last executing test programs:

3m19.007123445s ago: executing program 1 (id=2540):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f00000000c0)={0x2000000, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x9, 0x6c, 0x4, 0x2, 0x0, 0x70bd29, 0x25dfdbff}, 0x10}}, 0x4040)

3m19.006735755s ago: executing program 1 (id=2541):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xf, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000040000001811", @ANYRES8=r0, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000010008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(0xffffffffffffffff, 0x80045104, &(0x7f0000000200))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r4, 0x800448f0, &(0x7f0000002bc0)={0x1, 0x5, "5a35c1", 0x4e, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
capset(0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r3, 0x100000)
syz_clone3(&(0x7f0000001880)={0x0, 0x0, 0x0, 0x0, {0x800}, 0x0, 0x0, 0x0, 0x0}, 0x58)
socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)

3m17.359708253s ago: executing program 1 (id=2551):
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e)
sendto$inet(0xffffffffffffffff, &(0x7f0000000780)="25d7fe", 0x3, 0x1, 0x0, 0x0)
r0 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc}, 0x10)
r2 = socket(0x1e, 0x4, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r3, 0x0, 0x0)
socket$inet6(0xa, 0x6, 0x6)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r1, &(0x7f0000003240), 0x4000000000000e4, 0xfff5)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r4, 0xffffffffffffffff, 0x0)

3m17.269178037s ago: executing program 1 (id=2553):
openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000100)={{{@in=@empty, @in=@multicast2, 0x4e21, 0x9, 0x4e20, 0x40, 0xa, 0xc0, 0x80, 0x3a, r2}, {0xf, 0x7ff, 0x4, 0x80000000, 0x6, 0x3, 0x0, 0xfffffffffffffbf2}, {0x6, 0x1, 0x9b1, 0x7fc}, 0x4, 0x6e6bb0, 0x0, 0x1, 0x3, 0x3}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4d5, 0xff}, 0xa, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3501, 0x3, 0x1, 0x2, 0x638, 0x3, 0x9}}, 0xe8)
r3 = socket$inet(0xa, 0x801, 0x84)
listen(r3, 0xfffffffd)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$VT_GETSTATE(r4, 0x5603, &(0x7f0000000080)={0x1, 0x0, 0x4})
r5 = socket$netlink(0x10, 0x3, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x18d)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r5, r6, 0x0)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r8 = fanotify_init(0x200, 0x0)
fanotify_mark(r8, 0x1, 0x4800003e, r7, 0x0)
r9 = creat(&(0x7f0000000440)='./bus\x00', 0x0)
r10 = getpid()
setreuid(0xee00, 0x0)
r11 = syz_pidfd_open(r10, 0x0)
setns(r11, 0x24020000)
syz_clone3(&(0x7f00000008c0)={0x15340180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r12 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r12, r9, 0x0)

3m17.157779262s ago: executing program 1 (id=2555):
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x45844}, 0x0)
sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)

3m16.864636658s ago: executing program 1 (id=2556):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb210018000000000000002800000028000000020000000000000001000004000000000000000002000000000000000000000000f44b010000"], 0x0, 0x42}, 0x28)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, 0x0)
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
socket(0x1, 0x803, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0xbc44)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="50000084100001040000bd8a1d21000000000000588aeb2c10ca673728b1c6abde83d64c6df53c11c5c0131e085a2086cd105efd5560a5edac7cfed30cae5526de166b8c5888d84e7bf26e289e09772d040ff592ec887ec76f5f096ab1d7ee02d606a01e2126", @ANYRES32=0x0, @ANYBLOB="4800738830fe03adcc9cf27faf18d1c254364afce4070039527d96b1c11b7858f96423990710aeaa1e9771991b0d068827c13ff5621a45a33ad2a903bb11c7649d15d3723ab65edf", @ANYRES32, @ANYRESHEX, @ANYBLOB="9def871b7c76bc2852c0eda2e3739b8bf7a8dfe51fcee86703dfc2c8c8e7190b"], 0x50}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
r7 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'veth0_to_bridge\x00', <r8=>0x0})
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000740)={0x20, r6, 0x1, 0x70bd27, 0x25dfdc04, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x20000080)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000004000008000500", @ANYBLOB="99b01d835547694eb66a9386b53cc3bc6196c66e32a5bd1d0ef1df261053d763f5d22cc8f93a8638dc13c3b526b35f54ed5daaba11f1526b5577999c9fc4bd68072e1e4d7df603d8625499e3a3db6d2d6b60310a5515d6d238c39ff6b4972cdfac4eea57a4101c3481090139db98583a395200a9e0a3bc2f7428c597fd9475bb5d94e091d6f7ac87d458da9df8963593b3cc6745b54e56b03babaea4a31c6c2cf0"], 0x50}}, 0x2)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00'})
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000)
r9 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r9)
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[], 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)

3m16.800684845s ago: executing program 32 (id=2556):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb210018000000000000002800000028000000020000000000000001000004000000000000000002000000000000000000000000f44b010000"], 0x0, 0x42}, 0x28)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, 0x0)
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
socket(0x1, 0x803, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0xbc44)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="50000084100001040000bd8a1d21000000000000588aeb2c10ca673728b1c6abde83d64c6df53c11c5c0131e085a2086cd105efd5560a5edac7cfed30cae5526de166b8c5888d84e7bf26e289e09772d040ff592ec887ec76f5f096ab1d7ee02d606a01e2126", @ANYRES32=0x0, @ANYBLOB="4800738830fe03adcc9cf27faf18d1c254364afce4070039527d96b1c11b7858f96423990710aeaa1e9771991b0d068827c13ff5621a45a33ad2a903bb11c7649d15d3723ab65edf", @ANYRES32, @ANYRESHEX, @ANYBLOB="9def871b7c76bc2852c0eda2e3739b8bf7a8dfe51fcee86703dfc2c8c8e7190b"], 0x50}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
r7 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'veth0_to_bridge\x00', <r8=>0x0})
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000740)={0x20, r6, 0x1, 0x70bd27, 0x25dfdc04, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x20000080)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000004000008000500", @ANYBLOB="99b01d835547694eb66a9386b53cc3bc6196c66e32a5bd1d0ef1df261053d763f5d22cc8f93a8638dc13c3b526b35f54ed5daaba11f1526b5577999c9fc4bd68072e1e4d7df603d8625499e3a3db6d2d6b60310a5515d6d238c39ff6b4972cdfac4eea57a4101c3481090139db98583a395200a9e0a3bc2f7428c597fd9475bb5d94e091d6f7ac87d458da9df8963593b3cc6745b54e56b03babaea4a31c6c2cf0"], 0x50}}, 0x2)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00'})
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000)
r9 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r9)
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[], 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)

3m16.429819707s ago: executing program 2 (id=2558):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r2, 0x0, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, &(0x7f0000000100), 0x10)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x6, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r3, 0x5, 0xe, 0x0, &(0x7f0000000000)="255161fc12e31d068d10d1c2bd39", 0x0, 0x1f, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (fail_nth: 4)
syz_open_pts(0xffffffffffffffff, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

3m15.529548474s ago: executing program 2 (id=2563):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r2, 0x0, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, &(0x7f0000000100), 0x10)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x6, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r3, 0x5, 0xd50, 0x0, &(0x7f0000000000)="255161fc12e31d068d10d1c2bd39", 0x0, 0x1f, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
syz_open_pts(0xffffffffffffffff, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

3m13.538794621s ago: executing program 2 (id=2567):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newtaction={0xd8, 0x30, 0x1, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_ct={0x78, 0x2, 0x0, 0x0, {{0x7}, {0x50, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x8}}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e23}, @TCA_CT_PARMS={0x18, 0x1, {0x0, 0x2, 0x8, 0x7, 0x8}}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @local}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x48)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2800, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={0xffffffffffffffff, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="d2ff030060010000009e08f086dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='wg1\x00', 0x4)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r5 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
tkill(r5, 0xb)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)={0x28, 0x40, 0x9, 0xffffffff, 0x25dfdbfd, {0x2}, [@typed={0x4, 0x11f}, @nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x1f}]}, @nested={0x8, 0x4, 0x0, 0x1, [@nested={0x4, 0x65}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

3m12.686643661s ago: executing program 2 (id=2573):
openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000100)={{{@in=@empty, @in=@multicast2, 0x4e21, 0x9, 0x4e20, 0x40, 0xa, 0xc0, 0x80, 0x3a, r2}, {0xf, 0x7ff, 0x4, 0x80000000, 0x6, 0x3, 0x0, 0xfffffffffffffbf2}, {0x6, 0x1, 0x9b1, 0x7fc}, 0x4, 0x6e6bb0, 0x0, 0x1, 0x3, 0x3}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4d5, 0xff}, 0xa, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3501, 0x3, 0x1, 0x2, 0x638, 0x3, 0x9}}, 0xe8)
r3 = socket$inet(0xa, 0x801, 0x84)
listen(r3, 0xfffffffd)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$VT_GETSTATE(r4, 0x5603, &(0x7f0000000080)={0x1, 0x0, 0x4})
r5 = socket$netlink(0x10, 0x3, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x18d)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r5, r6, 0x0)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r8 = fanotify_init(0x200, 0x0)
fanotify_mark(r8, 0x1, 0x4800003e, r7, 0x0)
r9 = creat(&(0x7f0000000440)='./bus\x00', 0x0)
r10 = getpid()
setreuid(0xee00, 0x0)
r11 = syz_pidfd_open(r10, 0x0)
setns(r11, 0x24020000)
syz_clone3(&(0x7f00000008c0)={0x15340180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r12 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r12, r9, 0x0)

3m12.539311647s ago: executing program 2 (id=2574):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000300)=@x86={0x0, 0x1, 0xd, 0x0, 0x7f, 0x9, 0x5, 0x8, 0x3, 0x9, 0x5, 0xff, 0x0, 0x7, 0xc, 0x4, 0xa, 0x9, 0x38, '\x00', 0xc3, 0xed1})
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r7, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r6])
ioctl$KVM_GET_VCPU_EVENTS(r7, 0xc048aeca, &(0x7f0000000080))
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_GET_SREGS(r8, 0x8138ae83, &(0x7f0000000500))
r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_DEBUGREGS(r9, 0x8080aea1, &(0x7f0000000140))

3m12.308467497s ago: executing program 2 (id=2576):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x800000000, 0xf, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000015280), 0x101, 0x0)
pwrite64(r0, &(0x7f0000018080)='\n', 0x1, 0xa2b0)
ioctl$BINDER_CTL_ADD(r0, 0xc1086201, &(0x7f0000000000)={'custom1\x00'})
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x800000000, 0xf, &(0x7f0000006680)) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) (async)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000015280), 0x101, 0x0) (async)
pwrite64(r0, &(0x7f0000018080)='\n', 0x1, 0xa2b0) (async)
ioctl$BINDER_CTL_ADD(r0, 0xc1086201, &(0x7f0000000000)={'custom1\x00'}) (async)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)

3m11.753381415s ago: executing program 33 (id=2576):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x800000000, 0xf, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000015280), 0x101, 0x0)
pwrite64(r0, &(0x7f0000018080)='\n', 0x1, 0xa2b0)
ioctl$BINDER_CTL_ADD(r0, 0xc1086201, &(0x7f0000000000)={'custom1\x00'})
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x800000000, 0xf, &(0x7f0000006680)) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) (async)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000015280), 0x101, 0x0) (async)
pwrite64(r0, &(0x7f0000018080)='\n', 0x1, 0xa2b0) (async)
ioctl$BINDER_CTL_ADD(r0, 0xc1086201, &(0x7f0000000000)={'custom1\x00'}) (async)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)

53.442900113s ago: executing program 5 (id=3347):
bpf$ITER_CREATE(0xb, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
dup(r2)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
openat$dlm_monitor(0xffffff9c, &(0x7f0000000000), 0x40, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000040)={0x0})
ioctl$DRM_IOCTL_MODE_ATOMIC(r7, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

51.073003408s ago: executing program 5 (id=3357):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
gettid()
mprotect(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x1)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000100)={@host})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f0000000040)={{@local, 0x200001}, @local, 0x8, 0x6, 0x347, 0x80000004, 0x24b, 0x10001, 0x9})
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$HCIINQUIRY(r3, 0x400448ca, 0x0)
ioctl$sock_bt_hci(r3, 0x400448c9, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f00000000c0)={0x0, 0x80600})
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r5, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
sendto$inet(r5, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)

