]  vfs_read+0x1df/0xbe0
[  331.137392][T12561]  ? __fget_files+0x1fc/0x3a0
[  331.138768][T12561]  ? __pfx___mutex_lock+0x10/0x10
[  331.140238][T12561]  ? __pfx_vfs_read+0x10/0x10
[  331.141606][T12561]  ? __fget_files+0x206/0x3a0
[  331.142977][T12561]  ksys_read+0x12b/0x250
[  331.144302][T12561]  ? __pfx_ksys_read+0x10/0x10
[  331.145708][T12561]  __do_fast_syscall_32+0x73/0x120
[  331.147191][T12561]  do_fast_syscall_32+0x32/0x80
[  331.148600][T12561]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  331.150433][T12561] RIP: 0023:0xf713e579
[  331.151616][T12561] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  331.157112][T12561] RSP: 002b:00000000f5130590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  331.159525][T12561] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5130620
[  331.161806][T12561] RDX: 000000000000000f RSI: 00000000f7473ff4 RDI: 0000000000000000
[  331.164088][T12561] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  331.166374][T12561] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  331.168640][T12561] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  331.171182][T12561]  </TASK>
[  331.760675][    T9] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[  331.910101][    T9] usb 6-1: Using ep0 maxpacket: 8
[  331.965707][    T9] usb 6-1: config 0 has no interfaces?
[  331.967526][    T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  331.979368][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.024561][    T9] usb 6-1: config 0 descriptor??
[  332.272799][ T5987] usb 6-1: USB disconnect, device number 52
[  332.469756][T12590] /dev/nullb0: Can't open blockdev
[  333.405802][T12611] ubi0: attaching mtd0
[  333.407530][T12611] ubi0: scanning is finished
[  333.409078][T12611] ------------[ cut here ]------------
[  333.411583][T12611] notifier callback ubi_wl_reboot_notifier already registered
[  333.412924][T12611] WARNING: CPU: 2 PID: 12611 at kernel/notifier.c:23 notifier_chain_register+0x157/0x420
[  333.417859][T12611] Modules linked in:
[  333.419921][T12611] CPU: 2 UID: 0 PID: 12611 Comm: syz.3.1668 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  333.424716][T12611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  333.427820][T12611] RIP: 0010:notifier_chain_register+0x157/0x420
[  333.429948][T12611] Code: 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 c2 02 00 00 49 8b 75 00 48 c7 c7 20 10 4c 8b e8 0a 7a f4 ff 90 <0f> 0b 90 90 bb ef ff ff ff e8 7b b6 33 00 89 d8 48 83 c4 18 5b 5d
[  333.437174][T12611] RSP: 0018:ffffc900061afa28 EFLAGS: 00010286
[  333.439017][T12611] RAX: 0000000000000000 RBX: ffff8880671d98c8 RCX: ffffc9000cdf1000
[  333.441738][T12611] RDX: 0000000000080000 RSI: ffffffff815a1796 RDI: 0000000000000001
[  333.444056][T12611] RBP: 000000007fffffff R08: 0000000000000001 R09: 0000000000000000
[  333.446344][T12611] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000001
[  333.449946][T12611] R13: ffff8880671d98c8 R14: ffffffff8f613c68 R15: dffffc0000000000
[  333.452820][T12611] FS:  0000000000000000(0000) GS:ffff88802b600000(0063) knlGS:00000000f5130b40
[  333.455365][T12611] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  333.457278][T12611] CR2: 000000002f91effc CR3: 0000000071a6a000 CR4: 0000000000352ef0
[  333.459573][T12611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  333.462151][T12611] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  333.464409][T12611] Call Trace:
[  333.465393][T12611]  <TASK>
[  333.466248][T12611]  ? __warn+0xea/0x3c0
[  333.467439][T12611]  ? notifier_chain_register+0x157/0x420
[  333.469029][T12611]  ? report_bug+0x3c0/0x580
[  333.470690][T12611]  ? handle_bug+0x54/0xa0
[  333.471945][T12611]  ? exc_invalid_op+0x17/0x50
[  333.473294][T12611]  ? asm_exc_invalid_op+0x1a/0x20
[  333.474751][T12611]  ? __warn_printk+0x1a6/0x350
[  333.476117][T12611]  ? notifier_chain_register+0x157/0x420
[  333.477720][T12611]  ? notifier_chain_register+0x156/0x420
[  333.479326][T12611]  blocking_notifier_chain_register+0x76/0xd0
[  333.481412][T12611]  ubi_wl_init+0x1018/0x17b0
[  333.482764][T12611]  ubi_attach+0x1cdd/0x4dc0
[  333.484094][T12611]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  333.485885][T12611]  ? lockdep_init_map_type+0x16d/0x7d0
