last executing test programs:

4.706830927s ago: executing program 3 (id=2064):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYRES32=r0], 0x30}, 0x1, 0x0, 0x0, 0x4000001}, 0x4044041)

4.620051772s ago: executing program 3 (id=2065):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = openat$dlm_monitor(0xffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0cc5605, &(0x7f0000000380)={0x4, @sliced={0x7, [0x6, 0x0, 0x4, 0x1, 0x0, 0x5, 0x8, 0x4, 0xff, 0x8, 0x9, 0x300, 0x1000, 0x3, 0xfffe, 0x88bb, 0x7c09, 0x1, 0x7ff, 0x0, 0x81, 0xfff, 0x4, 0xffff, 0x1, 0x8, 0x1000, 0x0, 0x2, 0x6, 0x3, 0x10, 0x1, 0x200, 0x99d1, 0x8001, 0x2, 0x7, 0x2, 0x7, 0x0, 0x1, 0x2, 0x64, 0xb28, 0x5, 0x7f, 0x5], 0x7}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x1, 0x0)
sendfile(r3, r2, &(0x7f0000000040)=0x58, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x2000)
pwritev2(r7, &(0x7f0000000980)=[{0x0}, {&(0x7f0000000500)="be81e1310fb465f31a42f6efa58772d291c57be2782f6ff63ea3517e50771580447f7d195ee15e186027d518b2c77a051895fece1dc014c33d6928ab0376cf4077399b51451472f53be50af6897bc0fa353cad9156d19de3665191fdf17a2f07f4286cea5c10fbb81feb85e406524a47b1978139eaa8daec929e00572df90f9d8a3ce9b03cc2ee0eb9b4875c4e3d02e9570f627ef6771beca770bc6b2a", 0x9d}, {&(0x7f0000001980)="d8e266371b5a156dd615cef16752ad1da46006beac8c2afe470fda4ab99cbefd1d99a8bd233725239a987587077bf416a7cfa51b1f90320b2b3be3c625ae7a1ceb556334ffdf2aeb3ccb275458c596b17ba4ba1b9065b27d2c5d7f651119daedb16067158ebbb3835ba06546990a9e283378df9dcc41e1f31764da215dd047e02c235e3f0fb673961d3e8fc263c657418e7c5343cfc0388779bab9eba0af8a39635e940a42c857b5dbf0c85abec5bb56dff74ed0ba59c908a7d073fe79f650e0ea161760177e5b0bb98c0e70c8dffd7557afe30962031ecc63b9369ec0e882378a0c11c9f4d393b1bfec24fb155c078f1875f5987fd4220cf4ea1de57fea6bfbe21ed47227add291d38593a6b8472b12f2c241e5772cf9de4c1f7969f6a8f0862978773f3f5b557bd8d744db1970c0145f8df60c7364c46e06f1d19e89fabd5fcc92bf1d5f4583f9823dd68c4e097c8e306779c2ee47edf20b44a3ddcf9fbfe78a133343bf9195e5d2008f29e5c94b7885c817733deec78e744745d39ce3d9d3cbaa60fa5034e5afdcb2061f5c4600f17157826e8b86ac8ab7dffd10a494d60ca78197953abe66c0f94c4b7f678228baa85a9c375cc119cfca5b3447d8d7249db4f85875a5d30c9182ace809fd471311f4ae548088c382d2dbf903480b192511e74ceac914588c9a8c5eee734c523e54d56d72625bf2c50de0c6e14c68ffb9178ad095e11e64db74563b9cb566b9d513d6cfb172737fdbcba17110cf8f6983ee01017cf66dd47a37e0357789cb749e67a21520e8fcab8572826a6490c8bc427155afe3b79421d4cc5a41c72850a25e9241e6b2cb678188d8bcb1b9764e23a05570979e951d03b4c307d9350b307dbd634890d2dfd0ea90ddf5ac4b48c5a4c669112e853aaa62116126e9ce4c4e90f981a370c57f8b834011eabf792ccdd762eb46d48b814db572e856df3455d53a4552b0619c27faec3c921d79b15d984270d91a10702bf21044746f2fa2ce5176005715949524b787c724f55cce45d94427403553ed6437fb599f106abc670f625bb38e3a90ba894ddf0654464a8e22d68ba2b26978b52bb2a7a0fda821a0122355990fd9a14f3be86c8244ca3a15abb799c02aed2fc9f1cf8b9458b0e1d8ae8cdeda9de40adef98ca0def017d438714eac2873b3df14bb8f5c455fa76579edd04c5ae64b48638bb62dc9b678264713bc9e40b11559da793a125b5d4f5772bd7a369218b17d16c217e101e381422bb32003e6dcc0d0113b256569b43a8865b986b826f7073af99f6ed11753f88758470befc513628d25c50f7dc24ec14cc7354a659353c09779c83aa87d2cf9bc04f59522d065e4a55cb990d20e93ada39726e4baf5a23284ad19ba9eb8bbb5023eb12b4acb02768fe6599d36a3d7fc7c2a8cd9369997b7c179ebe385117f0e7b60fce56f033426d0ca78ef0dd953a0c6b2114b9034fc4fa0d576448171fc32eff97836c00a92674e47224779ef2f2dd3385dbfc88d6e7f6eb78c73a1668e5cf8ecf2d39ec62788ae1f3786262d3cdf8a208ab0a28196e6163a06809d3c0c41f3cd79a7e7d72b7c2c66c8662b8405532d8d00e8cf740f6388cc595405b4cd6d1ee6db4168379394a7ebea3c4ec1375b0a0ea05288a5fcfca8ccbcc198e8d319ca5121fbf70ed5dabece1a733b2c591a20d8faa59e30acc62ef5a74de7397308379aebd69fd52bf155b47c7dfeb0576205ec81b2f96b6137c375464a6dc8bbdef6693bec4dcb23286c2f102b1cc5a18a0251cfaaacee3cc7f61a6a99ae216350284901eec57c6d23380f2f5dcbdbf1b463509b42372064d14ecab7b4812b5304fe5ef48125ab446c7b93e5bab9f1a19f004170788ed59e278c06cee96b6e4cfd73ac7d85fffee05be3a5b3e613b1d14ac3074f4e872d01b742376c178d7b74866dadf7155255ea0e9b41edad219be52de205f1ce40f7b0cdcb674e35e9704e3f69d84499a8fa623f2c799be4e85e64af46cd73ba1c051b9e72a1778b1a3fd90b937c5d4c7afc59db11645c1806f8903992b7216d56de591d3e4985483df2a48061349498e6504605a0a730b9a84589ca7af5142168b887a80818cb5d7ee132998eb90d8598d52b3149ff9bacb321024443aff0f41244d35e210b9de2436fbe29e2495dbe70bf50caedbb2ae75bfde2af185e936681183c049c0149d7daf8d5adb958e6be129d040a2e075a89c314d8f79c2442af77c7ddc91a954d847375a6a3ddb16cbb44904c2e0ee6a3058d426ac828ff86b31e97b5a2d4ce8838f893bf4dabbfedbf51bb53d181ba277af1e01c3a387ff888494fa58be312866f1f1dcdd4275a3cb1d8d25fff14edaec824189d2177c6970d261779d0f7b9ec3c4b76ba5d9c39a11181438dc9beaa279eb8571e642c1e2c00cd10e26f1518e5fa55123a83070b5e0944825a858306b0b0cc4245d10d621c640df6b4ced2f9fb356e76b3a8b156367d58fc4c2e93f2541a1fb53c3ca82e0b952b94d1d3fe05c03495873acd9565abe802e81f922d3c7fd90e9d8adf02ddeefbef1c857ec094081121cf051a4a0334333cac0a92b9197e4787315ada9a3b0adf2973d5c87f7552c8527ff3ce61d7108f7b9bef49f82bc069491500a9f5ac5c18a980584248797f5226f093931129ed4c2f8cbaeeb1032c5414e947239e470225dfb68da19c386fa8a544e51a982d011d338ebc201ec9cc3f60c0bcce1698d2ca8777faec05e3d71a37701611cef54b970b07725d76aa9f00ee1dc17e64ec88283f83facf012ac1b4192cdd8c1224347f55b71f7eb002c606953a401c89f8da9f01f54f26edd23c99211a82aeaa52fbc55f6f35e0486ddee494d225f97524115282749abfd00b7e6f59f9c1d0b9067a8591846fe3375b1ec72c25c0cd84b7d302c75c055ddcb384bccbb21dec139776d54c35222626f04eb156aa99800f5f259cebc45512aa8576fd29bacbe893a7c0a3b454a51ec71b2105ea54c3367e51cb23d44ffa1155950d03d9073fe2f2526bccd8fa4b45fd7261db4f09a0abf1a5906f656c9157f0fbdb064ce997007b840514c3e3c0bba9f7c233bd7d3c813edbdc79e51157d6b56c4d40b407649a7f8353175bd3a609d2a8e8645da1393e1055a86a2ec1a9472cffe39893ae6a6d3e52abd9e492547c8a28a5b2953567160c0bac7ecffa4202903672e524620f6776c5aab37260f463149b9b60b1be3cfa74425f21dcd9402c9a35aa295b4e30c13316369396103e5869f7a936c6775deeeee506489674f385fb1c5573d967a9c8d9e3c1178422e289648c6350fe11842b4e30fc84cb0004f41f2226bc270a534bd746dc7e9938f3e905ff9f96b366f674169e3deb388627a424884fb78c2521599c2a3ace0bf3e1274dd46f1ca163e641c0e14d5ae95e780bd9068482aa5523ebaf26d9cd1b6fff4a706f436338a7c4323b86632e8898ab4030fbbf15b2b04c9d584f6b5814d55b500276d69655b4b05947db9cfc98b316ee8351fa0f55f0354a68fea1d8f6e9b05b4b5853f882dad108b440778a907134f1b5fad14af77a4f00440d29e00c8b1b61cb5d76d2a6e03125ff4990312b6d4cf946ebb6d2d1c8cf0aefc0d96a294f36b6d73a3598471ccc94adbb3f761691e040832bacc263a4036f1322655b00b5f2a488c123ebae198332c0b483c20dd348cf5ca125846b80bf2f7d49f55bf300e14c62fd07ba8f4c04c870e9995ff233f8c3f4836ef88f7537af7a9124ce70a86a5f00424f7cdd4df3a6106f2c012b1151bddad1903acfbe50f9d937b69a8f0b849ffc28b7db2d43d5334ad4c2c4917182a9cfe76c6c1d038f58dafc2918822db7735b5200aa6975e6cbef24733fa70ee6b0e60f7aaf9e9497a2abb2a874f6e3f91461e42c4a18f69c27f0f96d07448740a056265fa0e119db4d8db9543a6e502ddde8782d8ec834fb8edb21860ef26461d0cd189d2bda0a7bb0a85260ec05d1771ea22f5013740a07e060972a082cd39763b5bbd2c847b1890ae6589523086b0d6b6828de42f8caba107abfa1345642b883dbfaa6474ebd81f9f86b67f52201375c6bf701d743a77a3471dc6bd234332d7b810c276209bf0d37dfa77c2f6f318c61bb9dba3470ed63269580d9bb43642d657c55b528e38715cd8ad287b1230d9ab6493e228f4b53ea9e29d5bb819a9400a4c122e5dfe5818fad7a27525cfd855a88a96e7e1fd31478a6f717e8619faad2dbfbab0a8dcf8bce83f529f37e3288353485552b1b1384d65883f90d91d36fefd31ae667d69f3ce14b4dc9c6897643d1b10f998a9747a64c17d3f1e7dcd31a905dd8a88de03e15d254de46799be34db46346a4aff3e08b63c38c444ff89f1cc0fa6f9d3ea604a9556fde016f20f1", 0xc1f}, {0x0}], 0x4, 0x5, 0xa, 0x14)

3.57714539s ago: executing program 1 (id=2068):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)="d800000018008103e00312ba0d8105040a600300ff0f040b067c55a1bc000900b80006990700000015000500fef32702d3001500030001400200000901ac040098007f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b66bce0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e970300"/216, 0xd8}], 0x1}, 0x48002)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
setpgid(0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r2 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r2, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xff}, 0x2f)
r3 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0)
ppoll(&(0x7f0000000180)=[{r2}], 0x1, 0x0, 0x0, 0x0)
write$cgroup_pressure(r3, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xffffa}, 0x2f)
close(r2)
close(r3)

3.47699669s ago: executing program 3 (id=2070):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0)
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000180)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="cf0400000000000000001300000008000300", @ANYRES32, @ANYBLOB="0400130006001200000000000600b500850100000a0006000802110000010000280011"], 0x64}}, 0x0)

3.339875888s ago: executing program 3 (id=2072):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001000)=@newtaction={0x29c, 0x30, 0x1, 0x70bd25, 0x25dfdbfd, {}, [{0x288, 0x1, [@m_mirred={0x1f4, 0x3ffc, 0x0, 0x0, {{0xb}, {0xe4, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x9, 0x0, 0x8, 0x5, 0x692}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x9, 0x10000000, 0x8, 0x8}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xffffff7d, 0x1, 0x4, 0x0, 0x9}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x100, 0x1, 0xd, 0x1}, 0x3}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x7, 0x1, 0x5, 0x2, 0x3}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xb0, 0x4383, 0x7, 0x1, 0x9}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1000, 0x363c, 0x10000000, 0x8001, 0x4}}}]}, {0xe8, 0x6, "8a0270536849bc14659b65665097cabfe6ff94fa6cce617f2243c7375222209a4d13b29e1e44895aff49df7ace6ef37248414d2ef1c0a3188d26981338e7167f1086eafd7b98b0f3ba0f9ac317411851bdd6d739c20751ec089ecbb07de4af6c2af601c50e1467eada2102ea5345531b0f0b294f5301cb60cfffab326aa5a0004ed1fb7e327b3dd27831194860b6655fd10fd4ab4efd3fb9f627ee3164292cd9318a78f83467b3f024772c958a748e51f0561e271d87e02397cf99ee97d26ae3017520d2b8451c1b199e867a0c7cd782e2382eb2c4636e88f141292c62586b2b58b91697"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_tunnel_key={0x90, 0x19, 0x0, 0x0, {{0xf}, {0x1c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e22}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x29}}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x26}}]}, {0x47, 0x6, "d4c473034f75dac683b7cec4eeb60142616d1c8b5702df39ce8a1216875fb3083c64c8c6f49d4b9bd34df332814cbc552d9769451036fd5a98b7c1f1ecfba09f440b7a"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x29c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x80000000, 0x9, 0x31363553, 0x0, 0xa, [{0x2, 0x5}, {0x6, 0x7f36}, {0x200, 0x70}, {0x3, 0xf}, {0xa, 0x100}, {0x6, 0x589}, {0x8, 0x7}, {0x10001, 0x8}], 0x10, 0x8, 0x2, 0x2, 0x3}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = openat$nmem0(0xffffff9c, &(0x7f0000000040), 0x101040, 0x0)
getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x30)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
eventfd(0x80001ff)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000740)=""/132, 0x0, 0x1})
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0)
unshare(0x44040000)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000800)=ANY=[@ANYBLOB="f81b4d2304d79873bfbbaa8514229d39061938440ca75de5c5a9f819e335d6f58972084e9c6b3c895158624390c58dc8f4fe6fa3c394ebd10539760563f7b1ffffffffd7e93022ef5bcbf1847615daad93b61756c9c15d50540c0bd08778fa5f7afdf46e2c9bc0c1e54a452b86374cbe5bf8269ca31194007a96b1258cf27e7ccf5ee0179998e64959acde0fc6bded8151ac895354c5a58bebb689a725c441e34a03606437b4501929348bd2cd11cecaf8f942da8bc3016426014df6c761bea3ec2c7084d6b5e147a3df167133ef93e60f0faf5bb029d81dbd84bb70a401b4adb3274ff074a3b6250c2b7c290f0ed34a4c241e7027511b8a78856a63a58bcb333a5d82e329b03800"/277])
r2 = openat$hpet(0xffffff9c, &(0x7f0000000100), 0x341800, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f00000004c0), 0x4f4902, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'bond0\x00'})
connect$unix(r3, &(0x7f0000000600)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmsg$nl_route(r4, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000200)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0)
ftruncate(r5, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r5, 0x0)
lseek(r5, 0x100401, 0x4)
ioctl$EVIOCGKEY(r2, 0x80404518, &(0x7f0000000440)=""/105)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000540)={&(0x7f0000000a80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="020026ad7000fddbdf25010000000800010000000000cf3dedb0e15dacc69f2da5d2ec899f41663393bebec5e8dfa49b93f2111e8d7bf278cc8897db3a781c1af842d69a892d0c61a8195ae3157833d34f731da406a0f4a0f58df368e6b7c0d664ac0098bde7ca952cb6ce89f91a614a8e1103d6b94d787c6c9f8d460edd19beb6a9ab27e46c52d1f7f02d3041187ba9759611c5e84bb27b1f8dc2f4ddb71bc2f728695bef5ccf1334c2a136071636855b961d6d4278f7825a"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7ff, 0x8b}, 0x0)

2.812538365s ago: executing program 2 (id=2077):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x32525942, 0x2, 0xb, [{}, {}, {}, {0xfffffffd}, {}, {0x0, 0x1000000}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x4)
read$msr(r1, &(0x7f0000000400)=""/102400, 0x19000)
getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000240), &(0x7f0000000280)=0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000002c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$poke(0x5, r4, &(0x7f0000000080), 0x1000000000000000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r5 = socket$kcm(0x2, 0xa, 0x2)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000001, 0x2052, 0xffffffffffffffff, 0x4b000)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
socket$key(0xf, 0x3, 0x2)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
signalfd(r1, &(0x7f0000000080)={[0x4, 0x7]}, 0x8)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e22, @private=0xa010100}, 0x10)
connect$inet(r6, &(0x7f0000000100)={0x2, 0x4e22, @multicast2}, 0x10)
r7 = openat2(0xffffffffffffff9c, &(0x7f0000019400)='./file0\x00', &(0x7f0000019440)={0x101, 0x102, 0x8}, 0x18)
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r7, 0x7b1, &(0x7f000001a480)={&(0x7f0000019480)=[0x2, 0x3ff, 0x8, 0xfffff564, 0x4, 0x9, 0x8, 0x99, 0x6, 0x7, 0xa, 0x7, 0xb, 0xa00000, 0xffffff7f, 0x100, 0x6, 0x0, 0x0, 0x7ff, 0x3, 0x4, 0x5, 0x7fff, 0x6, 0x8b, 0x1, 0x9dbe22c, 0x6, 0x1, 0x7, 0x5, 0x7dcc, 0x4, 0x40, 0x2, 0x6, 0x6, 0x1, 0x6bf, 0x0, 0x4, 0x4cf, 0x7, 0x8, 0x6, 0x948f097, 0x9, 0xad, 0x65, 0x400, 0x6, 0x8, 0x8, 0x0, 0xfffffff8, 0x4, 0x1, 0x8, 0x8, 0x0, 0x10000, 0x2, 0x0, 0x0, 0xe, 0x4, 0x6, 0x3eb7, 0x2, 0x3, 0x0, 0x1000, 0xa, 0x6, 0x80, 0x6, 0x0, 0x2, 0x5f3c, 0x81, 0xfffffbff, 0xf, 0x1, 0xfffff5b6, 0x811, 0x1000, 0x8001, 0x1, 0xfffffffb, 0x5, 0x9, 0x4, 0x9, 0x55, 0xedad, 0x1, 0x8001, 0x101, 0x0, 0x86, 0x5, 0xe7, 0x30, 0x9, 0x4, 0x80000001, 0xfff, 0xffffffff, 0xffff5ab3, 0x8, 0x3, 0x4, 0xffffffff, 0x8, 0x8, 0x1, 0x8, 0x1, 0x4, 0x9e, 0x1, 0x4, 0xc4f, 0x1, 0x200, 0x8000, 0x7, 0x4, 0x1, 0xfffffff8, 0x10, 0x7ff, 0x9, 0x15b1, 0x9, 0x38b682a9, 0x0, 0x8, 0x7, 0x81, 0x1, 0x8, 0x1, 0xffff34fb, 0x1000, 0x401, 0xffff, 0x1, 0x7, 0xf5, 0x8, 0x8, 0x10000, 0x0, 0x8, 0x4, 0x1ff, 0x7, 0x10001, 0x2, 0x2d44, 0x8001, 0x0, 0x64, 0x9, 0xe6, 0x1, 0x1000, 0xfffff001, 0x0, 0x57f0, 0x8, 0x1, 0xa, 0x6, 0x4, 0xc, 0x80000001, 0x5, 0x9, 0x4, 0x9, 0x9, 0x4, 0x8, 0x0, 0x4, 0xf5be, 0x20000, 0xaa0, 0xbb2b, 0x7, 0x7, 0xfffffff9, 0x75d, 0xffffffff, 0x1, 0x8001, 0xfffffff7, 0xfff, 0x9, 0x6, 0xd83, 0x8, 0x9, 0x5, 0x1, 0x7fff, 0x7, 0x3, 0x15, 0x6, 0x3, 0x8ce, 0x122c, 0x5c55, 0x7fffffff, 0x2, 0xa158, 0xb06, 0x3, 0xfffffffd, 0x0, 0x0, 0xc0000000, 0x5, 0x9, 0xffff7aaa, 0x3, 0x100, 0xe, 0xf, 0xf, 0x34ee, 0x3, 0x4, 0xd, 0x3ea, 0x5, 0x6, 0x2, 0x80000000, 0x5c40, 0x9, 0x1ca4, 0xc3e8, 0x0, 0xc37, 0x6, 0x2, 0x1, 0x3, 0x10, 0x6, 0xfffffff7, 0x1ff, 0x800, 0x5, 0x9, 0xfffffff7, 0x4, 0x1, 0x5, 0x5, 0xc5, 0x7fff, 0x2, 0x9, 0x80000000, 0x4, 0x1, 0xffffffff, 0x101, 0x8, 0x975, 0x5f8dd762, 0x0, 0x7f, 0x3ff, 0x3, 0x2, 0x2b, 0x9, 0x80000000, 0x7, 0x0, 0x1, 0x7, 0x7, 0x5d, 0x10000, 0x4, 0xf0, 0x80, 0xfffffc01, 0x9, 0x2, 0xfffffffa, 0x135100, 0x7, 0x401, 0x2, 0xfffffff7, 0x1000, 0x0, 0x3, 0x107, 0x706d, 0x3, 0x8, 0x7fffffff, 0x3, 0xfffffffc, 0x2d, 0xe1ea, 0x10001, 0xf819, 0xffffffff, 0x2, 0x0, 0x86f, 0x5969, 0xffffffff, 0x691, 0x0, 0x5, 0x6, 0x1000, 0xd5, 0x5, 0xffffffda, 0x8001, 0x9, 0x8, 0x2, 0x8000, 0x0, 0x1, 0x2, 0x3, 0x10001, 0x81, 0x4, 0xceb, 0x0, 0xe, 0x8, 0x9, 0x1, 0x0, 0x7fff, 0x7, 0x3564b636, 0x7, 0x7, 0x60d, 0x0, 0xb8, 0x8, 0x10, 0x5, 0xffffffff, 0x2, 0x7, 0x2, 0xc, 0x49c2, 0xb8, 0x30000000, 0xed9c, 0x9, 0x5, 0x8572, 0x0, 0x8, 0x8, 0x1, 0xede1, 0xffffffff, 0x9, 0x2, 0x4941, 0x4, 0x1, 0x7ff, 0x8, 0x40, 0x0, 0x1, 0x2, 0xffffffe7, 0xd4c, 0xccfc, 0x3, 0x8, 0x7, 0x6, 0x101, 0x8, 0xdab, 0x7, 0x7, 0x50000000, 0x7, 0x4, 0xffff, 0x7fffffff, 0x1, 0x0, 0x9e3d, 0x3, 0xfffffe00, 0x80000000, 0x6, 0xcc9, 0x2, 0x2, 0x80, 0x6, 0x2, 0x768542e9, 0xa0, 0x8, 0x71, 0x9, 0x9, 0xfffffff7, 0x0, 0x7, 0xff, 0x1ff, 0x1, 0x5, 0x0, 0x29, 0x1, 0x40, 0x2, 0x1, 0xa6, 0x1, 0x85e, 0x0, 0xbe, 0x5, 0xfffffffa, 0xfffffff9, 0x0, 0x6, 0x10000, 0x4, 0x9, 0x5, 0x3, 0x400, 0x9, 0xe, 0x8, 0x2, 0x200, 0x2, 0x5, 0xffffffff, 0x5, 0x0, 0xf58, 0x6, 0x3, 0xb, 0xdb, 0x7, 0x7, 0x1, 0x3, 0x2, 0x9, 0x0, 0x81, 0xfffff801, 0x370, 0x3, 0x2, 0x4, 0x6, 0x2, 0xffff, 0xf, 0x6, 0x6, 0x1000, 0x1ff, 0x9, 0x7, 0x101, 0x2, 0x5, 0x3, 0x7, 0x0, 0xfffffff8, 0x9, 0x81, 0x0, 0x9, 0x5, 0x4, 0xea, 0x7f, 0xc, 0x3ff, 0x4, 0x86cf, 0x2, 0x6, 0xb, 0x4, 0xc, 0xfff, 0x3, 0x9, 0x2, 0x20, 0x0, 0xfde, 0x8, 0x7, 0x31, 0x0, 0x3, 0x5, 0x10, 0x2579, 0x101, 0xa69, 0x7, 0x5, 0x3, 0x10, 0x20000000, 0x5, 0xad, 0xe6, 0x9, 0x917, 0x0, 0x10000, 0x2b, 0x9, 0x1, 0x9, 0x2, 0xda951c1a, 0x8, 0x4, 0xa, 0x5, 0x311f, 0x81, 0x88, 0xa, 0x3ff, 0x8000, 0x9, 0x9, 0xe33, 0x6, 0x0, 0x5, 0x7fff, 0x7, 0x1000, 0xff, 0x5, 0x0, 0x9, 0x8, 0x8, 0x62b1, 0x800, 0x5, 0x9, 0x1, 0x4, 0x2, 0x2, 0x4, 0xe, 0x0, 0x3, 0x401, 0x6, 0x4, 0x7fff, 0xfffffff7, 0x9, 0x8, 0x80000001, 0x3ff, 0x9, 0x5, 0x8001, 0xc, 0x8, 0xbd, 0x9, 0x2, 0x6, 0x0, 0xc, 0x0, 0x5, 0x1, 0x3, 0x5, 0xffffffff, 0xfffffff1, 0x7, 0x8, 0x1, 0x2, 0x1, 0x5, 0x1000, 0x9, 0xfffffff7, 0x9, 0xffff8000, 0x100, 0x8, 0x9, 0x8, 0x81, 0x4, 0x8, 0xffffffff, 0x7ff800, 0x93, 0x10001, 0x9, 0x9, 0x1, 0x4, 0x406c, 0x6, 0x40, 0x0, 0x5ae1, 0x2, 0x8000, 0xfffff3bb, 0xe, 0xcce, 0x3, 0x5, 0x6, 0x1, 0x4, 0x9, 0x81, 0x4, 0x5, 0x73e, 0xffff, 0x0, 0x2f4b, 0x6, 0x9, 0x800, 0x8, 0x48a, 0x2, 0x1, 0xb57, 0x6, 0x0, 0xb0, 0xd, 0x8001, 0xe, 0x6, 0xe7a, 0x1ff, 0x4, 0x3, 0x9, 0x6, 0x4, 0x7, 0x9, 0x9f1, 0x8, 0x4, 0x8, 0xf065, 0x4, 0xfffffff7, 0xc, 0x6, 0xe, 0x7, 0x0, 0x100, 0x8, 0x5, 0xa, 0x7, 0x1, 0x2, 0x81f5, 0x5aa697b6, 0x9, 0x5, 0x81, 0x7, 0x4, 0x3, 0xf, 0xb, 0x9, 0x6, 0x526, 0x6, 0xbcf, 0x4, 0x0, 0x0, 0x200, 0x0, 0x401, 0x1, 0x300000, 0x9, 0x401, 0x4, 0x8, 0x3, 0x76, 0x7, 0x2000, 0x6, 0x10001, 0x4, 0x2, 0xffff, 0xffff, 0x3, 0x3, 0xfffffffd, 0x1, 0x0, 0x1, 0x2, 0x0, 0x7e, 0xffffff62, 0xffff043f, 0xfc3, 0x5, 0x1, 0xfff, 0x8, 0x5, 0xfff, 0x5, 0x5, 0x800, 0x0, 0x8, 0x4, 0x8000, 0xfffffff8, 0x0, 0x9, 0x1, 0xb4d, 0xd4eb, 0x7, 0x8001, 0x80000000, 0xfffff000, 0x7, 0x2, 0x9, 0x7, 0x7061, 0xfffffff9, 0xff, 0x10001, 0x5, 0x9, 0x0, 0xff, 0x4, 0x8, 0x2, 0x400, 0x1000, 0x6, 0x9, 0x6, 0x0, 0x2, 0x6, 0x5, 0x101, 0x9, 0x9, 0x1, 0x9, 0x0, 0xff, 0x5, 0x3ff, 0x4, 0x50a, 0x8, 0x4, 0x9, 0x1000, 0x8, 0x7, 0x9, 0x8, 0x5, 0x4, 0x5, 0x5879, 0x9, 0xdfa, 0x3, 0xf2, 0xffffff7f, 0x0, 0xb245, 0x6, 0x7, 0x1cc3, 0x1, 0x9, 0x0, 0x3, 0x8, 0xa155, 0x2, 0x9, 0x62f, 0x9, 0x4, 0x7, 0x401, 0x4, 0x200000, 0x0, 0x1, 0x4, 0x3, 0x6, 0x10, 0x9a0, 0x4, 0xe, 0x10, 0x2, 0x6, 0x5, 0x1, 0xba1, 0x1, 0xfffffffb, 0xa, 0x4, 0x3, 0x4, 0x1, 0x853b, 0x1, 0x5, 0x3, 0x9, 0x643, 0x1ff, 0x229, 0x4, 0xfffffff7, 0x0, 0x3, 0x3, 0x2, 0xffffffff, 0x8, 0x8, 0x1, 0x8, 0x1, 0x1, 0x4, 0x6, 0x2, 0x81, 0x2, 0x0, 0x5, 0x9, 0xfffffffe, 0x1, 0xfffffffc, 0xffff, 0xb7, 0xffffff7f, 0x3, 0x7, 0x10000, 0x3, 0xfffffffe, 0x0, 0x40, 0xe92c, 0x2, 0xba1f, 0x5, 0x100, 0xfffff000, 0x3, 0xbe28, 0xe6, 0x8, 0x1, 0xffff7fff, 0x8, 0x7, 0xd, 0x9, 0x6, 0x7, 0x1, 0x8, 0x5d2c2c41, 0x900000, 0x2, 0x6, 0x0, 0x4, 0x8, 0x3, 0x7, 0x2, 0x1, 0x1, 0x3, 0xfffffffc, 0x8, 0x4, 0xffff649e, 0x7fffffff, 0x401, 0x7fff, 0x3, 0x3ff, 0x3, 0x0, 0x6, 0x6, 0x6, 0x10, 0x6, 0x9, 0x4a85b1ef, 0x9, 0xfffff24b, 0x100, 0xffffffff, 0x6, 0x3, 0xffff, 0xe, 0xff, 0x6, 0x4, 0x9, 0xb5, 0xd, 0x0, 0x7, 0xffffffff, 0x1ff, 0x3, 0x800, 0xc, 0x1, 0xf, 0x7fff, 0x5, 0x401, 0x7, 0x6, 0x0, 0x4, 0x1, 0x0, 0x80000001, 0xdd6, 0x7, 0x8a3f, 0x9, 0x50000000, 0x7, 0x7, 0x2, 0x3, 0xea65, 0x3, 0x9, 0x8, 0x10, 0xbc, 0xa, 0x100, 0x6, 0x400, 0x2, 0x8, 0xa09, 0x9], 0x6, 0x400, 0x3})
setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in6=@mcast1, 0x4e22, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x8000000000, 0x1000, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @private}, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x0, 0x0, 0xb7}}, 0xe4)