50.228736215s ago: executing program 5 (id=3362):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=@newtfilter={0x23d4, 0x28, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r4, {0xf00, 0x9}, {}, {0xffe0, 0xb}}, [@filter_kind_options=@f_matchall={{0xd}, {0x370, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xf, 0x4}}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xb, 0x4}}, @TCA_MATCHALL_ACT={0x35c, 0x2, [@m_skbedit={0x178, 0x7, 0x0, 0x0, {{0xc}, {0x54, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x7fd, 0x1, 0xffffffffffffffff, 0x0, 0x290}}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x4}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x5, 0x8, 0x10000004, 0x6, 0x6}}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x6}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x1}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xc}}]}, {0xfa, 0x6, "5bdc87cff6cb765f46725c7ccf63109479bf5e1c3a19b72781c58e23d58a508f8cf1d86dd4123af9dc10f8d19bc1112e1cc428e9e5935d1a143bb72c58737560d5e6c6716775dac0541d9aa80c47774bf5b43dd0de0c1caa251f7d8b122a6fee95f333ff627a069be268d760e788bbae95c77c4fa773352b8cdb0e33afefdd26c82d937fbeb9d4b0a175a79f9f1952ff17b8550114a0977f2bd0c7a42801c9b86e76adfd4192e52539bbdf10ff3b7af4475b7ea12f3dbd4738ebf98dd1408c0e9f26ba92f6362611b0f83e679a4520d71be53cb81b32378c2c4ac9f759fc630ea0d999c2bd4ee94d4e255b863c21b1eaf7c5ad44aed2"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x6}}}}, @m_bpf={0x118, 0x9, 0x0, 0x0, {{0x8}, {0x5c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x3}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x2}, @TCA_ACT_BPF_FD={0x8, 0x5, r3}, @TCA_ACT_BPF_FD={0x8, 0x5, r2}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1044, 0x8, 0x30000000, 0x4, 0x6}}, @TCA_ACT_BPF_OPS={0x14, 0x4, [{0x7, 0x40, 0x28, 0x360e}, {0xd, 0x2, 0x8, 0x6}]}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}]}, {0x97, 0x6, "f8bbfc470acff28d14cf93735a1d76e9a64992da8d4d402c6670fd7c27a50076a388fa828b334b6dd9042f3952e3d7abd9bdc432b8b3f9c1950f5d8f69c633926955405d934f1ac531bbbb2c24667729934029ce112e5b33a95f04ddc4c30408881d59d1500192cf17edb0c97c11d35c47828ce671d607bd5c73e6272d68b2cc56043b3321ddeb1b69fe724ca1dc773c1a25da"}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_sample={0xc8, 0x5, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x9}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x399e, 0xc, 0x0, 0xffffff7f, 0x995}}]}, {0x7a, 0x6, "714d5dc6aedd79708a3afd191eb0813afdd789405f01c41467d322eab71b33dd6b59a38403b864b909647707a886a952f7d9f882b7b3166dc0e62eb750d747751d432714d58a4b03c2db18d0d1d10fa7727de5c6fc7022706f9251f0758fffef717a547bd787967644d2ebf8e96b9f622320116a5a20"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}, @filter_kind_options=@f_matchall={{0xd}, {0x1fc4, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x6}, @TCA_MATCHALL_ACT={0x36c, 0x2, [@m_tunnel_key={0xb0, 0x16, 0x0, 0x0, {{0xf}, {0x50, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_NO_CSUM={0x5}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e22}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0xf89c000, 0xc, 0x5, 0x6, 0xffff05bb}, 0x2}}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x200}]}, {0x34, 0x6, "de43d141ea23f8aa6ec15f4bca14ab46d8464616605445acb6fa9fb89a4d34f2ebb97de1034c1885427242d23d95f57b"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_ife={0x15c, 0x1b, 0x0, 0x0, {{0x8}, {0x48, 0x2, 0x0, 0x1, [@TCA_IFE_DMAC={0xa, 0x3, @random="84fe0bd5ff09"}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x8b000000, 0x1, 0xd, 0x4, 0x7fffffff}, 0x1}}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0x7, 0x8, 0x1, 0x5}, 0x1}}]}, {0xef, 0x6, "2368f5db6283babbe223f6057083ebdfac216f568553ff1ce70252099d9a5afa8d85602f73fd91170520213825612897130162ef21e9fbcfae265032a7c9cefab9320bc952c8faed75c78e514df2c418b0831e10bddfeecdbfb24c1fa438b253ce080e1a20a2095528796a5bac5647cd1d4158d0940cda2dd57e2794c1af6d045eb3b2a041a52229fa337e9a81e4125b437515da587cc43d4bc24b4d854f4ace9dcd28ee46697d441f34f97064be7525326aebb57c8b850749f325481f8dcf54357fd65ca647a588900eefc5beb754c6159c77d7f7badf992c5e4d417eee27bf9df68f27d54f9873974a44"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}, @m_csum={0x15c, 0x9, 0x0, 0x0, {{0x9}, {0x100, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7, 0x81, 0x3, 0x5, 0x1}, 0x37}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x3, 0xb, 0x6, 0x7, 0x340e}, 0x67}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x2b43, 0x7, 0x20000000, 0xfffffeff}, 0x1e}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7, 0x80000000, 0x7, 0x4, 0x3}, 0x15}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x9, 0x3, 0x3ff, 0x1}, 0x55}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0xd4fe, 0x3, 0x7, 0x6e}, 0x58}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7, 0xa4, 0x5, 0x3, 0x9}, 0x29}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x3, 0x1000, 0x1, 0x2}, 0x6}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x2, 0x0, 0xbe}, 0x50}}]}, {0x32, 0x6, "65faad01a3026f2e9128d65729168770365612963328b10c1c7759e863615a673930797a5cd3264c6567fefd02da"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}, @TCA_MATCHALL_ACT={0x6fc, 0x2, [@m_simple={0xf0, 0xe, 0x0, 0x0, {{0xb}, {0x8c, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x16, 0x3, '/dev/snd/midiC#D#\x00'}, @TCA_DEF_DATA={0xd, 0x3, '/dev/kvm\x00'}, @TCA_DEF_DATA={0x9, 0x3, 'hfsc\x00'}, @TCA_DEF_DATA={0xd, 0x3, '/dev/kvm\x00'}, @TCA_DEF_DATA={0x7, 0x3, '!H\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0xbcf, 0x3, 0x1, 0x3, 0x1ff}}, @TCA_DEF_PARMS={0x18, 0x2, {0x9, 0xfffffffd, 0x7, 0xffff9f67, 0x5}}, @TCA_DEF_DATA={0x9, 0x3, 'team\x00'}]}, {0x3c, 0x6, "76cd2dbdadaeb19d760cd8c1ef23ffd368135992e89ac89f22ca6a60829fbfe26314851adfdb885ec0ab9f76b96780ff7edefa0608e88e99"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_skbedit={0x134, 0x1a, 0x0, 0x0, {{0xc}, {0x14, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x8, 0x5, 0x7}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x7}]}, {0xf6, 0x6, "85ded51e1e02f4525eaf0abfb0c02a127c1abd7986f5812fa45b1611fa109113f21835ca5555baae0210d6720eb35bd4440d641f863a0068cd81031a82573ca72f6b6186597895f84c63b2607da9d9c6c41939b72ffcfea89f6dee5d97839b17010b9a9742710ded7d8861152d0136e4f2709f1751be5a6b04b3eb5864f966d2c063f5d4f55e83e66aa3cecc940cbe5a5ce0d436c29b0425779dca654ac7a9607a03b5cd319421552b91dc0da779a53c0b9af2f08258e66338eb0a68e38664ef98a95bfb840e0554621a9c3aed7c5f2ca81be4dcbeced8e73c7bb09d8983f136772b955fa5c37dbb1e74fa20b2e24d36533f"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_nat={0x21c, 0x1a, 0x0, 0x0, {{0x8}, {0x144, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x400, 0x4a, 0x3, 0x4589, 0x8}, @multicast1, @rand_addr=0x64010101, 0xff000000, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xfffffff9, 0x80000000, 0x7, 0xfffff235}, @private=0xa010102, @broadcast, 0xffffffff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x2, 0x3, 0x0, 0x8000, 0x3ff}, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xff000000}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x4, 0x3, 0x1, 0x800, 0x7}, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x101, 0x7, 0x6, 0x1ff, 0x1}, @empty, @loopback, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x6, 0x7, 0x0, 0x6, 0x6}, @initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010102, 0xff000000, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x9, 0x0, 0x20000000, 0x2c1, 0x448f9206}, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x12}, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x7, 0x80000000, 0x0, 0x1, 0x10000}, @remote, @local}}]}, {0xb2, 0x6, "582b2d7118f729e6c46a2b333a1c1e66c89a3dfaaa06b56976babb872f8b150ec92fd97c833248f4973082df64ff462d97f4ddea80f0df8e082aaf286ff435f398af93625134eb711feee2003f7606af89b6874b0d2c7f79c6e2f72962f2e5bc78e162aa17cc674c6d77bf5b4b05f6d7441338e019865138dc7a6d8f39a055ae965cd0eddde6c4d6209cb402eeed57787abaf15f09b1dbc0448e799af7fa7dceeefa792ff62121dec836964c7fee"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_tunnel_key={0x5c, 0x13, 0x0, 0x0, {{0xf}, {0xc, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x35}}]}, {0x21, 0x6, "22e24781cf12c117258191fc74ad7413177e998be48ee9af2eac5f8a83"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}, @m_mpls={0x4c, 0xe, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_MPLS_BOS={0x5, 0x8, 0x1}]}, {0x18, 0x6, "f014d01e6f5aae7be4483b421c37358161b91e45"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_skbmod={0x134, 0xd, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0x7}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x99}, @TCA_SKBMOD_DMAC={0xa}, @TCA_SKBMOD_PARMS={0x20, 0x2, {{0x6, 0x4, 0x4, 0x1, 0x8}, 0xe}}]}, {0xcc, 0x6, "65bf503cbe29b726be876b936dc273a754ef6bf842ec54c47ccfe8c66076237d26ca6feeb0211c80ffda5fd6937a7044867ed32665e45e623c44d32b1e0199dad13eacbe8a37866bc7f7861324264c57d48b67d038ccc3a8ca019d45ee2dad03424b968a0075dd64d697b269b48728e03a47cb11b5327f6650d1d2318e8a42e049404412d14240244eec3cd52349b8def242f786aeef3de9e9aa5b19b1820c7d14d2dd7c145cad5e742bdbe6da83b145dd560431732ef963f20a3477703ad1a53109309dcf760a45"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0xdc, 0x7, 0x0, 0x0, {{0x8}, {0x10, 0x2, 0x0, 0x1, [@TCA_IFE_METALST={0xc, 0x6, [@IFE_META_PRIO={0x8, 0x3, @val=0x3}]}]}, {0xa5, 0x6, "446a8adc3db4442dad27444f88f2a0e403802cb63b02537c66af2f5ee50fae1b6f7ff67a90ee7866938654e72032a95162fbda773a610baf8946c9db4cec88b520812bb13c44830521e5ec9ce7acb345936d7cd08b96cea9af4d08e33636c47cdafe45e6480d23cec4d72af4407da2caa7c8223d2880f1d972af2dd2dcbc245a4f8593e5c1e77871cb51ef15b3b9affbd2efa2df04f83fac22a7543e01b3bdee1f"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}, @TCA_MATCHALL_ACT={0x1548, 0x2, [@m_mirred={0x10f0, 0x15, 0x0, 0x0, {{0xb}, {0xc4, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x80000001, 0xe298, 0x7, 0x101, 0xe6f}, 0x2, r1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0x5, 0x4, 0x1, 0x2}, 0x1, r4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xa7, 0x5, 0x3, 0x2, 0x8}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0xffffff7f, 0x10000000, 0x9, 0x3}, 0x4, r1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0x9, 0xffffffffffffffff, 0x4, 0x8}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x4, 0x400, 0x10000000, 0x1ff, 0xd6ab}, 0x3, r4}}]}, {0x1004, 0x6, "17d7c5f9087f30b21ea0e8d05997490f4c4de2fffc8eb72ff85b041ef0e9f1bb7ca4cfe808267bd9c34f3e4cd84c5adcfdee1add154ec133fe72e674f05ca439f8b7fd634d457985e248cf2b1ace896777aea7d58688a08524596e442f4bcf054bd06362b5e442f29853e01777198436f379b11cefdc2f789c70f6713971cf9ebb4d2342bf6de31af476de36e2375f10d7fb7a5b3896684bcd813b94f2a2cd2eaec48c87c2b2b90d6d861efdaa96f11ac822c6a58d95e8affe48cb99359508d1f73daee52009e408542e580e8a87714ffc5d2c411294391068089659cc4cf950dab29fefa969f64c944e070a75d57d92af72f6ae250983a53989fe74734bf26163d192c67de845afdaf569114944840376714f006d16a3dc50fb5d8d2a80e8810b51581a3f2f947497bbdff7e88c21bf59d1e753ea5781acab916a6ac3c7128fe22d76626ff32e3197fee021063ceef5c5fb41292ed7ca1173ff6032be1416491c9452d758e004a525c1f6800fc2019bf70c782305308fdd144dabcaf4fee989945c23662cd77be4511e4f4619cf1b2d16ecc0420d7791c7fbbe626220c02e665d6bf8c826695c3bef39f8c073bd642a7a8d1a746b7d00079440a2b6d97e3d50aa449e4e1693dd5946ed9f2589bca1e306681ac7f3d7a3a11e5aad3baeb35019d1aca5301945810167c6dc07b5c7c138bbb9c9963c2ebbbc1389f516c00b076bda181c0dbfa159bd3254302abf142b636093cafb9f160708f92e566cfd787b152a94cda8e4e8be07e957bfede4c00cb294efb65cc0cdf07cdc341c18c30ece97f069e34cd597b77ded762d0f582d6163ff69db3c65c94fb5aff1aa637964b105cc8af549a85f8ae9b15bd0bac908246396ff944e660f10fd002ae0e669017e7d3fc6f58049810a522d539a83174edae777ae3938b5ee0a7957389240a3be0813e4134f0e8886fd740fcaea7c30aa27a51504417e51c7ee81955e7e280b43c3affbdef0d058ae70985a755819d05eb531ca5c618d2a450b7ac93d5fd996595b5d3029abda34d6f19718fd908f730ec327154c08dec782904e82a25acfaa82f66ffd47418c48f53c29433286a0adb125cf8da1bda9a2a8505806fdee65bfc7e622a10f78ea04841f5b36513de1f46ec8777257d5df3c1df9261080b18b39dd10e76434df5fc5b71984cbe43f91ed41a17e09e7180955583df107eceaa05b4a8fc434922f5824ab7829ab1902f4a7fd6728771c8a62604c3cdae50fe9fa3ab2892fb5ef19d37dfa84a8b8df21c8728bc1d84f271adfd8cb2eb5e497be5d4b2adebd15ee10a92be41fa1773759997c91b3cd0f263c7ee55397707370fda99147f3443967dc995f556c14438bde8eea0cdebabb7401f601e78b85e605404c17bae8498dedc38e64a6295d99198479a8b2867149f16cb952c69dec567b5fb150a17520930d142f4723bd80887b62ce8c0ead70fc18bbad0a49fcd169e5e8601eea01d0142befd33d80019746a523772261abec8bbbd66bc2a8263db6e48deb95448899241888ee25be1f60eded876653fa16cca12eca1b8e80732c0ec1fbff9df4ac7c9626f4d8aaaf166f453716a9b586aeef58ff8dcf6e2cb472570286006d221392bc45c46f4b1f542631a4fccdba47641e1e6b4bdaa06e7760dcd4f7e5d74122b1413273f07690491b2c12a7168bac8dde26f02b76727a99cf93229ad2fd2e978058046fe5dd6f3c49cc432ac6b1b5aa8a44ceb642a970526d3e23724790698a1e80b0f54b770b3ab8d88089579af2a160f7c725797c6e1f81962c592737b1c56b8499fff43f4f3aadb740f7905c77478a25d48c66f636a552de07a36e124fbda94fede8145b7ae15746c1ffb9bfd41ccb2d75b91a1949facbd5a57fbad07dbedc1636960a42b43f3e3a467400fa586c9ee62df64f70b50ca20347bc32e94a691313e2ba1311cba9b65f9461a8b0c3c43a1e54d09680fb081c6d349dd6719ba84fffd1ea92538d87ebc394e37a6e359a86e99125018d454564a6e33035abcb2fc952fdcb1191baf342451c66e52679c02c995a3bc949b482500716b202601a71c27056484f21eba444e9961741d064560f9de267d031194a2258b53d65783be55f795da2343d2d180a4c60ece4d35141d9459a90cd16a5c11e5096ddd48178b0b64e0770515d9c1097b8efc5d6b9eb7fd491c117e547d7bfae1db4e989d74fbc81f2026eecbb634ae8ddbc968e7af10a791d50e3e9fbe7ffc75c860e1773a71da9b9f1031dc043a794e4591e286c57ee08cd83f0e8d1dfa196b99af8c4a27079ffabfb5c3e732e36951d6616484096bb662bcf90c55c0d9c139c48f58093b293d8650d280d1682934ec291abbf371d88340bd53cac3a79cb3dcf518079bff6cfbe9e71804abfaca632522e4a8430c197d0f71d195a9105e70103401b03d9d2f556528d32e6785f23c8881ec068890f0acac1fe25b67bd55dfc466f968464e4f712556152b3ef863f7cc65583f8acdd5a03cbc53742a2b58ef5df4445c426f503830cb88b075e60c1ed30f8ac68800f56d7a7797ee3ccf66ca4ba52c2c304516cd7d901a6f45584218bf1487b9b3f82d9004fa845185c0ed0890b500426f8050f8a2a129c5bf535a0d848e5dda80a15071470df6a808cdfc43dc03d8156da32c373a1cd782f380c8c59d6b12a543ce9fa9fd4386153741880159dc1d42898fe3f0a5313e3eb3f3e65e3d59b01b454af7ec14d1f274156114d68f4424b7c3cf6f99e6aa1e07e617ab8058443527bd12b94b5ec95c1f100cc4ea97a0e6033cf99d5abb3b2312a263bbc469664e8ccc69d0c14ab2224b2e1817c91fc25f43203315e099bab91794403c021912ae905b9fe6ae0a47a63dff835ebe65ff78b2ec3dba6ac0097d6c9fd95f7d41145296b3de6229cdd4881d4bbe0b1c904e3fa0d83f2d1c72defc99fcf713a553bd19493285a600aba40d2d80e9fa67a412fadf4d724e1535ef1dc834575191de9f735d77739de5425bbe0b301b654f16f25ba5f21bacc561ce130c71c9d777c2d85133a4259065534b8b2c007f8baaa0ec03b02a4f86aeca143251cb6bf005ed133504f19a2775d5b37fddfd33f05c169e3b3755c715837b2513ce884fda531c1136ab8d42bfec6225a8ab15e021072a07d08f4eb4b2b40b048d4341f37626c109157a1ca8aff007a43778d38c34e588f8be47b7e5a757221d32f3b3474d03e22a7e42c4f8b6669dfd758ccf20f41907311a3a8fc89bd095225c5238b9e683d14a97bbbf05bac9eca19f268cee496fa142d49033d333d742a0f2efa33dfa839e7c44b841c8ebc93c652a645752c6d81c4d156f8771f6db56c0cf3c15e4d1b6dcfc4285ad13227ad1996347f38d46af8622fbc5bcd7abcea0db0c23e13c2a385e91c8e3b6e789173cf9ac4fdbe884132cff049178caf30df57daad07442884abf2895c7a847ef8b995e75b812a87490baed6594854292da270f792f21573184da7478cbd8a6386c9161dd1c9c8483a656e436a45ea979fa0939a8ac2bdea5be724cad144dee6ebff79119b484ca04cff2de4b9f09f0a9553145e2fb7cb9da623f49040382bfc1bc3914914854c82ddc4816d242123482ad00bbf56b946aa15c6d4c58d75d4903fa99f1316c5f0da48e34b75dd4b54c5066051fb4418a38a2b2c5ffdf910a04a47e8974ec2107caf70a45fdcf74fb67b97573e57ccea49364efeabaed610f7e2ff1130cfebecf649337a655af3ec3677de2845f05f31142fa87c3e8b9af942ef179a338f847d1ec48ba769e429112d4040be62993a936ef9dd7c0364837171edb9ea2029b3bba7eba3c5dba07d349f66d156ab726aa1f743a53303e4add181327e535d50aa93a96a64877361a6ad7756baa3aa47e5ee663fc567eb827ead9ef0ecd359465a92ba779569a85fcd753c48d38c439e2e52084cfe1d327d33d3921768f08a123e02f7d15f0f07a7059caa8334ce14ce319983f1b39ed8ec25f84d210f4c2b9571b5bb571cb543dcb978c0ffd1eff1734735fc52465874a316a8d554c681a3c9897cdbf2e3bab84479786a16bd69bcc689f7854cee924c440847db1ce4772f9723befa8ac6c1104f57d299b4eb5236f5f2768b5f864824e116e347e216a94237582d16ab2abcaa878fd82c806441a9618ab85cc7fe736cb468469fead3061109deb0c0dc7aa24e5a5cfb90dea325f614ea1108c259728a03fb4e66c714ebecdff1a275623c0762bf3f7a4c3e1d8b041f8ebd564cef4da3019c152508c9893e6e45a377a871955834990a5cced043ae064d9fbb3e2388f304da52f3350268749e2058d95258adf38cc588fdc0b9d8e71c045476101f065793648f00314c4aece697f9e1bd5722e242310f8fecc2a3e7b6582fa0173e41801520985eabff4b018dbc93d64852743d2e93b6b36aa8dae0d38055198216d74bf87ca47486d94eb3d04cd6796211700070662b9005ecef3786506a6910509a879dc42b63d85d8b654dbbe351d342d2be022c6ba94d4267a48750fcb841d88abaa3972f227468fb8f6c720668cc6b5d4f64041ec13742125eddf427e60fda2650256a53de90f0d3f5e100e15b3c3dbecd7def31c645ef59db4c1006d21dde7a93fdb9826a63d8501b889dad82e2f45831cd13ca5565c72c227902b49c542475f9dca60bf715b9f06d61c1f58b5e04ff28703879b9c58baddbde3f179c7f855c91a15d47bb7b13172892b0adbeda979368fd40dce6bad5f792d1d4fd39a72543a460efcf007cc01be9414912a73581e6a04d8b5de1323842e92fdfc4e0d56684f2710225cd1b5b32ec1ed6782778911d7f50942728a855ee1ce469cfc82d01e95c2668b34d9f521885a83b0cc186c594774115852a35c84ffeac83b735982cb675d5aa01bf6fcfe6302e032cee9bfc90ce331b0245dfdd24c21964f753575fb7a258abdf3aa6af71a9829ceeb2add1ea75a7f80308cae227c9e8588b40e185629fe3613713dcee3291347927b2fdda890222d5e602cea481b2a641fa748055610d9914b3b4286cd9350129c29017f673cf56d836ea9b3baf045772cab7e4d08e0323bf9e40cdb0788dcc81b479d986e81cd11ba985d8071737b75007faad283b95051366e5b0441366d7744ca5ab3c7d783e6a4c9ed1c06e2237e10451cbbd74eb7aa07f92e39aade10a88b91638825a11b8f9ffe587f3434ff1724c88467fe9b0e4e0955974f341d5b4de4b8d1f4fe32c8d36f8a00f433acfddd8db2300c746a998d974312a80c9dcba405900870d69e5098b5d6c674aafbab1831cae047347894bd890881f2e90f50eefde5964c75f2808833be52796e6f8f9ec05fe034758883ad25bdc6655477484cba95e83b44464cb4e0b84564393b9e23032688b88942c9a51f85a6bc934ee24adaac7e0dea5c511b8d6ebf73acab729280fd26a3d47983aa9b6c7db6e30910539cd07f5a39e0bf35586e330278cc49dd354d2585419e5d553850d5d2923a0d465d2e9ef065909a8d068ccacdd668d688b11a0ca21365a1e4a626257c12dcfe32d6c6255cae6e523f459441e91758b202225389c9414fb6fffb47af99e1cd5009f312720dae8e6f0c0c74f2e6c8612aab118f3b363f4431c5d3675602b2d7b18f07f11a5e7679435f5baa66a6c6af9bc7f202e670cffdae72f5879c89a37ce9129aa954021f3981e720039dd0e4b755fdeb70b5b4d238590bcd1db38401b8e3406ae8bc497bf999dbffd91a4b553f4f83c00418b3a2a190ecd0e7b533d74c1bd0f1fcd641c56c8489d97d738908b"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x6, 0x5}}}}, @m_skbedit={0x78, 0x1d, 0x0, 0x0, {{0xc}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x5}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x7, 0x8, 0x30000004, 0x9, 0x7}}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x14, 0xf}}]}, {0x21, 0x6, "b8d3e615df6d0bea2941deb2f11529d2d778b3cb752d1fe3ff54aa6bd7"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_skbedit={0xf4, 0x10, 0x0, 0x0, {{0xc}, {0xc, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x5}]}, {0xc0, 0x6, "1a128061dd395817de04fbddedc1ed1a18d6f177bce492effd64d1bb0fd078aebfa6651c9bf1702d10da410ef18db216c11de6cd00768c95ba31e41725abf4477ccc033d3c91c6fd8665ded62b36e81c106cce97cbbe0fb5daf4d1efc15f2aa6644e825bbc1562a8f452d869863a9d25e2b6a4b0a93af8f08ae4a96517be62235355facf3aea999721e6668bfa7d10ca52c9639e3192c97f9615b4fef6d68df9a630b7a26e96a7ad32eec6be8db788600e7e8ae1eac87205d3cbfd10"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_vlan={0xac, 0x11, 0x0, 0x0, {{0x9}, {0x58, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x7fffffff, 0xde6a, 0x1, 0x7fff, 0x4}, 0x1}}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x37b}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x1}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x7fb}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x7a2}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xc1f}]}, {0x2c, 0x6, "54d6a914244290f1d7c1926e9278144b2fdbf89c837343f45bd96862856606c12e5fd7f2bd50b20e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_sample={0x48, 0xd, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x101}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x7}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0xfffffffc}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_nat={0x12c, 0x4, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xfffffff8, 0x1, 0x10000000, 0x7, 0x58f4}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0x0, 0x1}}]}, {0xdb, 0x6, "7e8f5d23677ab38396e64d43b9a3e255bbbb658d638c434e637fb4bdfb12b271dc7172cd49c04c3135b24cd343cf699df95ab1e8c56eb1feb62403c99c844f06be4d444842d9bfa03d2ac861a7a3b8f2afb05aacca202ef57b33e6e89ca570aea6fa60cf04693fdb9e6d100f33d51f1f71b9e0b0d78247d7c690e65bd8370bb4338dabc741fea15946677765a3e05ff56276ac4c12c82e9a18c6ed61986a75f390540314498aef269861b34f31b555810b6bbb2f763c2b6389177f1613ba4aacc495bb36de0e3ca6fbe6fa4131a4af3cf7d751d6c104e9"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_xt={0xc8, 0x12, 0x0, 0x0, {{0x7}, {0x4}, {0x9f, 0x6, "6a702862dceae5913ea89093be400dc66483dc4c33e84b9f302473b8e0163e21e8657c7cd9e8827f0a0430786839c34f33647030a1b9bb911f0c34c6738ded3c5982a37a8f7372b679c781ac924b6ddfa5f2be79fb63004235030c336857b0219e6cfeecfe388f67aa57a1234569f3f1114eeb5f80eb850416d3eb6f8ffc9c2a6e8fb81caee83e3d5856d7e43cfb1dc0c974616ff2da81847bc926"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xffff, 0xc}}]}}, @filter_kind_options=@f_flower={{0xb}, {0x40, 0x2, [@TCA_FLOWER_KEY_CT_LABELS_MASK={0x14, 0x62, "c2a2209a0363d53448302e2d6a028911"}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x5}, @TCA_FLOWER_KEY_CT_LABELS_MASK={0x14, 0x62, "ac8710e63fbe6d68f5370c9b21c64d17"}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x54e03d2a26072ec3}}]}}, @TCA_RATE={0x6, 0x5, {0xe, 0x8}}, @TCA_RATE={0x6, 0x5, {0x7, 0x8}}]}, 0x23d4}, 0x1, 0x0, 0x0, 0x810}, 0x40c4)

50.090465944s ago: executing program 5 (id=3363):
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x40, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x4}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYBLOB="0374bd9e011f000000000000001c0012800b00010062726964671103000c00028005001700"], 0x3c}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x40000d0}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r5, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7})
ioctl$sock_netdev_private(r5, 0x8949, &(0x7f0000000000))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000002d00010026bd7000fcdbdf25040000000800090038eac20000b9c80bfd8336e7d0f106ba5817ad33d714c7982963a7374b1e5cc8a54b4f406db0081eced4d25503fe378b273e01984a642c811e2bf4335b6162cd768f004c1286e41e66994b5912d7d50ce095319cfc3857d9ee8c91b929541ee25709017480cc771e0c034724599367254615d62b40cfd58f2e3574a6ea76e70415994f7d44b6d1da1060de9719e48a4d8b486f4f8c601518"], 0x1c}}, 0x20000000)
socket$inet(0x2, 0x2, 0x1)

48.668359929s ago: executing program 5 (id=3365):
bpf$ITER_CREATE(0xb, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
dup(r2)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
openat$dlm_monitor(0xffffff9c, &(0x7f0000000000), 0x40, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)})
ioctl$DRM_IOCTL_MODE_ATOMIC(r7, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

47.882222399s ago: executing program 5 (id=3368):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
setsockopt(r2, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
listen(r2, 0x8)
accept4$inet(r2, &(0x7f0000000100), 0x0, 0x80800)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000080)={0xf0f008, 0x2400})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)={0x24, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x20040044)

47.818840756s ago: executing program 34 (id=3368):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
setsockopt(r2, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
listen(r2, 0x8)
accept4$inet(r2, &(0x7f0000000100), 0x0, 0x80800)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000080)={0xf0f008, 0x2400})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)={0x24, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x20040044)

3.223106859s ago: executing program 0 (id=3608):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x0, 0x0, 0x14, 0x4, "c1c19c5f21c44452668af5861e2128193251e4844c0b9c38215ae7b5d4fd52fdc9fe5c91f8c6ef51decfbd4938ea5fa76f0ea8d7ddbc8ba631dc3185809a98d9", "d3b9f0cc49d77028a754094e540e9cf9d85af52a5f27a33e7c51d270d49e2449", [0x3, 0x101]})
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfffffffe, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8, 0x2, 0x80}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

3.052968862s ago: executing program 0 (id=3609):
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x5, 0xe4}]}, 0x8)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001280)="bb2d839f3bf337ccd0d8f3513ab30aba4b00b6f0ef506a60f4082ace5a8a10d80d8d595071f2ff529ff6996481ffc7e4de448343b85079722c4f1a1ce360836392283201a1a5ac0b6e24ccf9f075c64fe58b7a37d37019a49908876bc37c9f304eeefed8a6d8cae3ca0f81e900c8735b8b3063967b68a1567e30726f2c0edb6c85e78619700b0645b728a0c88b22d18366a6db2e391401feb630396bf42b987b102eb2d0a804e188648df6c8ddd79e0fde3893930e06e91c39cc01d239a1c20cb0cee84da9", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000001380)="66b04ba69617e435e9f9df375eb813c13178ebe4c7f6250388b4ce67caef2b5b89a2cb401e033b8b80e97a86e758820a9df18484a5d79979116337eff4c1964928202a2d68f3f084f1247533693f80afe24c188341d1e57290235cea03629a99cdf9d0d9d0d5b2da0c598158b9118f19bd80a5d72728512bbc57685e054471c0bb135b191c469e9e220e0a4df89ec5401804404b0e9a8c621a78e2f560e8e5861c80e43a1db32fab16533516de3ba34903b73b5cc60b25b4b214909cbdebb02092808c93ebc98f8796ac9d8aea03bed732b35bf2233e7ce6df3063a1533274ef8fa0fa38890f3b207fff422433ae149fa4b83420287c69f320e6022919baf72cc14f3fcd2b9956bba700d083ec7d94a3c175e15125221dc8d6693eb168eac40f7141d3145d385e02b1c3a9e76c376921e067d3a9908a08ed360d048f9ca3f698cf64b461efda46a5fa216072b7120fbccc0516d3d662ec590e16616bccc4020f9188d32aedae93773e2c87412623b550ef03df4171a222a3d1b3237f9a6a07b941c86cb40340c0e86e4dcc5298dbb60c315e615ff7e275452782094abf3b6c13d427c041e2d3249199c0b68cb1ab30d6783641613d98b052a558163e7ff9b20e8157d817f56c97685968f260fc92464ec48b29c5c71d4af65c2093e4fb78adfb9118f64fa59f0876513efe74a51f4725db8a8801176b787034fa8be1ca0dfbad5a66d2316fa4f03b82e3f4de163a46893ca6e2e970609f68e91dbe5b53fa9f892fc196a8908e43a5d75c3ee9e14f980cc21d9bcf282734769e208fe3744f78124261957fa29a1ee25d99f61bc56e9be75c53d1ab9ef92a31ee21809f6656a1756d17acacebbb97d652ed4dc024df8534877c6c9a2012b21b2b0d935230527f3ef3bb44fe44ad2da38d4b390ad71c74a4aac64d128b9dbad14ba63dc1132e24de2d5c8cc952e866676a9cb672893fea4f60edaa0113c846b5b5f5abb9ef4b44fdcf48101137ef73bdac27b1cf4f0e136f8e262e003f479853bfc2c6f7a56e5202611fa4450b66bb6d04676e8c82c1b8c6ffd16305e9310222ef34345f5c8aa563a5c0c4a5b447178ec469106a1c6d56ff6495c2983c9459a34f137fb2c9c65bd909c83aceb300e7361587a7a85e12d1d23c8ab4b9e70d7522d53bfe911c553f28acbc5625de6347b376e044c39188ee1ccb7782befc0b8e3ec95fc20fd6bd9b5d369b20fc45f5b4d131bfa46c1cfaf962ea4f69d2cf08846e3f919fb6aae8eff7755b90c9d27e1463dfd4f4008a9a745fa6c764d4884c9a64b092dbd6aeceb443085f273cecd142b4f2ab18f4d323ebf1e44330622c3e41747dcc0882368b4f7bd7331797afa63f84e13c36d2dda49c3401ae8982b35a934570cfa74b3956c85538fbdb3240ff2f06a18c145fd35b7a8460c37e9b2781ace2ef0eb12dc7efd58dedc01245d80ec39ce3a5c0e50a8d601d9ae621023e6599bde7daa89063ce7cd8563dadb805d3fcb30b41737c4410151f64328e02ebfdf644", 0x438}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)}}, {{0x0, 0x0, 0x0}}], 0x5, 0x40000d0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x4, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="180200000200000000000000000000008500000011000000197232e72a514c3a"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x7, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
select(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00')
syz_open_procfs(0x0, &(0x7f00000001c0)='net/vlan/vlan0\x00')
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r4, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x10201, 0x2, 0xdddd1000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
sendmsg$NL802154_CMD_SET_PAN_ID(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="010058a67000fedbdf250800000008000300", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x20}, 0x8840)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000, 0x1}, 0x20)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_RECONFIGURE(r6, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000003000000080001"], 0x28}}, 0x0)
r7 = socket(0xa, 0x3, 0x3)
setsockopt$inet6_IPV6_RTHDR(r7, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="08000107ba9f9355"], 0x8)
mmap(&(0x7f0000703000/0x2000)=nil, 0x2000, 0x3, 0x8031, r7, 0x9b4ef000)

2.973878742s ago: executing program 4 (id=3612):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000020000000000000f9ffff0b8500000007000000850000000700000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x90)
rt_sigpending(0x0, 0x1000000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES32=r4], 0x38}}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00', <r7=>0x0})
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000100)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, r7})
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCADDRT(r9, 0x890b, &(0x7f0000000140)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, @private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0022})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000070ada959bb452fcd00060a0b04000000000000000002000000200004801c00018009"], 0x5c}, 0x1, 0x0, 0x0, 0x24004094}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010400000000000000000500fffe0900010073797a30000000002c000000030a01020000000000000000050000000900010073797a30000000000900030073797a3200000000e4040000060a010400000000000000000500000008000b40000000000900010073797a300000000008000940000000020c0005800800014000000000c4000740ab487b1b512f33a8dbd67a8b35f2405127f309901ea13e31d5810f85eae8f528c938c24abb1b1abbda2e7fa6e0758629bb09ed64a8ba5b2ef3c3591fd06d7e10d93c0857ecac854ac51ad69639d98adb2c1464e444cc1a6a2e7ee244622433b51f58606b063f4938101a7e764c957eba2e913b2ac10435471fa769740a1275cb467e5264b71bc8727fc12e9aba46e4a8abf3dda91e0da608d6a0a35573d5524fb25451cc23051887de4df85c8e771260c4943e78905aa1e7493027366ed1bea0d80304804800018008000100667764003c0002"], 0x558}}, 0x40)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', <r11=>0x0})
r12 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001000070100dd21200100005b91325b38", @ANYRES32=0x0, @ANYBLOB="000000000080000008001b00000000000500100005"], 0x30}}, 0x80)
r13 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCADDRT(r13, 0x890b, &(0x7f0000000540)={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, r11})
r14 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r14, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)

2.967894376s ago: executing program 0 (id=3613):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c00"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xd, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x2, 0x24380af8c85917fc, 0x0)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
openat$kvm(0xffffffffffffff9c, 0x0, 0x48e80, 0x0)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000080)='asymmetric\x00', &(0x7f0000000180)=@keyring={'key_or_keyring:', 0x0, 0x2})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r2 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010002000000102508000000000102030109021b000101000000090400ff0207010100090501020000030000"], 0x0)
syz_usb_control_io$printer(r2, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r3, 0x60b, 0x0)
write$char_usb(r3, 0x0, 0x0)
syz_usb_disconnect(r2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0}, 0x18)
r4 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0)
r5 = syz_io_uring_setup(0xbdc, &(0x7f0000000080)={0x0, 0xec21, 0x80, 0x1, 0x40000333}, &(0x7f0000000340)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
socket$packet(0x11, 0x3, 0x300)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0x0, 0x0})
io_uring_enter(r5, 0x847ba, 0x9b44, 0x66, 0x0, 0x0)

2.557623386s ago: executing program 4 (id=3615):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCXONC(r0, 0x540a, 0x0)