[  333.487433][T12611]  ? __pfx_ubi_attach+0x10/0x10
[  333.488812][T12611]  ? ubi_attach_mtd_dev+0x1543/0x3590
[  333.490513][T12611]  ubi_attach_mtd_dev+0x158f/0x3590
[  333.492008][T12611]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  333.493574][T12611]  ? __pfx_get_mtd_device+0x10/0x10
[  333.495079][T12611]  ctrl_cdev_ioctl+0x339/0x3d0
[  333.496448][T12611]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  333.499240][T12611]  ? __fget_files+0x206/0x3a0
[  333.499329][T12611]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  333.499341][T12611]  compat_ptr_ioctl+0x6b/0xa0
[  333.499360][T12611]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  333.499377][T12611]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  333.499390][T12611]  __do_fast_syscall_32+0x73/0x120
[  333.499406][T12611]  do_fast_syscall_32+0x32/0x80
[  333.499421][T12611]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  333.499438][T12611] RIP: 0023:0xf713e579
[  333.499448][T12611] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  333.499459][T12611] RSP: 002b:00000000f513055c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  333.499471][T12611] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040186f40
[  333.499479][T12611] RDX: 0000000020000502 RSI: 0000000000000000 RDI: 0000000000000000
[  333.499486][T12611] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  333.499493][T12611] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  333.499500][T12611] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  333.499512][T12611]  </TASK>
[  333.499519][T12611] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  333.499525][T12611] CPU: 2 UID: 0 PID: 12611 Comm: syz.3.1668 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  333.499538][T12611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  333.499544][T12611] Call Trace:
[  333.499548][T12611]  <TASK>
[  333.499552][T12611]  dump_stack_lvl+0x3d/0x1f0
[  333.499574][T12611]  panic+0x71d/0x800
[  333.499589][T12611]  ? __pfx_panic+0x10/0x10
[  333.499605][T12611]  ? show_trace_log_lvl+0x29d/0x3d0
[  333.499622][T12611]  ? notifier_chain_register+0x157/0x420
[  333.499637][T12611]  check_panic_on_warn+0xab/0xb0
[  333.499653][T12611]  __warn+0xf6/0x3c0
[  333.499667][T12611]  ? notifier_chain_register+0x157/0x420
[  333.499681][T12611]  report_bug+0x3c0/0x580
[  333.499693][T12611]  handle_bug+0x54/0xa0
[  333.499707][T12611]  exc_invalid_op+0x17/0x50
[  333.499720][T12611]  asm_exc_invalid_op+0x1a/0x20
[  333.499732][T12611] RIP: 0010:notifier_chain_register+0x157/0x420
[  333.499746][T12611] Code: 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 c2 02 00 00 49 8b 75 00 48 c7 c7 20 10 4c 8b e8 0a 7a f4 ff 90 <0f> 0b 90 90 bb ef ff ff ff e8 7b b6 33 00 89 d8 48 83 c4 18 5b 5d
[  333.499755][T12611] RSP: 0018:ffffc900061afa28 EFLAGS: 00010286
[  333.499763][T12611] RAX: 0000000000000000 RBX: ffff8880671d98c8 RCX: ffffc9000cdf1000
[  333.499770][T12611] RDX: 0000000000080000 RSI: ffffffff815a1796 RDI: 0000000000000001
[  333.499777][T12611] RBP: 000000007fffffff R08: 0000000000000001 R09: 0000000000000000
[  333.499783][T12611] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000001
[  333.499789][T12611] R13: ffff8880671d98c8 R14: ffffffff8f613c68 R15: dffffc0000000000
[  333.499800][T12611]  ? __warn_printk+0x1a6/0x350
[  333.499815][T12611]  ? notifier_chain_register+0x156/0x420
[  333.499830][T12611]  blocking_notifier_chain_register+0x76/0xd0
[  333.499844][T12611]  ubi_wl_init+0x1018/0x17b0
[  333.499863][T12611]  ubi_attach+0x1cdd/0x4dc0
[  333.499879][T12611]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  333.499892][T12611]  ? lockdep_init_map_type+0x16d/0x7d0
[  333.499903][T12611]  ? __pfx_ubi_attach+0x10/0x10
[  333.499914][T12611]  ? ubi_attach_mtd_dev+0x1543/0x3590
[  333.499927][T12611]  ubi_attach_mtd_dev+0x158f/0x3590
[  333.499943][T12611]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  333.499953][T12611]  ? __pfx_get_mtd_device+0x10/0x10
[  333.499970][T12611]  ctrl_cdev_ioctl+0x339/0x3d0
[  333.499980][T12611]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  333.499993][T12611]  ? __fget_files+0x206/0x3a0
[  333.500006][T12611]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  333.500031][T12611]  compat_ptr_ioctl+0x6b/0xa0