2.690027414s ago: executing program 1 (id=2078):
ioctl$I2C_SLAVE(0xffffffffffffffff, 0x703, 0x11c)
syz_emit_ethernet(0x46, &(0x7f0000000380)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "081f20", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ni={0x54c9c28d6fd5feeb, 0x0, 0x0, 0xc32, 0x70, 0x400}}}}}}, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1041, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
openat$tun(0xffffffffffffff9c, &(0x7f0000001380), 0x183081, 0x0)
syz_emit_vhci(0x0, 0x8)
timer_create(0xb, 0x0, &(0x7f0000000400))
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='block_plug\x00', r2}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
epoll_create1(0x0)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$unix(r6, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[@rights={{0x10, 0x1, 0x1, [r5]}}], 0x10}, 0x0)
recvmmsg$unix(r5, &(0x7f0000000f40)=[{{&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000180)=""/146, 0x92}], 0x1, &(0x7f0000000280)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0xc}}], 0xb0}}, {{&(0x7f0000000340), 0x6e, &(0x7f0000000440)=[{0x0}], 0x1, &(0x7f0000000480)=[@rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}], 0x114}}, {{&(0x7f0000000540)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000640)=""/28, 0x1c}, {&(0x7f0000000680)=""/18, 0x12}], 0x2, &(0x7f0000000700)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x78}}, {{&(0x7f0000000780), 0x6e, &(0x7f0000000e00)=[{&(0x7f0000000800)=""/190, 0xbe}, {&(0x7f00000008c0)=""/64, 0x40}, {&(0x7f0000000900)=""/99, 0x63}, {&(0x7f0000000980)=""/222, 0xde}, {&(0x7f0000000a80)=""/224, 0xe0}, {&(0x7f0000000b80)=""/4, 0x4}, {&(0x7f0000000bc0)=""/237, 0xed}, {&(0x7f0000000cc0)=""/60, 0x3c}, {&(0x7f0000000d00)=""/226, 0xe2}], 0x9, &(0x7f0000000e80)=[@cred={{0x18}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0xa0}}], 0x4, 0x2, 0x0)
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x4030582a, &(0x7f0000000200))
getsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000840), &(0x7f0000000880)=0x4)

2.009731776s ago: executing program 0 (id=2082):
r0 = syz_open_dev$I2C(0x0, 0x0, 0x800)
ioctl$I2C_SLAVE(r0, 0x703, 0x11c)
recvmmsg(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000380)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "081f20", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ni={0x54c9c28d6fd5feeb, 0x0, 0x0, 0xc32, 0x70, 0x400}}}}}}, 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1041, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000001380), 0x183081, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0502460c", @ANYRESHEX=0x0, @ANYRES32=0x0], 0x8)
timer_create(0xb, 0x0, &(0x7f0000000400))
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='block_plug\x00', r2}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$unix(r7, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[@rights={{0x10, 0x1, 0x1, [r6]}}], 0x10}, 0x0)
recvmmsg$unix(r6, &(0x7f0000000f40)=[{{&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000180)=""/146, 0x92}], 0x1, &(0x7f0000000280)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0xc}}], 0xb0}}, {{&(0x7f0000000340), 0x6e, &(0x7f0000000440), 0x0, &(0x7f0000000480)=[@rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}], 0x114}}, {{&(0x7f0000000540)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000640)=""/28, 0x1c}, {&(0x7f0000000680)=""/18, 0x12}], 0x2, &(0x7f0000000700)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x78}}, {{&(0x7f0000000780), 0x6e, &(0x7f0000000e00)=[{&(0x7f0000000800)=""/190, 0xbe}, {&(0x7f00000008c0)=""/64, 0x40}, {&(0x7f0000000900)=""/99, 0x63}, {&(0x7f0000000980)=""/222, 0xde}, {&(0x7f0000000a80)=""/224, 0xe0}, {&(0x7f0000000b80)=""/4, 0x4}, {&(0x7f0000000bc0)=""/237, 0xed}, {&(0x7f0000000cc0)=""/60, 0x3c}, {&(0x7f0000000d00)=""/226, 0xe2}], 0x9, &(0x7f0000000e80)=[@cred={{0x18}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0xa0}}], 0x4, 0x2, 0x0)
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x4030582a, &(0x7f0000000200))
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
getsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000840), &(0x7f0000000880)=0x4)

1.925619924s ago: executing program 1 (id=2083):
ioperm(0x0, 0x6, 0x2da3b9f3)
r0 = inotify_init1(0x0)
r1 = inotify_add_watch(r0, &(0x7f0000000200)='.\x00', 0x400)
r2 = dup(r0)
inotify_rm_watch(r2, r1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000080000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000021440011800a0001006d617463680000003400028008000240000000001c0003000afe6cbf96caa5debdad61b67ddb2fb68fcf19f7807076430a00010071756f7461"], 0xc8}}, 0x40000)
r4 = openat$cgroup_root(0xffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0)
mkdir(&(0x7f0000000100)='./file0\x00', 0x20)
openat$cgroup_ro(r4, &(0x7f0000000080)='blkio.bfq.empty_time\x00', 0x0, 0x0)

1.888083656s ago: executing program 1 (id=2084):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00'})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
socket$packet(0x11, 0x3, 0x300)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)={0x40, r2, 0x1, 0xfffffffd, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14}]}]}]}, 0x40}}, 0x0)

1.878440573s ago: executing program 3 (id=2085):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x5}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000000)=ANY=[], 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000080), 0x4000000, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
openat$adsp1(0xffffff9c, &(0x7f0000000000), 0x200, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='stat\x00')
read$FUSE(r1, &(0x7f0000004180)={0x2020}, 0x2020)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r5, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0xfffffffffffffec3}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x800)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
ppoll(&(0x7f0000000140)=[{r6}], 0x1, 0x0, 0x0, 0x0)
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
setns(r8, 0x8020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x0, &(0x7f0000001dc0)={0x8, 0x70}, 0x20)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000c80)={'lo\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000012c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pie={{0x8}, {0xc, 0x2, [@TCA_PIE_LIMIT={0x8}]}}]}, 0x38}}, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000080)=0x7c)

1.8310457s ago: executing program 2 (id=2086):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)="d800000018008103e00312ba0d8105040a600300ff0f040b067c55a1bc000900b80006990700000015000500fef32702d3001500030001400200000901ac040098007f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b66bce0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e970300"/216, 0xd8}], 0x1}, 0x48002)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
setpgid(0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r2 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r2, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xff}, 0x2f)
r3 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0)
ppoll(&(0x7f0000000180)=[{r2}], 0x1, 0x0, 0x0, 0x0)
write$cgroup_pressure(r3, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xffffa}, 0x2f)
close(r2)
close(r3)

1.678820187s ago: executing program 0 (id=2087):
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001ac0)={r1, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}})
ioctl$LOOP_CLR_FD(r2, 0x4c01)
close_range(r2, 0xffffffffffffffff, 0x0)
preadv2(r0, &(0x7f0000000540)=[{&(0x7f00000000c0)=""/151, 0x97}], 0x1, 0x9, 0x6, 0x0)
request_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$ptmx(0xffffff9c, &(0x7f0000000200), 0x40241, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r5, 0x100000)
syz_clone3(&(0x7f0000001240)={0xf400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r6 = openat$sw_sync_info(0xffffff9c, 0x0, 0x20000, 0x0)
ioctl$VIDIOC_G_INPUT(r6, 0x80045626, &(0x7f0000000180))
sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000480)={0x28, r4, 0xc09, 0x70bd2b, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x40488c0)

1.678243129s ago: executing program 3 (id=2088):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001000)=@newtaction={0x29c, 0x30, 0x1, 0x70bd25, 0x25dfdbfd, {}, [{0x288, 0x1, [@m_mirred={0x1f4, 0x3ffc, 0x0, 0x0, {{0xb}, {0xe4, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x9, 0x0, 0x8, 0x5, 0x692}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x9, 0x10000000, 0x8, 0x8}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0xb, 0x6, 0x6, 0x3}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x100, 0x1, 0xd, 0x1}, 0x3}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x7, 0x1, 0x5, 0x2, 0x3}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xb0, 0x4383, 0x7, 0x1, 0x9}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1000, 0x363c, 0x10000000, 0x8001, 0x4}}}]}, {0xe8, 0x6, "8a0270536849bc14659b65665097cabfe6ff94fa6cce617f2243c7375222209a4d13b29e1e44895aff49df7ace6ef37248414d2ef1c0a3188d26981338e7167f1086eafd7b98b0f3ba0f9ac317411851bdd6d739c20751ec089ecbb07de4af6c2af601c50e1467eada2102ea5345531b0f0b294f5301cb60cfffab326aa5a0004ed1fb7e327b3dd27831194860b6655fd10fd4ab4efd3fb9f627ee3164292cd9318a78f83467b3f024772c958a748e51f0561e271d87e02397cf99ee97d26ae3017520d2b8451c1b199e867a0c7cd782e2382eb2c4636e88f141292c62586b2b58b91697"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_tunnel_key={0x90, 0x19, 0x0, 0x0, {{0xf}, {0x1c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e22}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x29}}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x26}}]}, {0x47, 0x6, "d4c473034f75dac683b7cec4eeb60142616d1c8b5702df39ce8a1216875fb3083c64c8c6f49d4b9bd34df332814cbc552d9769451036fd5a98b7c1f1ecfba09f440b7a"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x29c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x80000000, 0x9, 0x31363553, 0x0, 0xa, [{0x2, 0x5}, {0x6, 0x7f36}, {0x200, 0x70}, {0x3, 0xf}, {0xa, 0x100}, {0x6, 0x589}, {0x8, 0x7}, {0x10001, 0x8}], 0x10, 0x8, 0x2, 0x2, 0x3}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = openat$nmem0(0xffffff9c, &(0x7f0000000040), 0x101040, 0x0)
getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x30)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
eventfd(0x80001ff)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000740)=""/132, 0x0, 0x1})
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0)
unshare(0x44040000)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000800)=ANY=[@ANYBLOB="f81b4d2304d79873bfbbaa8514229d39061938440ca75de5c5a9f819e335d6f58972084e9c6b3c895158624390c58dc8f4fe6fa3c394ebd10539760563f7b1ffffffffd7e93022ef5bcbf1847615daad93b61756c9c15d50540c0bd08778fa5f7afdf46e2c9bc0c1e54a452b86374cbe5bf8269ca31194007a96b1258cf27e7ccf5ee0179998e64959acde0fc6bded8151ac895354c5a58bebb689a725c441e34a03606437b4501929348bd2cd11cecaf8f942da8bc3016426014df6c761bea3ec2c7084d6b5e147a3df167133ef93e60f0faf5bb029d81dbd84bb70a401b4adb3274ff074a3b6250c2b7c290f0ed34a4c241e7027511b8a78856a63a58bcb333a5d82e329b03800"/277])
r2 = openat$hpet(0xffffff9c, &(0x7f0000000100), 0x341800, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f00000004c0), 0x4f4902, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'bond0\x00'})
connect$unix(r3, &(0x7f0000000600)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmsg$nl_route(r4, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000200)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0)
ftruncate(r5, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r5, 0x0)
lseek(r5, 0x100401, 0x4)
ioctl$EVIOCGKEY(r2, 0x80404518, &(0x7f0000000440)=""/105)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000540)={&(0x7f0000000a80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="020026ad7000fddbdf25010000000800010000000000cf3dedb0e15dacc69f2da5d2ec899f41663393bebec5e8dfa49b93f2111e8d7bf278cc8897db3a781c1af842d69a892d0c61a8195ae3157833d34f731da406a0f4a0f58df368e6b7c0d664ac0098bde7ca952cb6ce89f91a614a8e1103d6b94d787c6c9f8d460edd19beb6a9ab27e46c52d1f7f02d3041187ba9759611c5e84bb27b1f8dc2f4ddb71bc2f728695bef5ccf1334c2a136071636855b961d6d4278f7825a"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7ff, 0x8b}, 0x0)

1.589930499s ago: executing program 0 (id=2089):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}, 0x1}, 0x18)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704b6", 0x9}], 0x11}, 0x48005)

1.589668587s ago: executing program 0 (id=2090):
mmap(&(0x7f0000000000/0x400000)=nil, 0x1e9000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x1000000)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r1, &(0x7f0000000080)={0x2a, 0x0, 0x3fff}, 0xc)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000480)=0x19)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x8c)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r2)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r3, &(0x7f00000000c0)=""/58, 0x3a)
getdents(r3, 0x0, 0x58)
r4 = socket$inet_icmp(0x2, 0x2, 0x1)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff, 0xcd, 0x35, &(0x7f0000000040)="f6cdac767d19683434cdf63a7c1837ec4071ebcef56f04103489cb89587da210fe2574f93fa3fdac44528acfaf941c2cdbe39e8f51", 0x4, 0x8, 0x800, 0x3, 0x8, 0x2, 0x100, 'syz1\x00'})
r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r5, 0x0, 0x1, &(0x7f0000000180)=0x1, 0x4)
getsockopt$WPAN_SECURITY(r5, 0x0, 0x1, 0x0, &(0x7f0000000200))
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_emit_ethernet(0x7e, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000002", 0x48, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, @local, {[], @pkt_toobig={0x8, 0x2, 0x0, 0x0, {0x0, 0x6, "000810", 0x0, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @private2, [@dstopts], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x16, @multicast2, 0x4e24, 0x0, 'sh\x00', 0x30, 0x1b79, 0x78}, {@empty, 0x4e21, 0x4, 0x8000, 0x1, 0x1}}, 0x44)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve1\x00', <r6=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@newlink={0x6c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300, 0x8002}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x34, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x2}, @IFLA_VLAN_EGRESS_QOS={0x28, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x5}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x80}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x70, 0x8001}}]}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x6c}}, 0x0)

1.427129358s ago: executing program 0 (id=2091):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x80000000, 0x9, 0x31363553, 0x0, 0xa, [{0x2, 0x5}, {0x6, 0x7f36}, {0x200, 0x70}, {0x3, 0xf}, {0xa, 0x100}, {0x6, 0x589}, {0x8, 0x7}, {0x10001, 0x8}], 0x10, 0x8, 0x2, 0x2, 0x3}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
openat$nmem0(0xffffff9c, &(0x7f0000000040), 0x101040, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$kcm(0x10, 0x2, 0x4)
close(r1)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="5c00000010006bcc9e3be35c6e17aa31076b876c1d000000000000000000000304001ac00800400004000500020000000064bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6", 0x5a}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0)
unshare(0x44040000)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000180)=ANY=[@ANYBLOB])
openat$hpet(0xffffff9c, &(0x7f0000000100), 0x341800, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'bond0\x00'})
connect$unix(r2, &(0x7f0000000600)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = memfd_create(&(0x7f0000000200)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0)
ftruncate(r3, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r3, 0x0)
lseek(r3, 0x100401, 0x4)

1.239933979s ago: executing program 1 (id=2092):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@getroute={0x14, 0x1a, 0x402, 0x70bd2d, 0x25dfdbfc, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x1000}, 0x0) (async)
fcntl$addseals(r0, 0x409, 0xb)

1.239420893s ago: executing program 1 (id=2093):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002240)='/proc/consoles\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020)
syz_usb_connect$printer(0x4, 0x2d, &(0x7f00000022c0)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x1, 0x10, 0x5, [{{0x9, 0x4, 0x0, 0x8f, 0x1, 0x7, 0x1, 0x3, 0xec, "", {{{0x9, 0x5, 0x1, 0x2, 0x478, 0x4, 0x9, 0x10}}}}}]}}]}}, &(0x7f00000024c0)={0xa, &(0x7f0000002300)={0xa, 0x6, 0x200, 0x2, 0x75, 0x52, 0xff, 0x1}, 0x38, &(0x7f0000002340)={0x5, 0xf, 0x38, 0x5, [@ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x4, 0x40, 0x8, 0x2, 0x0, 0x9}, @ext_cap={0x7, 0x10, 0x2, 0x1c, 0xb, 0x2, 0x7}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x2, 0x8a, 0xff, 0x100}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "ceb9e5281456733f0a3c6e37ee66f124"}]}, 0x5, [{0x4, &(0x7f0000002380)=@lang_id={0x4, 0x3, 0x409}}, {0x4, &(0x7f00000023c0)=@lang_id={0x4, 0x3, 0x3023}}, {0x4, &(0x7f0000002400)=@lang_id={0x4, 0x3, 0x81a}}, {0x4, &(0x7f0000002440)=@lang_id={0x4, 0x3, 0x2409}}, {0x4, &(0x7f0000002480)=@lang_id={0x4, 0x3, 0x44e}}]})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000580)={<r1=>0x0, @broadcast, @private}, &(0x7f00000005c0)=0xc)
sendmsg$nl_route(r0, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)=@ipv6_getaddr={0x2c, 0x16, 0x200, 0x70bd26, 0x25dfdbfc, {0xa, 0x0, 0x8, 0x0, r1}, [@IFA_ADDRESS={0x14, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x8000000)
socket$igmp(0x2, 0x3, 0x2)
socket$inet6_udplite(0xa, 0x2, 0x88)
openat$proc_mixer(0xffffff9c, &(0x7f0000002500)='/proc/asound/card1/oss_mixer\x00', 0x410241, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)=@newtaction={0x64, 0x30, 0x1, 0x0, 0x0, {}, [{0x50, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)
r5 = fsopen(0x0, 0x0)
write$proc_mixer(0xffffffffffffffff, &(0x7f0000000500)=ANY=[@ANYBLOB="414c5450434d0a50484f4e45495220274d69632043617074757265272030303030303030303030303030303030303030300a50484f4e45494e20274d617374657230506c61796261636b20566f6c756d65272030303030303030303030303030303030303030300a4449474954414c33202743442730303030303030303030300a535045414b4552202743442720303030e125714606a90c4630303030303000000000"], 0xe6)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2)
prlimit64(r2, 0xa, &(0x7f00000001c0)={0x0, 0x9}, &(0x7f0000000300))
r6 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$VT_GETSTATE(r6, 0x5603, &(0x7f0000000100)={0x2, 0x6, 0x401})

926.809982ms ago: executing program 2 (id=2094):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES32=r0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r2}, 0x18)
socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x1, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/profiling', 0x141a82, 0x191)
write$cgroup_int(r7, &(0x7f0000000040)=0x900, 0x12)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$NL80211_CMD_STOP_AP(r7, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x1c, 0x0, 0x200, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r10}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x84)
syz_io_uring_setup(0x5c2, 0x0, &(0x7f0000000240)=<r11=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_open_dev$vim2m(0x0, 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r13, 0xc0405602, &(0x7f0000000140)={0x14, 0x1, 0x0, "1c13ebdaf2f20d55806b26b1d750185fd75a606da058e85b2197edb1439b1cc2"})
ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f00000003c0)={'wlan1\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)