2.508344827s ago: executing program 4 (id=3616):
syz_emit_vhci(0x0, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r1 = dup(r0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000008018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000200), 0x3, r2}, 0x38)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r3}, 0x10)
setitimer(0x1, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$bt_hci(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="5300000002"], 0x8)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x58}}, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x5, &(0x7f0000000240)=@framed={{}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5}]}, &(0x7f0000000140)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000000)={0x80, 0x5, 0x10009})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r7, 0x100000)
timer_create(0x3, &(0x7f00000002c0)={0x0, 0xb, 0x2}, &(0x7f0000000300))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$KDSETLED(r6, 0x4b32, 0x1000)
openat$fuse(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
preadv(r8, &(0x7f0000000500)=[{&(0x7f00000003c0)=""/215, 0xd7}], 0x1, 0xfffffffd, 0x8)
syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c881}, 0x0)
r9 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
getsockopt$llc_int(r9, 0x10c, 0xd, &(0x7f0000000040), &(0x7f0000000080)=0x4)

1.853000707s ago: executing program 6 (id=3623):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x149802, 0x0) (async)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x149802, 0x0)
r1 = dup(r0)
read$FUSE(r1, &(0x7f0000002080)={0x2020}, 0x2020) (async)
read$FUSE(r1, &(0x7f0000002080)={0x2020}, 0x2020)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r2, 0x0, 0x0, 0x4000014, &(0x7f000005ffe4)={0xa, 0x4e24, 0xfffffffc, @mcast1, 0x9}, 0xffcb)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) (async)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) (async)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r7, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r7, 0x6, 0x16, &(0x7f0000000240)=[@mss={0x2, 0x8}, @sack_perm, @timestamp, @sack_perm, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x5b)
connect$vsock_stream(r6, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='lp\x00', 0xdeeda50eccd0056e)
setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f00000001c0), 0xc7) (async)
setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r7, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11) (async)
sendto$inet(r7, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0x8, 0x1, 0x0, 0x0)

1.841402759s ago: executing program 4 (id=3624):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = geteuid()
setreuid(r1, r1)
setuid(r1)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000000)=0x9, 0x4)
sendto$inet6(r0, &(0x7f0000000380)="e8", 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000040)=0x7, 0x4)
r2 = semget$private(0x0, 0x3, 0x1)
fstat(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
r4 = getgid()
semctl$IPC_SET(r2, 0x0, 0x1, &(0x7f0000000100)={{0x1, r1, r3, r1, r4, 0x1, 0xa9}, 0x1, 0xce8, 0x0, 0x0, 0x0, 0x0, 0x50})
shutdown(r0, 0x1)

1.767853626s ago: executing program 4 (id=3625):
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f0000000480)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x14, 0x1, 0x0, r0, &(0x7f0000000000), 0x100000, 0x3f}]) (fail_nth: 2)

1.596842539s ago: executing program 6 (id=3627):
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f0000000480)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x14, 0x1, 0x0, r0, &(0x7f0000000000), 0x100000, 0x3f}])

1.596615247s ago: executing program 4 (id=3628):
r0 = getpid()
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x80)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0xa002, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
pselect6(0x40, &(0x7f0000000600)={0x11, 0xff7ffffffffffffd, 0x2, 0xffffffffffffffff, 0xfffffffffffffffe, 0x9, 0x2, 0x8}, 0x0, &(0x7f0000000400)={0x7fc, 0x2, 0x800000, 0x0, 0x0, 0xc3ad, 0x0, 0xc2c5}, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000600)={0x6, 0x0, 0x0, 0x40, 0x2, 0x5e51, 0x0, 0x7}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x9, 0x7, 0x4, 0x0, 0x5, 0x5}, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000052e8e510b1134200c4dc0102030109021b00"], 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
kcmp(r0, r0, 0x5, 0xffffffffffffffff, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0x6, &(0x7f0000000000))
r6 = syz_open_dev$video4linux(&(0x7f0000000000), 0x34f2abf5, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r6, 0xc0585605, &(0x7f0000000100)={0x1, 0x1, @raw_data=[0x0, 0x0, 0x1013, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x20000000]})
epoll_create1(0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
r7 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x63, 0x47c0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001b00)={0x2020, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}, 0x2020)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f0000000440)={{0x6, 0x6, 0x9, 0x7, '\x00', 0x6}, 0x1, 0x10000000, 0x9, r8, 0x7, 0x5, 'syz0\x00', &(0x7f0000000180)=['/dev/radio#\x00', '/dev/v4l-subdev#\x00', '\x00', '/dev/autofs\x00', '\x8d-$[\x00', '/dev/autofs\x00', 'autofs\x00'], 0x42})

1.528688091s ago: executing program 3 (id=3629):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000006f80)=ANY=[@ANYBLOB="a03700002d00010026bd7000fcdbdf250400000005000b00", @ANYRES32, @ANYBLOB="81120c"], 0x37a0}, 0x1, 0x0, 0x0, 0x4000d}, 0x40) (fail_nth: 2)

1.527888919s ago: executing program 3 (id=3630):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000200000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0x6e9c84f3}], 0x1}, 0x0)
pipe2$9p(&(0x7f0000000180), 0x80000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
r3 = syz_io_uring_setup(0x499, &(0x7f0000001900)={0x0, 0xb803, 0x0, 0x214, 0x2a3}, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r6, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7})
ioctl$sock_netdev_private(r6, 0x8943, &(0x7f0000000000))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x3516, 0x0, 0x4, 0x0, 0x0)

1.440201631s ago: executing program 6 (id=3631):
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000000)=0x2, 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="580000000206030000000000000000000000005c0705000100070000000900020073797a31000000000c000780080012400000000005000300686173683a6e65742c696661636500"/88], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
unshare(0x62040200)

1.261250775s ago: executing program 6 (id=3632):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x200, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
linkat(r0, &(0x7f0000000040)='./file1\x00', r0, &(0x7f0000000180)='./bus\x00', 0x0)
link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00')
lsetxattr$security_capability(&(0x7f0000000280)='./bus\x00', &(0x7f00000002c0), 0x0, 0x0, 0x2)

1.250551281s ago: executing program 6 (id=3633):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prlimit64(0x0, 0x8, &(0x7f00000003c0)={0x4, 0x2}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) (async)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) (async)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
socket$kcm(0xa, 0x922000000003, 0x11) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='inet_sk_error_report\x00'}, 0x18)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000100), 0x0) (async)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r5, 0x40505331, &(0x7f0000000100)={{}, {0xe}, 0xbf00, 0xbf}) (async)
syz_io_uring_submit(0x0, 0x0, 0x0) (async)
pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3fe, 0x5, 0x3, 0x9, 0x8, 0x45ff, 0x7ffffffc}, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x44}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={<r7=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x3}, 0x90) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000840)={r7, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xd, 0x7, 0x4}, 0x9c)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r8, &(0x7f0000000000)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default]}, 0x40)

1.138096594s ago: executing program 0 (id=3634):
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000000)=0x2, 0x4)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
unshare(0x62040200)

1.137920768s ago: executing program 6 (id=3635):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000009, 0x114}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(des3_ede-generic)\x00'}, 0x58)
socket$alg(0x26, 0x5, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="c5", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @dev, 0x15}, 0x1c)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1a, 0x0, 0x28)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000300)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f0000000380)=[{0x0, 0x0, [0x6, 0x9, 0x0, 0x0, 0x0, 0x5d, 0x3ff, 0xff, 0x7, 0x6, 0x7, 0x7, 0x7, 0x7f, 0x7, 0x8b]}, {0x1, 0x0, [0x9, 0xc9a7, 0x7f, 0x40, 0x9, 0x3ff, 0x7, 0x29, 0x4, 0x3ff, 0xc, 0xd7f, 0x5, 0x5, 0x8, 0x4]}, {0x4, 0x0, [0xff, 0x4, 0xffffffff, 0x9, 0x1, 0xfffffffe, 0x9, 0x6, 0x4, 0xd, 0x10, 0x1, 0x8, 0xffff7fff, 0x6, 0xa8]}, {0x4, 0x0, [0x0, 0x0, 0x101, 0x0, 0x7fffffff, 0xe19, 0x9, 0x8, 0xfffff5f5, 0xbd86, 0x2, 0xb0e6, 0xf, 0x1, 0x1]}, {0x0, 0x0, [0x3ff, 0xffff, 0x8, 0x60aa, 0x10, 0x0, 0x40, 0x2, 0x0, 0x0, 0x2, 0x1, 0x1, 0xffffffff, 0x0, 0x3]}], r4, 0x1, 0x1, 0x168}}, 0x20)
syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
io_setup(0xeb0, &(0x7f0000000140))

977.89988ms ago: executing program 0 (id=3636):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mprotect(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x1)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000100)={@host})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f0000000040)={{@local, 0x200001}, @local, 0x8, 0x6, 0x347, 0x80000004, 0x24b, 0x10001, 0x9})
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$HCIINQUIRY(r3, 0x400448ca, 0x0)
ioctl$sock_bt_hci(r3, 0x400448c9, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f00000000c0)={0x0, 0x80600})
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r5, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
sendto$inet(r5, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)

327.959055ms ago: executing program 3 (id=3637):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8000)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000880)=[0x0])
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x1)
r3 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r3, &(0x7f0000000480)=[{0x40, 0x0, 0x6, 0xff, @tick=0xfffffff5, {0x1, 0x6}, {0x80, 0x1}, @queue={0x1, {0x8, 0x7be}}}], 0x1c)
ioctl$SG_GET_PACK_ID(r0, 0x227c, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r4 = socket(0x10, 0x16, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newqdisc={0x5c, 0x24, 0xf0b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xc}, {0xffff, 0xffff}, {0xd, 0xc}}, [@qdisc_kind_options=@q_pfifo={{0xa}, {0x8}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x5, 0x5, 0x12, 0x400, 0x1, 0x200}}, {0x4}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44004}, 0x0)
r6 = open(0x0, 0x0, 0x0)
r7 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
read$char_usb(r7, 0x0, 0x0)
fcntl$notify(r6, 0x402, 0x8000003d)
ioctl$BTRFS_IOC_SNAP_DESTROY(r4, 0x5000940f, &(0x7f0000002080)={{r1}, "75f5e8a86755d99dc00345ca8a4c06a843f8aec1683dd595fd7da1aeb9df8581c2c94a77d44a40e4c41fd9b98f2edd789265bb3a2dce4552c611c5aac58fadde0be9ae83d3c31a7dd4e3e3dff48a4be80d7399d908998e704aaa48314ca767c5981d58c5e0ddff08f32ca2b00b6e17e8d13505590fa21d5e383658b322c942a94505d62ae4221f6dedccbc8dc62c11d115468b3c2ddfa5e8dcdf57e94ca235f25e698b39bc720663d97bdbe7da8832f464557b2ba23d053159ee326efc1fadf5c1832cbdea7e1a59ac19071bc188b27d17715ef01696cd4da91819b8fbc240948a72228a369d9549666390839497c27328417ad14a200d291297d0fca6f29f4c60e51f8cb8e144c331181b895624589920dd6fa9c48bb7e302a1dc7bc7e8638271f3fe0d621f148a5aa46817a4206743e440fee232259737016c5f68b84331ea5e4d3f76804724524a1fb62ded0076e4cfd794ae6298d86d7383d034c0f999cb7a7ea232810c50587be06edd0efa9bdc85b57e0f0b203d79ad8c00aff2fb56bee9d8bd9c7c6de769973116a1bdbc064fd895299d4a99e7d62aa1e8c617e36c6cb8478c98f0269b3fcaf9447b65b21e87ecd5b7039a3a468278828dbdef65d74b77d036a1680c7d540625c7b72342ccc62382dda2874ab43f698cf493b07c0989d5a06e965baecfc4278e7b3b9472103681ba1e7db8ea71efe03e70d05eb1ab2c299a5eb20216e737fbd3c5f9e20cded7e245eedf7638210046f15e399555dd5d989c0c5500d8364e5def73227f033e9210eca271271638af7687707c61bde7cdd560c053c080b0bba62eb0fd1ee971a7808423323cd26b12fcf33029bbaf31ecd9b87ffc043c359871b84e5b80c7a2ddc329400b7057a14ed61d8f27bd947b5ea5d02c535a4c040198864690ded074e924a412eb6ac1bfae7b5ddcdb306a9a11388718fc606416bcba0e80dc5062cc7adf512195317e97e5e9122b9022cd78b7a4449b97e19a4239af1a32992c074da8807d294643866ab58b5ed8e98066eb12cbf9adc2c5a6b7a10b251abbbfc24d1ecf61dd9b750197aca37e78c8ddc9646f9f0cf3daf0be4d4a6bbb264a5991a50f81a4c600f0084741252e42c11890019f5b0f02d95e9091ce1a4d0c20c147d2f4cef78c23ecce25e06777a76fe5c097c8043277d90ebd609f13060a051423310f0e4f320b74ceaac352772b57efbe35d28ca011dc1480959c2b187d864d144851c949614487bb2037394e341544e34a13d0c236a32a85e1fcf33f35344825d8609ea4b25f78f183066ef8efffd30fbad237631b93338f140ace328acadca64e6ae8cc357b9538d1893f8b4340d6ea2e47f88284a2a182d613c657f0398bbeaafd6c2254a7b71e13efc6b0c9249583c536813e19a5b32bf002e7a1ff96a587b5c4a7f596f75bad7de242f4ec319f2c2e05655cfacdc2114062a5e8f9de7bfc51514456108d153641c6ccf87915b030dc1ce0b8462f0d6d5c4e67ece56604e456242139b18a2312d0fb5b0ee1bd9ccbd1a8953c8de8d2bb924d6fe3b23ce1f5f6198223b02fc47fad40dd83d769b6c0505aaa6d0234215b05a59618700e63cd9518177b7f88143681dc8d8a5112db2a72e1eed69e621cbe0a7e27ac70b41982755a0073335eba6334588463bb97f12ff2adc05ff872df29ad2a351ff50de845b73a575a9657659fa110fdfe5b467a0d92282268c839b8cad143428ee6c30878c7f270398df4fa43d1ad31557faece071c50cd9876aef3bc20ac760c40a8f4096ce9db9429846773da6c5fc47c30004098ed4bbff1f75c726937f0c2d13c946ba60d5787f22b4b59f62a75d0781cabf3b3f595e0eef128576ff1e0ff91a51cfdd95d9909fe8ab67823e7ad3fd666cceff7221ecffb7730dbb3dc2175caa17feae9a00972d803ea6a6735cbe7ab8f064664962676fea0ee12ca18fc03ce30fa5bcfd1ff706df23d689d2ad4d9da889e656cf1271954de18a6049b2a9aaa135aae1f41d97af98b30429e71f5cf1c5574b14b7a8d774d421c1b02485f8f68cfbb223f01fcf26a6c4189ecffa16076e5cc1e1744db6837aad8fb3ccd297a85a95bc35f5b7283ac50f5d8020a9176a42aa7528b97b4a7ddb87adb40c4ec6689c8d3a667bbf480f8ee9f76c38ea4650b14b8afdba34df7275d137b7da89eea8f58d74faa80ba813b86302dfba9c23303a726c2b29f8fdb2a94ae226cbd82650a04db56f01f18e987a60f3b4736a1aa242629e2335a9bb3afb1b5a67a0b89add57ced81b49e17b4c75724aebdf6d00da669cdadf04ffd04409a142acc0d1dc5c6268c5797a9ed360413d730d8971175187e60d778b08946a07b6099b70417ba3fde6df48a8e2ad9a478f0e9a25faa0b5846de2b56b47d6763cb46c28f0e54a70bfd4b6acacd9d3ea712c1ca5bdfcb36f81e8f0b7de96eff278bc7462f8318126edab362372ec05bf04be15ad8c9577a8d61d4cda44d3111e5c80e00562ab7012abdad1dad8b0be806981bae34c527a8fd7bf7c653281bedf3d7174ca1f8ae9a73f45a6fea32fde44e8dfcb58c7ba6fa3009666977cce882bbf35101713e38a9f70b1fedb522d91dd024d87fcf9e120114d90bf8a6beb88e987a6230e8bd43e152183095cc0fefc53717258f13dad005ddd6bd856f005e09ab23c98ee5aeb9a14a3bd473bb48d6ef308bf40b5441de96e2711a3f4c2d89dc272c6b4721b896a31b357c3a3411ba88d056f384816444ee200cce6416a85e2550d453a4c6c3d574add731c7cb6027566a4d36aef75bf500371143af01f1439bde95248ce258e29a66f37a5fdc7c5adcf264f46570035cf29a0c3f1f535e48143909f2e6f50264028ee70ff30e7ec82b9c150aac714cf9d3579f6ff8983a03592a22b31df793548f77b99e36c7501b85593461034c4358247f3f1271b4c59b358f27883882b6f62ca38bccc5c5ea5094d2b0cc540b02b5dcd49f5eab8569c9b6d54a001844bc049cc9e78073b39b3fb07c37f126bf8c234ef60ac80b38190616224a93a238b1c4605eb425670629819a90db51c537a8e2bc4871fd86124b230183deae61c8d6a7e99abdc80b5e641710823768b27dc263baca4417b095cfc4693986fd6d900a11196b0e8d82032e5c257d7482119b96d17cdd7a852217c96467f07e7802bc1520bc26c368db59ee2747afb6c6fd23f3cdfb19c7caf21066c3fa5753feab6988bd9cd00801c9ae7d37ec8d2af39445a00ebd496c1266a78ce52bf7e3d79abac6f404d0a2093ac63678aa6becec0ffdc3c94dae07c41b2036504210217a90876455c6ff32a149a074208b8070816102da31848d77597112f7fb355de1b0237ec303e09a82bc0b369151cf4ef0f935de6b640217c1aed49bce8832879484931e6d279643507ab23d36fd55a31f001f1edfabf569c41e9d34efac3c8de1dcc2047052dac8685fb2a9eb69f4265b5e7effdad8bbc3a6b56ec917f3af8be5685070c0a4b6d3fad9e4bf8495fc815f1610486110eff02894fd8362370848470268c054381cb7b2ee416aeeb894f3e489cc439bab032d4103b508e2ca4f731afde7b5ba96e9309501ff03caee93514bd78010ae77dea99f6d17710ca388c1e0cfb9581b15bb957a34dec6cee24f782d92cff5b0c62b1614510b2b09d2573f8f78cf67df5d30412867a1987a1242a70486eb93e357f0d33e52f5a8e98959957356776367dcbf6b9c6a67efdb22974b688d226f77965a7f097a54453aea7bf2010ef0c833fbdcbbb6f87524b654e266e998d1d67692a6d655c22f77d86b8c7c2c5883d6140b4e81368ae48784847eed5936e8c4b94c27792613e51c73a23e3f2774a23a0376a1a34319690a09c76fe67d0b27dd930f9ac09b0512fec59ab84714024ec20dc16ea4158f9a2605fcc7e49a0c3a11a211818db539018c8eef3c73a14551a3ea8446c0f64c621a1ff34d87dbcc7aaa1975612e484597cfc83428194fb8688a22c7e2ec37227045ce3120fc44f26a4f2a97f3361a9c4ba72a36d3cef02f4ee4166cedef7fefaaf95251810d068c9cc335db76f80c1a77075b756a95a6b0f074518027f9d4080172e0d6168488079c187224252b7e0212f4d406197a230248e8637c67fc8943418abee45568df110bb49281a9e380d218ac75f96503e1791f362c3d91d9779f62a39764ecfdfe8d5a5d079898c6daa89ddb82bae2609e7cb4abc899e6a935314a766e43f12f385c520e9e068e635117b438933b4f046b102995042952eb3b4d4349fc1a3ed74733202d6d032a33c3b3c48ad24189a8c15c10aa647dd9e9ed68e3edf5821598d120442c7ba548ec766516790dce7f32ef2c3d3b4fcf485b082d051b64c4b5872f6001c99b11b70a8134a5d37dd77a67ffadb2be88464fa5255c073a60bf29b858bd72e990199a2ef334f88dc4a2c59b0aed42565a1e0c0cfa0b1e42f5efc7b56d26c09eeb2f29c666eb7a0d166898f7534260b72d2eb9a0605cc9e1d7247f470cf2f8f9af8f927c4e946e4a5c1524e5e0af78eb11c3c2d14b216a93beb7a06989cd0d028d1c10d02b6c474c2cf1fa5f5375f1c23ac6043531429778fe1a054aedc0ec2c422318f0248a778461ea36f33e292486097ac1445bc73c6b8c75a2389c3ce6a027aaffa8ad6ac51bb588976a2fca0a3538bc8461bea73a480e512fe3dfaa21caf78bf6fffdd284568f34c13c0d745a48a31d498b06df6f1f417db5fc3d1709d04bea90e4601a2bcab61c0bc98a7e230e8a0ab6cd9a1c5aaacf44bb14743abf55cf09d404df26e895299d32cbfeaa605d6ed7da917a554e17811229a16885985bccbb4c555291dae7771e09176ed5b1e366cd1c60e8d631483f3765dceabd928a4f2164d43dac04f417abf36f765bd70e669c7f116bf98ec19cde232a717c72adc788bbcfecc328c608294d461a7a415e83b515e4d82cdf282243758367ef8e63e660f1823843376c7e1795284d36a94fa9aa1fa13365143568b652150449ddb707b35e41177473b164f17884b1bb7312ddb9847747100e5c80a18695f78a2811ced1825f095c82bd02f0b1ce5f9455e963dd342c314849f39a8164fa995f82f94e31819aa3ba18035a9081200c67ac0dfa9dd5cb32a36427e5f5f353fdaaac9011b53e79805ea62cec59ed7d7185e423d3a9f3c16cc213de183f3604eb43d6dc03b6c450f690cf5be6004419cda5c1e72b1416548257ad3fab2ca63978709f4cf51ed89d948eaaae20b99f658a9c7c1ad19ec7893044e665b341644b2de945682701ca72466486536361792d18b4d3cdccd395b5da0a051eb6d0dfbb6cdb192d8ead7c7bd0523af690bb3ac9c5c7a7bb91a00052df01250e91fe5fa11b462f58df3c266e36a2af714b8c9b32c57c35ef7aca84aa6382073269055b0251bfbe002fee89afe48f5c3b4e7b01d90be94c62d7d306b3a2a1d480d8073b9f8f4cc0980c7cce58b6a9ccaaddd074a224bde68c731076dc61df26a478fdc91d5df207d4b8f9468236f7bf19b07d5f231d07e0e54d9616fc21bba6b57d1b3ccc27924fdbaec9a9f193f119a313da7c4378468c79fa4c42ca3066af10d89bfc8231d6760cd1bbf9776fad22635bb7f630b79b7e2956abeb72baef3879f3dcce139f49f24c24a5a3a6b019da0f03e60d62f58e47b440029245c8957b07658d03e2b3b00f9f881928e746b5f17d3cbfe74d911ebe7ffaab0d6552029b792df69724865752f7ddf5753efee4f53cba846dd5fdf25496f55f4d9267c4634c4f6eb70daf372afc78"})
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x88)
inotify_init()
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x8a000, &(0x7f0000000400)={[{@xino_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r8 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r8, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
close(r6)
syz_emit_ethernet(0x4e, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff88a81300810048000800450000380060000000019078ac1414bb0a01010103009078030000004500000000000000002f0001040022eb0002000043b8863906c61b4b7ed54b44f3127080407d26292ecd4e4f9cc543e2fd1d0b268aaf20df43d3b1f03c28a021bb6e85e1d822f735560c7ec4f29c37cb3e599a307b7ad53d9b6e281e6591d9b2373ddf953e63cf8b72cf9ba65ee8122e8bbf7f21df1fef1c461716e71973b53794aebe5a1ab04e01cdd7b9cd2947ccfb9a5acc4ea210"], 0x0)
link(&(0x7f0000000100)='./file1\x00', &(0x7f0000000180)='./file0\x00')
socket$inet_tcp(0x2, 0x1, 0x0)
r9 = creat(&(0x7f0000000880)='./file0\x00', 0x0)
setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x1a, &(0x7f0000000040)={0x9, &(0x7f00000001c0)=[{0x9b, 0x1, 0xb0, 0x4d}, {0x1, 0x1, 0x5, 0x5}, {0xb3, 0x58, 0x28, 0x4}, {0x3, 0x7f, 0x4b}, {0xfffa, 0x0, 0x80}, {0x5, 0x1, 0x81, 0x4}, {0x3, 0x9, 0xfd, 0x7f}, {0x3, 0xc, 0xf2, 0xec}, {0xe5c, 0x25, 0xd1, 0x47d1}]}, 0x8)

59.857685ms ago: executing program 3 (id=3638):
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000000)=0x2, 0x4)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
unshare(0x62040200) (fail_nth: 2)

59.714845ms ago: executing program 3 (id=3639):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0x4, 0x1, 0x1100}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r1}, 0x10)

35.979432ms ago: executing program 0 (id=3640):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0x4, 0x1, 0x1100}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r1}, 0x10) (fail_nth: 2)

0s ago: executing program 3 (id=3641):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = add_key$keyring(&(0x7f0000001080), &(0x7f00000010c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x0)
ioctl$I2C_PEC(r3, 0x708, 0x2)
ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000200)={0x1, 0x4, 0x8, &(0x7f0000000340)={0x0, "90f541a5e64f610100000000002b0592410aefd9cca7b2986ed6650529e7cb8393"}})
pipe2$watch_queue(&(0x7f0000001100)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r4, 0xc2)
ioctl$SNDRV_PCM_IOCTL_RESET(r4, 0x4141, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x8, 0x0, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x5}, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4d5, 0x6c}, 0x0, @in=@empty, 0x0, 0x5, 0x0, 0xbb}}, 0xe4)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYBLOB="240d00a0990000000100000000000000000002c5879548ce3108da00002208001e000200"], 0x24}, 0x1, 0x0, 0x0, 0x24006805}, 0x4010)
r6 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setlease(r6, 0x400, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = getpid()
fcntl$setownex(r7, 0xf, &(0x7f0000000100)={0x2, r8})
r9 = landlock_create_ruleset(&(0x7f0000000000)={0x4040, 0x0, 0x2}, 0x18, 0x0)
landlock_restrict_self(r9, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f00000001c0)=<r10=>0x0)
fcntl$setown(r6, 0x8, r10)
truncate(&(0x7f0000000140)='./file0\x00', 0x9)
process_vm_readv(0x0, &(0x7f0000000400)=[{&(0x7f0000000340)=""/137, 0x89}], 0x1, &(0x7f0000000bc0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
accept4(r0, 0x0, 0x0, 0x800)

kernel console output (not intermixed with test programs):