[  333.500049][T12611]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  333.500065][T12611]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  333.500078][T12611]  __do_fast_syscall_32+0x73/0x120
[  333.500093][T12611]  do_fast_syscall_32+0x32/0x80
[  333.500107][T12611]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  333.500124][T12611] RIP: 0023:0xf713e579
[  333.500133][T12611] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  333.500143][T12611] RSP: 002b:00000000f513055c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  333.500153][T12611] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040186f40
[  333.500160][T12611] RDX: 0000000020000502 RSI: 0000000000000000 RDI: 0000000000000000
[  333.500166][T12611] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  333.500172][T12611] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  333.500179][T12611] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  333.500191][T12611]  </TASK>
[  333.501868][T12611] Kernel Offset: disabled

VM DIAGNOSIS:
09:37:19  Registers:
info registers vcpu 0

CPU#0
EAX=ffffffff EBX=f726c246 ECX=0000001e EDX=00000000
ESI=f7443ff4 EDI=000515fd EBP=00000000 ESP=ffe849d4
EIP=f712b3a3 EFL=00000296 [--S-AP-] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0023 00000000 ffffffff 00c0fb00 DPL=3 CS32 [-RA]
SS =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
DS =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 00000000 ffffffff 00c00000
GS =0063 56b09440 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 00000000 ffffffff 00c00000
TR =0040 00003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000057b644c0 CR3=000000004b780000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000014d40b5 RBX=0000000000000001 RCX=ffffffff8b1a6899 RDX=0000000000000000
RSI=ffffffff8b4cd300 RDI=ffffffff8bb17040 RBP=ffffed10039dc910 RSP=ffffc9000047fe08
R8 =0000000000000001 R9 =ffffed10056a6fed R10=ffff88802b537f6b R11=0000000000000000
R12=0000000000000001 R13=ffff88801cee4880 R14=ffffffff901cead0 R15=0000000000000000
RIP=ffffffff8b1a7c7f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000002f61dff8 CR3=0000000060c9a000 CR4=00352ef0
DR0=0000000000000008 DR1=000000000000c24c DR2=0000000000000000 DR3=0000000000000008 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ce00000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff85144a70 RDI=ffffffff9a668200 RBP=ffffffff9a6681c0 RSP=ffffc900061af330
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000006
R12=0000000000000000 R13=0000000000000020 R14=fffffbfff34cd092 R15=dffffc0000000000
RIP=ffffffff85144a97 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002f91effc CR3=0000000071a6a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ce00000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=1ffff11000042c8c RBX=ffffffff8e920dcf RCX=ffffc9002dc31000 RDX=000000000000141e
RSI=ffffffff849eed71 RDI=ffff888000216460 RBP=0000000000000000 RSP=ffffc900061bea00
R8 =0000000000000005 R9 =00000000fffffffe R10=00000000fffffffe R11=ffff888000210030
R12=dffffc0000000000 R13=0000000000000000 R14=0000000000000000 R15=ffff888000210000
RIP=ffffffff849eedea RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000206f7000 CR3=0000000060c9a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1343fa00165e8e4b c0d5d9bd0bae8160
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8522ebb358ef101b f45b6ce25cff1bd5
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 787c9dea8564bbd2 1d7f5e51656cbe7f
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 59dcefc7c4e4fcf7 10bd5f60eb61bc8f
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000003c0
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0080010000800100 e9bc1da800800100
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ca000000ca 000000ca00800100
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e593ae56000000ca 00800100e17f42b0
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000caf1c2b09c edbfcaec000000ca
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 15562d91d507cfb8 4d459bd8cdead78c
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 391030f19cc67e89 7b7bc351f0e5061a
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000