499.727326ms ago: executing program 2 (id=2095):
r0 = syz_open_dev$I2C(0x0, 0x0, 0x800)
ioctl$I2C_SLAVE(r0, 0x703, 0x11c)
recvmmsg(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000380)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "081f20", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ni={0x54c9c28d6fd5feeb, 0x0, 0x0, 0xc32, 0x70, 0x400}}}}}}, 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1041, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000001380), 0x183081, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0502460c", @ANYRESHEX=0x0, @ANYRES32=0x0], 0x8)
timer_create(0xb, 0x0, &(0x7f0000000400))
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='block_plug\x00', r2}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$unix(r7, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[@rights={{0x10, 0x1, 0x1, [r6]}}], 0x10}, 0x0)
recvmmsg$unix(r6, &(0x7f0000000f40)=[{{&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000180)=""/146, 0x92}], 0x1, &(0x7f0000000280)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0xc}}], 0xb0}}, {{&(0x7f0000000340), 0x6e, &(0x7f0000000440), 0x0, &(0x7f0000000480)=[@rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}], 0x114}}, {{&(0x7f0000000540)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000640)=""/28, 0x1c}, {&(0x7f0000000680)=""/18, 0x12}], 0x2, &(0x7f0000000700)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x78}}, {{&(0x7f0000000780), 0x6e, &(0x7f0000000e00)=[{&(0x7f0000000800)=""/190, 0xbe}, {&(0x7f00000008c0)=""/64, 0x40}, {&(0x7f0000000900)=""/99, 0x63}, {&(0x7f0000000980)=""/222, 0xde}, {&(0x7f0000000a80)=""/224, 0xe0}, {&(0x7f0000000b80)=""/4, 0x4}, {&(0x7f0000000bc0)=""/237, 0xed}, {&(0x7f0000000cc0)=""/60, 0x3c}, {&(0x7f0000000d00)=""/226, 0xe2}], 0x9, &(0x7f0000000e80)=[@cred={{0x18}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0xa0}}], 0x4, 0x2, 0x0)
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x4030582a, &(0x7f0000000200))
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
getsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000840), &(0x7f0000000880)=0x4)

121.461354ms ago: executing program 0 (id=2096):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x32525942, 0x2, 0xb, [{}, {}, {}, {0xfffffffd}, {}, {0x0, 0x1000000}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x4)
read$msr(r1, &(0x7f0000000400)=""/102400, 0x19000)
getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000240), &(0x7f0000000280)=0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000002c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$poke(0x5, r4, &(0x7f0000000080), 0x1000000000000000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r5 = socket$kcm(0x2, 0xa, 0x2)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000001, 0x2052, 0xffffffffffffffff, 0x4b000)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
socket$key(0xf, 0x3, 0x2)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
signalfd(r1, &(0x7f0000000080)={[0x4, 0x7]}, 0x8)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e22, @private=0xa010100}, 0x10)
connect$inet(r6, &(0x7f0000000100)={0x2, 0x4e22, @multicast2}, 0x10)
r7 = openat2(0xffffffffffffff9c, &(0x7f0000019400)='./file0\x00', &(0x7f0000019440)={0x101, 0x102, 0x8}, 0x18)
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r7, 0x7b1, &(0x7f000001a480)={&(0x7f0000019480)=[0x2, 0x3ff, 0x8, 0xfffff564, 0x4, 0x9, 0x8, 0x99, 0x6, 0x7, 0xa, 0x7, 0xb, 0xa00000, 0xffffff7f, 0x100, 0x6, 0x0, 0x0, 0x7ff, 0x3, 0x4, 0x5, 0x7fff, 0x6, 0x8b, 0x1, 0x9dbe22c, 0x6, 0x1, 0x7, 0x5, 0x7dcc, 0x4, 0x40, 0x2, 0x6, 0x6, 0x1, 0x6bf, 0x0, 0x4, 0x4cf, 0x7, 0x8, 0x6, 0x948f097, 0x9, 0xad, 0x65, 0x400, 0x6, 0x8, 0x8, 0x0, 0xfffffff8, 0x4, 0x1, 0x8, 0x8, 0x0, 0x10000, 0x2, 0x0, 0x0, 0xe, 0x4, 0x6, 0x3eb7, 0x2, 0x3, 0x0, 0x1000, 0xa, 0x6, 0x80, 0x6, 0x0, 0x2, 0x5f3c, 0x81, 0xfffffbff, 0xf, 0x1, 0xfffff5b6, 0x811, 0x1000, 0x8001, 0x1, 0xfffffffb, 0x5, 0x9, 0x4, 0x9, 0x55, 0xedad, 0x1, 0x8001, 0x101, 0x0, 0x86, 0x5, 0xe7, 0x30, 0x9, 0x4, 0x80000001, 0xfff, 0xffffffff, 0xffff5ab3, 0x8, 0x3, 0x4, 0xffffffff, 0x8, 0x8, 0x1, 0x8, 0x1, 0x4, 0x9e, 0x1, 0x4, 0xc4f, 0x1, 0x200, 0x8000, 0x7, 0x4, 0x1, 0xfffffff8, 0x10, 0x7ff, 0x9, 0x15b1, 0x9, 0x38b682a9, 0x0, 0x8, 0x7, 0x81, 0x1, 0x8, 0x1, 0xffff34fb, 0x1000, 0x401, 0xffff, 0x1, 0x7, 0xf5, 0x8, 0x8, 0x10000, 0x0, 0x8, 0x4, 0x1ff, 0x7, 0x10001, 0x2, 0x2d44, 0x8001, 0x0, 0x64, 0x9, 0xe6, 0x1, 0x1000, 0xfffff001, 0x0, 0x57f0, 0x8, 0x1, 0xa, 0x6, 0x4, 0xc, 0x80000001, 0x5, 0x9, 0x4, 0x9, 0x9, 0x4, 0x8, 0x0, 0x4, 0xf5be, 0x20000, 0xaa0, 0xbb2b, 0x7, 0x7, 0xfffffff9, 0x75d, 0xffffffff, 0x1, 0x8001, 0xfffffff7, 0xfff, 0x9, 0x6, 0xd83, 0x8, 0x9, 0x5, 0x1, 0x7fff, 0x7, 0x3, 0x15, 0x6, 0x3, 0x8ce, 0x122c, 0x5c55, 0x7fffffff, 0x2, 0xa158, 0xb06, 0x3, 0xfffffffd, 0x0, 0x0, 0xc0000000, 0x5, 0x9, 0xffff7aaa, 0x3, 0x100, 0xe, 0xf, 0xf, 0x34ee, 0x3, 0x4, 0xd, 0x3ea, 0x5, 0x6, 0x2, 0x80000000, 0x5c40, 0x9, 0x1ca4, 0xc3e8, 0x0, 0xc37, 0x6, 0x2, 0x1, 0x3, 0x10, 0x6, 0xfffffff7, 0x1ff, 0x800, 0x5, 0x9, 0xfffffff7, 0x4, 0x1, 0x5, 0x5, 0xc5, 0x7fff, 0x2, 0x9, 0x80000000, 0x4, 0x1, 0xffffffff, 0x101, 0x8, 0x975, 0x5f8dd762, 0x0, 0x7f, 0x3ff, 0x3, 0x2, 0x2b, 0x9, 0x80000000, 0x7, 0x0, 0x1, 0x7, 0x7, 0x5d, 0x10000, 0x4, 0xf0, 0x80, 0xfffffc01, 0x9, 0x2, 0xfffffffa, 0x135100, 0x7, 0x401, 0x2, 0xfffffff7, 0x1000, 0x0, 0x3, 0x107, 0x706d, 0x3, 0x8, 0x7fffffff, 0x3, 0xfffffffc, 0x2d, 0xe1ea, 0x10001, 0xf819, 0xffffffff, 0x2, 0x0, 0x86f, 0x5969, 0xffffffff, 0x691, 0x0, 0x5, 0x6, 0x1000, 0xd5, 0x5, 0xffffffda, 0x8001, 0x9, 0x8, 0x2, 0x8000, 0x0, 0x1, 0x2, 0x3, 0x10001, 0x81, 0x4, 0xceb, 0x0, 0xe, 0x8, 0x9, 0x1, 0x0, 0x7fff, 0x7, 0x3564b636, 0x7, 0x7, 0x60d, 0x0, 0xb8, 0x8, 0x10, 0x5, 0xffffffff, 0x2, 0x7, 0x2, 0xc, 0x49c2, 0xb8, 0x30000000, 0xed9c, 0x9, 0x5, 0x8572, 0x0, 0x8, 0x8, 0x1, 0xede1, 0xffffffff, 0x9, 0x2, 0x4941, 0x4, 0x1, 0x7ff, 0x8, 0x40, 0x0, 0x1, 0x2, 0xffffffe7, 0xd4c, 0xccfc, 0x3, 0x8, 0x7, 0x6, 0x101, 0x8, 0xdab, 0x7, 0x7, 0x50000000, 0x7, 0x4, 0xffff, 0x7fffffff, 0x1, 0x0, 0x9e3d, 0x3, 0xfffffe00, 0x80000000, 0x6, 0xcc9, 0x2, 0x2, 0x80, 0x6, 0x2, 0x768542e9, 0xa0, 0x8, 0x71, 0x9, 0x9, 0xfffffff7, 0x0, 0x7, 0xff, 0x1ff, 0x1, 0x5, 0x0, 0x29, 0x1, 0x40, 0x2, 0x1, 0xa6, 0x1, 0x85e, 0x0, 0xbe, 0x5, 0xfffffffa, 0xfffffff9, 0x0, 0x6, 0x10000, 0x4, 0x9, 0x5, 0x3, 0x400, 0x9, 0xe, 0x8, 0x2, 0x200, 0x2, 0x5, 0xffffffff, 0x5, 0x0, 0xf58, 0x6, 0x3, 0xb, 0xdb, 0x7, 0x7, 0x1, 0x3, 0x2, 0x9, 0x0, 0x81, 0xfffff801, 0x370, 0x3, 0x2, 0x4, 0x6, 0x2, 0xffff, 0xf, 0x6, 0x6, 0x1000, 0x1ff, 0x9, 0x7, 0x101, 0x2, 0x5, 0x3, 0x7, 0x0, 0xfffffff8, 0x9, 0x81, 0x0, 0x9, 0x5, 0x4, 0xea, 0x7f, 0xc, 0x3ff, 0x4, 0x86cf, 0x2, 0x6, 0xb, 0x4, 0xc, 0xfff, 0x3, 0x9, 0x2, 0x20, 0x0, 0xfde, 0x8, 0x7, 0x31, 0x0, 0x3, 0x5, 0x10, 0x2579, 0x101, 0xa69, 0x7, 0x5, 0x3, 0x10, 0x20000000, 0x5, 0xad, 0xe6, 0x9, 0x917, 0x0, 0x10000, 0x2b, 0x9, 0x1, 0x9, 0x2, 0xda951c1a, 0x8, 0x4, 0xa, 0x5, 0x311f, 0x81, 0x88, 0xa, 0x3ff, 0x8000, 0x9, 0x9, 0xe33, 0x6, 0x0, 0x5, 0x7fff, 0x7, 0x1000, 0xff, 0x5, 0x0, 0x9, 0x8, 0x8, 0x62b1, 0x800, 0x5, 0x9, 0x1, 0x4, 0x2, 0x2, 0x4, 0xe, 0x0, 0x3, 0x401, 0x6, 0x4, 0x7fff, 0xfffffff7, 0x9, 0x8, 0x80000001, 0x3ff, 0x9, 0x5, 0x8001, 0xc, 0x8, 0xbd, 0x9, 0x2, 0x6, 0x0, 0xc, 0x0, 0x5, 0x1, 0x3, 0x5, 0xffffffff, 0xfffffff1, 0x7, 0x8, 0x1, 0x2, 0x1, 0x5, 0x1000, 0x9, 0xfffffff7, 0x9, 0xffff8000, 0x100, 0x8, 0x9, 0x8, 0x81, 0x4, 0x8, 0xffffffff, 0x7ff800, 0x93, 0x10001, 0x9, 0x9, 0x1, 0x4, 0x406c, 0x6, 0x40, 0x0, 0x5ae1, 0x2, 0x8000, 0xfffff3bb, 0xe, 0xcce, 0x3, 0x5, 0x6, 0x1, 0x4, 0x9, 0x81, 0x4, 0x5, 0x73e, 0xffff, 0x0, 0x2f4b, 0x6, 0x9, 0x800, 0x8, 0x48a, 0x2, 0x1, 0xb57, 0x6, 0x0, 0xb0, 0xd, 0x8001, 0xe, 0x6, 0xe7a, 0x1ff, 0x4, 0x3, 0x9, 0x6, 0x4, 0x7, 0x9, 0x9f1, 0x8, 0x4, 0x8, 0xf065, 0x4, 0xfffffff7, 0xc, 0x6, 0xe, 0x7, 0x0, 0x100, 0x8, 0x5, 0xa, 0x7, 0x1, 0x2, 0x81f5, 0x5aa697b6, 0x9, 0x5, 0x81, 0x7, 0x4, 0x3, 0xf, 0xb, 0x9, 0x6, 0x526, 0x6, 0xbcf, 0x4, 0x0, 0x0, 0x200, 0x0, 0x401, 0x1, 0x300000, 0x9, 0x401, 0x4, 0x8, 0x3, 0x76, 0x7, 0x2000, 0x6, 0x10001, 0x4, 0x2, 0xffff, 0xffff, 0x3, 0x3, 0xfffffffd, 0x1, 0x0, 0x1, 0x2, 0x0, 0x7e, 0xffffff62, 0xffff043f, 0xfc3, 0x5, 0x1, 0xfff, 0x8, 0x5, 0xfff, 0x5, 0x5, 0x800, 0x0, 0x8, 0x4, 0x8000, 0xfffffff8, 0x0, 0x9, 0x1, 0xb4d, 0xd4eb, 0x7, 0x8001, 0x80000000, 0xfffff000, 0x7, 0x2, 0x9, 0x7, 0x7061, 0xfffffff9, 0xff, 0x10001, 0x5, 0x9, 0x0, 0xff, 0x4, 0x8, 0x2, 0x400, 0x1000, 0x6, 0x9, 0x6, 0x0, 0x2, 0x6, 0x5, 0x101, 0x9, 0x9, 0x1, 0x9, 0x0, 0xff, 0x5, 0x3ff, 0x4, 0x50a, 0x8, 0x4, 0x9, 0x1000, 0x8, 0x7, 0x9, 0x8, 0x5, 0x4, 0x5, 0x5879, 0x9, 0xdfa, 0x3, 0xf2, 0xffffff7f, 0x0, 0xb245, 0x6, 0x7, 0x1cc3, 0x1, 0x9, 0x0, 0x3, 0x8, 0xa155, 0x2, 0x9, 0x62f, 0x9, 0x4, 0x7, 0x401, 0x4, 0x200000, 0x0, 0x1, 0x4, 0x3, 0x6, 0x10, 0x9a0, 0x4, 0xe, 0x10, 0x2, 0x6, 0x5, 0x1, 0xba1, 0x1, 0xfffffffb, 0xa, 0x4, 0x3, 0x4, 0x1, 0x853b, 0x1, 0x5, 0x3, 0x9, 0x643, 0x1ff, 0x229, 0x4, 0xfffffff7, 0x0, 0x3, 0x3, 0x2, 0xffffffff, 0x8, 0x8, 0x1, 0x8, 0x1, 0x1, 0x4, 0x6, 0x2, 0x81, 0x2, 0x0, 0x5, 0x9, 0xfffffffe, 0x1, 0xfffffffc, 0xffff, 0xb7, 0xffffff7f, 0x3, 0x7, 0x10000, 0x3, 0xfffffffe, 0x0, 0x40, 0xe92c, 0x2, 0xba1f, 0x5, 0x100, 0xfffff000, 0x3, 0xbe28, 0xe6, 0x8, 0x1, 0xffff7fff, 0x8, 0x7, 0xd, 0x9, 0x6, 0x7, 0x1, 0x8, 0x5d2c2c41, 0x900000, 0x2, 0x6, 0x0, 0x4, 0x8, 0x3, 0x7, 0x2, 0x1, 0x1, 0x3, 0xfffffffc, 0x8, 0x4, 0xffff649e, 0x7fffffff, 0x401, 0x7fff, 0x3, 0x3ff, 0x3, 0x0, 0x6, 0x6, 0x6, 0x10, 0x6, 0x9, 0x4a85b1ef, 0x9, 0xfffff24b, 0x100, 0xffffffff, 0x6, 0x3, 0xffff, 0xe, 0xff, 0x6, 0x4, 0x9, 0xb5, 0xd, 0x0, 0x7, 0xffffffff, 0x1ff, 0x3, 0x800, 0xc, 0x1, 0xf, 0x7fff, 0x5, 0x401, 0x7, 0x6, 0x0, 0x4, 0x1, 0x0, 0x80000001, 0xdd6, 0x7, 0x8a3f, 0x9, 0x50000000, 0x7, 0x7, 0x2, 0x3, 0xea65, 0x3, 0x9, 0x8, 0x10, 0xbc, 0xa, 0x100, 0x6, 0x400, 0x2, 0x8, 0xa09, 0x9], 0x6, 0x400, 0x3})
setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in6=@mcast1, 0x4e22, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x8000000000, 0x1000, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @private}, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x0, 0x0, 0xb7}}, 0xe4)

121.027639ms ago: executing program 2 (id=2097):
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001ac0)={r1, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}})
ioctl$LOOP_CLR_FD(r2, 0x4c01)
close_range(r2, 0xffffffffffffffff, 0x0)
preadv2(r0, &(0x7f0000000540)=[{&(0x7f00000000c0)=""/151, 0x97}], 0x1, 0x9, 0x6, 0x0)
request_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$ptmx(0xffffff9c, &(0x7f0000000200), 0x40241, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r5, 0x100000)
syz_clone3(&(0x7f0000001240)={0xf400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r6 = openat$sw_sync_info(0xffffff9c, 0x0, 0x20000, 0x0)
ioctl$VIDIOC_G_INPUT(r6, 0x80045626, &(0x7f0000000180))
sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000480)={0x28, r4, 0xc09, 0x70bd2b, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x40488c0)

0s ago: executing program 2 (id=2098):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000063c0)=ANY=[@ANYBLOB="200000002c00010026bd7000fcdbdf25040000000800170008000000040019"], 0x20}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) (fail_nth: 9)

kernel console output (not intermixed with test programs):