][T17189]  should_fail_ex+0x512/0x640
[  633.603279][T17189]  should_failslab+0xc2/0x120
[  633.603290][T17189]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  633.603307][T17189]  ? skb_clone+0x190/0x3f0
[  633.603325][T17189]  skb_clone+0x190/0x3f0
[  633.603341][T17189]  neigh_probe+0x5d/0x110
[  633.603356][T17189]  __neigh_event_send+0xac5/0x13c0
[  633.603372][T17189]  neigh_resolve_output+0x56b/0x940
[  633.603385][T17189]  ? __pfx____neigh_create+0x10/0x10
[  633.603399][T17189]  ip6_finish_output2+0xaeb/0x2020
[  633.603413][T17189]  ? ip6_mtu+0x1a3/0x4a0
[  633.603425][T17189]  ip6_finish_output+0x3f9/0x1360
[  633.603440][T17189]  ip6_output+0x1f9/0x540
[  633.603451][T17189]  ? __pfx_ip6_output+0x10/0x10
[  633.603464][T17189]  ip6_local_out+0xcd/0x4a0
[  633.603481][T17189]  ip6_send_skb+0x112/0x460
[  633.603494][T17189]  udp_v6_send_skb+0x96f/0x1910
[  633.603513][T17189]  udpv6_sendmsg+0x252a/0x3050
[  633.603528][T17189]  ? __pfx_udplite_getfrag+0x10/0x10
[  633.603546][T17189]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  633.603560][T17189]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  633.603575][T17189]  ? tomoyo_check_inet_address+0xe0/0x6c0
[  633.603605][T17189]  ? find_held_lock+0x2b/0x80
[  633.603617][T17189]  ? __pfx_aa_sk_perm+0x10/0x10
[  633.603630][T17189]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  633.603646][T17189]  ? inet6_sendmsg+0x105/0x140
[  633.603662][T17189]  inet6_sendmsg+0x105/0x140
[  633.603678][T17189]  ____sys_sendmsg+0x705/0xc70
[  633.603691][T17189]  ? __pfx_____sys_sendmsg+0x10/0x10
[  633.603702][T17189]  ? get_compat_msghdr+0x11a/0x170
[  633.603720][T17189]  ? __pfx__kstrtoull+0x10/0x10
[  633.603735][T17189]  ___sys_sendmsg+0x134/0x1d0
[  633.603751][T17189]  ? __pfx____sys_sendmsg+0x10/0x10
[  633.603765][T17189]  ? __lock_acquire+0x622/0x1c90
[  633.603794][T17189]  __sys_sendmmsg+0x2f9/0x420
[  633.603810][T17189]  ? __pfx___sys_sendmmsg+0x10/0x10
[  633.603835][T17189]  ? fput+0x70/0xf0
[  633.603846][T17189]  ? ksys_write+0x1ac/0x250
[  633.603863][T17189]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  633.603880][T17189]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  633.603897][T17189]  __do_fast_syscall_32+0x7c/0x3a0
[  633.603914][T17189]  do_fast_syscall_32+0x32/0x80
[  633.603930][T17189]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  633.603944][T17189] RIP: 0023:0xf7f91579
[  633.603952][T17189] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  633.603962][T17189] RSP: 002b:00000000f507455c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  633.603972][T17189] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080007e40
[  633.603979][T17189] RDX: 0000000000006c00 RSI: 0000000000000048 RDI: 0000000000000000
[  633.603985][T17189] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  633.603991][T17189] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  633.603997][T17189] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  633.604009][T17189]  </TASK>
[  634.136245][T17198] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  634.447410][T17202] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3136'.
[  634.565605][T17209] fuse: Unknown parameter 'user_i00000000000000000000'
[  635.039951][  T839] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  635.211436][  T839] usb 10-1: Using ep0 maxpacket: 8
[  635.222275][  T839] usb 10-1: config 0 interface 0 has no altsetting 0
[  635.233931][  T839] usb 10-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  635.248452][  T839] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  635.267524][  T839] usb 10-1: config 0 descriptor??
[  635.675422][  T839] mcp2221 0003:04D8:00DD.005C: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0
[  635.849513][ T6689] usb 10-1: USB disconnect, device number 12
[  636.413399][T17232] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3145'.
[  636.659107][T17240] FAULT_INJECTION: forcing a failure.
[  636.659107][T17240] name failslab, interval 1, probability 0, space 0, times 0
[  636.666950][T17240] CPU: 2 UID: 0 PID: 17240 Comm: syz.5.3148 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  636.666973][T17240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  636.666983][T17240] Call Trace:
[  636.666989][T17240]  <TASK>
[  636.666996][T17240]  dump_stack_lvl+0x16c/0x1f0
[  636.667025][T17240]  should_fail_ex+0x512/0x640
[  636.667048][T17240]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  636.667071][T17240]  should_failslab+0xc2/0x120
[  636.667087][T17240]  __kmalloc_cache_noprof+0x6a/0x3e0
[  636.667108][T17240]  ? mall_change+0x262/0x1090
[  636.667135][T17240]  mall_change+0x262/0x1090
[  636.667163][T17240]  ? __pfx_mall_change+0x10/0x10
[  636.667185][T17240]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  636.667218][T17240]  ? __pfx_mall_change+0x10/0x10
[  636.667240][T17240]  tc_new_tfilter+0xa35/0x2340
[  636.667272][T17240]  ? __pfx_tc_new_tfilter+0x10/0x10
[  636.667290][T17240]  ? stack_trace_save+0x8e/0xc0
[  636.667328][T17240]  ? find_held_lock+0x2b/0x80
[  636.667346][T17240]  ? __pfx_tc_new_tfilter+0x10/0x10
[  636.667361][T17240]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  636.667391][T17240]  ? __pfx_tc_new_tfilter+0x10/0x10
[  636.667409][T17240]  rtnetlink_rcv_msg+0x95b/0xe90
[  636.667435][T17240]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  636.667466][T17240]  ? ref_tracker_free+0x37c/0x830
[  636.667493][T17240]  netlink_rcv_skb+0x158/0x420
[  636.667509][T17240]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  636.667535][T17240]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  636.667562][T17240]  ? netlink_deliver_tap+0x1ae/0xd30
[  636.667591][T17240]  netlink_unicast+0x58a/0x850
[  636.667612][T17240]  ? __pfx_netlink_unicast+0x10/0x10
[  636.667636][T17240]  netlink_sendmsg+0x8d1/0xdd0
[  636.667658][T17240]  ? __pfx_netlink_sendmsg+0x10/0x10
[  636.667676][T17240]  ? __import_iovec+0x1dd/0x650
[  636.667697][T17240]  ____sys_sendmsg+0xa98/0xc70
[  636.667718][T17240]  ? __pfx_____sys_sendmsg+0x10/0x10
[  636.667735][T17240]  ? get_compat_msghdr+0x11a/0x170
[  636.667772][T17240]  ___sys_sendmsg+0x134/0x1d0
[  636.667796][T17240]  ? __pfx____sys_sendmsg+0x10/0x10
[  636.667832][T17240]  ? find_held_lock+0x2b/0x80
[  636.667866][T17240]  __sys_sendmsg+0x16d/0x220
[  636.667889][T17240]  ? __pfx___sys_sendmsg+0x10/0x10
[  636.667925][T17240]  ? rcu_is_watching+0x12/0xc0
[  636.667946][T17240]  __do_fast_syscall_32+0x7c/0x3a0
[  636.667973][T17240]  do_fast_syscall_32+0x32/0x80
[  636.667990][T17240]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  636.668004][T17240] RIP: 0023:0xf7f91579
[  636.668012][T17240] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  636.668023][T17240] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  636.668033][T17240] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000900
[  636.668040][T17240] RDX: 0000000020000800 RSI: 0000000000000000 RDI: 0000000000000000
[  636.668046][T17240] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  636.668052][T17240] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  636.668058][T17240] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  636.668071][T17240]  </TASK>
[  636.768673][    C2] hpet_rtc_timer_reinit: 76 callbacks suppressed
[  636.768684][    C2] hpet: Lost 5 RTC interrupts
[  636.879102][T17245] fuse: Unknown parameter 'user_i00000000000000000000'
[  637.071492][T17250] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  637.648470][T17261] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3154'.
[  637.860034][ T6025] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[  637.997147][T17274] fuse: Unknown parameter 'user_i00000000000000000000'
[  638.004436][T17275] netlink: 'syz.5.3156': attribute type 4 has an invalid length.
[  638.012364][ T6025] usb 5-1: Using ep0 maxpacket: 8
[  638.016096][ T6025] usb 5-1: config 0 interface 0 has no altsetting 0
[  638.018772][ T6025] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  638.021304][T17275] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3156'.
[  638.027697][ T6025] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.033029][ T6025] usb 5-1: config 0 descriptor??
[  638.245702][T17283] FAULT_INJECTION: forcing a failure.
[  638.245702][T17283] name failslab, interval 1, probability 0, space 0, times 0
[  638.250075][T17283] CPU: 3 UID: 0 PID: 17283 Comm: syz.4.3161 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  638.250090][T17283] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  638.250097][T17283] Call Trace:
[  638.250102][T17283]  <TASK>
[  638.250107][T17283]  dump_stack_lvl+0x16c/0x1f0
[  638.250152][T17283]  should_fail_ex+0x512/0x640
[  638.250169][T17283]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  638.250185][T17283]  should_failslab+0xc2/0x120
[  638.250196][T17283]  __kmalloc_cache_noprof+0x6a/0x3e0
[  638.250210][T17283]  ? _snd_pcm_hw_param_min+0x259/0x630
[  638.250220][T17283]  ? snd_pcm_oss_change_params_locked+0x6f4/0x3a30
[  638.250234][T17283]  snd_pcm_oss_change_params_locked+0x6f4/0x3a30
[  638.250249][T17283]  ? __mutex_lock+0x1ca/0xb90
[  638.250264][T17283]  ? rcu_is_watching+0x12/0xc0
[  638.250277][T17283]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  638.250290][T17283]  ? __pfx___mutex_lock+0x10/0x10
[  638.250319][T17283]  snd_pcm_oss_get_active_substream+0x168/0x1d0
[  638.250333][T17283]  snd_pcm_oss_set_channels+0x23a/0x370
[  638.250345][T17283]  ? __pfx_snd_pcm_oss_set_channels+0x10/0x10
[  638.250356][T17283]  ? __might_fault+0x13b/0x190
[  638.250375][T17283]  snd_pcm_oss_ioctl+0x219d/0x37a0
[  638.250387][T17283]  ? find_held_lock+0x2b/0x80
[  638.250398][T17283]  ? hook_file_ioctl_common+0x145/0x410
[  638.250410][T17283]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  638.250424][T17283]  ? __fget_files+0x20e/0x3c0
[  638.250438][T17283]  ? __fput_deferred+0x450/0x480
[  638.250451][T17283]  ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10
[  638.250463][T17283]  __ia32_compat_sys_ioctl+0x23f/0x370
[  638.250478][T17283]  __do_fast_syscall_32+0x7c/0x3a0
[  638.250496][T17283]  do_fast_syscall_32+0x32/0x80
[  638.250512][T17283]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  638.250525][T17283] RIP: 0023:0xf7fc7579
[  638.250534][T17283] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  638.250545][T17283] RSP: 002b:00000000f50c555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  638.250555][T17283] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0045006
[  638.250562][T17283] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[  638.250568][T17283] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  638.250574][T17283] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  638.250580][T17283] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  638.250593][T17283]  </TASK>
[  638.587255][ T6025] mcp2221 0003:04D8:00DD.005D: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  638.781848][T16803] usb 5-1: USB disconnect, device number 108
[  639.113150][T17290] FAULT_INJECTION: forcing a failure.
[  639.113150][T17290] name failslab, interval 1, probability 0, space 0, times 0
[  639.117989][T17290] CPU: 3 UID: 0 PID: 17290 Comm: syz.5.3162 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  639.118006][T17290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  639.118013][T17290] Call Trace:
[  639.118017][T17290]  <TASK>
[  639.118022][T17290]  dump_stack_lvl+0x16c/0x1f0
[  639.118043][T17290]  should_fail_ex+0x512/0x640
[  639.118059][T17290]  ? fs_reclaim_acquire+0xae/0x150
[  639.118074][T17290]  ? tomoyo_encode2+0x100/0x3e0
[  639.118089][T17290]  should_failslab+0xc2/0x120
[  639.118100][T17290]  __kmalloc_noprof+0xd2/0x510
[  639.118139][T17290]  ? d_absolute_path+0x136/0x1a0
[  639.118153][T17290]  tomoyo_encode2+0x100/0x3e0
[  639.118170][T17290]  tomoyo_encode+0x29/0x50
[  639.118185][T17290]  tomoyo_realpath_from_path+0x18f/0x6e0
[  639.118204][T17290]  tomoyo_path_number_perm+0x245/0x580
[  639.118218][T17290]  ? tomoyo_path_number_perm+0x237/0x580
[  639.118232][T17290]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  639.118259][T17290]  ? find_held_lock+0x2b/0x80
[  639.118272][T17290]  ? hook_file_ioctl_common+0x145/0x410
[  639.118287][T17290]  ? __fget_files+0x20e/0x3c0
[  639.118302][T17290]  ? __fput_deferred+0x450/0x480
[  639.118315][T17290]  security_file_ioctl_compat+0x9b/0x240
[  639.118331][T17290]  __ia32_compat_sys_ioctl+0xc3/0x370
[  639.118346][T17290]  __do_fast_syscall_32+0x7c/0x3a0
[  639.118365][T17290]  do_fast_syscall_32+0x32/0x80
[  639.118382][T17290]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  639.118397][T17290] RIP: 0023:0xf7f91579
[  639.118411][T17290] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  639.118423][T17290] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  639.118434][T17290] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c0306201
[  639.118441][T17290] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[  639.118448][T17290] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  639.118454][T17290] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  639.118461][T17290] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  639.118474][T17290]  </TASK>
[  639.118485][T17290] ERROR: Out of memory at tomoyo_realpath_from_path.
[  639.163309][T17291] binder: 17289:17291 unknown command 0
[  639.197299][T17291] binder: 17289:17291 ioctl c0306201 800003c0 returned -22
[  640.021971][T16162] hid-generic 0000:0000:0000.005E: unknown main item tag 0x0
[  640.025128][T16162] hid-generic 0000:0000:0000.005E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  640.745945][T16803] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  640.888702][T16803] usb 9-1: Using ep0 maxpacket: 8
[  640.898489][T16803] usb 9-1: config 0 interface 0 has no altsetting 0
[  640.900999][T16803] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  640.904084][T16803] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  640.930526][T16803] usb 9-1: config 0 descriptor??
[  641.186582][T17332] siw: device registration error -23
[  641.263490][ T9091] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[  641.451779][ T9091] usb 5-1: Using ep0 maxpacket: 8
[  641.459298][ T9091] usb 5-1: config 0 interface 0 has no altsetting 0
[  641.461996][ T9091] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  641.464954][ T9091] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.469353][ T9091] usb 5-1: config 0 descriptor??
[  641.621360][T16803] mcp2221 0003:04D8:00DD.005F: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  641.816252][ T6025] usb 9-1: USB disconnect, device number 15
[  641.842437][ T9091] mcp2221 0003:04D8:00DD.0060: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  642.032527][ T9091] usb 5-1: USB disconnect, device number 109
[  642.614594][T17349] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  643.844049][T17366] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  644.184859][ T6025] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[  644.329076][ T6025] usb 5-1: Using ep0 maxpacket: 16
[  644.332202][ T6025] usb 5-1: config 0 has an invalid interface number: 68 but max is 0
[  644.334716][ T6025] usb 5-1: config 0 has no interface number 0
[  644.337039][ T6025] usb 5-1: config 0 interface 68 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  644.341729][ T6025] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[  644.344529][ T6025] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  644.347047][ T6025] usb 5-1: Product: syz
[  644.348361][ T6025] usb 5-1: Manufacturer: syz
[  644.349872][ T6025] usb 5-1: SerialNumber: syz
[  644.404825][ T6025] usb 5-1: config 0 descriptor??
[  644.420154][ T6025] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  644.630135][ T1139] usb 5-1: Failed to submit usb control message: -71
[  644.630190][ T6025] usb 5-1: USB disconnect, device number 110
[  644.636046][ T1139] usb 5-1: unable to send the bmi data to the device: -71
[  644.639179][ T1139] usb 5-1: unable to get target info from device
[  644.641952][ T1139] usb 5-1: could not get target info (-71)
[  644.644576][ T1139] usb 5-1: could not probe fw (-71)
[  644.718323][    T9] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  644.802368][   T40] audit: type=1800 audit(673.964:2678): pid=17388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3186" name="bus" dev="overlay" ino=868 res=0 errno=0
[  644.890118][    T9] usb 9-1: Using ep0 maxpacket: 8
[  644.892953][    T9] usb 9-1: config 0 interface 0 has no altsetting 0
[  644.895064][    T9] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  644.897891][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  644.901684][    T9] usb 9-1: config 0 descriptor??
[  645.269464][    T9] mcp2221 0003:04D8:00DD.0061: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  645.348337][   T40] audit: type=1326 audit(674.541:2679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17392 comm="syz.0.3188" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf712e579 code=0x7ffc0000
[  645.355816][   T40] audit: type=1326 audit(674.541:2680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17392 comm="syz.0.3188" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf712e5a7 code=0x7ffc0000
[  645.362496][   T40] audit: type=1326 audit(674.541:2681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17392 comm="syz.0.3188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x7ffc0000
[  645.369296][   T40] audit: type=1326 audit(674.541:2682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17392 comm="syz.0.3188" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x7ffc0000
[  645.377130][   T40] audit: type=1326 audit(674.541:2683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17392 comm="syz.0.3188" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf712e579 code=0x7ffc0000
[  645.384016][   T40] audit: type=1326 audit(674.541:2684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17392 comm="syz.0.3188" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf712e5a7 code=0x7ffc0000
[  645.390476][   T40] audit: type=1326 audit(674.541:2685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17392 comm="syz.0.3188" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf712e579 code=0x7ffc0000
[  645.397040][   T40] audit: type=1326 audit(674.541:2686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17392 comm="syz.0.3188" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf712e5a7 code=0x7ffc0000
[  645.403418][   T40] audit: type=1326 audit(674.541:2687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17392 comm="syz.0.3188" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf712e579 code=0x7ffc0000
[  645.416677][T17393] fuseblk: Bad value for 'fd'
[  645.469264][T16162] usb 9-1: USB disconnect, device number 16
[  645.589835][T17399] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  646.375912][ T6025] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  646.547502][ T6025] usb 9-1: Using ep0 maxpacket: 8
[  646.550618][ T6025] usb 9-1: config 0 interface 0 has no altsetting 0
[  646.552742][ T6025] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  646.556059][ T6025] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  646.560374][ T6025] usb 9-1: config 0 descriptor??
[  646.766069][T17417] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  646.925657][ T6025] mcp2221 0003:04D8:00DD.0062: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  647.121780][ T6025] usb 9-1: USB disconnect, device number 17
[  647.649854][T17430] .: renamed from bond0
[  647.713521][T17433] fuse: Unknown parameter 'user_id00000000000000000000'
[  648.208476][T17440] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  648.857176][T17449] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  649.354938][T17452] netlink: 'syz.3.3199': attribute type 4 has an invalid length.
[  649.433823][T17448] x_tables: duplicate underflow at hook 1
[  649.457732][T17452] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3199'.
[  649.852725][ T6689] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  649.919199][T14045] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[  649.935732][T17469] fuse: Unknown parameter 'user_id00000000000000000000'
[  649.995280][ T6689] usb 9-1: Using ep0 maxpacket: 8
[  650.005837][ T6689] usb 9-1: config 0 interface 0 has no altsetting 0
[  650.012099][ T6689] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  650.015130][ T6689] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  650.018691][ T6689] usb 9-1: config 0 descriptor??
[  650.029592][T17471] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3208'.
[  650.071577][T14045] usb 5-1: Using ep0 maxpacket: 8
[  650.074500][T14045] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  650.077902][T14045] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  650.080993][T14045] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  650.085182][T14045] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  650.089268][T14045] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  650.092738][T14045] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  650.302524][T14045] usb 5-1: usb_control_msg returned -71
[  650.304470][T14045] usbtmc 5-1:16.0: can't read capabilities
[  650.313300][T14045] usb 5-1: USB disconnect, device number 111
[  650.381252][ T6689] mcp2221 0003:04D8:00DD.0063: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  650.570996][T16803] usb 9-1: USB disconnect, device number 18
[  650.899880][T17483] FAULT_INJECTION: forcing a failure.
[  650.899880][T17483] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  650.905422][T17483] CPU: 1 UID: 0 PID: 17483 Comm: syz.3.3210 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  650.905461][T17483] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  650.905471][T17483] Call Trace:
[  650.905477][T17483]  <TASK>
[  650.905485][T17483]  dump_stack_lvl+0x16c/0x1f0
[  650.905516][T17483]  should_fail_ex+0x512/0x640
[  650.905544][T17483]  _copy_to_user+0x32/0xd0
[  650.905577][T17483]  simple_read_from_buffer+0xcb/0x170
[  650.905603][T17483]  proc_fail_nth_read+0x197/0x270
[  650.905625][T17483]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  650.905647][T17483]  ? rw_verify_area+0xcf/0x680
[  650.905669][T17483]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  650.905690][T17483]  vfs_read+0x1e4/0xc60
[  650.905715][T17483]  ? fdget_pos+0x2a2/0x370
[  650.905742][T17483]  ? __pfx_vfs_read+0x10/0x10
[  650.905763][T17483]  ? find_held_lock+0x2b/0x80
[  650.905788][T17483]  ? __fget_files+0x20e/0x3c0
[  650.905809][T17483]  ? fd_install+0x510/0x750
[  650.905838][T17483]  ksys_read+0x12a/0x250
[  650.905861][T17483]  ? __pfx_ksys_read+0x10/0x10
[  650.905886][T17483]  ? rcu_is_watching+0x12/0xc0
[  650.905908][T17483]  __do_fast_syscall_32+0x7c/0x3a0
[  650.905935][T17483]  do_fast_syscall_32+0x32/0x80
[  650.905960][T17483]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  650.905983][T17483] RIP: 0023:0xf7f73579
[  650.905998][T17483] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  650.906036][T17483] RSP: 002b:00000000f5054590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  650.906052][T17483] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5054620
[  650.906064][T17483] RDX: 000000000000000f RSI: 00000000f7403ff4 RDI: 0000000000000000
[  650.906074][T17483] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  650.906084][T17483] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  650.906095][T17483] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  650.906119][T17483]  </TASK>
[  651.067750][T17488] fuse: Bad value for 'fd'
[  651.209381][T17486] FAULT_INJECTION: forcing a failure.
[  651.209381][T17486] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  651.213512][T17486] CPU: 0 UID: 0 PID: 17486 Comm: syz.0.3212 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  651.213527][T17486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  651.213533][T17486] Call Trace:
[  651.213537][T17486]  <TASK>
[  651.213542][T17486]  dump_stack_lvl+0x16c/0x1f0
[  651.213561][T17486]  should_fail_ex+0x512/0x640
[  651.213579][T17486]  save_fsave_header+0x14c/0x2f0
[  651.213594][T17486]  ? __pfx_save_fsave_header+0x10/0x10
[  651.213612][T17486]  ? copy_fpstate_to_sigframe+0x2c3/0xaf0
[  651.213625][T17486]  ? rcu_is_watching+0x12/0xc0
[  651.213636][T17486]  ? __local_bh_enable_ip+0xa4/0x120
[  651.213651][T17486]  copy_fpstate_to_sigframe+0x77c/0xaf0
[  651.213667][T17486]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  651.213681][T17486]  ? __sigqueue_free+0xba/0x2a0
[  651.213696][T17486]  ? collect_signal+0x263/0x540
[  651.213711][T17486]  ? x86_task_fpu+0x5f/0x90
[  651.213723][T17486]  get_sigframe+0x4a8/0x9c0
[  651.213737][T17486]  ? __pfx_get_sigframe+0x10/0x10
[  651.213749][T17486]  ? rcu_is_watching+0x12/0xc0
[  651.213759][T17486]  ? _raw_spin_unlock_irq+0x23/0x50
[  651.213773][T17486]  ? siginfo_layout+0x177/0x290
[  651.213787][T17486]  ia32_setup_frame+0xe2/0xa50
[  651.213805][T17486]  ? __pfx_ia32_setup_frame+0x10/0x10
[  651.213820][T17486]  ? do_raw_spin_unlock+0x172/0x230
[  651.213830][T17486]  ? _raw_spin_unlock+0x28/0x50
[  651.213844][T17486]  arch_do_signal_or_restart+0x59c/0x790
[  651.213858][T17486]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  651.213877][T17486]  exit_to_user_mode_loop+0x84/0x110
[  651.213895][T17486]  __do_fast_syscall_32+0x2ac/0x3a0
[  651.213912][T17486]  do_fast_syscall_32+0x32/0x80
[  651.213928][T17486]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  651.213941][T17486] RIP: 0023:0xf712e579
[  651.213950][T17486] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  651.213961][T17486] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 000000000000015e
[  651.213971][T17486] RAX: fffffffffffffffc RBX: 0000000000000004 RCX: 0000000000000000
[  651.213978][T17486] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000
[  651.213983][T17486] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  651.213989][T17486] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  651.213995][T17486] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  651.214034][T17486]  </TASK>
[  651.334278][T17496] netlink: 'syz.0.3214': attribute type 10 has an invalid length.
[  651.337348][T17496] macvlan0: entered promiscuous mode
[  651.339147][T17496] macvlan0: entered allmulticast mode
[  651.342378][T17496] veth1_vlan: entered allmulticast mode
[  651.346047][T17496] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  651.450045][T17500] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  651.595990][   T24] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  651.748125][   T24] usb 9-1: Using ep0 maxpacket: 8
[  651.807918][   T24] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  651.811363][   T24] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  651.814363][   T24] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  651.817557][   T24] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  651.822659][   T24] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  651.826170][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  652.045548][   T24] usb 9-1: usb_control_msg returned -71
[  652.047329][   T24] usbtmc 9-1:16.0: can't read capabilities
[  652.050936][   T24] usb 9-1: USB disconnect, device number 19
[  652.369232][T17508] FAULT_INJECTION: forcing a failure.
[  652.369232][T17508] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  652.373256][T17508] CPU: 3 UID: 0 PID: 17508 Comm: syz.0.3217 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  652.373270][T17508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  652.373277][T17508] Call Trace:
[  652.373282][T17508]  <TASK>
[  652.373287][T17508]  dump_stack_lvl+0x16c/0x1f0
[  652.373306][T17508]  should_fail_ex+0x512/0x640
[  652.373324][T17508]  _copy_from_user+0x2e/0xd0
[  652.373341][T17508]  bpf_prog_test_run_xdp+0x11b9/0x1590
[  652.373357][T17508]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  652.373368][T17508]  ? __might_fault+0x70/0x190
[  652.373386][T17508]  ? fput+0x70/0xf0
[  652.373397][T17508]  ? __bpf_prog_get+0x97/0x2a0
[  652.373411][T17508]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  652.373421][T17508]  __sys_bpf+0x1485/0x4d80
[  652.373433][T17508]  ? __pfx___sys_bpf+0x10/0x10
[  652.373442][T17508]  ? ksys_write+0x190/0x250
[  652.373459][T17508]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  652.373486][T17508]  ? fput+0x70/0xf0
[  652.373496][T17508]  ? ksys_write+0x1ac/0x250
[  652.373510][T17508]  ? __pfx_ksys_write+0x10/0x10
[  652.373527][T17508]  __ia32_sys_bpf+0x76/0xe0
[  652.373538][T17508]  __do_fast_syscall_32+0x7c/0x3a0
[  652.373555][T17508]  do_fast_syscall_32+0x32/0x80
[  652.373571][T17508]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  652.373584][T17508] RIP: 0023:0xf712e579
[  652.373593][T17508] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  652.373603][T17508] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  652.373613][T17508] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000c80
[  652.373619][T17508] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  652.373626][T17508] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  652.373632][T17508] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  652.373638][T17508] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  652.373650][T17508]  </TASK>
[  652.519696][T17510] tmpfs: Bad value for 'usrquota_block_hardlimit'
[  652.727363][T17519] netlink: 'syz.5.3223': attribute type 4 has an invalid length.
[  652.803194][ T5965] Bluetooth: hci1: unexpected event 0x04 length: 4 < 10
[  652.809707][T17523] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  653.214555][T17529] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3226'.
[  653.291001][   T40] kauditd_printk_skb: 187 callbacks suppressed
[  653.291017][   T40] audit: type=1326 audit(263082.872:2875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17526 comm="syz.4.3225" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fc7579 code=0x7ffc0000
[  653.310043][   T40] audit: type=1326 audit(263082.872:2876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17526 comm="syz.4.3225" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7fc75a7 code=0x7ffc0000
[  653.316471][   T40] audit: type=1326 audit(263082.872:2877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17526 comm="syz.4.3225" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000
[  653.323064][   T40] audit: type=1326 audit(263082.872:2878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17526 comm="syz.4.3225" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fc7579 code=0x7ffc0000
[  653.329517][   T40] audit: type=1326 audit(263082.872:2879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17526 comm="syz.4.3225" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7fc75a7 code=0x7ffc0000
[  653.335877][   T40] audit: type=1326 audit(263082.872:2880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17526 comm="syz.4.3225" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000
[  653.342775][   T40] audit: type=1326 audit(263082.872:2881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17526 comm="syz.4.3225" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x7ffc0000
[  653.350860][   T40] audit: type=1326 audit(263082.872:2882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17526 comm="syz.4.3225" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fc7579 code=0x7ffc0000
[  653.357419][   T40] audit: type=1326 audit(263082.872:2883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17526 comm="syz.4.3225" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7fc75a7 code=0x7ffc0000
[  653.363742][   T40] audit: type=1326 audit(263082.872:2884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17526 comm="syz.4.3225" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7fc7579 code=0x7ffc0000
[  653.386311][T17534] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[  653.675963][T17527] fuseblk: Bad value for 'fd'
[  654.349105][T17554] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3232'.
[  655.379934][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  655.381949][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  655.421172][T17570] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  655.775039][T17574] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  656.360666][T17580] batadv1: entered promiscuous mode
[  656.649943][T17582] openvswitch: netlink: Flow key attr not present in new flow.
[  656.914383][T17587] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3241'.
[  657.225528][T13828] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[  657.378086][T13828] usb 5-1: Using ep0 maxpacket: 8
[  657.388804][T13828] usb 5-1: config 0 interface 0 has no altsetting 0
[  657.390911][T13828] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  657.393715][T13828] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  657.403240][T13828] usb 5-1: config 0 descriptor??
[  657.526493][T17608] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  658.212210][T17614] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3249'.
[  658.351494][T13828] mcp2221 0003:04D8:00DD.0064: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  658.376634][T17620] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[  658.446305][    T9] usb 8-1: new high-speed USB device number 106 using dummy_hcd
[  658.551270][T13828] usb 5-1: USB disconnect, device number 112
[  658.597324][    T9] usb 8-1: Using ep0 maxpacket: 8
[  658.601097][    T9] usb 8-1: config 0 has an invalid interface number: 55 but max is 0
[  658.603608][    T9] usb 8-1: config 0 has no interface number 0
[  658.605506][    T9] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  658.613011][    T9] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  658.618969][    T9] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  658.623752][    T9] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  658.628769][    T9] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  658.631555][    T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.636823][    T9] usb 8-1: config 0 descriptor??
[  658.644501][    T9] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  658.657768][T17623] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  658.840529][T17611] netlink: 'syz.3.3248': attribute type 27 has an invalid length.
[  658.845099][T17611] tipc: Resetting bearer <eth:gre0>
[  658.900642][T17611] .: left promiscuous mode
[  659.064939][T17611] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  659.069527][T17611] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  659.072777][T17611] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  659.076035][T17611] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  659.120946][T16162] usb 8-1: USB disconnect, device number 106
[  659.124532][T17632] 9pnet_virtio: no channels available for device syz
[  659.124806][T16162] ldusb 8-1:0.55: LD USB Device #0 now disconnected
[  659.126816][T17632] 9pnet_virtio: no channels available for device syz
[  659.131174][T17632] 9pnet_virtio: no channels available for device syz
[  659.133538][T17632] 9pnet_virtio: no channels available for device syz
[  659.135818][T17632] 9pnet_virtio: no channels available for device syz
[  659.138093][T17632] 9pnet_virtio: no channels available for device syz
[  659.141492][T17632] 9pnet_virtio: no channels available for device syz
[  659.143868][T17632] 9pnet_virtio: no channels available for device syz
[  659.146115][T17632] 9pnet_virtio: no channels available for device syz
[  659.148293][T17632] 9pnet_virtio: no channels available for device syz
[  659.150738][T17632] 9pnet_virtio: no channels available for device syz
[  659.153130][T17632] 9pnet_virtio: no channels available for device syz
[  659.155508][T17632] 9pnet_virtio: no channels available for device syz
[  659.157737][T17632] 9pnet_virtio: no channels available for device syz
[  659.162444][T17632] 9pnet_virtio: no channels available for device syz
[  659.164702][T17632] 9pnet_virtio: no channels available for device syz
[  659.167885][T17632] 9pnet_virtio: no channels available for device syz
[  659.177211][T17632] 9pnet_virtio: no channels available for device syz
[  659.179632][T17632] 9pnet_virtio: no channels available for device syz
[  659.181799][T17632] 9pnet_virtio: no channels available for device syz
[  659.183993][T17632] 9pnet_virtio: no channels available for device syz
[  659.186185][T17632] 9pnet_virtio: no channels available for device syz
[  659.207180][T17632] 9pnet_virtio: no channels available for device syz
[  659.216789][T17632] 9pnet_virtio: no channels available for device syz
[  659.224507][T17632] 9pnet_virtio: no channels available for device syz
[  659.226907][T17632] 9pnet_virtio: no channels available for device syz
[  659.229127][T17632] 9pnet_virtio: no channels available for device syz
[  659.231307][T17632] 9pnet_virtio: no channels available for device syz
[  659.233594][T17632] 9pnet_virtio: no channels available for device syz
[  659.237012][T17632] 9pnet_virtio: no channels available for device syz
[  659.239178][T17632] 9pnet_virtio: no channels available for device syz
[  659.241322][T17632] 9pnet_virtio: no channels available for device syz
[  659.243610][T17632] 9pnet_virtio: no channels available for device syz
[  659.245910][T17632] 9pnet_virtio: no channels available for device syz
[  659.248492][T17632] 9pnet_virtio: no channels available for device syz
[  659.250652][T17632] 9pnet_virtio: no channels available for device syz
[  659.253023][T17632] 9pnet_virtio: no channels available for device syz
[  659.255447][T17632] 9pnet_virtio: no channels available for device syz
[  659.257578][T17632] 9pnet_virtio: no channels available for device syz
[  659.259736][T17632] 9pnet_virtio: no channels available for device syz
[  659.261877][T17632] 9pnet_virtio: no channels available for device syz
[  659.264880][T17632] 9pnet_virtio: no channels available for device syz
[  659.267194][T17632] 9pnet_virtio: no channels available for device syz
[  659.269344][T17632] 9pnet_virtio: no channels available for device syz
[  659.271501][T17632] 9pnet_virtio: no channels available for device syz
[  659.274397][T17632] 9pnet_virtio: no channels available for device syz
[  659.276531][T17632] 9pnet_virtio: no channels available for device syz
[  659.278700][T17632] 9pnet_virtio: no channels available for device syz
[  659.280861][T17632] 9pnet_virtio: no channels available for device syz
[  659.283150][T17632] 9pnet_virtio: no channels available for device syz
[  659.285108][T17632] 9pnet_virtio: no channels available for device syz
[  659.287189][T17632] 9pnet_virtio: no channels available for device syz
[  659.289352][T17632] 9pnet_virtio: no channels available for device syz
[  659.291534][T17632] 9pnet_virtio: no channels available for device syz
[  659.293876][T17632] 9pnet_virtio: no channels available for device syz
[  659.296071][T17632] 9pnet_virtio: no channels available for device syz
[  659.298264][T17632] 9pnet_virtio: no channels available for device syz
[  659.300379][T17632] 9pnet_virtio: no channels available for device syz
[  659.302613][T17632] 9pnet_virtio: no channels available for device syz
[  659.304836][T17632] 9pnet_virtio: no channels available for device syz
[  659.306947][T17632] 9pnet_virtio: no channels available for device syz
[  659.309085][T17632] 9pnet_virtio: no channels available for device syz
[  659.311235][T17632] 9pnet_virtio: no channels available for device syz
[  659.314013][T17632] 9pnet_virtio: no channels available for device syz
[  659.340296][ T6025] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[  659.373287][T17636] FAULT_INJECTION: forcing a failure.
[  659.373287][T17636] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  659.377309][T17636] CPU: 3 UID: 0 PID: 17636 Comm: syz.0.3255 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  659.377323][T17636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  659.377330][T17636] Call Trace:
[  659.377335][T17636]  <TASK>
[  659.377339][T17636]  dump_stack_lvl+0x16c/0x1f0
[  659.377359][T17636]  should_fail_ex+0x512/0x640
[  659.377376][T17636]  _copy_from_user+0x2e/0xd0
[  659.377398][T17636]  copy_from_sockptr_offset+0x15c/0x1b0
[  659.377416][T17636]  ? __pfx_copy_from_sockptr_offset+0x10/0x10
[  659.377435][T17636]  ? __local_bh_enable_ip+0xa4/0x120
[  659.377449][T17636]  tls_setsockopt+0x8c3/0x19d0
[  659.377465][T17636]  ? __pfx___might_resched+0x10/0x10
[  659.377479][T17636]  ? __pfx_tls_setsockopt+0x10/0x10
[  659.377495][T17636]  ? aa_sk_perm+0x2f4/0xb10
[  659.377513][T17636]  ? sock_common_setsockopt+0x2e/0xf0
[  659.377525][T17636]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  659.377536][T17636]  do_sock_setsockopt+0x224/0x470
[  659.377547][T17636]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  659.377566][T17636]  __sys_setsockopt+0x120/0x1a0
[  659.377583][T17636]  __ia32_sys_setsockopt+0xbc/0x160
[  659.377597][T17636]  ? lockdep_hardirqs_on+0x7c/0x110
[  659.377612][T17636]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  659.377628][T17636]  __do_fast_syscall_32+0x7c/0x3a0
[  659.377646][T17636]  do_fast_syscall_32+0x32/0x80
[  659.377662][T17636]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  659.377676][T17636] RIP: 0023:0xf712e579
[  659.377685][T17636] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  659.377695][T17636] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  659.377705][T17636] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011a
[  659.377712][T17636] RDX: 0000000000000002 RSI: 0000000080000100 RDI: 0000000000000028
[  659.377719][T17636] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  659.377725][T17636] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  659.377731][T17636] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  659.377744][T17636]  </TASK>
[  659.483126][ T6025] usb 9-1: Using ep0 maxpacket: 8
[  659.486462][ T6025] usb 9-1: config 0 has an invalid interface number: 186 but max is 0
[  659.488927][ T6025] usb 9-1: config 0 has no interface number 0
[  659.490803][ T6025] usb 9-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  659.494516][ T6025] usb 9-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  659.497963][ T6025] usb 9-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  659.501219][ T6025] usb 9-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  659.507468][ T6025] usb 9-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  659.510227][ T6025] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.512866][ T6025] usb 9-1: Product: syz
[  659.514225][ T6025] usb 9-1: Manufacturer: syz
[  659.515666][ T6025] usb 9-1: SerialNumber: syz
[  659.518265][ T6025] usb 9-1: config 0 descriptor??
[  659.724685][ T6025] iowarrior 9-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[  659.745597][T17639] 8021q: VLANs not supported on ip6_vti0
[  659.850784][T17641] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  659.898118][T17643] netdevsim netdevsim0: Direct firmware load for @ failed with error -2
[  659.900683][T17643] netdevsim netdevsim0: Falling back to sysfs fallback for: @
[  659.911777][    T9] usb 9-1: USB disconnect, device number 20
[  660.039275][T17645] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3259'.
[  660.386541][T17650] ubi: mtd0 is already attached to ubi31
[  660.416235][T17652] cgroup: Unknown subsys name 'fowner>00000000000000000000'
[  660.418678][T17652] batadv_slave_1: entered promiscuous mode
[  660.433439][T14045] kernel write not supported for file /snd/pcmC0D0p (pid: 14045 comm: kworker/3:0)
[  660.535537][T17651] batadv_slave_1: left promiscuous mode
[  662.085930][ T6025] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  662.229339][T17680] 8021q: VLANs not supported on ip6_vti0
[  662.664250][T17696] fuse: Unknown parameter '0x0000000000000008'
[  662.771791][T17699] bridge_slave_0: left allmulticast mode
[  662.773762][T17699] bridge_slave_0: left promiscuous mode
[  662.776760][T17699] bridge0: port 1(bridge_slave_0) entered disabled state
[  662.787709][T17699] bridge_slave_1: left allmulticast mode
[  662.817380][T17699] bridge_slave_1: left promiscuous mode
[  662.819658][T17699] bridge0: port 2(bridge_slave_1) entered disabled state
[  662.876627][T17703] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3272'.
[  663.033635][T17712] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9)
[  663.036288][T17712] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  663.039718][T17712] vhci_hcd vhci_hcd.0: Device attached
[  663.055418][T17699] bond0: (slave bond_slave_0): Releasing backup interface
[  663.067670][T17699] bond0: (slave bond_slave_1): Releasing backup interface
[  663.214080][T17717] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  663.262298][T17699] team0: Port device team_slave_0 removed
[  663.306616][T17699] team0: Port device team_slave_1 removed
[  663.318692][T17699] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  663.324332][T17699] batman_adv: batadv0: Removing interface: batadv_slave_0
[  663.332737][T17699] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  663.337515][T17714] vhci_hcd: connection closed
[  663.337863][   T92] vhci_hcd: stop threads
[  663.337950][T17699] batman_adv: batadv0: Removing interface: batadv_slave_1
[  663.339935][   T92] vhci_hcd: release socket
[  663.346460][   T92] vhci_hcd: disconnect device
[  663.378910][T16162] usb 45-1: new high-speed USB device number 2 using vhci_hcd
[  663.381521][T16162] usb 45-1: enqueue for inactive port 0
[  663.433018][T17721] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3274'.
[  663.464516][T16162] vhci_hcd: vhci_device speed not set
[  669.984383][T17745] sp0: Synchronizing with TNC
[  669.987122][T17745] sp0: Found TNC
[  670.199161][T17757] fuse: Unknown parameter '0x0000000000000008'
[  670.629013][T17749] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  670.733590][   T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  670.974261][T17780] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3284'.
[  671.050226][T17782] 8021q: VLANs not supported on ip6_vti0
[  679.041525][T17824] Invalid logical block size (1)
[  679.045842][T17824] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3290'.
[  679.251508][T17839] fuse: Unknown parameter 'fd0x0000000000000008'
[  679.314589][T17840] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  679.320961][T17840] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  679.327305][T17840] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  679.332281][T17840] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  679.336501][T17840] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  679.340468][T17840] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  679.344270][T17840] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  679.347973][T17840] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  679.351434][T17840] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  679.355124][T17840] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  680.412035][T17855] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(10)
[  680.414138][T17855] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  680.417044][T17855] vhci_hcd vhci_hcd.0: Device attached
[  680.659438][T16162] usb 47-1: new high-speed USB device number 3 using vhci_hcd
[  680.726211][T17861] netlink: 'syz.3.3299': attribute type 3 has an invalid length.
[  680.770622][T17862] bridge_slave_0: left allmulticast mode
[  680.772479][T17862] bridge_slave_0: left promiscuous mode
[  680.774435][T17862] bridge0: port 1(bridge_slave_0) entered disabled state
[  680.877533][T17864] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10)
[  680.880003][T17864] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  680.882705][T17864] vhci_hcd vhci_hcd.0: Device attached
[  681.099246][T17856] vhci_hcd: connection reset by peer
[  681.101861][   T92] vhci_hcd: stop threads
[  681.103278][   T92] vhci_hcd: release socket
[  681.108335][   T92] vhci_hcd: disconnect device
[  681.220684][  T839] usb 37-1: new high-speed USB device number 3 using vhci_hcd
[  681.245650][T17865] vhci_hcd: connection reset by peer
[  681.248318][   T60] vhci_hcd: stop threads
[  681.249182][T17862] bridge_slave_1: left allmulticast mode
[  681.249974][   T60] vhci_hcd: release socket
[  681.252007][T17862] bridge_slave_1: left promiscuous mode
[  681.252119][T17862] bridge0: port 2(bridge_slave_1) entered disabled state
[  681.255567][   T60] vhci_hcd: disconnect device
[  681.273255][T17862] bond0: (slave bond_slave_0): Releasing backup interface
[  681.278921][T17862] bond0: (slave bond_slave_1): Releasing backup interface
[  681.299801][T17862] team0: Port device team_slave_0 removed
[  681.309378][T17862] team0: Port device team_slave_1 removed
[  681.311590][T17862] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  681.313928][T17862] batman_adv: batadv0: Removing interface: batadv_slave_0
[  681.338499][T17862] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  681.340855][T17862] batman_adv: batadv0: Removing interface: batadv_slave_1
[  681.353508][T17862] bond0: (slave macvlan0): Releasing backup interface
[  681.359573][T17862] veth1_vlan: left allmulticast mode
[  681.366835][T17862] batman_adv: batadv0: Removing interface: ip6gretap1
[  681.448921][T17871] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10)
[  681.451711][T17871] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  681.458433][T17871] vhci_hcd vhci_hcd.0: Device attached
[  681.626309][T17872] vhci_hcd: connection closed
[  681.626877][   T60] vhci_hcd: stop threads
[  681.629710][   T60] vhci_hcd: release socket
[  681.635600][   T60] vhci_hcd: disconnect device
[  681.696443][ T6025] usb 43-1: new high-speed USB device number 4 using vhci_hcd
[  681.698943][ T6025] usb 43-1: enqueue for inactive port 0
[  681.763543][ T6025] vhci_hcd: vhci_device speed not set
[  682.102782][T17877] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3301'.
[  682.173757][T17881] batadv_slave_1: entered promiscuous mode
[  682.181135][T17880] batadv_slave_1: left promiscuous mode
[  682.234367][T17884] Invalid logical block size (1)
[  682.238148][T17884] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3303'.
[  682.943727][T17889] binder: 17887:17889 ioctl c0306201 0 returned -14
[  683.161650][T17907] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3311'.
[  683.428842][T17914] netlink: 'syz.0.3313': attribute type 3 has an invalid length.
[  683.765464][T17918] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10)
[  683.767545][T17918] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  683.777844][T17918] vhci_hcd vhci_hcd.0: Device attached
[  683.958442][T17924] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10)
[  683.960570][T17924] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  683.963215][T17924] vhci_hcd vhci_hcd.0: Device attached
[  684.070672][   T29] usb 43-1: new high-speed USB device number 5 using vhci_hcd
[  684.086657][T17919] vhci_hcd: connection reset by peer
[  684.091167][   T12] vhci_hcd: stop threads
[  684.093604][   T12] vhci_hcd: release socket
[  684.096072][   T12] vhci_hcd: disconnect device
[  684.266341][T17925] vhci_hcd: connection closed
[  684.266521][   T92] vhci_hcd: stop threads
[  684.269562][   T92] vhci_hcd: release socket
[  684.271048][   T92] vhci_hcd: disconnect device
[  684.552233][T17930] e1000e 0000:00:02.0 eth1: NIC Link is Down
[  685.200677][T17977] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3320'.
[  685.202475][T17973] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  685.509599][T17985] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3316'.
[  685.515893][T17987] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  685.573717][T16162] vhci_hcd: vhci_device speed not set
[  686.098257][  T839] vhci_hcd: vhci_device speed not set
[  686.663670][T18003] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3326'.
[  687.884565][T18020] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3330'.
[  688.003555][T16220] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  688.504635][T18039] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  688.518369][T18040] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3333'.
[  689.015655][T18044] bridge_slave_0: left allmulticast mode
[  689.018577][T18044] bridge_slave_0: left promiscuous mode
[  689.020650][T18044] bridge0: port 1(bridge_slave_0) entered disabled state
[  689.080702][   T29] vhci_hcd: vhci_device speed not set
[  689.089275][T18046] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(10)
[  689.091347][T18046] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  689.093734][T18046] vhci_hcd vhci_hcd.0: Device attached
[  689.257966][T18044] bridge_slave_1: left allmulticast mode
[  689.271509][T18044] bridge_slave_1: left promiscuous mode
[  689.274527][T18044] bridge0: port 2(bridge_slave_1) entered disabled state
[  689.289752][T18047] vhci_hcd: connection closed
[  689.289874][ T1139] vhci_hcd: stop threads
[  689.292776][ T1139] vhci_hcd: release socket
[  689.294177][ T1139] vhci_hcd: disconnect device
[  689.300936][T18044] bond0: (slave bond_slave_0): Releasing backup interface
[  689.312176][T18044] bond0: (slave bond_slave_1): Releasing backup interface
[  689.334751][T18044] team0: Port device team_slave_0 removed
[  689.349260][T18044] team0: Port device team_slave_1 removed
[  689.353798][T18044] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  689.357400][  T839] vhci_hcd: vhci_device speed not set
[  689.363638][T18044] batman_adv: batadv0: Removing interface: batadv_slave_0
[  689.371439][T18044] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  689.384687][T18044] batman_adv: batadv0: Removing interface: batadv_slave_1
[  689.390874][T18044] batman_adv: batadv0: Removing interface: ip6gretap1
[  689.429957][ T6042] syz1: Port: 1 Link DOWN
[  691.133014][T18083] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3341'.
[  691.341544][T18094] netlink: 'syz.5.3342': attribute type 4 has an invalid length.
[  691.384078][T14045] usb 8-1: new high-speed USB device number 107 using dummy_hcd
[  691.558304][T14045] usb 8-1: Using ep0 maxpacket: 8
[  691.565233][T14045] usb 8-1: config 0 interface 0 has no altsetting 0
[  691.568266][T14045] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  691.571417][T14045] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  691.586450][T14045] usb 8-1: config 0 descriptor??
[  691.996797][T14045] mcp2221 0003:04D8:00DD.0065: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[  692.193055][   T24] usb 8-1: USB disconnect, device number 107
[  692.744697][T18100] syz.0.3346 (18100) used greatest stack depth: 20216 bytes left
[  693.525429][T18126] sctp_transport_update_pmtu: 47 callbacks suppressed