[  153.957042][   T26] usb 7-1: config 0 has no interface number 0
[  153.959294][   T26] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  153.962538][   T26] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  153.965506][   T26] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  153.968744][   T26] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  153.972201][   T26] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  153.975764][   T26] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  153.979667][   T26] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  153.982388][   T26] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.985552][   T26] usb 7-1: config 0 descriptor??
[  153.989415][ T8106] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  153.992307][ T8106] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  153.996345][   T26] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  154.199457][ T8106] ldusb 7-1:0.55: Write buffer overflow, 1 bytes dropped
[  154.264809][ T5952] Bluetooth: hci3: ACL packet for unknown connection handle 3840
[  154.519067][ T8131] netlink: 20 bytes leftover after parsing attributes in process `syz.3.517'.
[  154.834362][ T8133] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  154.836361][ T8133] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  154.844918][ T8133] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  154.847901][ T8133] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  154.849720][ T8133] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  154.854722][ T8133] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  154.857042][ T8133] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  154.858918][ T8133] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  154.862675][ T8133] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  154.865273][ T8133] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  154.868211][ T8133] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  154.869936][ T8133] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  154.878408][ T8133] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  154.984467][   T31] IPVS: starting estimator thread 0...
[  155.091296][ T8140] IPVS: using max 38 ests per chain, 91200 per kthread
[  156.021765][ T6012] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  156.171219][ T6012] usb 8-1: Using ep0 maxpacket: 8
[  156.175680][ T6012] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  156.178850][ T6012] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  156.185813][ T6012] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  156.189532][ T6012] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  156.196080][ T6012] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  156.198841][ T8160] netlink: 48 bytes leftover after parsing attributes in process `syz.1.526'.
[  156.202822][ T6012] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  156.206899][ T6012] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.681279][ T5952] Bluetooth: hci0: command 0x0406 tx timeout
[  156.921193][ T5952] Bluetooth: hci2: command 0x0406 tx timeout
[  156.931064][ T5952] Bluetooth: hci3: command 0x0405 tx timeout
[  156.932756][ T5952] Bluetooth: hci1: command 0x0406 tx timeout
[  156.965356][  T834] usb 7-1: USB disconnect, device number 3
[  156.969870][  T834] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  157.038103][ T8172] netlink: 20 bytes leftover after parsing attributes in process `syz.2.528'.
[  157.171178][ T6012] usb 8-1: usb_control_msg returned -32
[  157.172803][ T6012] usbtmc 8-1:16.0: can't read capabilities
[  157.631147][ T8187] ieee802154 phy0 wpan0: encryption failed: -90
[  158.761323][ T5951] Bluetooth: hci0: command 0x0406 tx timeout
[  158.809937][   T26] usb 8-1: USB disconnect, device number 6
[  158.849306][ T8209] netlink: 4 bytes leftover after parsing attributes in process `syz.3.535'.
[  159.001086][ T5951] Bluetooth: hci1: command 0x0406 tx timeout
[  159.002775][ T5951] Bluetooth: hci3: command 0x0405 tx timeout
[  159.004425][ T5951] Bluetooth: hci2: command 0x0406 tx timeout
[  159.161330][   T26] usb 8-1: new low-speed USB device number 7 using dummy_hcd
[  159.319181][ T8217] netlink: 48 bytes leftover after parsing attributes in process `syz.2.538'.
[  159.323422][   T26] usb 8-1: config 0 has an invalid interface number: 55 but max is 0
[  159.326179][   T26] usb 8-1: config 0 has no interface number 0
[  159.328209][   T26] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  159.333200][   T26] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  159.335982][   T26] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  159.339785][   T26] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  159.354105][   T26] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  159.357731][   T26] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  159.368542][   T26] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  159.374209][   T26] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.387502][   T26] usb 8-1: config 0 descriptor??
[  159.389911][ T8209] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  159.392058][ T8209] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  159.396705][   T26] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  159.604055][ T8209] ldusb 8-1:0.55: Write buffer overflow, 1 bytes dropped
[  159.665948][ T5952] Bluetooth: hci0: ACL packet for unknown connection handle 3840
[  159.835174][ T8226] netlink: 20 bytes leftover after parsing attributes in process `syz.0.539'.
[  160.452903][ T8236] bridge0: entered allmulticast mode
[  160.819543][ T8241] netlink: 276 bytes leftover after parsing attributes in process `syz.0.545'.
[  160.841084][ T5952] Bluetooth: hci0: command 0x0406 tx timeout
[  160.898479][ T8243] netlink: 4 bytes leftover after parsing attributes in process `syz.1.546'.
[  160.902864][ T8243] hsr_slave_0: left promiscuous mode
[  161.081844][ T5952] Bluetooth: hci2: command 0x0406 tx timeout
[  161.081854][ T5951] Bluetooth: hci3: command 0x0405 tx timeout
[  161.083765][ T5952] Bluetooth: hci1: command 0x0406 tx timeout
[  161.207074][ T8253] netlink: 20 bytes leftover after parsing attributes in process `syz.0.550'.
[  161.233059][ T8255] syz.0.551 (8255): /proc/8254/oom_adj is deprecated, please use /proc/8254/oom_score_adj instead.
[  161.653061][ T8265] netlink: 20 bytes leftover after parsing attributes in process `syz.2.552'.
[  161.659676][ T8265] netlink: 20 bytes leftover after parsing attributes in process `syz.2.552'.
[  161.870903][ T6012] usb 8-1: USB disconnect, device number 7
[  161.899906][ T6012] ldusb 8-1:0.55: LD USB Device #0 now disconnected
[  162.082610][ T8274] netlink: 48 bytes leftover after parsing attributes in process `syz.3.555'.
[  162.897066][ T8288] netlink: 20 bytes leftover after parsing attributes in process `syz.2.567'.
[  163.162088][ T5951] Bluetooth: hci2: command 0x0406 tx timeout
[  163.361049][ T5986] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  163.511046][ T5986] usb 6-1: Using ep0 maxpacket: 32
[  163.513847][ T5986] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  163.516941][ T5986] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  163.519607][ T5986] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  163.523884][ T5986] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.530419][ T5986] usb 6-1: config 0 descriptor??
[  163.946638][ T5986] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  164.262509][ T5986] usb 6-1: USB disconnect, device number 3
[  164.806106][ T5951] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  165.553828][ T8326] netlink: 20 bytes leftover after parsing attributes in process `syz.1.571'.
[  165.684890][ T8334] netlink: 48 bytes leftover after parsing attributes in process `syz.1.573'.
[  165.781261][ T8338] netlink: 60 bytes leftover after parsing attributes in process `syz.0.574'.
[  165.785681][ T8338] fuse: Unknown parameter 'groupe�	��*�'
[  166.016037][ T5951] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  166.996022][ T8357] netlink: 'syz.2.579': attribute type 28 has an invalid length.
[  167.009287][ T8359] netlink: 20 bytes leftover after parsing attributes in process `syz.3.580'.
[  167.105887][ T8364] netlink: 48 bytes leftover after parsing attributes in process `syz.2.581'.
[  167.691407][ T8374] netlink: 60 bytes leftover after parsing attributes in process `syz.1.584'.
[  167.694130][ T8374] fuse: Unknown parameter 'groupe�	��*�'
[  168.012457][ T5951] Bluetooth: hci0: unexpected event for opcode 0x0c46
[  168.668223][ T8396] netlink: 20 bytes leftover after parsing attributes in process `syz.2.590'.
[  170.187407][ T8413] netlink: 60 bytes leftover after parsing attributes in process `syz.0.594'.
[  170.190246][ T8413] fuse: Unknown parameter 'groupe�	��*�'
[  170.315314][ T8399] netlink: 20 bytes leftover after parsing attributes in process `syz.2.592'.
[  170.322525][ T8399] netlink: 20 bytes leftover after parsing attributes in process `syz.2.592'.
[  170.449053][ T8423] netlink: 48 bytes leftover after parsing attributes in process `syz.1.597'.
[  171.462045][ T8442] netlink: 48 bytes leftover after parsing attributes in process `syz.3.601'.
[  171.485088][ T8445] netlink: 60 bytes leftover after parsing attributes in process `syz.1.604'.
[  171.487907][ T8445] fuse: Unknown parameter 'groupe�	��*�'
[  171.667115][ T8454] kernel profiling enabled (shift: 63)
[  171.668735][ T8454] profiling shift: 63 too large
[  172.251109][ T5951] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  172.862359][ T8477] netlink: 60 bytes leftover after parsing attributes in process `syz.2.614'.
[  172.866392][ T8477] fuse: Unknown parameter 'groupe�	��*�'
[  173.203061][ T8496] netlink: 20 bytes leftover after parsing attributes in process `syz.2.617'.
[  173.208902][ T8496] netlink: 20 bytes leftover after parsing attributes in process `syz.2.617'.
[  173.237225][ T8494] syzkaller1: entered promiscuous mode
[  173.239299][ T8494] syzkaller1: entered allmulticast mode
[  173.350063][ T5951] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  174.444240][ T8524] netlink: 60 bytes leftover after parsing attributes in process `syz.3.628'.
[  174.447073][ T8524] fuse: Unknown parameter 'groupe�	��*�'
[  174.862198][ T8538] syz.2.634: attempt to access beyond end of device
[  174.862198][ T8538] md2: rw=2048, sector=0, nr_sectors = 8 limit=0
[  174.997451][ T8545] netlink: 8 bytes leftover after parsing attributes in process `syz.2.636'.
[  175.000001][ T8545] netlink: 4 bytes leftover after parsing attributes in process `syz.2.636'.
[  175.005021][ T8545] netlink: 36 bytes leftover after parsing attributes in process `syz.2.636'.
[  175.184450][ T8554] netlink: 20 bytes leftover after parsing attributes in process `syz.1.632'.
[  175.204664][ T8554] netlink: 20 bytes leftover after parsing attributes in process `syz.1.632'.
[  175.777032][ T8559] netlink: 20 bytes leftover after parsing attributes in process `syz.3.640'.
[  175.907671][ T8567] fuse: Unknown parameter 'groupe�	��*�'
[  176.771220][ T5951] Bluetooth: hci1: command 0x0406 tx timeout
[  177.539757][ T8608] fuse: Unknown parameter 'groupe�	��*�'
[  178.150364][ T8624] __nla_validate_parse: 4 callbacks suppressed
[  178.150805][ T8624] netlink: 20 bytes leftover after parsing attributes in process `syz.0.660'.
[  178.418572][ T8625] netlink: 20 bytes leftover after parsing attributes in process `syz.0.660'.
[  178.773678][ T8640] tipc: Can't bind to reserved service type 0
[  179.260848][ T8651] netlink: 60 bytes leftover after parsing attributes in process `syz.2.669'.
[  179.263950][ T8651] fuse: Unknown parameter 'groupe�	��*�'
[  179.297387][ T8654] sg_write: data in/out 489/14 bytes for SCSI command 0x0-- guessing data in;
[  179.297387][ T8654]    program syz.1.668 not setting count and/or reply_len properly
[  180.241082][ T8678] netlink: 60 bytes leftover after parsing attributes in process `syz.3.679'.
[  180.244585][ T8678] fuse: Unknown parameter 'groupe�	��*�'
[  180.472399][ T8682] FAULT_INJECTION: forcing a failure.
[  180.472399][ T8682] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  180.479669][ T8682] CPU: 2 UID: 0 PID: 8682 Comm: syz.2.681 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  180.479690][ T8682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  180.479700][ T8682] Call Trace:
[  180.479705][ T8682]  <TASK>
[  180.479710][ T8682]  dump_stack_lvl+0x16c/0x1f0
[  180.479737][ T8682]  should_fail_ex+0x50a/0x650
[  180.479751][ T8682]  ? __pfx___might_resched+0x10/0x10
[  180.479777][ T8682]  should_fail_alloc_page+0xe7/0x130
[  180.479794][ T8682]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  180.479819][ T8682]  __alloc_frozen_pages_noprof+0x18e/0x2470
[  180.479843][ T8682]  ? hlock_class+0x4e/0x130
[  180.479859][ T8682]  ? __lock_acquire+0x15a9/0x3c40
[  180.479888][ T8682]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  180.479911][ T8682]  ? __pfx___lock_acquire+0x10/0x10
[  180.479933][ T8682]  ? filemap_get_entry+0x1a8/0x3c0
[  180.479957][ T8682]  ? lock_acquire.part.0+0x11b/0x380
[  180.479978][ T8682]  ? find_held_lock+0x2d/0x110
[  180.479996][ T8682]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  180.480020][ T8682]  ? policy_nodemask+0xea/0x4e0
[  180.480037][ T8682]  alloc_pages_mpol+0x1fc/0x540
[  180.480053][ T8682]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  180.480067][ T8682]  ? _raw_spin_unlock+0x28/0x50
[  180.480085][ T8682]  ? swap_swapcount+0x116/0x180
[  180.480107][ T8682]  ? __pfx_swap_swapcount+0x10/0x10
[  180.480131][ T8682]  folio_alloc_mpol_noprof+0x36/0x2f0
[  180.480148][ T8682]  __read_swap_cache_async+0x50a/0x660
[  180.480171][ T8682]  ? __pfx___read_swap_cache_async+0x10/0x10
[  180.480190][ T8682]  ? swp_swap_info+0xcf/0x130
[  180.480204][ T8682]  ? __pfx_swp_swap_info+0x10/0x10
[  180.480223][ T8682]  swap_cluster_readahead+0x3ec/0x740
[  180.480247][ T8682]  ? __pfx_swap_cluster_readahead+0x10/0x10
[  180.480268][ T8682]  ? filemap_get_entry+0x1a8/0x3c0
[  180.480296][ T8682]  ? get_vma_policy+0x248/0x3c0
[  180.480313][ T8682]  swapin_readahead+0x12c/0xd60
[  180.480335][ T8682]  ? __pfx_lock_release+0x10/0x10
[  180.480355][ T8682]  ? __pfx_swapin_readahead+0x10/0x10
[  180.480373][ T8682]  ? __filemap_get_folio+0x333/0xc10
[  180.480396][ T8682]  ? swap_cache_get_folio+0x1e0/0x460
[  180.480416][ T8682]  ? __pfx_swap_cache_get_folio+0x10/0x10
[  180.480433][ T8682]  ? __pfx_get_swap_device+0x10/0x10
[  180.480455][ T8682]  ? __pfx___lock_acquire+0x10/0x10
[  180.480478][ T8682]  do_swap_page+0x680/0x5a60
[  180.480501][ T8682]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  180.480521][ T8682]  ? rcu_is_watching+0x12/0xc0
[  180.480537][ T8682]  ? trace_lock_acquire+0x14e/0x1f0
[  180.480553][ T8682]  ? __pfx_do_swap_page+0x10/0x10
[  180.480571][ T8682]  ? lock_acquire+0x2f/0xb0
[  180.480589][ T8682]  ? ___pte_offset_map+0x42/0x540
[  180.480606][ T8682]  ? __pfx_default_wake_function+0x10/0x10
[  180.480627][ T8682]  ? ___pte_offset_map+0x1b9/0x540
[  180.480653][ T8682]  __handle_mm_fault+0x1055/0x2a40
[  180.480703][ T8682]  ? __pfx___handle_mm_fault+0x10/0x10
[  180.480722][ T8682]  ? follow_page_pte+0x3ac/0x1490
[  180.480742][ T8682]  ? __pfx_lock_release+0x10/0x10
[  180.480777][ T8682]  handle_mm_fault+0x3fa/0xaa0
[  180.480802][ T8682]  __get_user_pages+0x773/0x36f0
[  180.480827][ T8682]  ? __pfx_mt_find+0x10/0x10
[  180.480848][ T8682]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  180.480868][ T8682]  ? __pfx___get_user_pages+0x10/0x10
[  180.480889][ T8682]  ? __mm_populate+0x21d/0x380
[  180.480917][ T8682]  populate_vma_page_range+0x27f/0x3a0
[  180.480938][ T8682]  ? __pfx_populate_vma_page_range+0x10/0x10
[  180.480975][ T8682]  ? __pfx_find_vma_intersection+0x10/0x10
[  180.480995][ T8682]  ? do_mlock+0x37e/0x810
[  180.481013][ T8682]  __mm_populate+0x1d6/0x380
[  180.481035][ T8682]  ? __pfx___mm_populate+0x10/0x10
[  180.481057][ T8682]  ? up_write+0x1b2/0x520
[  180.481083][ T8682]  do_mlock+0x448/0x810
[  180.481097][ T8682]  ? __fget_files+0x206/0x3a0
[  180.481118][ T8682]  ? __pfx_do_mlock+0x10/0x10
[  180.481140][ T8682]  ? fput+0x67/0x440
[  180.481155][ T8682]  ? ksys_write+0x1ba/0x250
[  180.481174][ T8682]  ? __pfx_ksys_write+0x10/0x10
[  180.481197][ T8682]  __ia32_sys_mlock+0x57/0x80
[  180.481210][ T8682]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  180.481231][ T8682]  __do_fast_syscall_32+0x73/0x120
[  180.481253][ T8682]  do_fast_syscall_32+0x32/0x80
[  180.481273][ T8682]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  180.481295][ T8682] RIP: 0023:0xf749e579
[  180.481307][ T8682] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  180.481322][ T8682] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000096
[  180.481336][ T8682] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000800000
[  180.481346][ T8682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  180.481354][ T8682] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  180.481362][ T8682] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  180.481370][ T8682] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  180.481389][ T8682]  </TASK>
[  180.928819][ T8691] netlink: 48 bytes leftover after parsing attributes in process `syz.2.684'.
[  181.232126][ T8699] ieee802154 phy0 wpan0: encryption failed: -90
[  183.113774][ T8723] netlink: 12 bytes leftover after parsing attributes in process `syz.0.690'.
[  183.124815][ T8725] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.127558][ T8725] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.492062][ T8734] netlink: 48 bytes leftover after parsing attributes in process `syz.3.695'.
[  184.525370][ T8746] kernel profiling enabled (shift: 63)
[  184.527569][ T8746] profiling shift: 63 too large
[  185.352295][ T8764] netlink: 48 bytes leftover after parsing attributes in process `syz.2.702'.
[  186.012509][ T5958] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  186.422748][ T8786] kernel profiling enabled (shift: 63)
[  186.424273][ T8786] profiling shift: 63 too large
[  187.414265][ T8800] netlink: 48 bytes leftover after parsing attributes in process `syz.1.711'.
[  188.973535][ T5958] Bluetooth: hci0: unexpected event for opcode 0x0c46
[  189.428135][ T8826] kernel profiling enabled (shift: 63)
[  189.429678][ T8826] profiling shift: 63 too large
[  190.421448][ T8839] netlink: 60 bytes leftover after parsing attributes in process `syz.3.722'.
[  190.435464][ T8839] fuse: Unknown parameter 'groupe�	��*�'
[  190.472129][ T8845] netlink: 60 bytes leftover after parsing attributes in process `syz.3.725'.
[  190.475637][ T8845] netlink: 60 bytes leftover after parsing attributes in process `syz.3.725'.
[  190.595575][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  190.598224][ T8851] netlink: 48 bytes leftover after parsing attributes in process `syz.2.724'.
[  191.944928][ T8880] kernel profiling enabled (shift: 63)
[  191.946709][ T8880] profiling shift: 63 too large
[  192.426711][ T8884] netlink: 60 bytes leftover after parsing attributes in process `syz.0.734'.
[  192.430284][ T8884] fuse: Unknown parameter 'groupe�	��*�'
[  192.501155][ T8886] netlink: 60 bytes leftover after parsing attributes in process `syz.0.735'.
[  192.503961][ T8886] netlink: 60 bytes leftover after parsing attributes in process `syz.0.735'.
[  192.533357][ T5958] Bluetooth: hci1: unexpected event for opcode 0x0c46
[  193.396422][ T8903] netlink: 48 bytes leftover after parsing attributes in process `syz.0.740'.
[  193.733226][ T1414] ieee802154 phy0 wpan0: encryption failed: -22
[  193.735787][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[  194.322925][ T8913] kernel profiling enabled (shift: 63)
[  194.324612][ T8913] profiling shift: 63 too large
[  194.505645][ T8917] netlink: 60 bytes leftover after parsing attributes in process `syz.0.744'.
[  194.511676][ T8917] netlink: 60 bytes leftover after parsing attributes in process `syz.0.744'.
[  194.525679][ T8919] fuse: Unknown parameter 'groupe�	��*�'
[  194.616820][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  195.649299][ T8951] kernel profiling enabled (shift: 63)
[  195.651158][ T8951] profiling shift: 63 too large
[  195.836418][ T8953] __nla_validate_parse: 2 callbacks suppressed
[  195.836430][ T8953] netlink: 60 bytes leftover after parsing attributes in process `syz.2.755'.
[  195.841496][ T8953] netlink: 60 bytes leftover after parsing attributes in process `syz.2.755'.
[  195.867855][ T8955] netlink: 60 bytes leftover after parsing attributes in process `syz.2.756'.
[  195.870809][ T8955] fuse: Unknown parameter 'groupe�	��*�'
[  196.125600][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  197.277144][ T8986] netlink: 60 bytes leftover after parsing attributes in process `syz.1.765'.
[  197.279946][ T8986] netlink: 60 bytes leftover after parsing attributes in process `syz.1.765'.
[  197.308653][ T8981] kernel profiling enabled (shift: 63)
[  197.310264][ T8981] profiling shift: 63 too large
[  198.097123][ T8997] netlink: 60 bytes leftover after parsing attributes in process `syz.3.768'.
[  198.099863][ T8997] fuse: Unknown parameter 'groupe�	��*�'
[  198.157077][ T5958] Bluetooth: hci0: unexpected event for opcode 0x0c46
[  198.846688][ T9016] netlink: 4 bytes leftover after parsing attributes in process `syz.0.773'.
[  199.144974][ T9022] netlink: 60 bytes leftover after parsing attributes in process `syz.2.775'.
[  199.148126][ T9022] netlink: 60 bytes leftover after parsing attributes in process `syz.2.775'.
[  199.272521][ T9028] kernel profiling enabled (shift: 63)
[  199.274207][ T9028] profiling shift: 63 too large
[  199.440246][ T9034] netlink: 60 bytes leftover after parsing attributes in process `syz.2.778'.
[  199.443540][ T9034] fuse: Unknown parameter 'groupe�	��*�'
[  199.469623][ T5958] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  200.900659][ T9064] kernel profiling enabled (shift: 63)
[  200.902471][ T9064] profiling shift: 63 too large
[  200.977775][ T9066] netlink: 40 bytes leftover after parsing attributes in process `syz.2.787'.
[  200.994849][ T9066] netlink: 40 bytes leftover after parsing attributes in process `syz.2.787'.
[  201.075297][ T5958] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  201.093864][ T9072] netlink: 60 bytes leftover after parsing attributes in process `syz.3.789'.
[  201.097581][ T9072] fuse: Unknown parameter 'groupe�	��*�'
[  203.070870][ T9103] netlink: 40 bytes leftover after parsing attributes in process `syz.3.796'.
[  203.101618][ T9103] netlink: 40 bytes leftover after parsing attributes in process `syz.3.796'.
[  203.149005][ T9105] netlink: 48 bytes leftover after parsing attributes in process `syz.1.797'.
[  203.258109][ T5958] Bluetooth: hci1: unexpected event for opcode 0x0c46
[  203.473638][ T9110] kernel profiling enabled (shift: 63)
[  203.477267][ T9110] profiling shift: 63 too large
[  203.615699][ T9113] netlink: 60 bytes leftover after parsing attributes in process `syz.0.800'.
[  203.618725][ T9113] fuse: Unknown parameter 'groupe�	��*�'
[  203.658739][ T9116] tmpfs: Bad value for 'nr_blocks'
[  203.977414][ T9133] netlink: 40 bytes leftover after parsing attributes in process `syz.3.806'.
[  203.997905][ T9133] netlink: 40 bytes leftover after parsing attributes in process `syz.3.806'.
[  204.103897][ T5958] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  204.497753][ T9144] netlink: 48 bytes leftover after parsing attributes in process `syz.2.810'.
[  204.525897][ T9146] fuse: Unknown parameter 'groupe�	��*�'
[  204.619946][ T9152] kernel profiling enabled (shift: 63)
[  204.621739][ T9152] profiling shift: 63 too large
[  204.915637][ T5958] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  205.185057][ T9180] openvswitch: netlink: Duplicate key (type 32).
[  206.083320][ T9200] kernel profiling enabled (shift: 63)
[  206.084901][ T9200] profiling shift: 63 too large
[  206.267314][ T5958] Bluetooth: hci0: unexpected event for opcode 0x0c46
[  206.311252][ T9207] __nla_validate_parse: 7 callbacks suppressed
[  206.311264][ T9207] netlink: 48 bytes leftover after parsing attributes in process `syz.2.831'.
[  206.660920][ T9224] netlink: 40 bytes leftover after parsing attributes in process `syz.3.836'.
[  206.670243][ T9224] netlink: 40 bytes leftover after parsing attributes in process `syz.3.836'.
[  206.992694][ T1486] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  207.121057][ T1486] usb 7-1: device descriptor read/64, error -71
[  207.338692][ T9242] netlink: 48 bytes leftover after parsing attributes in process `syz.0.841'.
[  207.361714][ T1486] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  207.501084][ T1486] usb 7-1: device descriptor read/64, error -71
[  207.544376][ T5958] Bluetooth: hci1: unexpected event for opcode 0x0c46
[  207.577275][ T9251] netlink: 40 bytes leftover after parsing attributes in process `syz.0.845'.
[  207.580657][ T9251] netlink: 40 bytes leftover after parsing attributes in process `syz.0.845'.
[  207.611317][ T1486] usb usb7-port1: attempt power cycle
[  207.971144][ T1486] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  207.991507][ T1486] usb 7-1: device descriptor read/8, error -71
[  208.242131][ T1486] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  208.270921][ T1486] usb 7-1: device descriptor read/8, error -71
[  208.274767][ T9271] netlink: 48 bytes leftover after parsing attributes in process `syz.0.852'.
[  208.279471][ T5958] Bluetooth: hci0: unexpected event for opcode 0x0c46
[  208.381214][ T1486] usb usb7-port1: unable to enumerate USB device
[  208.622408][ T9285] netlink: 40 bytes leftover after parsing attributes in process `syz.1.857'.
[  208.625678][ T9285] netlink: 40 bytes leftover after parsing attributes in process `syz.1.857'.
[  208.713893][ T9288] kernel profiling enabled (shift: 63)
[  208.715455][ T9288] profiling shift: 63 too large
[  210.544858][ T9310] netlink: 48 bytes leftover after parsing attributes in process `syz.0.863'.
[  210.567389][ T5958] Bluetooth: hci0: unexpected event for opcode 0x0c46
[  210.609463][ T9316] overlayfs: unescaped trailing colons in lowerdir mount option.
[  210.704856][ T9324] kernel profiling enabled (shift: 63)
[  210.714472][ T9324] profiling shift: 63 too large
[  210.962272][ T5958] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  211.548466][ T9352] loop6: detected capacity change from 0 to 524287999
[  211.609959][ T9352] FAULT_INJECTION: forcing a failure.
[  211.609959][ T9352] name failslab, interval 1, probability 0, space 0, times 0
[  211.615567][ T9352] CPU: 3 UID: 0 PID: 9352 Comm: syz.2.878 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  211.615581][ T9352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  211.615587][ T9352] Call Trace:
[  211.615590][ T9352]  <TASK>
[  211.615595][ T9352]  dump_stack_lvl+0x16c/0x1f0
[  211.615614][ T9352]  should_fail_ex+0x50a/0x650
[  211.615624][ T9352]  ? fs_reclaim_acquire+0xae/0x150
[  211.615638][ T9352]  should_failslab+0xc2/0x120
[  211.615648][ T9352]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  211.615663][ T9352]  ? dup_fd+0x6af/0xb90
[  211.615676][ T9352]  ? copy_fs_struct+0x49/0x340
[  211.615689][ T9352]  copy_fs_struct+0x49/0x340
[  211.615700][ T9352]  copy_process+0x3546/0x8c50
[  211.615711][ T9352]  ? insert_pfn+0x290/0x840
[  211.615725][ T9352]  ? __pfx___lock_acquire+0x10/0x10
[  211.615745][ T9352]  ? __pfx_copy_process+0x10/0x10
[  211.615754][ T9352]  ? __might_fault+0x13b/0x190
[  211.615764][ T9352]  ? __pfx_lock_release+0x10/0x10
[  211.615777][ T9352]  ? trace_lock_acquire+0x14e/0x1f0
[  211.615801][ T9352]  ? lock_acquire+0x2f/0xb0
[  211.615815][ T9352]  ? __might_fault+0xe3/0x190
[  211.615824][ T9352]  ? __might_fault+0xe3/0x190
[  211.615835][ T9352]  ? _copy_from_user+0x59/0xd0
[  211.615848][ T9352]  kernel_clone+0xfd/0x960
[  211.615857][ T9352]  ? __lock_acquire+0xcc5/0x3c40
[  211.615872][ T9352]  ? __pfx_kernel_clone+0x10/0x10
[  211.615885][ T9352]  ? __pfx___lock_acquire+0x10/0x10
[  211.615901][ T9352]  __do_sys_clone3+0x214/0x290
[  211.615910][ T9352]  ? __pfx___do_sys_clone3+0x10/0x10
[  211.615919][ T9352]  ? find_held_lock+0x2d/0x110
[  211.615936][ T9352]  ? __up_read+0x1fb/0x760
[  211.615958][ T9352]  __do_fast_syscall_32+0x73/0x120
[  211.615974][ T9352]  do_fast_syscall_32+0x32/0x80
[  211.615988][ T9352]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  211.616004][ T9352] RIP: 0023:0xf749e579
[  211.616013][ T9352] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  211.616022][ T9352] RSP: 002b:00000000f512642c EFLAGS: 00000286 ORIG_RAX: 00000000000001b3
[  211.616033][ T9352] RAX: ffffffffffffffda RBX: 00000000f5126460 RCX: 0000000000000058
[  211.616039][ T9352] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  211.616044][ T9352] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  211.616049][ T9352] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  211.616055][ T9352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  211.616066][ T9352]  </TASK>
[  212.170921][ T5958] Bluetooth: hci0: unexpected event for opcode 0x0c46
[  212.461112][ T9374] __nla_validate_parse: 3 callbacks suppressed
[  212.461128][ T9374] netlink: 60 bytes leftover after parsing attributes in process `syz.3.883'.
[  212.466493][ T9374] netlink: 60 bytes leftover after parsing attributes in process `syz.3.883'.
[  212.492951][ T9376] netlink: 48 bytes leftover after parsing attributes in process `syz.3.884'.
[  212.554927][ T9381] netlink: 20 bytes leftover after parsing attributes in process `syz.3.886'.
[  213.156006][ T5958] Bluetooth: hci1: unexpected event for opcode 0x0c46
[  213.192718][ T9402] netlink: 60 bytes leftover after parsing attributes in process `syz.0.893'.
[  213.195602][ T9402] netlink: 60 bytes leftover after parsing attributes in process `syz.0.893'.
[  213.220193][ T9404] netlink: 48 bytes leftover after parsing attributes in process `syz.0.894'.
[  213.334687][ T9412] overlayfs: failed to clone upperpath
[  213.342727][ T9412] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false
[  213.378335][ T9416] netlink: 48 bytes leftover after parsing attributes in process `syz.0.899'.
[  213.589316][ T5958] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  213.989906][ T9432] netlink: 60 bytes leftover after parsing attributes in process `syz.0.903'.
[  213.994898][ T9432] netlink: 60 bytes leftover after parsing attributes in process `syz.0.903'.
[  214.322974][ T9430] kernel profiling enabled (shift: 7)
[  214.460187][ T5958] Bluetooth: hci1: Malformed Event: 0x02
[  214.659134][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  215.837593][ T5958] Bluetooth: hci1: unexpected event for opcode 0x0c46
[  216.759404][ T5958] Bluetooth: hci1: unexpected event for opcode 0x0c46
[  216.802390][ T9529] xt_NFQUEUE: number of total queues is 0
[  217.486965][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  217.505077][ T9551] __nla_validate_parse: 3 callbacks suppressed
[  217.505121][ T9551] netlink: 48 bytes leftover after parsing attributes in process `syz.0.940'.
[  218.181978][ T9587] netlink: 48 bytes leftover after parsing attributes in process `syz.2.953'.
[  219.097163][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  219.397304][ T9621] netlink: 48 bytes leftover after parsing attributes in process `syz.1.962'.
[  220.048464][ T9642] netlink: 'syz.0.968': attribute type 28 has an invalid length.
[  220.061597][ T9639] netlink: 48 bytes leftover after parsing attributes in process `syz.2.975'.
[  220.323544][ T5958] Bluetooth: hci0: unexpected event for opcode 0x0c46
[  221.465797][ T9680] netlink: 276 bytes leftover after parsing attributes in process `syz.2.977'.
[  221.559281][ T5958] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  222.200847][ T9692] netlink: 48 bytes leftover after parsing attributes in process `syz.1.982'.
[  222.336266][ T9700] netlink: 48 bytes leftover after parsing attributes in process `syz.2.985'.
[  223.077162][ T5958] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  223.999515][ T9726] netlink: 276 bytes leftover after parsing attributes in process `syz.1.991'.
[  224.481022][ T9741] netlink: 48 bytes leftover after parsing attributes in process `syz.1.996'.
[  224.926334][ T5958] Bluetooth: hci1: unexpected event for opcode 0x0c46
[  225.027329][ T9759] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1001'.
[  225.640036][ T9772] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1005'.
[  225.765977][ T5958] Bluetooth: hci0: unexpected event for opcode 0x0c46
[  225.973912][ T9790] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1010'.
[  226.444636][ T9799] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1013'.
[  227.206895][ T5958] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  227.263764][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  228.003327][ T9836] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1023'.
[  228.514661][ T9843] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1022'.
[  228.645570][ T9847] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1027'.
[  228.651444][ T9847] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1027'.
[  229.540556][ T5958] Bluetooth: hci1: ACL packet for unknown connection handle 497
[  229.590356][ T9868] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1031'.
[  229.801094][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  230.267068][ T9880] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1035'.
[  230.660393][ T9890] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1038'.
[  230.663484][ T9890] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1038'.
[  231.916042][ T5958] Bluetooth: hci0: unexpected event for opcode 0x0c46