[  693.525468][T18126] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  693.532381][T18126] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  693.536049][T18126] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  693.544227][T18126] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  693.547900][T18126] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  693.551875][T18126] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  693.555765][T18126] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  693.559864][T18126] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  693.563581][T18126] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  693.567141][T18126] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[  693.896894][T18131] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3353'.
[  694.031527][T18139] snd_dummy snd_dummy.0: control 1:0:0:syz0:-3 is already present
[  694.108011][T18140] nbd: must specify at least one socket
[  694.937031][T18119] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  695.239416][T18146] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  695.330883][T18164] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3362'.
[  695.880682][   T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  697.852624][ T5965] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  697.858713][ T5965] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  697.862017][ T5965] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  697.867610][ T5965] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  697.869124][T18212] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3371'.
[  697.870499][ T5965] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  697.894372][T18208] lo speed is unknown, defaulting to 1000
[  697.965939][T18219] netlink: 'syz.3.3372': attribute type 10 has an invalid length.
[  697.975329][T18219] team0: Port device dummy0 added
[  697.988478][T18208] chnl_net:caif_netlink_parms(): no params data found
[  698.199193][T18208] bridge0: port 1(bridge_slave_0) entered blocking state
[  698.201921][T18208] bridge0: port 1(bridge_slave_0) entered disabled state
[  698.204497][T18208] bridge_slave_0: entered allmulticast mode
[  698.207985][T18208] bridge_slave_0: entered promiscuous mode
[  698.218189][T18208] bridge0: port 2(bridge_slave_1) entered blocking state
[  698.228441][T18208] bridge0: port 2(bridge_slave_1) entered disabled state
[  698.235964][T18208] bridge_slave_1: entered allmulticast mode
[  698.245227][T18208] bridge_slave_1: entered promiscuous mode
[  698.312869][T18208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  698.319381][T18208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  698.362029][T18208] team0: Port device team_slave_0 added
[  698.368179][T18208] team0: Port device team_slave_1 added
[  698.415823][T18208] batman_adv: batadv0: Adding interface: batadv_slave_0
[  698.418086][T18208] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  698.426218][T18208] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  698.432861][T18208] batman_adv: batadv0: Adding interface: batadv_slave_1
[  698.435883][T18208] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  698.443809][T18208] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  698.506884][T18208] hsr_slave_0: entered promiscuous mode
[  698.509065][T18208] hsr_slave_1: entered promiscuous mode
[  698.511400][T18208] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  698.513678][T18208] Cannot create hsr debugfs directory
[  698.670339][T18221] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  698.687667][T18208] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  698.728173][T18208] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  698.734744][T18208] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  698.741108][T18208] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  698.763221][T18208] bridge0: port 2(bridge_slave_1) entered blocking state
[  698.765484][T18208] bridge0: port 2(bridge_slave_1) entered forwarding state
[  698.767795][T18208] bridge0: port 1(bridge_slave_0) entered blocking state
[  698.769960][T18208] bridge0: port 1(bridge_slave_0) entered forwarding state
[  698.849085][T18208] 8021q: adding VLAN 0 to HW filter on device bond0
[  698.858785][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  698.866388][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  698.893082][T18208] 8021q: adding VLAN 0 to HW filter on device team0
[  698.954747][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  698.957720][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  698.966471][   T92] bridge0: port 2(bridge_slave_1) entered blocking state
[  698.968772][   T92] bridge0: port 2(bridge_slave_1) entered forwarding state
[  699.214672][T18208] 8021q: adding VLAN 0 to HW filter on device batadv0
[  699.496482][T18208] veth0_vlan: entered promiscuous mode
[  699.505631][T18208] veth1_vlan: entered promiscuous mode
[  699.539149][T18208] veth0_macvtap: entered promiscuous mode
[  699.544646][T18208] veth1_macvtap: entered promiscuous mode
[  699.563991][T18208] batman_adv: batadv0: Interface activated: batadv_slave_0
[  699.570885][T18208] batman_adv: batadv0: Interface activated: batadv_slave_1
[  699.575455][T18208] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  699.578303][T18208] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  699.580909][T18208] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  699.583535][T18208] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  699.615595][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  699.618673][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  699.631739][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  699.635174][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  701.013762][T18277] block device autoloading is deprecated and will be removed.
[  701.054813][T18277] lo speed is unknown, defaulting to 1000
[  702.130258][T18286] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  702.713193][T18311] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3390'.
[  702.716790][T18313] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3389'.
[  702.944285][T18324] tmpfs: User quota block hardlimit too large.
[  703.088480][T18309] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  703.120593][T18316] 8021q: adding VLAN 0 to HW filter on device batadv4
[  703.125820][T18316] team0: Failed to send port change of device batadv4 via netlink (err -105)
[  703.130942][T18316] team0: Failed to send options change via netlink (err -105)
[  703.133323][T18316] team0: Port device batadv4 added
[  703.184689][T18309] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  703.387244][T18309] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  703.609301][T18309] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  703.706349][T18309] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  703.711533][T18335] netlink: 72 bytes leftover after parsing attributes in process `syz.6.3396'.
[  703.721379][T18309] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  703.732156][T18309] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  703.743401][T18309] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  703.888773][T18329] input: syz1 as /devices/virtual/input/input94
[  704.010895][T18344] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3399'.
[  704.122790][T18352] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3401'.
[  704.174386][T18355] FAULT_INJECTION: forcing a failure.
[  704.174386][T18355] name failslab, interval 1, probability 0, space 0, times 0
[  704.178732][T18355] CPU: 3 UID: 0 PID: 18355 Comm: syz.6.3401 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  704.178746][T18355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  704.178753][T18355] Call Trace:
[  704.178757][T18355]  <TASK>
[  704.178762][T18355]  dump_stack_lvl+0x16c/0x1f0
[  704.178782][T18355]  should_fail_ex+0x512/0x640
[  704.178798][T18355]  ? trace_contention_end+0xdd/0x130
[  704.178815][T18355]  should_failslab+0xc2/0x120
[  704.178826][T18355]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  704.178842][T18355]  ? hci_sock_sendmsg+0xde2/0x25f0
[  704.178858][T18355]  ? __alloc_skb+0x2b2/0x380
[  704.178875][T18355]  __alloc_skb+0x2b2/0x380
[  704.178890][T18355]  ? __pfx___alloc_skb+0x10/0x10
[  704.178910][T18355]  hci_sock_sendmsg+0x1a6f/0x25f0
[  704.178928][T18355]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  704.178948][T18355]  sock_write_iter+0x4fc/0x5b0
[  704.178961][T18355]  ? __pfx_sock_write_iter+0x10/0x10
[  704.178979][T18355]  ? bpf_lsm_file_permission+0x9/0x10
[  704.178991][T18355]  ? security_file_permission+0x71/0x210
[  704.179006][T18355]  ? rw_verify_area+0xcf/0x680
[  704.179021][T18355]  vfs_write+0x6c7/0x1150
[  704.179037][T18355]  ? __pfx_sock_write_iter+0x10/0x10
[  704.179050][T18355]  ? __pfx_vfs_write+0x10/0x10
[  704.179063][T18355]  ? find_held_lock+0x2b/0x80
[  704.179083][T18355]  ksys_write+0x1f8/0x250
[  704.179097][T18355]  ? __pfx_ksys_write+0x10/0x10
[  704.179113][T18355]  ? rcu_is_watching+0x12/0xc0
[  704.179127][T18355]  __do_fast_syscall_32+0x7c/0x3a0
[  704.179144][T18355]  do_fast_syscall_32+0x32/0x80
[  704.179160][T18355]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  704.179174][T18355] RIP: 0023:0xf70be579
[  704.179183][T18355] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  704.179193][T18355] RSP: 002b:00000000f508d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  704.179204][T18355] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000340
[  704.179210][T18355] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000000
[  704.179216][T18355] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  704.179222][T18355] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  704.179229][T18355] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  704.179242][T18355]  </TASK>
[  704.179249][T18355] Bluetooth: MGMT ver 1.23
[  704.807842][T18375] capability: warning: `syz.0.3405' uses 32-bit capabilities (legacy support in use)
[  705.434367][ T6689] usb 11-1: new high-speed USB device number 2 using dummy_hcd
[  705.587464][ T6689] usb 11-1: Using ep0 maxpacket: 8
[  705.593159][ T6689] usb 11-1: config 0 interface 0 has no altsetting 0
[  705.598590][ T6689] usb 11-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  705.602731][ T6689] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  705.612540][ T6689] usb 11-1: config 0 descriptor??
[  706.003816][ T6689] mcp2221 0003:04D8:00DD.0066: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0
[  706.216279][ T6689] usb 11-1: USB disconnect, device number 2
[  706.679084][T18415] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input95
[  707.039137][T18422] bridge_slave_0: left allmulticast mode
[  707.041686][T18422] bridge_slave_0: left promiscuous mode
[  707.045601][T18422] bridge0: port 1(bridge_slave_0) entered disabled state
[  707.054974][T18422] bridge_slave_1: left allmulticast mode
[  707.056861][T18422] bridge_slave_1: left promiscuous mode
[  707.059052][T18422] bridge0: port 2(bridge_slave_1) entered disabled state
[  707.077509][T18422] bond0: (slave bond_slave_0): Releasing backup interface
[  707.109068][T18422] bond0: (slave bond_slave_1): Releasing backup interface
[  707.140987][T18422] team0: Port device team_slave_0 removed
[  707.192722][T18422] team0: Port device team_slave_1 removed
[  707.198646][T18422] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  707.201224][T18422] batman_adv: batadv0: Removing interface: batadv_slave_0
[  707.216657][T18422] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  707.219236][T18422] batman_adv: batadv0: Removing interface: batadv_slave_1
[  707.232355][T18429] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(10)
[  707.234456][T18429] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  707.381944][T18429] vhci_hcd vhci_hcd.0: Device attached
[  707.553519][T18430] vhci_hcd: connection closed
[  707.553705][   T12] vhci_hcd: stop threads
[  707.556719][   T12] vhci_hcd: release socket
[  707.558240][   T12] vhci_hcd: disconnect device
[  707.789792][T16162] vhci_hcd: vhci_device speed not set
[  708.089101][T18444] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  708.129897][T18445] netlink: 'syz.3.3419': attribute type 4 has an invalid length.
[  708.854591][T16803] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[  709.279300][T16803] usb 5-1: Using ep0 maxpacket: 8
[  709.282090][T16803] usb 5-1: config 0 interface 0 has no altsetting 0
[  709.284294][T16803] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  709.287092][T16803] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  709.290795][T16803] usb 5-1: config 0 descriptor??
[  709.690766][T16803] mcp2221 0003:04D8:00DD.0067: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  709.773335][T18463] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  709.866979][T16803] usb 5-1: USB disconnect, device number 113
[  710.051705][T18479] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3430'.
[  710.834843][T18482] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  711.217217][T18489] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  711.582158][T18495] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  713.816957][ T9091] usb 11-1: new high-speed USB device number 3 using dummy_hcd
[  713.920239][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  713.932156][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  713.978750][ T9091] usb 11-1: Using ep0 maxpacket: 8
[  713.989806][ T9091] usb 11-1: config 0 interface 0 has no altsetting 0
[  713.992030][ T9091] usb 11-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  713.995306][ T9091] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  714.045826][ T9091] usb 11-1: config 0 descriptor??
[  714.431954][ T9091] mcp2221 0003:04D8:00DD.0068: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0
[  714.620715][ T6025] usb 11-1: USB disconnect, device number 3
[  715.111467][T18446] syz.3.3419 (18446) used greatest stack depth: 19672 bytes left
[  715.128623][T18473] syz.3.3427 (18473) used greatest stack depth: 19336 bytes left
[  715.433566][T18559] tmpfs: User quota block hardlimit too large.
[  715.737447][T18568] input: syz1 as /devices/virtual/input/input96
[  715.986344][T18566] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3448'.
[  715.989641][T18566] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3448'.
[  716.403315][T18580] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3451'.
[  716.832744][T18586] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  717.103397][T18590] erspan0: entered promiscuous mode
[  717.109783][T18590] netlink: 31 bytes leftover after parsing attributes in process `syz.4.3453'.
[  717.789311][T18601] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  718.281227][T18613] ubi: mtd0 is already attached to ubi31
[  718.563958][T18623] cgroup: fork rejected by pids controller in /syz6
[  718.960608][T18747] kvm: pic: single mode not supported
[  718.960633][T18747] kvm: pic: level sensitive irq not supported
[  718.967664][T18747] kvm: pic: level sensitive irq not supported
[  719.313172][ T5965] Bluetooth: hci1: command 0x0406 tx timeout
[  720.308868][T18762] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  720.745413][T18765] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  721.965542][T18801] fuse: Bad value for 'fd'
[  721.971090][T18801] syz.3.3485 (18801): /proc/18798/oom_adj is deprecated, please use /proc/18798/oom_score_adj instead.
[  722.026260][T18804] netlink: 'syz.4.3487': attribute type 2 has an invalid length.
[  722.047297][T18804] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3487'.
[  722.075235][T18805] ucma_write: process 379 (syz.4.3487) changed security contexts after opening file descriptor, this is not allowed.
[  722.175472][ T5965] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  722.179917][ T5965] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  722.183097][ T5965] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  722.187990][ T5965] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  722.194047][ T5965] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  722.221527][T18806] lo speed is unknown, defaulting to 1000
[  722.373051][T18806] chnl_net:caif_netlink_parms(): no params data found
[  722.397988][T18796] warn_alloc: 2 callbacks suppressed
[  722.397999][T18796] syz.0.3484: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[  722.405859][T18796] CPU: 0 UID: 0 PID: 18796 Comm: syz.0.3484 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  722.405874][T18796] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  722.405881][T18796] Call Trace:
[  722.405885][T18796]  <TASK>
[  722.405890][T18796]  dump_stack_lvl+0x16c/0x1f0
[  722.405909][T18796]  warn_alloc+0x248/0x3a0
[  722.405927][T18796]  ? __pfx_warn_alloc+0x10/0x10
[  722.405947][T18796]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  722.405960][T18796]  ? __vmalloc_node_noprof+0xad/0xf0
[  722.405976][T18796]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  722.405993][T18796]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  722.406009][T18796]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  722.406027][T18796]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  722.406039][T18796]  vmalloc_user_noprof+0x9e/0xe0
[  722.406052][T18796]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  722.406064][T18796]  vb2_vmalloc_alloc+0x135/0x3f0
[  722.406077][T18796]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  722.406089][T18796]  __vb2_queue_alloc+0x8c9/0x1280
[  722.406108][T18796]  vb2_core_reqbufs+0xa90/0xfe0
[  722.406122][T18796]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  722.406133][T18796]  ? __pfx___mutex_trylock_common+0x10/0x10
[  722.406150][T18796]  ? __pfx___might_resched+0x10/0x10
[  722.406164][T18796]  ? trace_contention_end+0xdd/0x130
[  722.406179][T18796]  ? __mutex_lock+0x1ca/0xb90
[  722.406196][T18796]  vb2_reqbufs+0x1a3/0x1f0
[  722.406213][T18796]  ? __pfx_vb2_reqbufs+0x10/0x10
[  722.406230][T18796]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  722.406247][T18796]  v4l2_m2m_ioctl_reqbufs+0xdc/0x1e0
[  722.406266][T18796]  v4l_reqbufs+0x14f/0x1e0
[  722.406280][T18796]  __video_do_ioctl+0xb40/0xfc0
[  722.406296][T18796]  ? __might_fault+0xe3/0x190
[  722.406311][T18796]  ? __pfx___video_do_ioctl+0x10/0x10
[  722.406331][T18796]  video_usercopy+0x47c/0x1440
[  722.406347][T18796]  ? __pfx___video_do_ioctl+0x10/0x10
[  722.406362][T18796]  ? __pfx_video_usercopy+0x10/0x10
[  722.406383][T18796]  ? hook_file_ioctl_common+0x145/0x410
[  722.406398][T18796]  v4l2_ioctl+0x1bd/0x250
[  722.406411][T18796]  ? __ia32_compat_sys_openat+0x101/0x210
[  722.406426][T18796]  v4l2_compat_ioctl32+0x214/0x2c0
[  722.406440][T18796]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  722.406454][T18796]  __ia32_compat_sys_ioctl+0x23f/0x370
[  722.406469][T18796]  __do_fast_syscall_32+0x7c/0x3a0
[  722.406486][T18796]  do_fast_syscall_32+0x32/0x80
[  722.406502][T18796]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  722.406529][T18796] RIP: 0023:0xf712e579
[  722.406538][T18796] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  722.406548][T18796] RSP: 002b:00000000f50dc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  722.406558][T18796] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000c0145608
[  722.406565][T18796] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  722.406572][T18796] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  722.406578][T18796] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  722.406584][T18796] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  722.406601][T18796]  </TASK>
[  722.406621][T18796] Mem-Info:
[  722.653248][T18796] active_anon:7108 inactive_anon:1182 isolated_anon:0
[  722.653248][T18796]  active_file:1103 inactive_file:9263 isolated_file:0
[  722.653248][T18796]  unevictable:1768 dirty:339 writeback:0
[  722.653248][T18796]  slab_reclaimable:6571 slab_unreclaimable:79364
[  722.653248][T18796]  mapped:29704 shmem:7488 pagetables:1291
[  722.653248][T18796]  sec_pagetables:322 bounce:0
[  722.653248][T18796]  kernel_misc_reclaimable:0
[  722.653248][T18796]  free:27035 free_pcp:2991 free_cma:0
[  722.671504][T18796] Node 0 active_anon:0kB inactive_anon:180kB active_file:0kB inactive_file:4kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:7288kB dirty:4kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7664kB pagetables:1156kB sec_pagetables:1132kB all_unreclaimable? yes Balloon:0kB
[  722.685657][T18796] Node 1 active_anon:28432kB inactive_anon:4548kB active_file:4412kB inactive_file:37048kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:111528kB dirty:1352kB writeback:0kB shmem:26416kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:4096kB writeback_tmp:0kB kernel_stack:6296kB pagetables:4008kB sec_pagetables:156kB all_unreclaimable? no Balloon:0kB
[  722.698883][T18796] Node 0 DMA free:2036kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  722.711658][T18806] bridge0: port 1(bridge_slave_0) entered blocking state
[  722.713989][T18796] lowmem_reserve[]: 0 288 288 288 288
[  722.716185][T18806] bridge0: port 1(bridge_slave_0) entered disabled state
[  722.718619][T18806] bridge_slave_0: entered allmulticast mode
[  722.720058][T18796] Node 0 DMA32 free:18368kB boost:2048kB min:15268kB low:18572kB high:21876kB reserved_highatomic:2048KB free_highatomic:1532KB active_anon:0kB inactive_anon:180kB active_file:0kB inactive_file:4kB unevictable:3536kB writepending:4kB present:1032196kB managed:295892kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:32kB free_cma:0kB
[  722.724509][T18806] bridge_slave_0: entered promiscuous mode
[  722.730164][T18796] lowmem_reserve[]: 0 0 0 0 0
[  722.733537][T18796] Node 1 DMA32 free:87400kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:4096KB free_highatomic:404KB active_anon:28432kB inactive_anon:4548kB active_file:4412kB inactive_file:37048kB unevictable:3536kB writepending:1352kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:11664kB local_pcp:436kB free_cma:0kB
[  722.747676][T18796] lowmem_reserve[]: 0 0 0 0 0
[  722.749181][T18796] Node 0 DMA: 9*4kB (U) 5*8kB (U) 6*16kB (U) 7*32kB (U) 2*64kB (U) 0*128kB 0*256kB 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 2060kB
[  722.755086][T18796] Node 0 DMA32: 319*4kB (UMEH) 231*8kB (MEH) 97*16kB (MH) 140*32kB (UMH) 63*64kB (UMH) 30*128kB (UMH) 5*256kB (MH) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18308kB
[  722.760454][T18796] Node 1 DMA32: 4*4kB (UH) 2*8kB (UH) 4*16kB (UMH) 342*32kB (MH) 203*64kB (UMH) 118*128kB (M) 52*256kB (UM) 30*512kB (M) 19*1024kB (M) 0*2048kB 0*4096kB = 87264kB
[  722.766856][T18806] bridge0: port 2(bridge_slave_1) entered blocking state
[  722.769881][T18806] bridge0: port 2(bridge_slave_1) entered disabled state
[  722.770244][T18796] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  722.776471][T18796] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  722.780058][T18796] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  722.783967][T18796] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  722.787125][T18796] 18466 total pagecache pages
[  722.788595][T18796] 616 pages in swap cache
[  722.790087][T18796] Free swap  = 106900kB
[  722.791957][T18806] bridge_slave_1: entered allmulticast mode
[  722.793719][T18796] Total swap = 124996kB
[  722.796060][T18796] 524155 pages RAM
[  722.797660][T18796] 0 pages HighMem/MovableOnly
[  722.799470][T18796] 209271 pages reserved
[  722.802719][T18806] bridge_slave_1: entered promiscuous mode
[  722.803495][T18796] 0 pages cma reserved
[  722.854156][T18821] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  722.955820][T18806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  722.964393][T18806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  723.018241][T18801] Process accounting resumed
[  723.086364][T18806] team0: Port device team_slave_0 added
[  723.100192][T18806] team0: Port device team_slave_1 added
[  723.164339][T18806] batman_adv: batadv0: Adding interface: batadv_slave_0
[  723.180981][T18806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  723.188705][T18806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  723.194511][T18806] batman_adv: batadv0: Adding interface: batadv_slave_1
[  723.196644][T18806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  723.209509][T18806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  723.343809][T18806] hsr_slave_0: entered promiscuous mode
[  723.346711][T18806] hsr_slave_1: entered promiscuous mode
[  723.349277][T18806] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  723.356035][T18806] Cannot create hsr debugfs directory
[  723.391015][T18834] netlink: 100 bytes leftover after parsing attributes in process `syz.0.3493'.
[  723.422617][T18834] wireguard0: entered promiscuous mode
[  723.424451][T18834] wireguard0: entered allmulticast mode
[  723.519618][T18838] 9pnet_virtio: no channels available for device 127.0.0.1
[  723.593403][T18840] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3495'.
[  723.684727][T18806] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  723.763951][T18806] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  723.906515][T18806] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  724.075694][T18856] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3500'.
[  724.078659][T18855] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  724.230329][T18806] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  724.364613][T18806] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  724.369134][T18806] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  724.373486][T18806] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  724.377572][T18806] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  724.421581][T18806] 8021q: adding VLAN 0 to HW filter on device bond0
[  724.431695][T18806] 8021q: adding VLAN 0 to HW filter on device team0
[  724.437445][T15249] bridge0: port 1(bridge_slave_0) entered blocking state
[  724.439974][T15249] bridge0: port 1(bridge_slave_0) entered forwarding state
[  724.470642][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  724.473239][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  724.544041][T18864] Bluetooth: MGMT ver 1.23
[  724.579337][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.582865][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.585916][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.590179][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.594036][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.598139][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.599182][T18806] 8021q: adding VLAN 0 to HW filter on device batadv0
[  724.601301][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.601415][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.601527][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.611806][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.614232][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.616665][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.619450][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.622805][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.626124][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.628632][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.631604][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.634099][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.636541][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.639176][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.641798][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.644369][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.646972][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.649628][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.652244][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.654889][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.657795][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.660526][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.663171][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.665691][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.668486][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.672749][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.675395][T18872] trusted_key: encrypted_key: insufficient parameters specified
[  724.750704][T18806] veth0_vlan: entered promiscuous mode
[  724.756685][T18806] veth1_vlan: entered promiscuous mode
[  724.775549][T18806] veth0_macvtap: entered promiscuous mode
[  724.779569][T18806] veth1_macvtap: entered promiscuous mode
[  724.788234][T18806] batman_adv: batadv0: Interface activated: batadv_slave_0
[  724.795060][T18806] batman_adv: batadv0: Interface activated: batadv_slave_1
[  724.799870][T18806] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  724.805109][T18806] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  724.808017][T18806] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  724.811255][T18806] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  724.849295][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  724.851965][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  724.867978][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  724.870776][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  724.961976][T14045] usb 9-1: new high-speed USB device number 21 using dummy_hcd
[  725.126914][T14045] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  725.130007][T14045] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  725.134162][T14045] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  725.136935][T14045] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  725.141485][T14045] usb 9-1: config 0 descriptor??
[  725.343065][T14045] usbhid 9-1:0.0: can't add hid device: -71
[  725.345028][T14045] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  725.348565][T14045] usb 9-1: USB disconnect, device number 21
[  725.603352][T18917] input: syz1 as /devices/virtual/input/input97
[  727.081190][T18948] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3522'.
[  727.506115][ T6043] usb 9-1: new low-speed USB device number 22 using dummy_hcd
[  727.650842][ T6043] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  727.653876][ T6043] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  727.659281][ T6043] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  727.664083][ T6043] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  727.668639][ T6043] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  727.674685][ T6043] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  727.677147][T14045] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[  727.678135][ T6043] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  727.683868][ T6043] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  727.688495][ T6043] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  727.691833][ T6043] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  727.697818][ T6043] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  727.700917][ T6043] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  727.705294][ T6043] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  727.709185][ T6043] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  727.710064][T18972] misc userio: Can't change port type on an already running userio instance
[  727.712694][ T6043] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  727.715339][ T6043] usb 9-1: string descriptor 0 read error: -22
[  727.722522][ T6043] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  727.726159][ T6043] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  727.734502][ T6043] adutux 9-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  727.819993][T14045] usb 5-1: Using ep0 maxpacket: 16
[  727.823456][T14045] usb 5-1: config 0 has no interfaces?
[  727.830030][T14045] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[  727.832901][T14045] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  727.835551][T14045] usb 5-1: Product: syz
[  727.836946][T14045] usb 5-1: Manufacturer: syz
[  727.838442][T14045] usb 5-1: SerialNumber: syz
[  727.842855][T14045] usb 5-1: config 0 descriptor??
[  727.953119][T18962] xt_CT: No such helper "syz1"
[  727.956673][T18962] /dev/sg0: Can't lookup blockdev
[  727.975050][  T839] usb 9-1: USB disconnect, device number 22
[  728.045284][T16220] usb 5-1: USB disconnect, device number 114
[  728.276902][T18983] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3527'.
[  728.280546][T18983] netlink: 'syz.4.3527': attribute type 5 has an invalid length.
[  728.283093][T18983] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3527'.
[  728.314090][T18983] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  728.317365][T18983] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  728.320618][T18983] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  728.323393][T18983] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  728.330667][T18983] geneve2: entered promiscuous mode
[  728.332470][T18983] geneve2: entered allmulticast mode
[  728.858727][T18990] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3531'.
[  728.947395][T18995] netlink: 'syz.3.3532': attribute type 12 has an invalid length.
[  729.458984][T16803] usb 11-1: new high-speed USB device number 4 using dummy_hcd
[  729.601229][T16803] usb 11-1: Using ep0 maxpacket: 8
[  729.603958][T16803] usb 11-1: config 179 has an invalid interface number: 65 but max is 0
[  729.606310][T16803] usb 11-1: config 179 has no interface number 0
[  729.608120][T16803] usb 11-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  729.611337][T16803] usb 11-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  729.615015][T16803] usb 11-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[  729.618194][T16803] usb 11-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[  729.621537][T16803] usb 11-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  729.625517][T16803] usb 11-1: config 179 interface 65 has no altsetting 0
[  729.627421][T16803] usb 11-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  729.629923][T16803] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  729.638550][T16803] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:179.65/input/input99
[  729.677814][ T5352] input input99: unable to receive magic message: -110
[  729.680705][ T5352] input input99: unable to receive magic message: -32
[  729.685684][ T5352] input input99: unable to receive magic message: -32
[  729.688701][ T5352] input input99: unable to receive magic message: -32
[  729.778742][T19003] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request
[  729.781424][T19004] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request
[  729.814920][ T5965] Bluetooth: hci2: unexpected event for opcode 0x000a
[  729.838101][T16803] usb 11-1: USB disconnect, device number 4
[  729.840205][    C3] xpad 11-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  729.889449][T19018] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3540'.
[  729.902569][T19019] ieee802154 phy0 wpan0: encryption failed: -22
[  730.170314][   T40] kauditd_printk_skb: 1264 callbacks suppressed
[  730.170325][   T40] audit: type=1800 audit(263163.581:4149): pid=19025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3542" name="file0" dev="9p" ino=37617702 res=0 errno=0
[  730.424095][T19032] Invalid logical block size (536870912)
[  730.710814][T19037] 9pnet_fd: Insufficient options for proto=fd
[  730.748719][T19039] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3548'.
[  731.022522][T19046] FAULT_INJECTION: forcing a failure.
[  731.022522][T19046] name failslab, interval 1, probability 0, space 0, times 0
[  731.026587][T19046] CPU: 2 UID: 0 PID: 19046 Comm: syz.0.3550 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  731.026603][T19046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  731.026610][T19046] Call Trace:
[  731.026614][T19046]  <TASK>
[  731.026619][T19046]  dump_stack_lvl+0x16c/0x1f0
[  731.026638][T19046]  should_fail_ex+0x512/0x640
[  731.026653][T19046]  ? __kvmalloc_node_noprof+0x124/0x620
[  731.026670][T19046]  should_failslab+0xc2/0x120
[  731.026681][T19046]  __kvmalloc_node_noprof+0x137/0x620
[  731.026696][T19046]  ? bpf_test_init.isra.0+0x9e/0x140
[  731.026712][T19046]  ? kasan_save_stack+0x42/0x60
[  731.026726][T19046]  ? check_slab_allocation+0x101/0x110
[  731.026741][T19046]  ? bpf_test_run_xdp_live+0x16b/0x500
[  731.026756][T19046]  ? __kasan_kmalloc+0xaa/0xb0
[  731.026775][T19046]  ? bpf_test_run_xdp_live+0x16b/0x500
[  731.026790][T19046]  bpf_test_run_xdp_live+0x16b/0x500
[  731.026807][T19046]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  731.026830][T19046]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  731.026857][T19046]  ? _copy_from_user+0x59/0xd0
[  731.026874][T19046]  ? bpf_test_init.isra.0+0x6b/0x140
[  731.026891][T19046]  bpf_prog_test_run_xdp+0x824/0x1590
[  731.026906][T19046]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  731.026917][T19046]  ? __might_fault+0x70/0x190
[  731.026935][T19046]  ? fput+0x70/0xf0
[  731.026945][T19046]  ? __bpf_prog_get+0x97/0x2a0
[  731.026959][T19046]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  731.026969][T19046]  __sys_bpf+0x1485/0x4d80
[  731.026981][T19046]  ? __pfx___sys_bpf+0x10/0x10
[  731.026991][T19046]  ? ksys_write+0x190/0x250
[  731.027007][T19046]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  731.027031][T19046]  ? fput+0x70/0xf0
[  731.027041][T19046]  ? ksys_write+0x1ac/0x250
[  731.027055][T19046]  ? __pfx_ksys_write+0x10/0x10
[  731.027072][T19046]  __ia32_sys_bpf+0x76/0xe0
[  731.027083][T19046]  __do_fast_syscall_32+0x7c/0x3a0
[  731.027100][T19046]  do_fast_syscall_32+0x32/0x80
[  731.027116][T19046]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  731.027134][T19046] RIP: 0023:0xf712e579
[  731.027148][T19046] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  731.027166][T19046] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  731.027183][T19046] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000340
[  731.027194][T19046] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  731.027204][T19046] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  731.027216][T19046] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  731.027225][T19046] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  731.027240][T19046]  </TASK>
[  731.198156][T19051] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0
[  731.267859][  T839] usb 8-1: new high-speed USB device number 108 using dummy_hcd
[  731.410626][  T839] usb 8-1: Using ep0 maxpacket: 8
[  731.413699][  T839] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[  731.416471][  T839] usb 8-1: config 179 has no interface number 0
[  731.418560][  T839] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  731.423478][  T839] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  731.427177][  T839] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[  731.431060][  T839] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[  731.434967][  T839] usb 8-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  731.439209][  T839] usb 8-1: config 179 interface 65 has no altsetting 0
[  731.441608][  T839] usb 8-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  731.444514][  T839] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  731.452996][  T839] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:179.65/input/input100
[  731.496549][ T5352] input input100: unable to receive magic message: -110
[  731.500608][ T5352] input input100: unable to receive magic message: -32
[  731.505174][ T5352] input input100: unable to receive magic message: -32
[  731.508156][ T5352] input input100: unable to receive magic message: -32
[  733.402157][T19072] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3558'.
[  733.836617][  T839] usb 8-1: USB disconnect, device number 108
[  733.838939][    C1] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  734.148059][T19086] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  734.930325][T19095] fuse: Unknown parameter '0x0000000000000004Ý'
[  734.974786][T19098] overlay: ./file0 is not a directory
[  735.145550][T19102] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  735.587947][T19114] lo speed is unknown, defaulting to 1000
[  735.646488][   T40] audit: type=1326 audit(263169.334:4150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19113 comm="syz.4.3570" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc7579 code=0x0
[  735.714109][T19120] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  735.838670][T19126] netlink: del zone limit has 4 unknown bytes
[  736.062907][T19133] netlink: del zone limit has 4 unknown bytes
[  736.169601][T19134] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  737.254424][T19159] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  737.256916][T19159] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  737.260614][T19159] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  737.264331][T19159] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  737.266795][T19159] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  737.275615][T19159] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  737.278076][T19159] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  737.353178][T19171] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3581'.
[  737.610560][   T40] audit: type=1326 audit(263171.391:4151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19178 comm="syz.6.3584" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f08579 code=0x0
[  737.617088][ T6043] usb 9-1: new high-speed USB device number 23 using dummy_hcd
[  737.718533][T19182] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3584'.
[  737.844407][ T6043] usb 9-1: Using ep0 maxpacket: 16
[  738.444974][ T6043] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  738.448145][ T6043] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  738.451094][ T6043] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  738.454913][ T6043] usb 9-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  738.457678][ T6043] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  738.461828][ T6043] usb 9-1: config 0 descriptor??
[  738.465623][ T6043] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/input/input101
[  738.471442][ T5352] pxrc 9-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  738.474552][ T5352] pxrc 9-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  738.477963][ T5352] pxrc 9-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  738.481940][ T5352] pxrc 9-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  738.781339][ T6233] usb 9-1: USB disconnect, device number 23
[  739.212915][ T5965] Bluetooth: hci1: command 0x0406 tx timeout
[  739.212961][T14590] Bluetooth: hci2: command 0x0406 tx timeout
[  739.215905][ T5965] Bluetooth: hci4: command 0x0406 tx timeout
[  739.286816][T19191] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  739.593595][ T6233] usb 8-1: new high-speed USB device number 109 using dummy_hcd
[  739.790888][ T6233] usb 8-1: Using ep0 maxpacket: 16
[  739.801250][ T6233] usb 8-1: config 0 has no interfaces?
[  739.810891][ T6233] usb 8-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[  739.813680][ T6233] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  739.816132][ T6233] usb 8-1: Product: syz
[  739.817457][ T6233] usb 8-1: Manufacturer: syz
[  739.818900][ T6233] usb 8-1: SerialNumber: syz
[  739.821519][ T6233] usb 8-1: config 0 descriptor??
[  740.083637][ T6025] usb 8-1: USB disconnect, device number 109
[  740.677358][T19200] syz.0.3589: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[  740.688676][T19200] CPU: 0 UID: 0 PID: 19200 Comm: syz.0.3589 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  740.688692][T19200] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  740.688699][T19200] Call Trace:
[  740.688703][T19200]  <TASK>
[  740.688708][T19200]  dump_stack_lvl+0x16c/0x1f0
[  740.688727][T19200]  warn_alloc+0x248/0x3a0
[  740.688745][T19200]  ? __pfx_warn_alloc+0x10/0x10
[  740.688766][T19200]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  740.688779][T19200]  ? __vmalloc_node_noprof+0xad/0xf0
[  740.688806][T19200]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  740.688827][T19200]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  740.688843][T19200]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  740.688861][T19200]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  740.688873][T19200]  vmalloc_user_noprof+0x9e/0xe0
[  740.688886][T19200]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  740.688899][T19200]  vb2_vmalloc_alloc+0x135/0x3f0
[  740.688911][T19200]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  740.688923][T19200]  __vb2_queue_alloc+0x8c9/0x1280
[  740.688943][T19200]  vb2_core_reqbufs+0xa90/0xfe0
[  740.688957][T19200]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  740.688968][T19200]  ? __pfx___mutex_trylock_common+0x10/0x10
[  740.688986][T19200]  ? __pfx___might_resched+0x10/0x10
[  740.689000][T19200]  ? trace_contention_end+0xdd/0x130
[  740.689015][T19200]  ? __mutex_lock+0x1ca/0xb90
[  740.689032][T19200]  vb2_reqbufs+0x1a3/0x1f0
[  740.689049][T19200]  ? __pfx_vb2_reqbufs+0x10/0x10
[  740.689066][T19200]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  740.689084][T19200]  v4l2_m2m_ioctl_reqbufs+0xdc/0x1e0
[  740.689103][T19200]  v4l_reqbufs+0x14f/0x1e0
[  740.689117][T19200]  __video_do_ioctl+0xb40/0xfc0
[  740.689135][T19200]  ? __might_fault+0xe3/0x190
[  740.689150][T19200]  ? __pfx___video_do_ioctl+0x10/0x10
[  740.689170][T19200]  video_usercopy+0x47c/0x1440
[  740.689204][T19200]  ? __pfx___video_do_ioctl+0x10/0x10
[  740.689221][T19200]  ? __pfx_video_usercopy+0x10/0x10
[  740.689242][T19200]  ? hook_file_ioctl_common+0x145/0x410
[  740.689258][T19200]  v4l2_ioctl+0x1bd/0x250
[  740.689272][T19200]  ? __ia32_compat_sys_openat+0x101/0x210
[  740.689286][T19200]  v4l2_compat_ioctl32+0x214/0x2c0
[  740.689300][T19200]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  740.689314][T19200]  __ia32_compat_sys_ioctl+0x23f/0x370
[  740.689329][T19200]  __do_fast_syscall_32+0x7c/0x3a0
[  740.689347][T19200]  do_fast_syscall_32+0x32/0x80
[  740.689363][T19200]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  740.689376][T19200] RIP: 0023:0xf712e579
[  740.689385][T19200] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  740.689396][T19200] RSP: 002b:00000000f50fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  740.689406][T19200] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000c0145608
[  740.689413][T19200] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  740.689419][T19200] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  740.689425][T19200] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  740.689431][T19200] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  740.689444][T19200]  </TASK>
[  740.815052][T19200] Mem-Info:
[  740.816370][T19200] active_anon:3833 inactive_anon:3296 isolated_anon:0
[  740.816370][T19200]  active_file:8546 inactive_file:1825 isolated_file:0
[  740.816370][T19200]  unevictable:1768 dirty:370 writeback:0
[  740.816370][T19200]  slab_reclaimable:6574 slab_unreclaimable:83302
[  740.816370][T19200]  mapped:26542 shmem:4640 pagetables:1537
[  740.816370][T19200]  sec_pagetables:322 bounce:0
[  740.816370][T19200]  kernel_misc_reclaimable:0
[  740.816370][T19200]  free:36230 free_pcp:3174 free_cma:0
[  740.910956][T19200] Node 0 active_anon:4kB inactive_anon:180kB active_file:0kB inactive_file:4kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:7288kB dirty:4kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7760kB pagetables:1536kB sec_pagetables:1132kB all_unreclaimable? yes Balloon:0kB
[  740.920889][T19200] Node 1 active_anon:26568kB inactive_anon:13004kB active_file:34184kB inactive_file:7296kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:110280kB dirty:1476kB writeback:0kB shmem:26424kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:4096kB writeback_tmp:0kB kernel_stack:7080kB pagetables:4204kB sec_pagetables:156kB all_unreclaimable? no Balloon:0kB
[  740.932025][T19200] Node 0 DMA free:2024kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:64kB local_pcp:0kB free_cma:0kB
[  740.941606][T19200] lowmem_reserve[]: 0 288 288 288 288
[  740.943340][T19200] Node 0 DMA32 free:24120kB boost:20480kB min:33700kB low:37004kB high:40308kB reserved_highatomic:4096KB free_highatomic:200KB active_anon:4kB inactive_anon:180kB active_file:0kB inactive_file:4kB unevictable:3536kB writepending:4kB present:1032196kB managed:295892kB mlocked:0kB bounce:0kB free_pcp:340kB local_pcp:0kB free_cma:0kB
[  740.952888][T19200] lowmem_reserve[]: 0 0 0 0 0
[  740.954423][T19200] Node 1 DMA32 free:102632kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:2048KB free_highatomic:224KB active_anon:26660kB inactive_anon:13004kB active_file:34184kB inactive_file:7296kB unevictable:3536kB writepending:1540kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:17836kB local_pcp:6212kB free_cma:0kB
[  740.964684][T19200] lowmem_reserve[]: 0 0 0 0 0
[  740.966765][T19200] Node 0 DMA: 8*4kB (U) 1*8kB (U) 6*16kB (U) 7*32kB (U) 2*64kB (U) 0*128kB 0*256kB 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 2024kB
[  740.977484][T19200] Node 0 DMA32: 348*4kB (UMEH) 281*8kB (UMEH) 132*16kB (UMEH) 202*32kB (UMH) 80*64kB (UM) 33*128kB (UM) 6*256kB (UM) 0*512kB 1*1024kB (E) 0*2048kB 0*4096kB = 24120kB
[  740.982721][T19200] Node 1 DMA32: 5*4kB (UEH) 6*8kB (UEH) 411*16kB (UMEH) 126*32kB (UMEH) 91*64kB (UMEH) 68*128kB (ME) 48*256kB (UME) 57*512kB (UM) 33*1024kB (UM) 1*2048kB (U) 0*4096kB = 102516kB
[  740.988704][T19200] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  740.993263][T19200] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  740.996307][T19200] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  740.999197][T19200] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  741.002029][T19200] 18542 total pagecache pages
[  741.003710][T19200] 641 pages in swap cache
[  741.013342][T19200] Free swap  = 106560kB
[  741.067211][T19200] Total swap = 124996kB
[  741.079631][T19200] 524155 pages RAM
[  741.081209][T19200] 0 pages HighMem/MovableOnly
[  741.092411][T19200] 209271 pages reserved
[  741.094154][T19200] 0 pages cma reserved
[  741.201034][T19199] Bluetooth: hci2: command 0x0406 tx timeout
[  741.202988][T19199] Bluetooth: hci1: command 0x0406 tx timeout
[  741.204951][ T5968] Bluetooth: hci4: command 0x0406 tx timeout
[  741.810910][T15249] tipc: Subscription rejected, illegal request
[  742.020277][T19294] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3607'.
[  742.328565][T19298] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  742.333336][T19298] syzkaller0: entered promiscuous mode
[  742.335145][T19298] syzkaller0: entered allmulticast mode
[  742.352372][T19298] tipc: Resetting bearer <eth:syzkaller0>
[  742.355856][T19297] tipc: Resetting bearer <eth:syzkaller0>
[  742.365932][T19297] tipc: Disabling bearer <eth:syzkaller0>
[  742.485655][T19302] openvswitch: netlink: Message has 24 unknown bytes.
[  742.598840][T19307] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3612'.
[  742.601517][T19307] netlink: 'syz.4.3612': attribute type 1 has an invalid length.
[  742.603996][T19307] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3612'.
[  742.852603][T19307] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  742.855319][T19307] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  742.858847][T19307] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  742.862486][T19307] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  742.872956][T19307] netdevsim netdevsim4 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0
[  742.875675][T19307] netdevsim netdevsim4 netdevsim1: unset [1, 1] type 2 family 0 port 256 - 0
[  742.878302][T19307] netdevsim netdevsim4 netdevsim2: unset [1, 1] type 2 family 0 port 256 - 0
[  742.881412][T19307] netdevsim netdevsim4 netdevsim3: unset [1, 1] type 2 family 0 port 256 - 0
[  742.918054][T16220] usb 5-1: new high-speed USB device number 115 using dummy_hcd
[  743.061069][T16220] usb 5-1: Using ep0 maxpacket: 16
[  743.066879][T16220] usb 5-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[  743.070106][T16220] usb 5-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[  743.073227][T16220] usb 5-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  743.077327][T16220] usb 5-1: config 1 interface 0 has no altsetting 0
[  743.081833][T16220] usb 5-1: New USB device found, idVendor=0825, idProduct=0000, bcdDevice= 0.00
[  743.084894][T16220] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  743.087503][T16220] usb 5-1: Product: syz
[  743.088957][T16220] usb 5-1: Manufacturer: syz
[  743.093478][T16220] usb 5-1: SerialNumber: syz
[  743.166802][T19199] Bluetooth: hci4: command 0x0406 tx timeout
[  743.299598][T16220] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 115 if 0 alt 255 proto 1 vid 0x0825 pid 0x0000
[  743.485955][T19326] FAULT_INJECTION: forcing a failure.
[  743.485955][T19326] name failslab, interval 1, probability 0, space 0, times 0
[  743.491020][T16220] usb 5-1: USB disconnect, device number 115
[  743.491027][T19326] CPU: 3 UID: 0 PID: 19326 Comm: syz.6.3619 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  743.491042][T19326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  743.491048][T19326] Call Trace:
[  743.491053][T19326]  <TASK>
[  743.491057][T19326]  dump_stack_lvl+0x16c/0x1f0
[  743.491077][T19326]  should_fail_ex+0x512/0x640
[  743.491093][T19326]  ? fs_reclaim_acquire+0xae/0x150
[  743.491107][T19326]  ? tomoyo_encode2+0x100/0x3e0
[  743.491122][T19326]  should_failslab+0xc2/0x120
[  743.491133][T19326]  __kmalloc_noprof+0xd2/0x510
[  743.491149][T19326]  ? d_absolute_path+0x136/0x1a0
[  743.491163][T19326]  tomoyo_encode2+0x100/0x3e0
[  743.491179][T19326]  tomoyo_encode+0x29/0x50
[  743.491192][T19326]  tomoyo_realpath_from_path+0x18f/0x6e0
[  743.491212][T19326]  tomoyo_path_number_perm+0x245/0x580
[  743.491224][T19326]  ? tomoyo_path_number_perm+0x237/0x580
[  743.491238][T19326]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  743.491264][T19326]  ? find_held_lock+0x2b/0x80
[  743.491276][T19326]  ? hook_file_ioctl_common+0x145/0x410
[  743.491291][T19326]  ? __fget_files+0x20e/0x3c0
[  743.491305][T19326]  ? __fput_deferred+0x450/0x480
[  743.491318][T19326]  security_file_ioctl_compat+0x9b/0x240
[  743.491333][T19326]  __ia32_compat_sys_ioctl+0xc3/0x370
[  743.491353][T19326]  __do_fast_syscall_32+0x7c/0x3a0
[  743.491370][T19326]  do_fast_syscall_32+0x32/0x80