[  232.014327][ T9916] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1048'.
[  232.016064][ T9918] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1048'.
[  232.018663][ T9916] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1048'.
[  232.193077][ T9924] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1051'.
[  232.695111][ T9941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  233.261051][ T9955] FAULT_INJECTION: forcing a failure.
[  233.261051][ T9955] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  233.265014][ T9955] CPU: 3 UID: 0 PID: 9955 Comm: syz.1.1060 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  233.265028][ T9955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  233.265034][ T9955] Call Trace:
[  233.265038][ T9955]  <TASK>
[  233.265042][ T9955]  dump_stack_lvl+0x16c/0x1f0
[  233.265060][ T9955]  should_fail_ex+0x50a/0x650
[  233.265073][ T9955]  _copy_to_user+0x32/0xd0
[  233.265085][ T9955]  simple_read_from_buffer+0xd0/0x160
[  233.265100][ T9955]  proc_fail_nth_read+0x198/0x270
[  233.265113][ T9955]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  233.265125][ T9955]  ? rw_verify_area+0xcf/0x680
[  233.265138][ T9955]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  233.265150][ T9955]  vfs_read+0x1df/0xbf0
[  233.265163][ T9955]  ? __fget_files+0x1fc/0x3a0
[  233.265177][ T9955]  ? __pfx___mutex_lock+0x10/0x10
[  233.265192][ T9955]  ? __pfx_vfs_read+0x10/0x10
[  233.265213][ T9955]  ? __fget_files+0x206/0x3a0
[  233.265230][ T9955]  ksys_read+0x12b/0x250
[  233.265243][ T9955]  ? __pfx_ksys_read+0x10/0x10
[  233.265260][ T9955]  __do_fast_syscall_32+0x73/0x120
[  233.265276][ T9955]  do_fast_syscall_32+0x32/0x80
[  233.265290][ T9955]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  233.265307][ T9955] RIP: 0023:0xf73ae579
[  233.265315][ T9955] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  233.265324][ T9955] RSP: 002b:00000000f5036590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  233.265334][ T9955] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5036620
[  233.265340][ T9955] RDX: 000000000000000f RSI: 00000000f739cff4 RDI: 0000000000000000
[  233.265345][ T9955] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  233.265351][ T9955] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  233.265356][ T9955] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  233.265368][ T9955]  </TASK>
[  233.412938][ T9961] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1062'.
[  233.558312][ T9970] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1065'.
[  233.561771][ T9970] fuse: Unknown parameter 'groupe�	��*�'
[  234.679681][T10010] loop6: detected capacity change from 0 to 524287999
[  234.832202][T10017] __nla_validate_parse: 1 callbacks suppressed
[  234.832213][T10017] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1087'.
[  234.836906][T10017] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1087'.
[  234.849667][T10018] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1079'.
[  235.606102][T10028] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1089'.
[  235.609525][T10028] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1089'.
[  235.699313][T10033] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1082'.
[  235.724864][T10035] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1083'.
[  236.711631][T10057] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1098'.
[  237.269949][T10071] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1092'.
[  237.984378][ T5958] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  238.411430][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  238.436431][T10096] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1099'.
[  240.135244][T10145] __nla_validate_parse: 2 callbacks suppressed
[  240.135261][T10145] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1113'.
[  240.165349][ T5958] Bluetooth: hci1: unexpected event for opcode 0x0c46
[  241.438162][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  241.716821][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  241.733591][T10184] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1123'.
[  242.086715][T10196] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1127'.
[  242.652017][T10209] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1130'.
[  242.855741][T10217] FAULT_INJECTION: forcing a failure.
[  242.855741][T10217] name failslab, interval 1, probability 0, space 0, times 0
[  242.859416][T10217] CPU: 3 UID: 0 PID: 10217 Comm: syz.3.1133 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  242.859430][T10217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  242.859436][T10217] Call Trace:
[  242.859440][T10217]  <TASK>
[  242.859444][T10217]  dump_stack_lvl+0x16c/0x1f0
[  242.859463][T10217]  should_fail_ex+0x50a/0x650
[  242.859475][T10217]  ? flow_action_cookie_create+0x21/0x80
[  242.859489][T10217]  should_failslab+0xc2/0x120
[  242.859499][T10217]  __kmalloc_noprof+0xcb/0x510
[  242.859513][T10217]  ? trace_lock_acquire+0x14e/0x1f0
[  242.859525][T10217]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  242.859537][T10217]  flow_action_cookie_create+0x21/0x80
[  242.859551][T10217]  tc_setup_action+0x1ea/0x9d0
[  242.859566][T10217]  ? offload_action_init+0x19c/0x220
[  242.859581][T10217]  ? __pfx_lock_release+0x10/0x10
[  242.859596][T10217]  ? tc_setup_action+0xa2/0x9d0
[  242.859610][T10217]  ? mark_held_locks+0x9f/0xe0
[  242.859623][T10217]  ? __pfx_tc_setup_action+0x10/0x10
[  242.859639][T10217]  ? lockdep_hardirqs_on+0x7c/0x110
[  242.859653][T10217]  ? offload_action_init+0x19c/0x220
[  242.859668][T10217]  ? __local_bh_enable_ip+0xa4/0x120
[  242.859685][T10217]  tcf_action_offload_add_ex+0x20a/0x670
[  242.859697][T10217]  ? __pfx_tcf_action_offload_add_ex+0x10/0x10
[  242.859708][T10217]  ? __pfx___lock_acquire+0x10/0x10
[  242.859736][T10217]  tcf_action_init+0x663/0x9c0
[  242.859751][T10217]  ? __pfx_tcf_action_init+0x10/0x10
[  242.859761][T10217]  ? lock_acquire.part.0+0x11b/0x380
[  242.859784][T10217]  ? is_bpf_text_address+0x94/0x1a0
[  242.859798][T10217]  ? kernel_text_address+0x8d/0x100
[  242.859812][T10217]  ? __kernel_text_address+0xd/0x40
[  242.859841][T10217]  ? kasan_save_stack+0x42/0x60
[  242.859854][T10217]  ? kasan_save_stack+0x33/0x60
[  242.859867][T10217]  ? kasan_save_track+0x14/0x30
[  242.859882][T10217]  tcf_action_add+0xfd/0x5d0
[  242.859896][T10217]  ? __pfx_tcf_action_add+0x10/0x10
[  242.859925][T10217]  ? __nla_parse+0x40/0x60
[  242.859938][T10217]  tc_ctl_action+0x35d/0x470
[  242.859950][T10217]  ? __pfx_tc_ctl_action+0x10/0x10
[  242.859965][T10217]  ? __pfx_tc_ctl_action+0x10/0x10
[  242.859977][T10217]  rtnetlink_rcv_msg+0x3c7/0xea0
[  242.859994][T10217]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  242.860015][T10217]  netlink_rcv_skb+0x16b/0x440
[  242.860030][T10217]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  242.860046][T10217]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  242.860068][T10217]  ? netlink_deliver_tap+0x1ae/0xd30
[  242.860103][T10217]  netlink_unicast+0x53c/0x7f0
[  242.860127][T10217]  ? __pfx_netlink_unicast+0x10/0x10
[  242.860146][T10217]  ? __phys_addr_symbol+0x30/0x80
[  242.860157][T10217]  ? __check_object_size+0x488/0x710
[  242.860168][T10217]  netlink_sendmsg+0x8b8/0xd70
[  242.860185][T10217]  ? __pfx_netlink_sendmsg+0x10/0x10
[  242.860204][T10217]  ____sys_sendmsg+0xaaf/0xc90
[  242.860218][T10217]  ? __pfx_____sys_sendmsg+0x10/0x10
[  242.860229][T10217]  ? get_compat_msghdr+0x11b/0x170
[  242.860248][T10217]  ___sys_sendmsg+0x135/0x1e0
[  242.860264][T10217]  ? __pfx____sys_sendmsg+0x10/0x10
[  242.860285][T10217]  ? __pfx_lock_release+0x10/0x10
[  242.860298][T10217]  ? trace_lock_acquire+0x14e/0x1f0
[  242.860313][T10217]  ? __fget_files+0x206/0x3a0
[  242.860331][T10217]  __sys_sendmsg+0x16e/0x220
[  242.860340][T10217]  ? __pfx___sys_sendmsg+0x10/0x10
[  242.860358][T10217]  __do_fast_syscall_32+0x73/0x120
[  242.860373][T10217]  do_fast_syscall_32+0x32/0x80
[  242.860388][T10217]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  242.860405][T10217] RIP: 0023:0xf7fdf579
[  242.860413][T10217] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  242.860422][T10217] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  242.860432][T10217] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300
[  242.860438][T10217] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  242.860444][T10217] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  242.860449][T10217] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  242.860454][T10217] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  242.860466][T10217]  </TASK>
[  243.688063][T10235] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1138'.
[  244.036315][ T5958] Bluetooth: hci1: unexpected event for opcode 0x0c46
[  244.250116][ T5958] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  245.459416][ T5958] Bluetooth: hci1: unexpected event for opcode 0x0c46
[  245.534882][T10279] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1147'.
[  246.502268][T10286] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1159'.
[  248.427616][T10324] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1162'.
[  249.871121][T10348] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1166'.
[  250.089865][T10346] input: syz1 as /devices/virtual/input/input11
[  250.751427][T10370] netlink: 'syz.0.1173': attribute type 14 has an invalid length.
[  251.198650][T10377] netlink: 19 bytes leftover after parsing attributes in process `syz.2.1177'.
[  251.252066][T10383] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1175'.
[  252.098129][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  252.307865][T10408] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1180'.
[  252.347105][ T5958] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  252.794499][   T36] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  252.828382][T10426] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  252.952226][   T36] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  252.955181][   T36] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  252.958318][   T36] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  252.961723][   T36] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  252.965040][   T36] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  252.970818][   T36] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  252.974208][   T36] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  252.976707][   T36] usb 6-1: Product: syz
[  252.978103][   T36] usb 6-1: Manufacturer: syz
[  252.985947][   T36] cdc_wdm 6-1:1.0: skipping garbage
[  252.987655][   T36] cdc_wdm 6-1:1.0: skipping garbage
[  252.992157][   T36] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  252.994157][   T36] cdc_wdm 6-1:1.0: Unknown control protocol
[  253.025231][ T5958] Bluetooth: hci1: unexpected event for opcode 0x0c46
[  253.197364][   T36] usb 6-1: USB disconnect, device number 4
[  253.758413][T10447] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1194'.
[  253.812679][T10445] /dev/sr0: Can't open blockdev
[  254.335908][ T5958] Bluetooth: hci3: unexpected event for opcode 0x0c46
[  254.439920][T10466] loop6: detected capacity change from 0 to 524287999
[  254.468128][T10467] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1200'.
[  254.802072][ T5958] Bluetooth: hci3: unexpected event 0x10 length: 8 > 1
[  254.803332][ T5958] Bluetooth: hci3: hardware error 0x72
[  254.871101][  T834] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  255.024032][  T834] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  255.027277][  T834] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  255.030005][  T834] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  255.033744][  T834] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  255.036722][  T834] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.041238][  T834] usb 8-1: config 0 descriptor??
[  255.162236][ T1414] ieee802154 phy0 wpan0: encryption failed: -22
[  255.164150][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[  255.452453][  T834] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  255.461112][  T834] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  255.463944][  T834] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  255.466804][  T834] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  255.469925][  T834] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  255.472614][  T834] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  255.474676][  T834] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  255.476879][  T834] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  255.478913][  T834] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  255.480927][  T834] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  255.483075][  T834] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  255.485255][  T834] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  255.487399][  T834] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  255.489431][  T834] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  255.493182][  T834] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  255.495438][  T834] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  255.500031][  T834] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  255.793485][T10499] program syz.2.1207 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  255.985209][   T31] usb 8-1: USB disconnect, device number 8
[  256.110066][ T5951] Bluetooth: hci1: unexpected event for opcode 0x203b
[  256.264071][T10521] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1213'.
[  256.695290][T10527] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1216'.
[  256.841664][ T5958] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  258.164804][T10568] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1228'.
[  258.401396][T10563] "syz.1.1221" (10563) uses obsolete ecb(arc4) skcipher
[  258.974489][T10595] loop6: detected capacity change from 0 to 524287999
[  260.123025][ T5958] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  260.127035][ T5958] Bluetooth: hci1: Injecting HCI hardware error event
[  260.131256][ T5958] Bluetooth: hci1: hardware error 0x00
[  260.712981][T10649] xt_TPROXY: Can be used only with -p tcp or -p udp
[  261.354492][ T5951] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  261.544349][T10656] Cannot find add_set index 0 as target
[  261.635034][T10668] loop6: detected capacity change from 0 to 524287999
[  262.201091][ T5958] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  262.649741][T10696] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1262'.
[  262.750015][T10701] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1264'.
[  262.885048][T10708] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1265'.
[  263.099111][T10715] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1267'.
[  264.426621][T10754] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1276'.
[  265.179292][T10760] (syz.0.1278,10760,1):dlmfs_mkdir:421 ERROR: invalid domain name for directory.
[  265.287188][T10771] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1281'.
[  265.391448][T10776] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1282'.
[  265.413747][T10781] xt_TPROXY: Can be used only with -p tcp or -p udp
[  266.237822][T10802] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1289'.
[  266.277482][T10804] can: request_module (can-proto-3) failed.
[  266.897151][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  267.355171][T10828] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1296'.
[  267.772252][T10839] bridge0: port 3(vlan2) entered blocking state
[  267.774164][T10839] bridge0: port 3(vlan2) entered disabled state
[  267.776361][T10839] vlan2: entered allmulticast mode
[  267.889542][T10839] vlan2: left allmulticast mode
[  268.171526][T10845] FAULT_INJECTION: forcing a failure.
[  268.171526][T10845] name failslab, interval 1, probability 0, space 0, times 0
[  268.175157][T10845] CPU: 2 UID: 0 PID: 10845 Comm: syz.1.1299 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  268.175173][T10845] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  268.175179][T10845] Call Trace:
[  268.175184][T10845]  <TASK>
[  268.175188][T10845]  dump_stack_lvl+0x16c/0x1f0
[  268.175208][T10845]  should_fail_ex+0x50a/0x650
[  268.175218][T10845]  ? fs_reclaim_acquire+0xae/0x150
[  268.175232][T10845]  should_failslab+0xc2/0x120
[  268.175242][T10845]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  268.175258][T10845]  ? security_file_alloc+0x34/0x2b0
[  268.175274][T10845]  security_file_alloc+0x34/0x2b0
[  268.175287][T10845]  init_file+0x93/0x4c0
[  268.175298][T10845]  alloc_empty_file+0x91/0x1e0
[  268.175309][T10845]  path_openat+0xe1/0x2d80
[  268.175322][T10845]  ? hlock_class+0x4e/0x130
[  268.175333][T10845]  ? __lock_acquire+0x15a9/0x3c40
[  268.175351][T10845]  ? __pfx_path_openat+0x10/0x10
[  268.175365][T10845]  ? __pfx___lock_acquire+0x10/0x10
[  268.175377][T10845]  ? lock_acquire.part.0+0x11b/0x380
[  268.175391][T10845]  ? find_held_lock+0x2d/0x110
[  268.175402][T10845]  do_filp_open+0x20c/0x470
[  268.175416][T10845]  ? __pfx_do_filp_open+0x10/0x10
[  268.175429][T10845]  ? find_held_lock+0x2d/0x110
[  268.175447][T10845]  ? alloc_fd+0x41f/0x760
[  268.175464][T10845]  do_sys_openat2+0x17a/0x1e0
[  268.175475][T10845]  ? __pfx_do_sys_openat2+0x10/0x10
[  268.175486][T10845]  ? __fget_files+0x206/0x3a0
[  268.175502][T10845]  __ia32_compat_sys_openat+0x16e/0x210
[  268.175514][T10845]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  268.175525][T10845]  ? ksys_write+0x1ba/0x250
[  268.175542][T10845]  __do_fast_syscall_32+0x73/0x120
[  268.175561][T10845]  do_fast_syscall_32+0x32/0x80
[  268.175576][T10845]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  268.175596][T10845] RIP: 0023:0xf73ae579
[  268.175605][T10845] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  268.175614][T10845] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  268.175624][T10845] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000000
[  268.175630][T10845] RDX: 0000000000000400 RSI: 0000000000000000 RDI: 0000000000000000
[  268.175635][T10845] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  268.175641][T10845] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  268.175646][T10845] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  268.175661][T10845]  </TASK>
[  268.285133][T10849] IPv6: NLM_F_CREATE should be specified when creating new route
[  268.758600][    C3] sr 2:0:0:0: [sr0] tag#19 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  268.761611][    C3] sr 2:0:0:0: [sr0] tag#19 CDB: ATA command pass through(16)
[  268.763697][    C3] sr 2:0:0:0: [sr0] tag#19 CDB[00]: 85 55 a3 43 96 8b c5 2e fb ff a7 27 74 45 b2 be
[  268.766279][    C3] sr 2:0:0:0: [sr0] tag#19 CDB[10]: 29
[  268.914203][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  270.106034][T10900] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1311'.
[  270.380013][T10910] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1314'.
[  270.617681][T10924] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1319'.
[  270.857569][T10927] loop6: detected capacity change from 0 to 524287999
[  272.114387][T10960] IPv6: NLM_F_CREATE should be specified when creating new route
[  272.248093][T10958] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1327'.
[  272.283155][T10958] batman_adv: batadv0: Removing interface: batadv_slave_0
[  272.311660][T10958] batman_adv: batadv0: Removing interface: batadv_slave_1
[  273.388368][   T40] kauditd_printk_skb: 46 callbacks suppressed
[  273.388385][   T40] audit: type=1800 audit(1742803523.617:58): pid=10978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1330" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  274.085062][T10984] Invalid source name
[  274.086126][T10984] UBIFS error (pid: 10984): cannot open "./file0", error -22
[  274.176703][T10986] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1333'.
[  274.860720][T11008] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1338'.
[  275.025372][T11016] loop6: detected capacity change from 0 to 524287999
[  275.615103][T11033] netlink: 'syz.1.1351': attribute type 12 has an invalid length.
[  276.957400][T11060] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1353'.
[  277.147072][T11067] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1354'.
[  277.787718][T11075] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1355'.
[  279.443164][T11105] loop6: detected capacity change from 0 to 524287999
[  280.259687][T11123] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1366'.
[  280.607456][T11130] Invalid source name
[  280.609163][T11130] UBIFS error (pid: 11130): cannot open "./file0", error -22
[  282.816039][T11181] netlink: 'syz.0.1382': attribute type 2 has an invalid length.
[  284.386738][T11217] netlink: 'syz.2.1389': attribute type 12 has an invalid length.
[  284.582688][ T5986] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  284.607600][T11222] syzkaller1: entered promiscuous mode
[  284.609220][T11222] syzkaller1: entered allmulticast mode
[  284.982346][T11246] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1395'.
[  285.011754][T11247] netfs: Couldn't get user pages (rc=-14)
[  294.933618][T11279] netlink: 'syz.0.1400': attribute type 10 has an invalid length.
[  294.940033][T11279] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  294.940589][T11283] loop6: detected capacity change from 0 to 524287999
[  294.963124][T11278] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  295.518471][T11285] SET target dimension over the limit!
[  296.083030][T11308] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1407'.
[  296.472253][T11320] netlink: 'syz.1.1412': attribute type 21 has an invalid length.
[  297.431737][T11338] netlink: 'syz.3.1417': attribute type 10 has an invalid length.
[  297.449560][T11338] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  297.477501][T11337] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  297.494365][T11342] loop6: detected capacity change from 0 to 524287999
[  299.220889][T11388] loop2: detected capacity change from 0 to 7
[  299.233343][T11388] Dev loop2: unable to read RDB block 7
[  299.235068][T11388]  loop2: AHDI p1 p2 p3
[  299.236260][T11388] loop2: partition table partially beyond EOD, truncated
[  299.252341][T11388] loop2: p1 start 1601398130 is beyond EOD, truncated
[  299.255018][T11388] loop2: p2 start 1702059890 is beyond EOD, truncated
[  300.681029][T11416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1440'.
[  300.748691][T11422] libceph: resolve '.
[  300.748691][T11422] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  300.748691][T11422] ' (ret=-3): failed
[  300.808705][T11426] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1443'.
[  301.751456][ T5986] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  301.917479][ T5986] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  301.922239][ T5986] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.926132][ T5986] usb 7-1: Product: syz
[  301.927793][ T5986] usb 7-1: Manufacturer: syz
[  301.929598][ T5986] usb 7-1: SerialNumber: syz
[  301.951489][ T5986] usb 7-1: config 0 descriptor??
[  302.048052][T11477] netlink: 'syz.0.1457': attribute type 21 has an invalid length.
[  302.272049][ T5986] usb 7-1: USB disconnect, device number 8
[  302.523013][   T40] audit: type=1326 audit(1742803552.747:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.0.1460" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000
[  302.529022][   T40] audit: type=1326 audit(1742803552.747:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.0.1460" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000
[  302.535440][   T40] audit: type=1326 audit(1742803552.747:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.0.1460" exe="/syz-executor" sig=0 arch=40000003 syscall=397 compat=1 ip=0xf745e579 code=0x7ffc0000
[  302.541473][   T40] audit: type=1326 audit(1742803552.747:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.0.1460" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000
[  302.547488][   T40] audit: type=1326 audit(1742803552.747:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.0.1460" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000
[  302.554332][   T40] audit: type=1326 audit(1742803552.747:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.0.1460" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf745e579 code=0x7ffc0000
[  302.561348][   T40] audit: type=1326 audit(1742803552.747:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.0.1460" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000
[  302.567256][   T40] audit: type=1326 audit(1742803552.747:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.0.1460" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000
[  302.574053][   T40] audit: type=1326 audit(1742803552.747:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.0.1460" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf745e579 code=0x7ffc0000
[  302.742710][   T40] audit: type=1326 audit(1742803552.977:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.0.1460" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x7ffc0000
[  303.128457][T11507] netlink: 'syz.0.1466': attribute type 21 has an invalid length.
[  303.797213][T11520] tmpfs: Bad value for 'mpol'
[  303.826392][ T5958] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  304.034145][T11528] random: crng reseeded on system resumption
[  304.039714][T11528] Unrecognized hibernate image header format!
[  304.042268][T11528] PM: hibernation: Image mismatch: architecture specific data
[  304.141719][T11535] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1475'.
[  304.498093][ T5951] Bluetooth: hci0: unexpected event for opcode 0x0c46
[  304.748437][ T5951] Bluetooth: hci0: unexpected event for opcode 0x200c
[  305.129128][T11578] input: syz1 as /devices/virtual/input/input12
[  305.450284][T11591] loop6: detected capacity change from 0 to 524287999
[  306.041068][ T5958] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  306.534135][T11626] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  306.577372][ T5986] libceph: connect (1)[c::]:6789 error -101
[  306.586645][ T5986] libceph: mon0 (1)[c::]:6789 connect error
[  306.623075][ T5986] libceph: connect (1)[b::]:6789 error -101
[  306.626217][ T5986] libceph: mon0 (1)[b::]:6789 connect error
[  306.767524][T11634] loop6: detected capacity change from 0 to 524287999
[  306.775860][T11636] capability: warning: `syz.2.1502' uses deprecated v2 capabilities in a way that may be insecure
[  306.865163][ T5986] libceph: connect (1)[c::]:6789 error -101
[  306.867577][ T5986] libceph: mon0 (1)[c::]:6789 connect error
[  306.881255][ T5986] libceph: connect (1)[b::]:6789 error -101
[  306.884761][ T5986] libceph: mon0 (1)[b::]:6789 connect error
[  307.372394][ T5986] libceph: connect (1)[c::]:6789 error -101
[  307.374116][ T5986] libceph: mon0 (1)[c::]:6789 connect error
[  307.391250][ T5986] libceph: connect (1)[b::]:6789 error -101
[  307.393300][ T5986] libceph: mon0 (1)[b::]:6789 connect error
[  307.867925][T11626] ceph: No mds server is up or the cluster is laggy
[  307.872775][T11629] ceph: No mds server is up or the cluster is laggy
[  308.221925][   T40] kauditd_printk_skb: 2 callbacks suppressed
[  308.221937][   T40] audit: type=1326 audit(1742803558.457:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11672 comm="syz.2.1513" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf749e579 code=0x0
[  308.978642][T11680] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1514'.
[  309.230436][T11696] tipc: Started in network mode
[  309.232350][T11696] tipc: Node identity 080211000001, cluster identity 4711
[  309.234795][T11696] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  309.348950][T11702] SET target dimension over the limit!
[  310.353376][  T834] tipc: Node number set to 134418688
[  310.801756][T11735] netlink: 'syz.1.1529': attribute type 21 has an invalid length.
[  310.875083][T11738] loop6: detected capacity change from 0 to 524287999
[  310.953426][T11743] loop6: detected capacity change from 0 to 524287999
[  311.980544][   T40] audit: type=1326 audit(1742803562.207:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11750 comm="syz.2.1535" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf749e579 code=0x0
[  312.423144][T11767] loop6: detected capacity change from 0 to 524287999
[  312.487503][T11770] netlink: 'syz.3.1542': attribute type 21 has an invalid length.
[  312.503512][T11772] veth0_to_batadv: entered promiscuous mode
[  312.507260][T11772] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  312.956965][T11777] sp0: Synchronizing with TNC
[  312.982660][T11776] [U] �
[  313.791454][T11813] netlink: 'syz.3.1555': attribute type 21 has an invalid length.
[  313.957295][T11822] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1558'.
[  314.395883][T11826] FAULT_INJECTION: forcing a failure.
[  314.395883][T11826] name failslab, interval 1, probability 0, space 0, times 0
[  314.400123][T11826] CPU: 2 UID: 0 PID: 11826 Comm: syz.2.1559 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  314.400142][T11826] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  314.400149][T11826] Call Trace:
[  314.400154][T11826]  <TASK>
[  314.400158][T11826]  dump_stack_lvl+0x16c/0x1f0
[  314.400177][T11826]  should_fail_ex+0x50a/0x650
[  314.400187][T11826]  ? fs_reclaim_acquire+0xae/0x150
[  314.400201][T11826]  ? tomoyo_encode2+0x100/0x3e0
[  314.400215][T11826]  should_failslab+0xc2/0x120
[  314.400225][T11826]  __kmalloc_noprof+0xcb/0x510
[  314.400239][T11826]  ? d_absolute_path+0x137/0x1b0
[  314.400250][T11826]  ? rcu_is_watching+0x12/0xc0
[  314.400267][T11826]  tomoyo_encode2+0x100/0x3e0
[  314.400282][T11826]  tomoyo_encode+0x29/0x50
[  314.400295][T11826]  tomoyo_realpath_from_path+0x19d/0x720
[  314.400313][T11826]  tomoyo_path_number_perm+0x248/0x590
[  314.400324][T11826]  ? tomoyo_path_number_perm+0x235/0x590
[  314.400337][T11826]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  314.400361][T11826]  ? __pfx_lock_release+0x10/0x10
[  314.400375][T11826]  ? trace_lock_acquire+0x14e/0x1f0
[  314.400388][T11826]  ? lock_acquire+0x2f/0xb0
[  314.400400][T11826]  ? __fget_files+0x40/0x3a0
[  314.400416][T11826]  ? __fget_files+0x206/0x3a0
[  314.400431][T11826]  security_file_ioctl_compat+0x9b/0x240
[  314.400446][T11826]  __do_compat_sys_ioctl+0x4e/0x2c0
[  314.400460][T11826]  __do_fast_syscall_32+0x73/0x120
[  314.400477][T11826]  do_fast_syscall_32+0x32/0x80
[  314.400492][T11826]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  314.400509][T11826] RIP: 0023:0xf749e579
[  314.400518][T11826] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  314.400527][T11826] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  314.400536][T11826] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000005000
[  314.400542][T11826] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  314.400548][T11826] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  314.400553][T11826] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  314.400558][T11826] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  314.400570][T11826]  </TASK>
[  314.400579][T11826] ERROR: Out of memory at tomoyo_realpath_from_path.
[  314.729040][T11833] loop6: detected capacity change from 0 to 524287999
[  314.774880][T11837] ip6gretap0: entered promiscuous mode
[  314.776927][T11837] batadv_slave_0: entered promiscuous mode
[  314.780442][T11837] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  314.783137][T11837] Cannot create hsr debugfs directory
[  314.865357][T11841] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1563'.
[  314.871815][T11843] netlink: 'syz.2.1565': attribute type 21 has an invalid length.
[  315.198581][T11856] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  315.199418][T11855] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  315.204438][T11855] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1568'.
[  315.207649][T11855] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1568'.
[  315.211742][T11856] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1568'.
[  315.214944][T11856] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1568'.
[  315.260755][T11858] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1569'.
[  315.631161][T11876] FAULT_INJECTION: forcing a failure.
[  315.631161][T11876] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  315.636690][T11876] CPU: 0 UID: 0 PID: 11876 Comm: syz.1.1572 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  315.636713][T11876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  315.636723][T11876] Call Trace:
[  315.636728][T11876]  <TASK>
[  315.636735][T11876]  dump_stack_lvl+0x16c/0x1f0
[  315.636763][T11876]  should_fail_ex+0x50a/0x650
[  315.636783][T11876]  _copy_from_user+0x2e/0xd0
[  315.636801][T11876]  get_compat_msghdr+0xa8/0x170
[  315.636822][T11876]  ? __pfx_get_compat_msghdr+0x10/0x10
[  315.636841][T11876]  ? _raw_spin_unlock_irq+0x23/0x50
[  315.636863][T11876]  ? task_work_run+0x1e2/0x250
[  315.636888][T11876]  ___sys_recvmsg+0x193/0x1a0
[  315.636913][T11876]  ? __pfx____sys_recvmsg+0x10/0x10
[  315.636934][T11876]  ? __fget_files+0x1fc/0x3a0
[  315.636951][T11876]  ? trace_lock_acquire+0x14e/0x1f0
[  315.636967][T11876]  ? __fget_files+0x206/0x3a0
[  315.636984][T11876]  __sys_recvmsg+0x16b/0x220
[  315.636994][T11876]  ? __pfx___sys_recvmsg+0x10/0x10
[  315.637011][T11876]  do_int80_emulation+0x104/0x200
[  315.637027][T11876]  asm_int80_emulation+0x1a/0x20
[  315.637044][T11876] RIP: 0023:0xf73ae579
[  315.637056][T11876] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  315.637065][T11876] RSP: 002b:00000000f501555c EFLAGS: 00000296 ORIG_RAX: 0000000000000174
[  315.637075][T11876] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000300
[  315.637084][T11876] RDX: 0000000000000122 RSI: 0000000000000000 RDI: 0000000000000000
[  315.637089][T11876] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  315.637095][T11876] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  315.637100][T11876] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  315.637111][T11876]  </TASK>
[  315.638674][T11879] Cannot find add_set index 0 as target
[  315.830420][T11886] SET target dimension over the limit!
[  315.961629][T11889] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1576'.
[  316.115300][T11894] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1577'.
[  316.602282][ T1414] ieee802154 phy0 wpan0: encryption failed: -22
[  316.604120][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[  317.124227][T11914] loop6: detected capacity change from 0 to 524287999
[  318.301526][T11942] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1590'.
[  318.575493][T11949] sg_write: data in/out 11010100/1 bytes for SCSI command 0x26-- guessing data in;
[  318.575493][T11949]    program syz.3.1592 not setting count and/or reply_len properly
[  318.639866][   T40] audit: type=1326 audit(1742803568.867:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11938 comm="syz.1.1591" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ae579 code=0x0
[  319.268229][T11962] netlink: 'syz.0.1598': attribute type 30 has an invalid length.
[  319.641069][ T5951] Bluetooth: hci2: command 0x0406 tx timeout
[  319.900449][ T5951] Bluetooth: unknown link type 108
[  319.903765][ T5951] Bluetooth: hci2: connection err: -111
[  320.835730][T11995] x_tables: duplicate underflow at hook 3
[  321.146120][T11998] [U] ���1WT`8�����H$�0�����9\
[  321.155161][T11998] [U] ;2}U��GV�ĥ��#�O9��ե>-��ߴ�S�ݢ��P
[  321.158064][T11998] [U] 4��XZ^Y����)������M�C��.�O�Ȟ�P�O��W
[  321.160013][T11998] [U] �ä%�Z
[  321.169055][T11998] [U] �8`�}�[T��J#Z�~��3µݥI~�D�%8@7J���|{9D��C���E+�O�K?%�6
[  321.172562][T11998] [U] ��P>BЍ̖�Z%
[  321.174105][T11998] [U] ���I)=�����#F�/��UI~)YS������=���׊�4����F�X�&�%$K�Ӂ'�.7�*9|�A�U\��P��V���|�Ԋ
[  321.177185][T11998] [U] ܣ����K
[  321.178368][T11998] [U] �OW�.�
W��ZG�����	��$J�YR7��/�1ZT7L�[+��
[  321.180748][T11998] [U] ^
[  321.182429][T11998] [U] T�!#��Ӈ�ŵ$BI�N
,<�T��[:D�#8�(��E"�6�Y�ˡ��E��F�L&�1�Y¯�0�DB
����B�1�ߦʶ8�4��+N3���=C�I��/6�}��AR�-	-��O�I��9�إM�Z
[  321.187789][T11998] [U] ,8��O��P9���UG�ݗTXF���])���A3�_ �D�"Ȉ�X������X�������ZD���ݳ	��!�W��A9��@ق�3�X+����ZAO]��8X���X{����(	))�27Y�3��,�!KW(Cѱ��I�E�����\AMл��CU�0*%ɍOHC�|;XCK��@V�NQ�Z
[  321.194169][T11998] [U] ţ�Զ���Dǂ�`=�Ɓ�N���<ʸ��]Q
[  321.196216][T11998] [U] K�E�ZȒF9Ǩ{
[  321.197766][T11998] [U] Z�I�]?.|��"%�B��)��`��ݾ6�VO�}�'�V�߾�����I\M��;S�	QS�K3�
މDY�_�-T�40��OP��Eߴ�P���<!AU���>	Z�ù6�
[  321.205156][T11998] [U] ��
SU�P�OD����)K�QR,�},%�M�����1�Ǿ?Ʋ[� �=2F�}����~�S��B��Ś��ŊR}MIW��[TL���_��>���V3�D,ۅ��<��-KH��%�CQЧ<�KY���Q��ZL�Y1״E>Y�
[  321.213901][T11998] [U] O
[  321.216087][T11998] [U] �+��V�
[  321.218116][T11998] [U] ��N�������V��T�K�+_'Z̔�˶�ɑ�0$��F��|$��-Ъ����O����3�"M�;�J/�[=��.Ď,T�Z��Z��]�@�`�����R�(%��	�	P,���C���T���Bʛ>I�2���O��֖:-��P��%�MI�JQ̿F;��V]&��͊��TQO���Fʹ���ɥ�ǀB��^P�=A�ZDP8��NX�WL�9VQ�1�� 6���TD
[  321.226105][ T5951] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  321.227744][T11998] [U] QU�ԜD����H�ˍ:}���J#H��ۿ��L�]B�XJ�#
[XK��P��O̶�Y;)�J��?*̥��F��U[��X�X'�\��Q,��'��A������2�	�YZ�^� ��Sʻ
[  321.233261][T11998] [U] �#{�8�Dު��]�YƉI�0I��M�R��Lɱ��ʗJ�M.Њ���U�
[  321.235954][T11998] [U] �X%���ܴ�R�(�}�D����?�47Ш+��&�W1�JAK�Y��Ү��PB<�X�8Q^�����9�W�M@�4�њU���NSAD=Iػ"�I�����V��](`DŽ�J��$#���F�D�����7�)�̦��J�GDYEJ�����˓�XĉD��+P���"�3��/]�Y��IK���ںTP�֭���*�P_B�ͳ�R!�%���Ј�7.�}}N�A?��VFA
�'�SUU$ϙ��K6=�{.��ޠ�
��Z�7����^�:�8(�T9F�~B�EY|��чY�G��L"�A!Pϴ�TK��
[  321.244765][T11998] [U] �
L:��6DV���$ױ����IW��+�P�D�93�P/D�HZV�\����ؾE�ޞ�P�O�
[  321.252251][T11997] [U] U�I��ABՒA�?�'$?��H������K�MV�ʓ|��%1�
[  321.344068][T12004] netlink: 'syz.2.1607': attribute type 21 has an invalid length.
[  321.477888][T12007] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1608'.
[  321.504642][T12009] FAULT_INJECTION: forcing a failure.
[  321.504642][T12009] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  321.509212][T12009] CPU: 0 UID: 0 PID: 12009 Comm: syz.3.1609 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  321.509227][T12009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  321.509243][T12009] Call Trace:
[  321.509247][T12009]  <TASK>
[  321.509251][T12009]  dump_stack_lvl+0x16c/0x1f0
[  321.509269][T12009]  should_fail_ex+0x50a/0x650
[  321.509282][T12009]  copy_fpstate_to_sigframe+0x894/0xb20
[  321.509297][T12009]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  321.509309][T12009]  ? lock_acquire+0x2f/0xb0
[  321.509322][T12009]  ? posixtimer_deliver_signal+0x1b0/0x650
[  321.509339][T12009]  ? posixtimer_deliver_signal+0x1b0/0x650
[  321.509353][T12009]  ? find_held_lock+0x2d/0x110
[  321.509366][T12009]  get_sigframe+0x4aa/0x9c0
[  321.509379][T12009]  ? __pfx_get_sigframe+0x10/0x10
[  321.509391][T12009]  ? _raw_spin_unlock_irq+0x23/0x50
[  321.509403][T12009]  ? siginfo_layout+0x177/0x290
[  321.509419][T12009]  ia32_setup_rt_frame+0xe4/0xb30
[  321.509435][T12009]  ? __fget_files+0x1fc/0x3a0
[  321.509450][T12009]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[  321.509464][T12009]  ? __pfx_vfs_read+0x10/0x10
[  321.509478][T12009]  ? lock_acquire+0x2f/0xb0
[  321.509491][T12009]  ? __fget_files+0x40/0x3a0
[  321.509505][T12009]  arch_do_signal_or_restart+0x47b/0x7e0
[  321.509517][T12009]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  321.509531][T12009]  ? ksys_read+0x1ba/0x250
[  321.509543][T12009]  ? __pfx_ksys_read+0x10/0x10
[  321.509559][T12009]  syscall_exit_to_user_mode+0x150/0x2a0
[  321.509574][T12009]  __do_fast_syscall_32+0x80/0x120
[  321.509589][T12009]  do_fast_syscall_32+0x32/0x80
[  321.509604][T12009]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  321.509620][T12009] RIP: 0023:0xf7fdf577
[  321.509628][T12009] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  321.509642][T12009] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003
[  321.509651][T12009] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 0000000080000100
[  321.509657][T12009] RDX: 0000000000000071 RSI: 0000000000000000 RDI: 0000000000000000
[  321.509662][T12009] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  321.509671][T12009] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  321.509676][T12009] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  321.509688][T12009]  </TASK>
[  321.869981][T12021] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1611'.
[  322.693555][T12037] netlink: 'syz.3.1616': attribute type 21 has an invalid length.
[  323.139597][ T5951] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  323.273379][T12049] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1621'.
[  323.468036][T12056] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1630'.
[  323.614193][T12067] netlink: 'syz.1.1625': attribute type 21 has an invalid length.
[  323.731075][ T6012] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  323.881057][ T6012] usb 7-1: Using ep0 maxpacket: 8
[  323.887069][ T6012] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  323.893275][ T6012] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  323.900030][ T6012] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  323.911216][ T6012] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  323.914179][ T6012] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  323.917907][ T6012] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  323.920466][ T6012] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.119627][T12080] netlink: 'syz.3.1628': attribute type 2 has an invalid length.
[  324.122214][T12080] netlink: 'syz.3.1628': attribute type 1 has an invalid length.
[  324.124388][T12080] netlink: 112860 bytes leftover after parsing attributes in process `syz.3.1628'.
[  324.126918][T12080] nbd: couldn't find device at index 1568768
[  324.140832][ T6012] usb 7-1: usb_control_msg returned -32
[  324.142524][ T6012] usbtmc 7-1:16.0: can't read capabilities
[  324.653018][T12088] usbtmc 7-1:16.0: usb_control_msg returned -32
[  324.674996][    T9] usb 7-1: USB disconnect, device number 9
[  325.016437][T12105] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1636'.
[  325.077030][T12110] netlink: 'syz.1.1637': attribute type 21 has an invalid length.
[  325.517909][T12120] SET target dimension over the limit!
[  325.747594][T12125] Invalid logical block size (3328)
[  326.125169][T12142] netlink: 'syz.3.1646': attribute type 21 has an invalid length.
[  326.426454][ T5951] Bluetooth: hci2: unexpected event for opcode 0x1003
[  326.829769][T12156] overlayfs: failed to clone lowerpath
[  326.983857][T12162] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1652'.
[  327.204629][T12168] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1653'.
[  327.207172][T12168] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1653'.
[  327.250701][T12174] netlink: 'syz.1.1655': attribute type 21 has an invalid length.
[  327.541622][T12185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1660'.
[  327.588723][T12193] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1662'.
[  327.755268][T12203] netlink: 'syz.2.1665': attribute type 21 has an invalid length.
[  328.244501][T12221] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1672'.
[  328.461970][T12226] Cannot find add_set index 0 as target
[  328.471579][T12229] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1673'.
[  328.537680][T12232] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  329.783186][T12259] FAULT_INJECTION: forcing a failure.
[  329.783186][T12259] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  329.786985][T12259] CPU: 2 UID: 0 PID: 12259 Comm: syz.3.1682 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  329.786998][T12259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  329.787005][T12259] Call Trace:
[  329.787009][T12259]  <TASK>
[  329.787013][T12259]  dump_stack_lvl+0x16c/0x1f0
[  329.787044][T12259]  should_fail_ex+0x50a/0x650
[  329.787065][T12259]  _copy_from_iter+0x2a1/0x1560
[  329.787077][T12259]  ? trace_lock_acquire+0x14e/0x1f0
[  329.787090][T12259]  ? __pfx__copy_from_iter+0x10/0x10
[  329.787100][T12259]  ? __virt_addr_valid+0x1a4/0x590
[  329.787112][T12259]  ? __virt_addr_valid+0x5e/0x590
[  329.787122][T12259]  ? __phys_addr_symbol+0x30/0x80
[  329.787132][T12259]  ? __check_object_size+0x488/0x710
[  329.787145][T12259]  sctp_user_addto_chunk+0x87/0x230
[  329.787161][T12259]  sctp_datamsg_from_user+0x5b3/0x1320
[  329.787178][T12259]  sctp_sendmsg_to_asoc+0xafd/0x1ad0
[  329.787194][T12259]  ? sctp_assoc_add_peer+0x254/0x1530
[  329.787211][T12259]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  329.787227][T12259]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  329.787238][T12259]  ? lock_acquire+0x2f/0xb0
[  329.787250][T12259]  ? sctp_endpoint_lookup_assoc+0xac/0x2a0
[  329.787268][T12259]  sctp_sendmsg+0xf0a/0x1eb0
[  329.787277][T12259]  ? __pfx___lock_acquire+0x10/0x10
[  329.787309][T12259]  ? __pfx_sctp_sendmsg+0x10/0x10
[  329.787327][T12259]  ? __pfx_aa_sk_perm+0x10/0x10
[  329.787341][T12259]  ? __pfx_sctp_sendmsg+0x10/0x10
[  329.787352][T12259]  inet_sendmsg+0x119/0x140
[  329.787363][T12259]  __sys_sendto+0x42a/0x4f0
[  329.787379][T12259]  ? __pfx___sys_sendto+0x10/0x10
[  329.787403][T12259]  ? ksys_write+0x1ba/0x250
[  329.787417][T12259]  ? __pfx_ksys_write+0x10/0x10
[  329.787432][T12259]  __ia32_sys_sendto+0xdd/0x1b0
[  329.787446][T12259]  ? lockdep_hardirqs_on+0x7c/0x110
[  329.787459][T12259]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  329.787475][T12259]  __do_fast_syscall_32+0x73/0x120
[  329.787490][T12259]  do_fast_syscall_32+0x32/0x80
[  329.787505][T12259]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  329.787521][T12259] RIP: 0023:0xf7fdf579
[  329.787529][T12259] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  329.787538][T12259] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171
[  329.787548][T12259] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  329.787554][T12259] RDX: 0000000000000001 RSI: 00000000000040d4 RDI: 0000000080000140
[  329.787560][T12259] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
[  329.787566][T12259] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  329.787571][T12259] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  329.787582][T12259]  </TASK>
[  329.921784][T12263] random: crng reseeded on system resumption
[  329.932729][T12265] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1685'.
[  330.031989][T12271] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1684'.
[  330.443207][ T5951] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  330.448159][ T5951] Bluetooth: hci2: Injecting HCI hardware error event
[  330.451813][ T5958] Bluetooth: hci2: hardware error 0x00
[  330.468884][T12273] Cannot find add_set index 0 as target
[  330.726624][T12297] virtio-fs: tag <(null)> not found
[  331.583266][T12328] SET target dimension over the limit!
[  332.161713][T12347] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1707'.
[  332.521095][ T5958] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  332.989889][T12362] syz.3.1712 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  333.028048][T12368] netlink: 'syz.3.1715': attribute type 21 has an invalid length.
[  333.704130][T12383] FAULT_INJECTION: forcing a failure.
[  333.704130][T12383] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  333.708357][T12383] CPU: 3 UID: 0 PID: 12383 Comm: syz.1.1720 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  333.708371][T12383] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  333.708378][T12383] Call Trace:
[  333.708390][T12383]  <TASK>
[  333.708396][T12383]  dump_stack_lvl+0x16c/0x1f0
[  333.708416][T12383]  should_fail_ex+0x50a/0x650
[  333.708428][T12383]  _copy_from_iter+0x2a1/0x1560
[  333.708441][T12383]  ? _copy_from_iter+0x15e/0x1560
[  333.708452][T12383]  ? __pfx__copy_from_iter+0x10/0x10
[  333.708464][T12383]  ? __pfx__copy_from_iter+0x10/0x10
[  333.708473][T12383]  ? __virt_addr_valid+0x1a4/0x590
[  333.708487][T12383]  copy_page_from_iter+0xa5/0x120
[  333.708500][T12383]  skb_copy_datagram_from_iter+0x29b/0x710
[  333.708519][T12383]  tun_get_user+0x199c/0x3e50
[  333.708534][T12383]  ? __pfx_tun_get_user+0x10/0x10
[  333.708544][T12383]  ? find_held_lock+0x2d/0x110
[  333.708558][T12383]  ? __pfx_lock_release+0x10/0x10
[  333.708577][T12383]  tun_chr_write_iter+0xdc/0x210
[  333.708589][T12383]  vfs_write+0x5ae/0x1150
[  333.708603][T12383]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  333.708615][T12383]  ? __pfx_vfs_write+0x10/0x10
[  333.708629][T12383]  ? __fget_files+0x40/0x3a0
[  333.708648][T12383]  ksys_write+0x12b/0x250
[  333.708662][T12383]  ? __pfx_ksys_write+0x10/0x10
[  333.708678][T12383]  __do_fast_syscall_32+0x73/0x120
[  333.708694][T12383]  do_fast_syscall_32+0x32/0x80
[  333.708709][T12383]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  333.708725][T12383] RIP: 0023:0xf73ae579
[  333.708734][T12383] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  333.708743][T12383] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  333.708753][T12383] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800005c0
[  333.708759][T12383] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000000
[  333.708765][T12383] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  333.708770][T12383] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  333.708775][T12383] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  333.708786][T12383]  </TASK>
[  334.409189][T12406] : entered promiscuous mode
[  335.864440][T12444] SET target dimension over the limit!
[  336.252422][T12454] Invalid ELF header len 8
[  336.253971][T12454] netlink: 'syz.0.1741': attribute type 1 has an invalid length.
[  337.454411][T12493] SET target dimension over the limit!
[  339.159531][T12503] delete_channel: no stack
[  339.646932][T12547] SET target dimension over the limit!
[  340.371720][T12575] netfs: Couldn't get user pages (rc=-14)
[  340.450711][T12583] 8021q: adding VLAN 0 to HW filter on device bond0
[  340.458150][T12583] bond0: (slave rose0): Enslaving as an active interface with an up link
[  340.574685][T12592] fuse: Invalid rootmode
[  341.014475][T12608] geneve2: entered promiscuous mode
[  341.349899][T12616] SET target dimension over the limit!
[  341.559401][T12620] loop6: detected capacity change from 0 to 524287999
[  341.801425][ T5986] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  352.476191][T12710] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1798'.
[  353.008796][T12725] IPv6: Can't replace route, no match found
[  353.014505][T12725] random: crng reseeded on system resumption
[  353.537823][T12737] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  353.843518][T12751] loop6: detected capacity change from 0 to 524287999
[  354.392632][ T5986] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  354.561210][ T5986] usb 7-1: Using ep0 maxpacket: 8
[  354.563897][ T5986] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  354.566770][ T5986] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16
[  354.571696][ T5986] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  354.574852][ T5986] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.577169][ T5986] usb 7-1: Product: syz
[  354.578602][ T5986] usb 7-1: Manufacturer: syz
[  354.580043][ T5986] usb 7-1: SerialNumber: syz
[  355.175159][ T5986] cdc_ncm 7-1:1.0: bind() failure
[  355.178184][ T5986] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found
[  355.180090][ T5986] cdc_ncm 7-1:1.1: bind() failure
[  355.194161][ T5986] usb 7-1: USB disconnect, device number 10
[  357.722748][T12846] netlink: 'syz.2.1831': attribute type 10 has an invalid length.
[  358.158550][T12853] IPv6: Can't replace route, no match found
[  358.171993][T12853] random: crng reseeded on system resumption
[  360.246310][T12895] SET target dimension over the limit!
[  360.656582][T12905] random: crng reseeded on system resumption
[  361.255077][T12917] 9pnet_fd: Insufficient options for proto=fd
[  361.260587][T12917] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  361.266715][T12917] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  361.270005][T12917] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  361.272669][T12917] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  361.275169][T12917] geneve2: entered promiscuous mode
[  361.280538][T12917] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1849'.
[  361.697816][T12929] random: crng reseeded on system resumption
[  361.824581][T12934] FAULT_INJECTION: forcing a failure.
[  361.824581][T12934] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  361.830198][T12934] CPU: 3 UID: 0 PID: 12934 Comm: syz.2.1854 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  361.830219][T12934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  361.830229][T12934] Call Trace:
[  361.830234][T12934]  <TASK>
[  361.830240][T12934]  dump_stack_lvl+0x16c/0x1f0
[  361.830269][T12934]  should_fail_ex+0x50a/0x650
[  361.830289][T12934]  strncpy_from_user+0x3b/0x2d0
[  361.830313][T12934]  getname_flags.part.0+0x8f/0x550
[  361.830332][T12934]  getname+0x8d/0xe0
[  361.830347][T12934]  do_sys_openat2+0x104/0x1e0
[  361.830361][T12934]  ? __pfx_do_sys_openat2+0x10/0x10
[  361.830376][T12934]  ? __fget_files+0x206/0x3a0
[  361.830397][T12934]  __ia32_compat_sys_openat+0x16e/0x210
[  361.830412][T12934]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  361.830425][T12934]  ? ksys_write+0x1ba/0x250
[  361.830448][T12934]  __do_fast_syscall_32+0x73/0x120
[  361.830468][T12934]  do_fast_syscall_32+0x32/0x80
[  361.830486][T12934]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  361.830506][T12934] RIP: 0023:0xf749e579
[  361.830516][T12934] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  361.830527][T12934] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  361.830540][T12934] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000240
[  361.830549][T12934] RDX: 0000000000101000 RSI: 00000000000000e8 RDI: 0000000000000000
[  361.830556][T12934] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  361.830564][T12934] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  361.830571][T12934] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  361.830587][T12934]  </TASK>
[  362.052635][T12939] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1856'.
[  362.464971][T12943] SET target dimension over the limit!
[  363.199483][T12959] netlink: 'syz.3.1859': attribute type 10 has an invalid length.
[  363.404530][T12959] bond0: (slave batadv0): Error -22 calling dev_set_mtu
[  364.242881][T12982] IPv6: Can't replace route, no match found
[  364.247766][T12982] random: crng reseeded on system resumption
[  364.500067][T12986] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  364.597546][T12986] /dev/sr0: Can't open blockdev
[  365.160867][T13005] loop6: detected capacity change from 0 to 524287999
[  365.233925][T13010] ����: renamed from bridge_slave_0 (while UP)
[  365.316270][T13010] syz.2.1874 (13010) used greatest stack depth: 20880 bytes left
[  365.870909][T13027] SET target dimension over the limit!
[  366.413357][T13043] loop6: detected capacity change from 0 to 524287999
[  366.701105][ T6012] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  366.852384][ T6012] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  366.857437][ T6012] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  366.860038][ T6012] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.862354][ T6012] usb 8-1: Product: syz
[  366.863547][ T6012] usb 8-1: Manufacturer: syz
[  366.864851][ T6012] usb 8-1: SerialNumber: syz
[  367.101917][ T6012] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 9 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  367.277760][T13047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  367.282131][T13047] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  367.286018][T13047] lo: entered promiscuous mode
[  367.287661][T13047] lo: entered allmulticast mode
[  367.289443][T13047] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1884'.
[  367.304761][T13045] lo: left allmulticast mode
[  367.306423][T13045] lo: left promiscuous mode
[  367.312827][ T1486] usb 8-1: USB disconnect, device number 9
[  367.339201][ T1486] usblp0: removed
[  367.563828][ T5951] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  367.570879][ T5951] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  367.574090][ T5951] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  367.580260][ T5951] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  367.589413][ T5951] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  367.596803][ T5951] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  367.786133][T11571] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  367.826136][T13076] syzkaller1: entered promiscuous mode
[  367.827824][T13076] syzkaller1: entered allmulticast mode
[  367.885041][T11571] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  367.931659][T13082] loop6: detected capacity change from 0 to 524287999
[  367.987841][T13086] input: syz0 as /devices/virtual/input/input15
[  368.011672][T11571] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.071102][T13069] chnl_net:caif_netlink_parms(): no params data found
[  368.195818][T13090] SET target dimension over the limit!
[  368.407356][T11571] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.483336][T13069] bridge0: port 1(bridge_slave_0) entered blocking state
[  368.485396][T13069] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.488439][T13069] bridge_slave_0: entered allmulticast mode
[  368.491478][T13069] bridge_slave_0: entered promiscuous mode
[  368.499440][T13069] bridge0: port 2(bridge_slave_1) entered blocking state
[  368.504981][T13069] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.507203][T13069] bridge_slave_1: entered allmulticast mode
[  368.509605][T13069] bridge_slave_1: entered promiscuous mode
[  368.549431][T13069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  368.558990][T13069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  368.647582][T13069] team0: Port device team_slave_0 added
[  368.654076][T11571] bridge_slave_1: left allmulticast mode
[  368.655896][T11571] bridge_slave_1: left promiscuous mode
[  368.658763][T11571] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.664369][T11571] bridge_slave_0: left allmulticast mode
[  368.665980][T11571] bridge_slave_0: left promiscuous mode
[  368.667619][T11571] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.504637][T11571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  369.509061][T11571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  369.514125][T11571] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  369.533901][T11571] bond0 (unregistering): (slave macvlan2): Releasing backup interface
[  369.538274][T11571] veth0_to_batadv: left promiscuous mode
[  369.544998][T11571] bond0 (unregistering): Released all slaves
[  369.553792][T13069] team0: Port device team_slave_1 added
[  369.641244][ T5951] Bluetooth: hci1: command tx timeout
[  369.687748][T11571] tipc: Disabling bearer <eth:syzkaller0>
[  369.703229][T11571] tipc: Left network mode
[  369.703791][T13069] batman_adv: batadv0: Adding interface: batadv_slave_0
[  369.706757][T13069] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.714210][T13069] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  369.719110][T13069] batman_adv: batadv0: Adding interface: batadv_slave_1
[  369.721624][T13069] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.732279][T13069] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  369.794825][T13069] hsr_slave_0: entered promiscuous mode
[  369.796760][T13069] hsr_slave_1: entered promiscuous mode
[  369.798670][T13069] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  369.800826][T13069] Cannot create hsr debugfs directory
[  369.944303][T11571] hsr_slave_0: left promiscuous mode
[  369.946546][T11571] hsr_slave_1: left promiscuous mode
[  370.025085][T13122] loop6: detected capacity change from 0 to 524287999
[  370.051812][ T1016] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  370.191263][ T1016] usb 8-1: device descriptor read/64, error -71
[  370.441495][ T1016] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  370.526749][T11571] team0 (unregistering): Port device team_slave_1 removed
[  370.581401][ T1016] usb 8-1: device descriptor read/64, error -71
[  370.602633][T11571] team0 (unregistering): Port device team_slave_0 removed
[  370.701441][ T1016] usb usb8-port1: attempt power cycle
[  371.052652][ T1016] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  371.071576][ T1016] usb 8-1: device descriptor read/8, error -71
[  371.321455][ T1016] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  371.416119][ T1016] usb 8-1: device descriptor read/8, error -71
[  371.443708][T13069] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  371.449723][T13069] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  371.454125][T13069] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  371.457307][T13069] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  371.519759][T13069] 8021q: adding VLAN 0 to HW filter on device bond0
[  371.539668][T13069] 8021q: adding VLAN 0 to HW filter on device team0
[  371.548651][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  371.551505][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  371.569804][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.573993][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  371.616308][T13136] SET target dimension over the limit!
[  371.720117][ T1016] usb usb8-port1: unable to enumerate USB device
[  371.721295][ T5951] Bluetooth: hci1: command tx timeout
[  371.782949][T11571] IPVS: stop unused estimator thread 0...
[  371.829160][T13069] 8021q: adding VLAN 0 to HW filter on device batadv0
[  372.084249][T13069] veth0_vlan: entered promiscuous mode
[  372.094109][T13069] veth1_vlan: entered promiscuous mode
[  372.141460][T13069] veth0_macvtap: entered promiscuous mode
[  372.144335][T13069] veth1_macvtap: entered promiscuous mode
[  372.156591][T13069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  372.160168][T13069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  372.163805][T13069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  372.167415][T13069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  372.171481][T13069] batman_adv: batadv0: Interface activated: batadv_slave_0
[  372.181973][T13069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  372.184845][T13069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  372.201201][T13069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  372.204306][T13069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  372.208276][T13069] batman_adv: batadv0: Interface activated: batadv_slave_1
[  372.214520][T13069] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  372.216973][T13069] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  372.219371][T13069] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  372.221872][T13069] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  372.252339][T11573] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  372.254513][T11573] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  372.266014][T11573] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  372.268344][T11573] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  372.344659][T13147] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  372.350670][T13146] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  372.389685][T13144] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  372.511646][T13144] /dev/sr0: Can't open blockdev
[  372.768205][T13162] loop6: detected capacity change from 0 to 524287999
[  373.270166][T13175] Cannot find add_set index 0 as target
[  374.441064][ T5951] Bluetooth: hci1: command tx timeout
[  374.785290][T13203] loop6: detected capacity change from 0 to 524287999
[  375.777241][T13224] SET target dimension over the limit!
[  376.765201][T13242] loop6: detected capacity change from 0 to 524287999
[  377.112166][T13261] IPv6: Can't replace route, no match found
[  377.149182][T13261] random: crng reseeded on system resumption
[  377.270677][T13263] Cannot find add_set index 0 as target
[  377.540006][T13269] netlink: 'syz.3.1937': attribute type 21 has an invalid length.
[  378.042448][ T1414] ieee802154 phy0 wpan0: encryption failed: -22
[  378.044898][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[  378.205775][T13279] loop6: detected capacity change from 0 to 524287999
[  379.164330][T13302] IPv6: Can't replace route, no match found
[  379.169992][T13302] random: crng reseeded on system resumption
[  379.346938][T13307] FAULT_INJECTION: forcing a failure.
[  379.346938][T13307] name failslab, interval 1, probability 0, space 0, times 0
[  379.386907][T13307] CPU: 3 UID: 0 PID: 13307 Comm: syz.2.1948 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  379.386946][T13307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  379.386956][T13307] Call Trace:
[  379.386961][T13307]  <TASK>
[  379.386968][T13307]  dump_stack_lvl+0x16c/0x1f0
[  379.386998][T13307]  should_fail_ex+0x50a/0x650
[  379.387014][T13307]  ? fs_reclaim_acquire+0xae/0x150
[  379.387037][T13307]  ? call_usermodehelper_setup+0x9a/0x340
[  379.387059][T13307]  should_failslab+0xc2/0x120
[  379.387075][T13307]  __kmalloc_cache_noprof+0x68/0x410
[  379.387096][T13307]  ? trace_kmalloc+0x2d/0xd0
[  379.387112][T13307]  ? __kmalloc_node_track_caller_noprof+0x240/0x510
[  379.387139][T13307]  ? __pfx_free_modprobe_argv+0x10/0x10
[  379.387166][T13307]  call_usermodehelper_setup+0x9a/0x340
[  379.387193][T13307]  __request_module+0x3d6/0x6c0
[  379.387215][T13307]  ? crypto_alg_mod_lookup+0x3d3/0x4e0
[  379.387234][T13307]  ? __pfx___request_module+0x10/0x10
[  379.387264][T13307]  ? __debug_object_init+0x2dd/0x3e0
[  379.387285][T13307]  ? __crypto_alg_lookup+0x1eb/0x240
[  379.387302][T13307]  ? crypto_alg_mod_lookup+0x352/0x4e0
[  379.387323][T13307]  crypto_alg_mod_lookup+0x3d3/0x4e0
[  379.387343][T13307]  crypto_type_has_alg+0x2c/0x80
[  379.387365][T13307]  xfrm_aalg_get_byname+0x137/0x1f0
[  379.387390][T13307]  xfrm_add_sa+0x18ba/0x5720
[  379.387420][T13307]  ? __pfx_xfrm_add_sa+0x10/0x10
[  379.387457][T13307]  ? __nla_parse+0x40/0x60
[  379.387474][T13307]  ? __pfx_xfrm_add_sa+0x10/0x10
[  379.387490][T13307]  xfrm_user_rcv_msg+0x58c/0xc00
[  379.387507][T13307]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  379.387522][T13307]  ? find_held_lock+0x2d/0x110
[  379.387534][T13307]  ? hlock_class+0x4e/0x130
[  379.387543][T13307]  ? __lock_acquire+0x15a9/0x3c40
[  379.387570][T13307]  ? __mutex_trylock_common+0xea/0x250
[  379.387585][T13307]  ? __pfx___mutex_trylock_common+0x10/0x10
[  379.387609][T13307]  ? xfrm_netlink_rcv+0x62/0x90
[  379.387632][T13307]  netlink_rcv_skb+0x16b/0x440
[  379.387657][T13307]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  379.387682][T13307]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  379.387719][T13307]  ? xfrm_netlink_rcv+0x62/0x90
[  379.387760][T13307]  xfrm_netlink_rcv+0x71/0x90
[  379.387781][T13307]  netlink_unicast+0x53c/0x7f0
[  379.387808][T13307]  ? __pfx_netlink_unicast+0x10/0x10
[  379.387832][T13307]  ? __phys_addr_symbol+0x30/0x80
[  379.387847][T13307]  ? __check_object_size+0x488/0x710
[  379.387866][T13307]  netlink_sendmsg+0x8b8/0xd70
[  379.387894][T13307]  ? __pfx_netlink_sendmsg+0x10/0x10
[  379.387926][T13307]  ____sys_sendmsg+0xaaf/0xc90
[  379.387948][T13307]  ? __pfx_____sys_sendmsg+0x10/0x10
[  379.387966][T13307]  ? get_compat_msghdr+0x11b/0x170
[  379.387998][T13307]  ___sys_sendmsg+0x135/0x1e0
[  379.388025][T13307]  ? __pfx____sys_sendmsg+0x10/0x10
[  379.388060][T13307]  ? __pfx_lock_release+0x10/0x10
[  379.388081][T13307]  ? trace_lock_acquire+0x14e/0x1f0
[  379.388107][T13307]  ? __fget_files+0x206/0x3a0
[  379.388136][T13307]  __sys_sendmsg+0x16e/0x220
[  379.388152][T13307]  ? __pfx___sys_sendmsg+0x10/0x10
[  379.388183][T13307]  __do_fast_syscall_32+0x73/0x120
[  379.388208][T13307]  do_fast_syscall_32+0x32/0x80
[  379.388231][T13307]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  379.388257][T13307] RIP: 0023:0xf749e579
[  379.388271][T13307] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  379.388286][T13307] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  379.388302][T13307] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  379.388313][T13307] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  379.388323][T13307] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  379.388332][T13307] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  379.388342][T13307] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  379.388363][T13307]  </TASK>
[  379.637688][T13317] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  380.913635][T13332] usb usb9: usbfs: interface 0 claimed by hub while 'syz.0.1956' sets config #0
[  380.988939][T13336] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1959'.
[  380.992468][T13336] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1959'.
[  380.997883][T13336] macvlan1: entered promiscuous mode
[  380.999958][T13336] gretap0: entered promiscuous mode
[  381.100016][T13345] IPv6: Can't replace route, no match found
[  381.104014][T13345] random: crng reseeded on system resumption
[  381.651224][ T5951] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  383.307115][T13383] SET target dimension over the limit!
[  383.310547][T13380] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1970'.
[  383.373140][T13388] loop6: detected capacity change from 0 to 524287999
[  383.506661][T13397] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$���UL�vy��آ
�D��UD���}�z
[  383.892687][T13401] Cannot find add_set index 0 as target
[  384.392462][T13403] loop6: detected capacity change from 0 to 524287999
[  385.475709][T13420] Cannot find map_set index 0 as target
[  385.536911][T13422] Cannot find add_set index 0 as target
[  385.672565][T13429] 9pnet_virtio: no channels available for device syz
[  386.319913][T13442] SET target dimension over the limit!
[  386.320838][T13437] Cannot find add_set index 0 as target
[  386.480607][T13423] syz.2.1980 (13423) used greatest stack depth: 19680 bytes left
[  386.855732][T13457] SET target dimension over the limit!
[  387.100428][T13460] binfmt_misc: register: failed to install interpreter file ./file0
[  387.670210][T13472] syzkaller1: entered promiscuous mode
[  387.674321][T13472] syzkaller1: entered allmulticast mode
[  387.686026][T13471] 9pnet: p9_errstr2errno: server reported unknown error 184467440737095
[  387.791717][T13476] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$���UL�vy��آ
�D��UD���}�zR'
[  387.794716][T13476] CPU: 1 UID: 0 PID: 13476 Comm: syz.0.1997 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  387.794731][T13476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  387.794737][T13476] Call Trace:
[  387.794741][T13476]  <TASK>
[  387.794745][T13476]  dump_stack_lvl+0x16c/0x1f0
[  387.794781][T13476]  sysfs_warn_dup+0x7f/0xa0
[  387.794796][T13476]  sysfs_do_create_link_sd+0x124/0x140
[  387.794811][T13476]  sysfs_create_link+0x61/0xc0
[  387.794825][T13476]  device_add+0x62e/0x1a70
[  387.794841][T13476]  ? __pfx_device_add+0x10/0x10
[  387.794855][T13476]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  387.794872][T13476]  ? ieee80211_set_bitrate_flags+0x249/0x6a0
[  387.794888][T13476]  wiphy_register+0x1cab/0x2860
[  387.794897][T13476]  ? __pfx__dev_printk+0x10/0x10
[  387.794912][T13476]  ? __pfx_wiphy_register+0x10/0x10
[  387.794926][T13476]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  387.794943][T13476]  ieee80211_register_hw+0x2455/0x4060
[  387.794962][T13476]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  387.794976][T13476]  ? net_generic+0xea/0x2a0
[  387.794992][T13476]  ? lockdep_init_map_type+0x16d/0x7d0
[  387.795007][T13476]  ? __asan_memset+0x23/0x50
[  387.795020][T13476]  ? __hrtimer_init+0x106/0x2c0
[  387.795037][T13476]  mac80211_hwsim_new_radio+0x304e/0x54e0
[  387.795058][T13476]  ? __kmalloc_node_track_caller_noprof+0x240/0x510
[  387.795074][T13476]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  387.795088][T13476]  ? hwsim_new_radio_nl+0x9ff/0x12b0
[  387.795103][T13476]  ? __asan_memcpy+0x3c/0x60
[  387.795117][T13476]  hwsim_new_radio_nl+0xb42/0x12b0
[  387.795132][T13476]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  387.795151][T13476]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  387.795163][T13476]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  387.795176][T13476]  genl_family_rcv_msg_doit+0x202/0x2f0
[  387.795187][T13476]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  387.795197][T13476]  ? trace_cap_capable+0x1a2/0x210
[  387.795212][T13476]  ? bpf_lsm_capable+0x9/0x10
[  387.795221][T13476]  ? security_capable+0x7e/0x260
[  387.795232][T13476]  ? ns_capable+0xd7/0x110
[  387.795247][T13476]  genl_rcv_msg+0x565/0x800
[  387.795258][T13476]  ? __pfx_genl_rcv_msg+0x10/0x10
[  387.795269][T13476]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  387.795284][T13476]  ? __pfx___lock_acquire+0x10/0x10
[  387.795300][T13476]  netlink_rcv_skb+0x16b/0x440
[  387.795314][T13476]  ? __pfx_genl_rcv_msg+0x10/0x10
[  387.795324][T13476]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  387.795344][T13476]  ? down_read+0xc9/0x330
[  387.795359][T13476]  ? __pfx_down_read+0x10/0x10
[  387.795374][T13476]  ? netlink_deliver_tap+0x1ae/0xd30
[  387.795389][T13476]  genl_rcv+0x28/0x40
[  387.795398][T13476]  netlink_unicast+0x53c/0x7f0
[  387.795413][T13476]  ? __pfx_netlink_unicast+0x10/0x10
[  387.795428][T13476]  ? __phys_addr_symbol+0x30/0x80
[  387.795438][T13476]  ? __check_object_size+0x488/0x710
[  387.795450][T13476]  netlink_sendmsg+0x8b8/0xd70
[  387.795466][T13476]  ? __pfx_netlink_sendmsg+0x10/0x10
[  387.795492][T13476]  ____sys_sendmsg+0xaaf/0xc90
[  387.795511][T13476]  ? __pfx_____sys_sendmsg+0x10/0x10
[  387.795527][T13476]  ? get_compat_msghdr+0x11b/0x170
[  387.795557][T13476]  ___sys_sendmsg+0x135/0x1e0
[  387.795589][T13476]  ? __pfx____sys_sendmsg+0x10/0x10
[  387.795623][T13476]  ? __pfx_lock_release+0x10/0x10
[  387.795638][T13476]  ? trace_lock_acquire+0x14e/0x1f0
[  387.795654][T13476]  ? __fget_files+0x206/0x3a0
[  387.795673][T13476]  __sys_sendmsg+0x16e/0x220
[  387.795683][T13476]  ? __pfx___sys_sendmsg+0x10/0x10
[  387.795694][T13476]  ? __ia32_sys_futex_time32+0x1da/0x460
[  387.795717][T13476]  __do_fast_syscall_32+0x73/0x120
[  387.795732][T13476]  do_fast_syscall_32+0x32/0x80
[  387.795747][T13476]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  387.795762][T13476] RIP: 0023:0xf744e579
[  387.795772][T13476] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  387.795781][T13476] RSP: 002b:00000000f50b555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  387.795791][T13476] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040
[  387.795797][T13476] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  387.795802][T13476] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  387.795807][T13476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  387.795813][T13476] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  387.795825][T13476]  </TASK>
[  388.386902][T13484] SET target dimension over the limit!
[  389.084169][T13488] SET target dimension over the limit!
[  390.230304][T13514] loop6: detected capacity change from 0 to 524287999
[  390.329760][T13517] loop6: detected capacity change from 0 to 524287999
[  390.520033][T13523] 9pnet_fd: Insufficient options for proto=fd
[  390.578913][T13526] SET target dimension over the limit!
[  390.610824][T13486] kexec: Could not allocate control_code_buffer
[  390.621797][T13519] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2010'.
[  390.625886][T13519] ebtables: wrong size: *len 80, entries_size 144, replsz 144
[  390.927395][T13544] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2016'.
[  391.122572][T13552] SET target dimension over the limit!
[  391.318581][T13553] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  391.365836][T13545] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  391.735645][T13556] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2023'.
[  391.739548][T13556] ebtables: wrong size: *len 80, entries_size 144, replsz 144
[  392.158374][T13581] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2031'.
[  392.216787][T13582] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2031'.
[  392.597859][T13590] SET target dimension over the limit!
[  393.490739][T13594] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2034'.
[  393.496080][T13594] ebtables: wrong size: *len 80, entries_size 144, replsz 144
[  393.700521][T13614] loop6: detected capacity change from 0 to 524287999
[  394.119560][T13622] SET target dimension over the limit!
[  394.407377][T13559] kexec: Could not allocate control_code_buffer
[  394.601210][  T834] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  394.611079][ T6012] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  394.801153][  T834] usb 5-1: Using ep0 maxpacket: 8
[  394.803582][ T6012] usb 7-1: Using ep0 maxpacket: 8
[  394.807552][  T834] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 56832, setting to 1024
[  394.810682][  T834] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024
[  394.815018][ T6012] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 56832, setting to 1024
[  394.818109][ T6012] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024
[  394.820865][ T6012] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  394.823748][  T834] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  394.826532][  T834] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  394.830158][  T834] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  394.832799][ T6012] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  394.836393][ T6012] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  394.838971][  T834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  394.841319][ T6012] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.051563][  T834] usb 5-1: GET_CAPABILITIES returned 0
[  395.053150][ T6012] usb 7-1: GET_CAPABILITIES returned 0
[  395.054622][ T6012] usbtmc 7-1:16.0: can't read capabilities
[  395.057341][  T834] usbtmc 5-1:16.0: can't read capabilities
[  395.209514][T13641] IPv6: Can't replace route, no match found
[  395.254812][ T5986] usb 5-1: USB disconnect, device number 8
[  395.277062][T13646] loop6: detected capacity change from 0 to 524287999
[  395.999229][T13673] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2058'.
[  396.078866][T13677] loop6: detected capacity change from 0 to 524287999
[  396.262618][T13682] IPv6: Can't replace route, no match found
[  396.784430][T13696] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  396.795384][T13695] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  397.505133][ T6015] usb 7-1: USB disconnect, device number 11
[  397.599018][T13710] loop6: detected capacity change from 0 to 524287999
[  397.644972][T13712] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2071'.
[  397.648128][T13712] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2071'.
[  397.874630][T13720] IPv6: Can't replace route, no match found
[  398.246032][ T5951] Bluetooth: hci1: unexpected event for opcode 0x0c46
[  398.982080][T13743] IPVS: sync thread started: state = MASTER, mcast_ifn = vcan0, syncid = 0, id = 0
[  399.063534][ T5951] Bluetooth: hci1: unexpected event for opcode 0x0c46
[  399.238368][T13756] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  399.256858][T13759] IPv6: Can't replace route, no match found
[  399.267555][T13756] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2085'.
[  399.365096][T13763] loop6: detected capacity change from 0 to 524287999
[  400.970558][T13795] loop6: detected capacity change from 0 to 524287999
[  401.049653][T13801] FAULT_INJECTION: forcing a failure.
[  401.049653][T13801] name failslab, interval 1, probability 0, space 0, times 0
[  401.054969][T13801] CPU: 2 UID: 0 PID: 13801 Comm: syz.2.2098 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  401.054987][T13801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  401.054997][T13801] Call Trace:
[  401.055001][T13801]  <TASK>
[  401.055008][T13801]  dump_stack_lvl+0x16c/0x1f0
[  401.055036][T13801]  should_fail_ex+0x50a/0x650
[  401.055051][T13801]  ? fs_reclaim_acquire+0xae/0x150
[  401.055072][T13801]  ? rfkill_alloc+0xac/0x330
[  401.055096][T13801]  should_failslab+0xc2/0x120
[  401.055113][T13801]  __kmalloc_noprof+0xcb/0x510
[  401.055144][T13801]  rfkill_alloc+0xac/0x330
[  401.055171][T13801]  wiphy_new_nm+0x1217/0x2160
[  401.055197][T13801]  ? __pfx_mac80211_hwsim_add_chanctx+0x10/0x10
[  401.055217][T13801]  ? __pfx_mac80211_hwsim_change_chanctx+0x10/0x10
[  401.055238][T13801]  ? __pfx_mac80211_hwsim_remove_chanctx+0x10/0x10
[  401.055258][T13801]  ieee80211_alloc_hw_nm+0x495/0x2260
[  401.055279][T13801]  ? __local_bh_enable_ip+0xa4/0x120
[  401.055320][T13801]  mac80211_hwsim_new_radio+0x1d6/0x54e0
[  401.055355][T13801]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  401.055384][T13801]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  401.055415][T13801]  hwsim_new_radio_nl+0xb42/0x12b0
[  401.055440][T13801]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  401.055471][T13801]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  401.055487][T13801]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  401.055509][T13801]  genl_family_rcv_msg_doit+0x202/0x2f0
[  401.055524][T13801]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  401.055538][T13801]  ? trace_cap_capable+0x1a2/0x210
[  401.055559][T13801]  ? bpf_lsm_capable+0x9/0x10
[  401.055575][T13801]  ? security_capable+0x7e/0x260
[  401.055591][T13801]  ? ns_capable+0xd7/0x110
[  401.055612][T13801]  genl_rcv_msg+0x565/0x800
[  401.055630][T13801]  ? __pfx_genl_rcv_msg+0x10/0x10
[  401.055647][T13801]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  401.055678][T13801]  netlink_rcv_skb+0x16b/0x440
[  401.055699][T13801]  ? __pfx_genl_rcv_msg+0x10/0x10
[  401.055715][T13801]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  401.055751][T13801]  ? down_read+0xc9/0x330
[  401.055775][T13801]  ? __pfx_down_read+0x10/0x10
[  401.055799][T13801]  ? netlink_deliver_tap+0x1ae/0xd30
[  401.055822][T13801]  genl_rcv+0x28/0x40
[  401.055836][T13801]  netlink_unicast+0x53c/0x7f0
[  401.055861][T13801]  ? __pfx_netlink_unicast+0x10/0x10
[  401.055884][T13801]  ? __phys_addr_symbol+0x30/0x80
[  401.055900][T13801]  ? __check_object_size+0x488/0x710
[  401.055918][T13801]  netlink_sendmsg+0x8b8/0xd70
[  401.055942][T13801]  ? __pfx_netlink_sendmsg+0x10/0x10
[  401.055971][T13801]  ____sys_sendmsg+0xaaf/0xc90
[  401.055990][T13801]  ? __pfx_____sys_sendmsg+0x10/0x10
[  401.056005][T13801]  ? get_compat_msghdr+0x11b/0x170
[  401.056034][T13801]  ___sys_sendmsg+0x135/0x1e0
[  401.056056][T13801]  ? __pfx____sys_sendmsg+0x10/0x10
[  401.056087][T13801]  ? __pfx_lock_release+0x10/0x10
[  401.056106][T13801]  ? trace_lock_acquire+0x14e/0x1f0
[  401.056130][T13801]  ? __fget_files+0x206/0x3a0
[  401.056157][T13801]  __sys_sendmsg+0x16e/0x220
[  401.056170][T13801]  ? __pfx___sys_sendmsg+0x10/0x10
[  401.056198][T13801]  __do_fast_syscall_32+0x73/0x120
[  401.056220][T13801]  do_fast_syscall_32+0x32/0x80
[  401.056240][T13801]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  401.056262][T13801] RIP: 0023:0xf749e579
[  401.056274][T13801] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  401.056287][T13801] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  401.056302][T13801] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  401.056311][T13801] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  401.056319][T13801] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  401.056327][T13801] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  401.056335][T13801] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  401.056354][T13801]  </TASK>
[  401.056402][T13801] INFO: trying to register non-static key.
[  401.176275][T13801] The code is fine but needs lockdep annotation, or maybe
[  401.178237][T13801] you didn't initialize this object before use?
[  401.181263][T13801] turning off the locking correctness validator.
[  401.183349][T13801] CPU: 2 UID: 0 PID: 13801 Comm: syz.2.2098 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  401.183362][T13801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  401.183368][T13801] Call Trace:
[  401.183372][T13801]  <TASK>
[  401.183377][T13801]  dump_stack_lvl+0x116/0x1f0
[  401.183400][T13801]  register_lock_class+0xc39/0x1240
[  401.183415][T13801]  ? irq_work_queue+0x2a/0x80
[  401.183430][T13801]  ? hlock_class+0x4e/0x130
[  401.183440][T13801]  ? __pfx_register_lock_class+0x10/0x10
[  401.183454][T13801]  ? __pfx_mark_lock+0x10/0x10
[  401.183467][T13801]  __lock_acquire+0x135/0x3c40
[  401.183481][T13801]  ? mark_lock+0xb5/0xc60
[  401.183493][T13801]  ? lock_acquire+0x2f/0xb0
[  401.183505][T13801]  ? is_bpf_text_address+0x30/0x1a0
[  401.183518][T13801]  ? __pfx_mark_lock+0x10/0x10
[  401.183530][T13801]  ? __pfx___lock_acquire+0x10/0x10
[  401.183543][T13801]  ? mark_held_locks+0x9f/0xe0
[  401.183556][T13801]  lock_acquire.part.0+0x11b/0x380
[  401.183570][T13801]  ? cfg80211_dev_free+0x30/0x3d0
[  401.183580][T13801]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  401.183594][T13801]  ? rcu_is_watching+0x12/0xc0
[  401.183604][T13801]  ? trace_lock_acquire+0x14e/0x1f0
[  401.183615][T13801]  ? cfg80211_dev_free+0x30/0x3d0
[  401.183623][T13801]  ? lock_acquire+0x2f/0xb0
[  401.183637][T13801]  ? cfg80211_dev_free+0x30/0x3d0
[  401.183646][T13801]  _raw_spin_lock_irqsave+0x3a/0x60
[  401.183659][T13801]  ? cfg80211_dev_free+0x30/0x3d0
[  401.183668][T13801]  cfg80211_dev_free+0x30/0x3d0
[  401.183677][T13801]  ? __pfx_wiphy_dev_release+0x10/0x10
[  401.183687][T13801]  device_release+0xa1/0x240
[  401.183697][T13801]  kobject_put+0x1e4/0x5a0
[  401.183713][T13801]  put_device+0x1f/0x30
[  401.183721][T13801]  wiphy_new_nm+0x1c1f/0x2160
[  401.183736][T13801]  ? __pfx_mac80211_hwsim_add_chanctx+0x10/0x10
[  401.183748][T13801]  ? __pfx_mac80211_hwsim_change_chanctx+0x10/0x10
[  401.183760][T13801]  ? __pfx_mac80211_hwsim_remove_chanctx+0x10/0x10
[  401.183772][T13801]  ieee80211_alloc_hw_nm+0x495/0x2260
[  401.183787][T13801]  ? __local_bh_enable_ip+0xa4/0x120
[  401.183803][T13801]  mac80211_hwsim_new_radio+0x1d6/0x54e0
[  401.183819][T13801]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  401.183835][T13801]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  401.183851][T13801]  hwsim_new_radio_nl+0xb42/0x12b0
[  401.183866][T13801]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  401.183881][T13801]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  401.183893][T13801]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  401.183905][T13801]  genl_family_rcv_msg_doit+0x202/0x2f0
[  401.183915][T13801]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  401.183925][T13801]  ? trace_cap_capable+0x1a2/0x210
[  401.183937][T13801]  ? bpf_lsm_capable+0x9/0x10
[  401.183947][T13801]  ? security_capable+0x7e/0x260
[  401.183958][T13801]  ? ns_capable+0xd7/0x110
[  401.183972][T13801]  genl_rcv_msg+0x565/0x800
[  401.183982][T13801]  ? __pfx_genl_rcv_msg+0x10/0x10
[  401.183992][T13801]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  401.184008][T13801]  netlink_rcv_skb+0x16b/0x440
[  401.184022][T13801]  ? __pfx_genl_rcv_msg+0x10/0x10
[  401.184032][T13801]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  401.184048][T13801]  ? down_read+0xc9/0x330
[  401.184063][T13801]  ? __pfx_down_read+0x10/0x10
[  401.184077][T13801]  ? netlink_deliver_tap+0x1ae/0xd30
[  401.184091][T13801]  genl_rcv+0x28/0x40
[  401.184100][T13801]  netlink_unicast+0x53c/0x7f0
[  401.184120][T13801]  ? __pfx_netlink_unicast+0x10/0x10
[  401.184138][T13801]  ? __phys_addr_symbol+0x30/0x80
[  401.184154][T13801]  ? __check_object_size+0x488/0x710
[  401.184164][T13801]  netlink_sendmsg+0x8b8/0xd70
[  401.184179][T13801]  ? __pfx_netlink_sendmsg+0x10/0x10
[  401.184195][T13801]  ____sys_sendmsg+0xaaf/0xc90
[  401.184208][T13801]  ? __pfx_____sys_sendmsg+0x10/0x10
[  401.184219][T13801]  ? get_compat_msghdr+0x11b/0x170
[  401.184234][T13801]  ___sys_sendmsg+0x135/0x1e0
[  401.184249][T13801]  ? __pfx____sys_sendmsg+0x10/0x10
[  401.184266][T13801]  ? __pfx_lock_release+0x10/0x10
[  401.184278][T13801]  ? trace_lock_acquire+0x14e/0x1f0
[  401.184290][T13801]  ? __fget_files+0x206/0x3a0
[  401.184305][T13801]  __sys_sendmsg+0x16e/0x220
[  401.184314][T13801]  ? __pfx___sys_sendmsg+0x10/0x10
[  401.184326][T13801]  __do_fast_syscall_32+0x73/0x120
[  401.184341][T13801]  do_fast_syscall_32+0x32/0x80
[  401.184355][T13801]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  401.184372][T13801] RIP: 0023:0xf749e579
[  401.184379][T13801] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  401.184393][T13801] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  401.184403][T13801] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  401.184409][T13801] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  401.184414][T13801] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  401.184420][T13801] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  401.184425][T13801] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  401.184433][T13801]  </TASK>
[  401.184779][T13801] ------------[ cut here ]------------
[  401.324007][T13801] WARNING: CPU: 2 PID: 13801 at net/wireless/core.c:1197 cfg80211_dev_free+0x2e7/0x3d0
[  401.326665][T13801] Modules linked in:
[  401.327793][T13801] CPU: 2 UID: 0 PID: 13801 Comm: syz.2.2098 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  401.330757][T13801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  401.333731][T13801] RIP: 0010:cfg80211_dev_free+0x2e7/0x3d0
[  401.335619][T13801] Code: 00 00 49 8b bd e0 08 00 00 e8 d5 a1 6a f7 4c 89 ef 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f e9 bf a1 6a f7 e8 0a 17 13 f7 90 <0f> 0b 90 e9 6f fd ff ff 4c 89 f7 e8 99 55 75 f7 e9 aa fe ff ff 4c
[  401.341214][T13801] RSP: 0018:ffffc900030671a8 EFLAGS: 00010093
[  401.342899][T13801] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff81972ccd
[  401.345088][T13801] RDX: ffff888025ca0000 RSI: ffffffff8aa6d8c6 RDI: ffffc90003067118
[  401.347279][T13801] RBP: ffff88805ab986a8 R08: 0000000000000001 R09: fffff5200060ce23
[  401.349482][T13801] R10: 0000000000000003 R11: 000000000000001e R12: ffff88805ab986b8
[  401.351680][T13801] R13: ffff88805ab98000 R14: ffff88805be81de0 R15: 0000000000000000
[  401.353856][T13801] FS:  0000000000000000(0000) GS:ffff88802b600000(0063) knlGS:00000000f5126b40
[  401.356295][T13801] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  401.358102][T13801] CR2: 00000000f5125fac CR3: 000000004b112000 CR4: 0000000000352ef0
[  401.360295][T13801] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  401.362429][T13801] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  401.364911][T13801] Call Trace:
[  401.365851][T13801]  <TASK>
[  401.366762][T13801]  ? __warn+0xea/0x3c0
[  401.368143][T13801]  ? cfg80211_dev_free+0x2e7/0x3d0
[  401.369713][T13801]  ? report_bug+0x3c0/0x580
[  401.371277][T13801]  ? handle_bug+0x54/0xa0
[  401.372613][T13801]  ? exc_invalid_op+0x17/0x50
[  401.373978][T13801]  ? asm_exc_invalid_op+0x1a/0x20
[  401.375409][T13801]  ? do_raw_spin_lock+0x12d/0x2c0
[  401.376815][T13801]  ? cfg80211_dev_free+0x2e6/0x3d0
[  401.378250][T13801]  ? cfg80211_dev_free+0x2e7/0x3d0
[  401.379695][T13801]  ? cfg80211_dev_free+0x2e6/0x3d0
[  401.381120][T13801]  ? __pfx_wiphy_dev_release+0x10/0x10
[  401.382646][T13801]  device_release+0xa1/0x240
[  401.383954][T13801]  kobject_put+0x1e4/0x5a0
[  401.385211][T13801]  put_device+0x1f/0x30
[  401.386343][T13801]  wiphy_new_nm+0x1c1f/0x2160
[  401.387669][T13801]  ? __pfx_mac80211_hwsim_add_chanctx+0x10/0x10
[  401.389446][T13801]  ? __pfx_mac80211_hwsim_change_chanctx+0x10/0x10
[  401.391289][T13801]  ? __pfx_mac80211_hwsim_remove_chanctx+0x10/0x10
[  401.393042][T13801]  ieee80211_alloc_hw_nm+0x495/0x2260
[  401.394539][T13801]  ? __local_bh_enable_ip+0xa4/0x120
[  401.396023][T13801]  mac80211_hwsim_new_radio+0x1d6/0x54e0
[  401.397571][T13801]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  401.399232][T13801]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  401.400926][T13801]  hwsim_new_radio_nl+0xb42/0x12b0
[  401.402396][T13801]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  401.403945][T13801]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  401.406032][T13801]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  401.408127][T13801]  genl_family_rcv_msg_doit+0x202/0x2f0
[  401.409734][T13801]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  401.411496][T13801]  ? trace_cap_capable+0x1a2/0x210
[  401.412972][T13801]  ? bpf_lsm_capable+0x9/0x10
[  401.414324][T13801]  ? security_capable+0x7e/0x260
[  401.415768][T13801]  ? ns_capable+0xd7/0x110
[  401.417045][T13801]  genl_rcv_msg+0x565/0x800
[  401.418360][T13801]  ? __pfx_genl_rcv_msg+0x10/0x10
[  401.419847][T13801]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  401.421398][T13801]  netlink_rcv_skb+0x16b/0x440
[  401.422734][T13801]  ? __pfx_genl_rcv_msg+0x10/0x10
[  401.424092][T13801]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  401.425508][T13801]  ? down_read+0xc9/0x330
[  401.426677][T13801]  ? __pfx_down_read+0x10/0x10
[  401.428054][T13801]  ? netlink_deliver_tap+0x1ae/0xd30
[  401.429526][T13801]  genl_rcv+0x28/0x40
[  401.430668][T13801]  netlink_unicast+0x53c/0x7f0
[  401.432230][T13801]  ? __pfx_netlink_unicast+0x10/0x10
[  401.433811][T13801]  ? __phys_addr_symbol+0x30/0x80
[  401.435398][T13801]  ? __check_object_size+0x488/0x710
[  401.436852][T13801]  netlink_sendmsg+0x8b8/0xd70
[  401.438309][T13801]  ? __pfx_netlink_sendmsg+0x10/0x10
[  401.439765][T13801]  ____sys_sendmsg+0xaaf/0xc90
[  401.441051][T13801]  ? __pfx_____sys_sendmsg+0x10/0x10
[  401.442520][T13801]  ? get_compat_msghdr+0x11b/0x170
[  401.443984][T13801]  ___sys_sendmsg+0x135/0x1e0
[  401.445302][T13801]  ? __pfx____sys_sendmsg+0x10/0x10
[  401.446771][T13801]  ? __pfx_lock_release+0x10/0x10
[  401.448137][T13801]  ? trace_lock_acquire+0x14e/0x1f0
[  401.449485][T13801]  ? __fget_files+0x206/0x3a0
[  401.450750][T13801]  __sys_sendmsg+0x16e/0x220
[  401.451964][T13801]  ? __pfx___sys_sendmsg+0x10/0x10
[  401.453312][T13801]  __do_fast_syscall_32+0x73/0x120
[  401.454731][T13801]  do_fast_syscall_32+0x32/0x80
[  401.456050][T13801]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  401.457739][T13801] RIP: 0023:0xf749e579
[  401.458892][T13801] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  401.463870][T13801] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  401.466036][T13801] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  401.468208][T13801] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  401.470399][T13801] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  401.472475][T13801] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  401.474523][T13801] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  401.476695][T13801]  </TASK>
[  401.477555][T13801] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  401.479540][T13801] CPU: 2 UID: 0 PID: 13801 Comm: syz.2.2098 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  401.482413][T13801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  401.485292][T13801] Call Trace:
[  401.486235][T13801]  <TASK>
[  401.487078][T13801]  dump_stack_lvl+0x3d/0x1f0
[  401.488360][T13801]  panic+0x71d/0x800
[  401.489456][T13801]  ? __pfx_panic+0x10/0x10
[  401.490675][T13801]  ? show_trace_log_lvl+0x29d/0x3d0
[  401.492096][T13801]  ? check_panic_on_warn+0x1f/0xb0
[  401.493487][T13801]  ? cfg80211_dev_free+0x2e7/0x3d0
[  401.494934][T13801]  check_panic_on_warn+0xab/0xb0
[  401.496246][T13801]  __warn+0xf6/0x3c0
[  401.497303][T13801]  ? cfg80211_dev_free+0x2e7/0x3d0
[  401.498734][T13801]  report_bug+0x3c0/0x580
[  401.499942][T13801]  handle_bug+0x54/0xa0
[  401.501067][T13801]  exc_invalid_op+0x17/0x50
[  401.502335][T13801]  asm_exc_invalid_op+0x1a/0x20
[  401.503677][T13801] RIP: 0010:cfg80211_dev_free+0x2e7/0x3d0
[  401.505275][T13801] Code: 00 00 49 8b bd e0 08 00 00 e8 d5 a1 6a f7 4c 89 ef 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f e9 bf a1 6a f7 e8 0a 17 13 f7 90 <0f> 0b 90 e9 6f fd ff ff 4c 89 f7 e8 99 55 75 f7 e9 aa fe ff ff 4c
[  401.510441][T13801] RSP: 0018:ffffc900030671a8 EFLAGS: 00010093
[  401.512095][T13801] RAX: 0000000000000000 RBX: 0000000000000293 RCX: ffffffff81972ccd
[  401.514368][T13801] RDX: ffff888025ca0000 RSI: ffffffff8aa6d8c6 RDI: ffffc90003067118
[  401.516402][T13801] RBP: ffff88805ab986a8 R08: 0000000000000001 R09: fffff5200060ce23
[  401.518549][T13801] R10: 0000000000000003 R11: 000000000000001e R12: ffff88805ab986b8
[  401.520749][T13801] R13: ffff88805ab98000 R14: ffff88805be81de0 R15: 0000000000000000
[  401.522944][T13801]  ? do_raw_spin_lock+0x12d/0x2c0
[  401.524381][T13801]  ? cfg80211_dev_free+0x2e6/0x3d0
[  401.525830][T13801]  ? cfg80211_dev_free+0x2e6/0x3d0
[  401.527285][T13801]  ? __pfx_wiphy_dev_release+0x10/0x10
[  401.528840][T13801]  device_release+0xa1/0x240
[  401.530150][T13801]  kobject_put+0x1e4/0x5a0
[  401.531428][T13801]  put_device+0x1f/0x30
[  401.532599][T13801]  wiphy_new_nm+0x1c1f/0x2160
[  401.533925][T13801]  ? __pfx_mac80211_hwsim_add_chanctx+0x10/0x10
[  401.535675][T13801]  ? __pfx_mac80211_hwsim_change_chanctx+0x10/0x10
[  401.537490][T13801]  ? __pfx_mac80211_hwsim_remove_chanctx+0x10/0x10
[  401.539341][T13801]  ieee80211_alloc_hw_nm+0x495/0x2260
[  401.541124][T13801]  ? __local_bh_enable_ip+0xa4/0x120
[  401.542599][T13801]  mac80211_hwsim_new_radio+0x1d6/0x54e0
[  401.544181][T13801]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  401.545782][T13801]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  401.547495][T13801]  hwsim_new_radio_nl+0xb42/0x12b0
[  401.548973][T13801]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  401.550482][T13801]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  401.552491][T13801]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  401.554536][T13801]  genl_family_rcv_msg_doit+0x202/0x2f0
[  401.556057][T13801]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  401.557735][T13801]  ? trace_cap_capable+0x1a2/0x210
[  401.559137][T13801]  ? bpf_lsm_capable+0x9/0x10
[  401.560509][T13801]  ? security_capable+0x7e/0x260
[  401.561947][T13801]  ? ns_capable+0xd7/0x110
[  401.563203][T13801]  genl_rcv_msg+0x565/0x800
[  401.564506][T13801]  ? __pfx_genl_rcv_msg+0x10/0x10
[  401.565910][T13801]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  401.567474][T13801]  netlink_rcv_skb+0x16b/0x440
[  401.568823][T13801]  ? __pfx_genl_rcv_msg+0x10/0x10
[  401.570329][T13801]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  401.571841][T13801]  ? down_read+0xc9/0x330
[  401.573050][T13801]  ? __pfx_down_read+0x10/0x10
[  401.574392][T13801]  ? netlink_deliver_tap+0x1ae/0xd30
[  401.575839][T13801]  genl_rcv+0x28/0x40
[  401.576942][T13801]  netlink_unicast+0x53c/0x7f0
[  401.578283][T13801]  ? __pfx_netlink_unicast+0x10/0x10
[  401.579775][T13801]  ? __phys_addr_symbol+0x30/0x80
[  401.581171][T13801]  ? __check_object_size+0x488/0x710
[  401.582657][T13801]  netlink_sendmsg+0x8b8/0xd70
[  401.583960][T13801]  ? __pfx_netlink_sendmsg+0x10/0x10
[  401.585463][T13801]  ____sys_sendmsg+0xaaf/0xc90
[  401.586782][T13801]  ? __pfx_____sys_sendmsg+0x10/0x10
[  401.588275][T13801]  ? get_compat_msghdr+0x11b/0x170
[  401.589722][T13801]  ___sys_sendmsg+0x135/0x1e0
[  401.591078][T13801]  ? __pfx____sys_sendmsg+0x10/0x10
[  401.592555][T13801]  ? __pfx_lock_release+0x10/0x10
[  401.593864][T13801]  ? trace_lock_acquire+0x14e/0x1f0
[  401.595200][T13801]  ? __fget_files+0x206/0x3a0
[  401.596513][T13801]  __sys_sendmsg+0x16e/0x220
[  401.597827][T13801]  ? __pfx___sys_sendmsg+0x10/0x10
[  401.599271][T13801]  __do_fast_syscall_32+0x73/0x120
[  401.600688][T13801]  do_fast_syscall_32+0x32/0x80
[  401.602054][T13801]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  401.603786][T13801] RIP: 0023:0xf749e579
[  401.604930][T13801] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  401.610248][T13801] RSP: 002b:00000000f512655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  401.612564][T13801] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  401.614793][T13801] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  401.616980][T13801] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  401.619204][T13801] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  401.621373][T13801] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  401.623592][T13801]  </TASK>
[  401.625049][T13801] Kernel Offset: disabled
[  401.626270][T13801] Rebooting in 86400 seconds..

VM DIAGNOSIS:
08:03:15  Registers:
info registers vcpu 0

CPU#0
RAX=00000002000008fd RBX=ffff88801bb38000 RCX=0000000000000830 RDX=0000000000000002
RSI=00000000000000fd RDI=0000000000000002 RBP=0000000000000008 RSP=ffffc90000007d70
R8 =0000000000000000 R9 =fffffbfff20c51c2 R10=ffffffff90628e17 R11=ffff88802b53f648
R12=0000000000000003 R13=1ffff92000000faf R14=0000000000000001 R15=ffffc90000007d98
RIP=ffffffff8167f058 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002fcfbff8 CR3=0000000075e6e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000001000008fd RBX=ffffffff8de97740 RCX=0000000000000830 RDX=0000000000000001
RSI=00000000000000fd RDI=0000000000000001 RBP=0000000000000008 RSP=ffffc900030776a8
R8 =0000000000000000 R9 =fffffbfff20c51c2 R10=ffffffff90628e17 R11=0000000000000000
R12=0000000000000003 R13=1ffff9200060eed6 R14=0000000000000000 R15=ffffc900030776d0
RIP=ffffffff8167f058 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080007000 CR3=0000000074036000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000000000a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff853eaad5 RDI=ffffffff9ab72ea0 RBP=ffffffff9ab72e60 RSP=ffffc900030669e8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=6e64696420756f79
R12=0000000000000000 R13=000000000000000a R14=ffffffff9ab72e60 R15=0000000000000000
RIP=ffffffff853eaaff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f5125fac CR3=000000004b112000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000023000000000 0000000a00000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=000000000048d5cc RBX=0000000000000003 RCX=ffffffff8b557469 RDX=ffffed10056e6f86
RSI=ffffffff8bd35960 RDI=ffffffff819082c9 RBP=ffffed1003767910 RSP=ffffc900004afe08
R8 =0000000000000000 R9 =ffffed10056e6f85 R10=ffff88802b737c2b R11=0000000000000001
R12=0000000000000003 R13=ffff88801bb3c880 R14=ffffffff90628e10 R15=0000000000000000
RIP=ffffffff8b55884f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000800063c0 CR3=000000004b112000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000