[  743.491386][T19326]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  743.491400][T19326] RIP: 0023:0xf7f08579
[  743.491409][T19326] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  743.491419][T19326] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  743.491430][T19326] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000540a
[  743.491436][T19326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  743.491443][T19326] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  743.491449][T19326] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  743.491455][T19326] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  743.491468][T19326]  </TASK>
[  743.491477][T19326] ERROR: Out of memory at tomoyo_realpath_from_path.
[  743.494892][T16220] usblp0: removed
[  743.737088][T19340] FAULT_INJECTION: forcing a failure.
[  743.737088][T19340] name failslab, interval 1, probability 0, space 0, times 0
[  743.743157][T19340] CPU: 0 UID: 0 PID: 19340 Comm: syz.4.3625 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  743.743183][T19340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  743.743195][T19340] Call Trace:
[  743.743201][T19340]  <TASK>
[  743.743210][T19340]  dump_stack_lvl+0x16c/0x1f0
[  743.743240][T19340]  should_fail_ex+0x512/0x640
[  743.743264][T19340]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  743.743293][T19340]  should_failslab+0xc2/0x120
[  743.743311][T19340]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  743.743337][T19340]  ? io_submit_one+0x122/0x1df0
[  743.743364][T19340]  io_submit_one+0x122/0x1df0
[  743.743385][T19340]  ? __lock_acquire+0xb8a/0x1c90
[  743.743412][T19340]  ? __pfx_io_submit_one+0x10/0x10
[  743.743444][T19340]  ? __might_fault+0xe3/0x190
[  743.743467][T19340]  ? __might_fault+0x13b/0x190
[  743.743495][T19340]  ? __ia32_compat_sys_io_submit+0x1ad/0x3a0
[  743.743518][T19340]  __ia32_compat_sys_io_submit+0x1ad/0x3a0
[  743.743546][T19340]  ? __pfx___ia32_compat_sys_io_submit+0x10/0x10
[  743.743578][T19340]  ? rcu_is_watching+0x12/0xc0
[  743.743598][T19340]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  743.743631][T19340]  __do_fast_syscall_32+0x7c/0x3a0
[  743.743658][T19340]  do_fast_syscall_32+0x32/0x80
[  743.743684][T19340]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  743.743706][T19340] RIP: 0023:0xf7fc7579
[  743.743720][T19340] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  743.743736][T19340] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 00000000000000f8
[  743.743753][T19340] RAX: ffffffffffffffda RBX: 00000000f50bd000 RCX: 000000000000003b
[  743.743764][T19340] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000
[  743.743775][T19340] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  743.743784][T19340] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  743.743794][T19340] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  743.743817][T19340]  </TASK>
[  743.779204][T19343] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3626'.
[  743.837274][T19343] lo speed is unknown, defaulting to 1000
[  743.926895][T19348] fuse: Bad value for 'fd'
[  744.097632][T19358] netlink: 68 bytes leftover after parsing attributes in process `syz.6.3631'.
[  744.127073][T19358] lo speed is unknown, defaulting to 1000
[  744.318431][T16803] usb 9-1: new high-speed USB device number 24 using dummy_hcd
[  744.384499][T19371] lo speed is unknown, defaulting to 1000
[  744.461092][T16803] usb 9-1: Using ep0 maxpacket: 16
[  744.466390][T16803] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  744.469686][T16803] usb 9-1: config 0 has no interfaces?
[  744.473957][T16803] usb 9-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[  744.476852][T16803] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  744.479411][T16803] usb 9-1: Product: syz
[  744.480881][T16803] usb 9-1: Manufacturer: syz
[  744.482409][T16803] usb 9-1: SerialNumber: syz
[  744.485184][T16803] usb 9-1: config 0 descriptor??
[  744.687436][T16803] usb 9-1: USB disconnect, device number 24
[  745.390026][T19378] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  745.531208][T19387] FAULT_INJECTION: forcing a failure.
[  745.531208][T19387] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  745.536963][T19387] CPU: 3 UID: 0 PID: 19387 Comm: syz.0.3640 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  745.536985][T19387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  745.536997][T19387] Call Trace:
[  745.537004][T19387]  <TASK>
[  745.537011][T19387]  dump_stack_lvl+0x16c/0x1f0
[  745.537041][T19387]  should_fail_ex+0x512/0x640
[  745.537086][T19387]  strncpy_from_user+0x3b/0x2e0
[  745.537113][T19387]  bpf_raw_tp_link_attach+0x114/0x600
[  745.537133][T19387]  ? __pfx_bpf_raw_tp_link_attach+0x10/0x10
[  745.537168][T19387]  ? find_held_lock+0x2b/0x80
[  745.537189][T19387]  ? __fget_files+0x204/0x3c0
[  745.537236][T19387]  ? fput+0x70/0xf0
[  745.537255][T19387]  ? __bpf_prog_get+0x97/0x2a0
[  745.537280][T19387]  __sys_bpf+0x3b4/0x4d80
[  745.537298][T19387]  ? __pfx___sys_bpf+0x10/0x10
[  745.537316][T19387]  ? ksys_write+0x190/0x250
[  745.537350][T19387]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  745.537391][T19387]  ? fput+0x70/0xf0
[  745.537408][T19387]  ? ksys_write+0x1ac/0x250
[  745.537430][T19387]  ? __pfx_ksys_write+0x10/0x10
[  745.537459][T19387]  __ia32_sys_bpf+0x76/0xe0
[  745.537477][T19387]  __do_fast_syscall_32+0x7c/0x3a0
[  745.537506][T19387]  do_fast_syscall_32+0x32/0x80
[  745.537531][T19387]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  745.537553][T19387] RIP: 0023:0xf712e579
[  745.537567][T19387] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  745.537584][T19387] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  745.537601][T19387] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 00000000800004c0
[  745.537613][T19387] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  745.537623][T19387] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  745.537634][T19387] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  745.537645][T19387] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  745.537667][T19387]  </TASK>
[  745.592939][T19389] 
[  745.618275][T19389] =====================================================
[  745.620968][T19389] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[  745.623908][T19389] 6.16.0-rc6-syzkaller #0 Not tainted
[  745.626203][T19389] -----------------------------------------------------
[  745.630087][T19389] syz.3.3641/19389 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  745.633057][T19389] ffffffff8e20c098 (tasklist_lock){.+.+}-{3:3}, at: send_sigio+0xb8/0x3e0
[  745.636414][T19389] 
[  745.636414][T19389] and this task is already holding:
[  745.639249][T19389] ffff88806aa0b220 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x31/0x3e0
[  745.642557][T19389] which would create a new lock dependency:
[  745.644829][T19389]  (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3}
[  745.647800][T19389] 
[  745.647800][T19389] but this new dependency connects a SOFTIRQ-irq-safe lock:
[  745.651382][T19389]  (&client->buffer_lock){..-.}-{3:3}
[  745.651406][T19389] 
[  745.651406][T19389] ... which became SOFTIRQ-irq-safe at:
[  745.656424][T19389]   lock_acquire+0x179/0x350
[  745.658267][T19389]   _raw_spin_lock+0x2e/0x40
[  745.660088][T19389]   evdev_pass_values+0x10e/0x9b0
[  745.662070][T19389]   evdev_events+0x1bb/0x390
[  745.663894][T19389]   input_pass_values+0x6c7/0x890
[  745.665877][T19389]   input_handle_event+0xb29/0x14d0
[  745.667914][T19389]   input_inject_event+0x1cd/0x390
[  745.669823][T19389]   kd_sound_helper+0x20f/0x280
[  745.671464][T19389]   input_handler_for_each_handle+0xd7/0x250
[  745.673350][T19389]   call_timer_fn+0x197/0x620
[  745.674850][T19389]   __run_timers+0x6ef/0x960
[  745.676316][T19389]   run_timer_base+0x114/0x190
[  745.677844][T19389]   run_timer_softirq+0x1a/0x40
[  745.679374][T19389]   handle_softirqs+0x219/0x8e0
[  745.680870][T19389]   __irq_exit_rcu+0x109/0x170
[  745.682398][T19389]   irq_exit_rcu+0x9/0x30
[  745.683762][T19389]   sysvec_apic_timer_interrupt+0xa4/0xc0
[  745.685560][T19389]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  745.687455][T19389]   _raw_spin_unlock_irqrestore+0x31/0x80
[  745.689255][T19389]   do_nanosleep+0x1f7/0x570
[  745.690719][T19389]   hrtimer_nanosleep+0x155/0x380
[  745.692318][T19389]   common_nsleep+0xa1/0xd0
[  745.693777][T19389]   __ia32_sys_clock_nanosleep_time32+0x340/0x4f0
[  745.695792][T19389]   __do_fast_syscall_32+0x7c/0x3a0
[  745.697449][T19389]   do_fast_syscall_32+0x32/0x80
[  745.699009][T19389]   entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  745.701170][T19389] 
[  745.701170][T19389] to a SOFTIRQ-irq-unsafe lock:
[  745.703887][T19389]  (tasklist_lock){.+.+}-{3:3}
[  745.703903][T19389] 
[  745.703903][T19389] ... which became SOFTIRQ-irq-unsafe at:
[  745.708718][T19389] ...
[  745.708725][T19389]   lock_acquire+0x179/0x350
[  745.711142][T19389]   _raw_read_lock+0x5f/0x70
[  745.712609][T19389]   __do_wait+0x105/0x890
[  745.713999][T19389]   do_wait+0x21e/0x5a0
[  745.715603][T19389]   kernel_wait+0x9f/0x160
[  745.717367][T19389]   call_usermodehelper_exec_work+0xf1/0x170
[  745.719719][T19389]   process_one_work+0x9cf/0x1b70
[  745.721684][T19389]   worker_thread+0x6c8/0xf10
[  745.723541][T19389]   kthread+0x3c2/0x780
[  745.725179][T19389]   ret_from_fork+0x5d7/0x6f0
[  745.727037][T19389]   ret_from_fork_asm+0x1a/0x30
[  745.728950][T19389] 
[  745.728950][T19389] other info that might help us debug this:
[  745.728950][T19389] 
[  745.732893][T19389] Chain exists of:
[  745.732893][T19389]   &client->buffer_lock --> &f_owner->lock --> tasklist_lock
[  745.732893][T19389] 
[  745.737980][T19389]  Possible interrupt unsafe locking scenario:
[  745.737980][T19389] 
[  745.741180][T19389]        CPU0                    CPU1
[  745.743189][T19389]        ----                    ----
[  745.745217][T19389]   lock(tasklist_lock);
[  745.746830][T19389]                                local_irq_disable();
[  745.749412][T19389]                                lock(&client->buffer_lock);
[  745.752149][T19389]                                lock(&f_owner->lock);
[  745.754725][T19389]   <Interrupt>
[  745.756086][T19389]     lock(&client->buffer_lock);
[  745.758054][T19389] 
[  745.758054][T19389]  *** DEADLOCK ***
[  745.758054][T19389] 
[  745.761199][T19389] 6 locks held by syz.3.3641/19389:
[  745.763222][T19389]  #0: ffff888042c64428 (sb_writers#5){.+.+}-{0:0}, at: vfs_truncate+0x336/0x6e0
[  745.766797][T19389]  #1: ffffffff8e80bb30 (file_rwsem){.+.+}-{0:0}, at: vfs_truncate+0x4d3/0x6e0
[  745.770284][T19389]  #2: ffff888023bfbf38 (&ctx->flc_lock){+.+.}-{3:3}, at: __break_lease+0x495/0x1810
[  745.773965][T19389]  #3: ffffffff8e5c4c80 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510
[  745.777467][T19389]  #4: ffff888077cdf558 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510
[  745.781021][T19389]  #5: ffff88806aa0b220 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x31/0x3e0
[  745.784534][T19389] 
[  745.784534][T19389] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[  745.788512][T19389]   -> (&client->buffer_lock){..-.}-{3:3} {
[  745.790833][T19389]      IN-SOFTIRQ-W at:
[  745.792464][T19389]                         lock_acquire+0x179/0x350
[  745.795014][T19389]                         _raw_spin_lock+0x2e/0x40
[  745.797549][T19389]                         evdev_pass_values+0x10e/0x9b0
[  745.800212][T19389]                         evdev_events+0x1bb/0x390
[  745.802771][T19389]                         input_pass_values+0x6c7/0x890
[  745.805459][T19389]                         input_handle_event+0xb29/0x14d0
[  745.808198][T19389]                         input_inject_event+0x1cd/0x390
[  745.810936][T19389]                         kd_sound_helper+0x20f/0x280
[  745.813574][T19389]                         input_handler_for_each_handle+0xd7/0x250
[  745.816637][T19389]                         call_timer_fn+0x197/0x620
[  745.819168][T19389]                         __run_timers+0x6ef/0x960
[  745.821717][T19389]                         run_timer_base+0x114/0x190
[  745.824318][T19389]                         run_timer_softirq+0x1a/0x40
[  745.826945][T19389]                         handle_softirqs+0x219/0x8e0
[  745.829582][T19389]                         __irq_exit_rcu+0x109/0x170
[  745.832170][T19389]                         irq_exit_rcu+0x9/0x30
[  745.834634][T19389]                         sysvec_apic_timer_interrupt+0xa4/0xc0
[  745.837613][T19389]                         asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  745.840703][T19389]                         _raw_spin_unlock_irqrestore+0x31/0x80
[  745.843687][T19389]                         do_nanosleep+0x1f7/0x570
[  745.846178][T19389]                         hrtimer_nanosleep+0x155/0x380
[  745.848781][T19389]                         common_nsleep+0xa1/0xd0
[  745.851310][T19389]                         __ia32_sys_clock_nanosleep_time32+0x340/0x4f0
[  745.854030][T19389]                         __do_fast_syscall_32+0x7c/0x3a0
[  745.856178][T19389]                         do_fast_syscall_32+0x32/0x80
[  745.858298][T19389]                         entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  745.860917][T19389]      INITIAL USE at:
[  745.862191][T19389]                        lock_acquire+0x179/0x350
[  745.864146][T19389]                        _raw_spin_lock+0x2e/0x40
[  745.866121][T19389]                        evdev_pass_values+0x10e/0x9b0
[  745.868202][T19389]                        evdev_events+0x1bb/0x390
[  745.870150][T19389]                        input_pass_values+0x6c7/0x890
[  745.872211][T19389]                        input_handle_event+0xb29/0x14d0
[  745.874317][T19389]                        input_inject_event+0x1cd/0x390
[  745.876364][T19389]                        kd_sound_helper+0x20f/0x280
[  745.878354][T19389]                        input_handler_for_each_handle+0xd7/0x250
[  745.880627][T19389]                        call_timer_fn+0x197/0x620
[  745.882554][T19389]                        __run_timers+0x6ef/0x960
[  745.884423][T19389]                        run_timer_base+0x114/0x190
[  745.886415][T19389]                        run_timer_softirq+0x1a/0x40
[  745.888408][T19389]                        handle_softirqs+0x219/0x8e0
[  745.890406][T19389]                        __irq_exit_rcu+0x109/0x170
[  745.892401][T19389]                        irq_exit_rcu+0x9/0x30
[  745.894299][T19389]                        sysvec_apic_timer_interrupt+0xa4/0xc0
[  745.896569][T19389]                        asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  745.898930][T19389]                        _raw_spin_unlock_irqrestore+0x31/0x80
[  745.901228][T19389]                        do_nanosleep+0x1f7/0x570
[  745.903159][T19389]                        hrtimer_nanosleep+0x155/0x380
[  745.905258][T19389]                        common_nsleep+0xa1/0xd0
[  745.907189][T19389]                        __ia32_sys_clock_nanosleep_time32+0x340/0x4f0
[  745.909686][T19389]                        __do_fast_syscall_32+0x7c/0x3a0
[  745.911835][T19389]                        do_fast_syscall_32+0x32/0x80
[  745.913825][T19389]                        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  745.916239][T19389]    }
[  745.917077][T19389]    ... key      at: [<ffffffff9b0fab00>] __key.1+0x0/0x40
[  745.919391][T19389]  -> (&new->fa_lock){....}-{3:3} {
[  745.921000][T19389]     INITIAL USE at:
[  745.922261][T19389]                      lock_acquire+0x179/0x350
[  745.924146][T19389]                      _raw_write_lock_irq+0x36/0x50
[  745.926159][T19389]                      fasync_remove_entry+0xb2/0x1e0
[  745.928123][T19389]                      fasync_helper+0xaf/0xd0
[  745.930034][T19389]                      lease_modify+0x232/0x500
[  745.931991][T19389]                      locks_remove_file+0x29e/0x5c0
[  745.934394][T19389]                      __fput+0x351/0xb70
[  745.936205][T19389]                      task_work_run+0x150/0x240
[  745.938211][T19389]                      exit_to_user_mode_loop+0xeb/0x110
[  745.940379][T19389]                      __do_fast_syscall_32+0x2ac/0x3a0
[  745.942514][T19389]                      do_fast_syscall_32+0x32/0x80
[  745.944499][T19389]                      entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  745.946935][T19389]     INITIAL READ USE at:
[  745.948300][T19389]                           lock_acquire+0x179/0x350
[  745.950334][T19389]                           _raw_read_lock_irqsave+0x74/0x90
[  745.952542][T19389]                           kill_fasync+0x138/0x510
[  745.954567][T19389]                           lease_break_callback+0x23/0x30
[  745.956765][T19389]                           __break_lease+0x674/0x1810
[  745.958864][T19389]                           vfs_truncate+0x4d3/0x6e0
[  745.960896][T19389]                           __ia32_compat_sys_truncate+0x171/0x1e0
[  745.963311][T19389]                           __do_fast_syscall_32+0x7c/0x3a0
[  745.965525][T19389]                           do_fast_syscall_32+0x32/0x80
[  745.967628][T19389]                           entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  745.970168][T19389]   }
[  745.970996][T19389]   ... key      at: [<ffffffff9ae286c0>] __key.0+0x0/0x40
[  745.973196][T19389]   ... acquired at:
[  745.974391][T19389]    _raw_read_lock_irqsave+0x74/0x90
[  745.976023][T19389]    kill_fasync+0x138/0x510
[  745.977467][T19389]    evdev_pass_values+0x619/0x9b0
[  745.979323][T19389]    evdev_events+0x1bb/0x390
[  745.981188][T19389]    input_pass_values+0x6c7/0x890
[  745.983191][T19389]    input_handle_event+0xf00/0x14d0
[  745.985261][T19389]    input_inject_event+0x1cd/0x390
[  745.987317][T19389]    evdev_write+0x2e1/0x440
[  745.989164][T19389]    vfs_write+0x29d/0x1150
[  745.990943][T19389]    ksys_write+0x1f8/0x250
[  745.992733][T19389]    __do_fast_syscall_32+0x7c/0x3a0
[  745.994718][T19389]    do_fast_syscall_32+0x32/0x80
[  745.996599][T19389]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  745.999077][T19389] 
[  746.000007][T19389] -> (&f_owner->lock){....}-{3:3} {
[  746.002086][T19389]    INITIAL USE at:
[  746.003627][T19389]                    lock_acquire+0x179/0x350
[  746.005997][T19389]                    _raw_write_lock_irq+0x36/0x50
[  746.008500][T19389]                    __f_setown+0x61/0x3c0
[  746.010803][T19389]                    f_setown+0x122/0x290
[  746.013026][T19389]                    do_fcntl+0xfa6/0x15a0
[  746.015356][T19389]                    do_compat_fcntl64+0x367/0x710
[  746.017632][T19389]                    __do_fast_syscall_32+0x7c/0x3a0
[  746.019709][T19389]                    do_fast_syscall_32+0x32/0x80
[  746.021758][T19389]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  746.024193][T19389]    INITIAL READ USE at:
[  746.025554][T19389]                         lock_acquire+0x179/0x350
[  746.027502][T19389]                         _raw_read_lock_irq+0x67/0x80
[  746.029623][T19389]                         do_fcntl+0x4d9/0x15a0
[  746.031574][T19389]                         do_compat_fcntl64+0x367/0x710
[  746.033715][T19389]                         __do_fast_syscall_32+0x7c/0x3a0
[  746.035933][T19389]                         do_fast_syscall_32+0x32/0x80
[  746.038069][T19389]                         entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  746.040585][T19389]  }
[  746.041406][T19389]  ... key      at: [<ffffffff9ae28700>] __key.1+0x0/0x40
[  746.043569][T19389]  ... acquired at:
[  746.044771][T19389]    _raw_read_lock_irqsave+0x74/0x90
[  746.046484][T19389]    send_sigio+0x31/0x3e0
[  746.047886][T19389]    kill_fasync+0x214/0x510
[  746.049356][T19389]    lease_break_callback+0x23/0x30
[  746.050984][T19389]    __break_lease+0x674/0x1810
[  746.052515][T19389]    vfs_truncate+0x4d3/0x6e0
[  746.054015][T19389]    __ia32_compat_sys_truncate+0x171/0x1e0
[  746.055875][T19389]    __do_fast_syscall_32+0x7c/0x3a0
[  746.057551][T19389]    do_fast_syscall_32+0x32/0x80
[  746.059131][T19389]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  746.061189][T19389] 
[  746.061962][T19389] 
[  746.061962][T19389] the dependencies between the lock to be acquired
[  746.061967][T19389]  and SOFTIRQ-irq-unsafe lock:
[  746.066196][T19389] -> (tasklist_lock){.+.+}-{3:3} {
[  746.067832][T19389]    HARDIRQ-ON-R at:
[  746.069086][T19389]                     lock_acquire+0x179/0x350
[  746.071027][T19389]                     _raw_read_lock+0x5f/0x70
[  746.072946][T19389]                     __do_wait+0x105/0x890
[  746.074832][T19389]                     do_wait+0x21e/0x5a0
[  746.076612][T19389]                     kernel_wait+0x9f/0x160
[  746.078499][T19389]                     call_usermodehelper_exec_work+0xf1/0x170
[  746.080819][T19389]                     process_one_work+0x9cf/0x1b70
[  746.082893][T19389]                     worker_thread+0x6c8/0xf10
[  746.084834][T19389]                     kthread+0x3c2/0x780
[  746.086635][T19389]                     ret_from_fork+0x5d7/0x6f0
[  746.088587][T19389]                     ret_from_fork_asm+0x1a/0x30
[  746.090612][T19389]    SOFTIRQ-ON-R at:
[  746.091883][T19389]                     lock_acquire+0x179/0x350
[  746.093824][T19389]                     _raw_read_lock+0x5f/0x70
[  746.095748][T19389]                     __do_wait+0x105/0x890
[  746.097608][T19389]                     do_wait+0x21e/0x5a0
[  746.099377][T19389]                     kernel_wait+0x9f/0x160
[  746.101263][T19389]                     call_usermodehelper_exec_work+0xf1/0x170
[  746.103589][T19389]                     process_one_work+0x9cf/0x1b70
[  746.105642][T19389]                     worker_thread+0x6c8/0xf10
[  746.107578][T19389]                     kthread+0x3c2/0x780
[  746.109376][T19389]                     ret_from_fork+0x5d7/0x6f0
[  746.111369][T19389]                     ret_from_fork_asm+0x1a/0x30
[  746.113379][T19389]    INITIAL USE at:
[  746.114644][T19389]                    lock_acquire+0x179/0x350
[  746.116542][T19389]                    _raw_write_lock_irq+0x36/0x50
[  746.118598][T19389]                    copy_process+0x4c68/0x7650
[  746.120534][T19389]                    kernel_clone+0xfc/0x960
[  746.122424][T19389]                    user_mode_thread+0xc7/0x110
[  746.124388][T19389]                    rest_init+0x23/0x2b0
[  746.126179][T19389]                    start_kernel+0x3ee/0x4d0
[  746.128081][T19389]                    x86_64_start_reservations+0x18/0x30
[  746.130255][T19389]                    x86_64_start_kernel+0x130/0x190
[  746.132316][T19389]                    common_startup_64+0x13e/0x148
[  746.134360][T19389]    INITIAL READ USE at:
[  746.135722][T19389]                         lock_acquire+0x179/0x350
[  746.137745][T19389]                         _raw_read_lock+0x5f/0x70
[  746.139754][T19389]                         __do_wait+0x105/0x890
[  746.141732][T19389]                         do_wait+0x21e/0x5a0
[  746.143630][T19389]                         kernel_wait+0x9f/0x160
[  746.145643][T19389]                         call_usermodehelper_exec_work+0xf1/0x170
[  746.148071][T19389]                         process_one_work+0x9cf/0x1b70
[  746.150232][T19389]                         worker_thread+0x6c8/0xf10
[  746.152274][T19389]                         kthread+0x3c2/0x780
[  746.154205][T19389]                         ret_from_fork+0x5d7/0x6f0
[  746.156242][T19389]                         ret_from_fork_asm+0x1a/0x30
[  746.158313][T19389]  }
[  746.159129][T19389]  ... key      at: [<ffffffff8e20c098>] tasklist_lock+0x18/0x40
[  746.161538][T19389]  ... acquired at:
[  746.162741][T19389]    lock_acquire+0x179/0x350
[  746.164224][T19389]    _raw_read_lock+0x5f/0x70
[  746.165725][T19389]    send_sigio+0xb8/0x3e0
[  746.167143][T19389]    kill_fasync+0x214/0x510
[  746.168616][T19389]    lease_break_callback+0x23/0x30
[  746.170273][T19389]    __break_lease+0x674/0x1810
[  746.171805][T19389]    vfs_truncate+0x4d3/0x6e0
[  746.173304][T19389]    __ia32_compat_sys_truncate+0x171/0x1e0
[  746.175192][T19389]    __do_fast_syscall_32+0x7c/0x3a0
[  746.176873][T19389]    do_fast_syscall_32+0x32/0x80
[  746.178468][T19389]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  746.180481][T19389] 
[  746.181264][T19389] 
[  746.181264][T19389] stack backtrace:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  746.183099][T19389] CPU: 0 UID: 0 PID: 19389 Comm: syz.3.3641 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  746.183113][T19389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  746.183120][T19389] Call Trace:
[  746.183125][T19389]  <TASK>
[  746.183130][T19389]  dump_stack_lvl+0x116/0x1f0
[  746.183146][T19389]  check_irq_usage+0x7dc/0x920
[  746.183162][T19389]  ? check_path.constprop.0+0x24/0x50
[  746.183177][T19389]  ? __lock_acquire+0x1285/0x1c90
[  746.183190][T19389]  __lock_acquire+0x1285/0x1c90
[  746.183205][T19389]  ? __lock_acquire+0xb8a/0x1c90
[  746.183219][T19389]  lock_acquire+0x179/0x350
[  746.183233][T19389]  ? send_sigio+0xb8/0x3e0
[  746.183243][T19389]  ? lock_acquire+0x179/0x350
[  746.183258][T19389]  _raw_read_lock+0x5f/0x70
[  746.183271][T19389]  ? send_sigio+0xb8/0x3e0
[  746.183281][T19389]  send_sigio+0xb8/0x3e0
[  746.183292][T19389]  kill_fasync+0x214/0x510
[  746.183303][T19389]  lease_break_callback+0x23/0x30
[  746.183318][T19389]  __break_lease+0x674/0x1810
[  746.183331][T19389]  ? __pfx___break_lease+0x10/0x10
[  746.183342][T19389]  ? mnt_get_write_access+0x54/0x300
[  746.183353][T19389]  ? mnt_get_write_access+0x20c/0x300
[  746.183364][T19389]  vfs_truncate+0x4d3/0x6e0
[  746.183380][T19389]  ? __pfx_vfs_truncate+0x10/0x10
[  746.183396][T19389]  ? putname+0x154/0x1a0
[  746.183406][T19389]  __ia32_compat_sys_truncate+0x171/0x1e0
[  746.183422][T19389]  ? __pfx___ia32_compat_sys_truncate+0x10/0x10
[  746.183446][T19389]  ? rcu_is_watching+0x12/0xc0
[  746.183459][T19389]  __do_fast_syscall_32+0x7c/0x3a0
[  746.183475][T19389]  do_fast_syscall_32+0x32/0x80
[  746.183490][T19389]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  746.183503][T19389] RIP: 0023:0xf7f73579
[  746.183512][T19389] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  746.183523][T19389] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 000000000000005c
[  746.183533][T19389] RAX: ffffffffffffffda RBX: 0000000080000140 RCX: 0000000000000009
[  746.183540][T19389] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  746.183546][T19389] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  746.183552][T19389] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  746.183558][T19389] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  746.183567][T19389]  </TASK>

VM DIAGNOSIS:
17:11:33  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000054 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85584895 RDI=ffffffff9b0ac980 RBP=ffffffff9b0ac940 RSP=ffffc900030ef4b0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=0000000000000054 R14=ffffffff9b0ac940 R15=ffffffff85584830
RIP=ffffffff855848bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097520000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000800001c0 CR3=0000000053161000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000001592c0c RBX=0000000000000001 RCX=ffffffff8b847c69 RDX=ffffed1005666646
RSI=ffffffff8c157860 RDI=ffffffff819197b1 RBP=ffffed1003bd9488 RSP=ffffc9000046fdf8
R8 =0000000000000000 R9 =ffffed1005666645 R10=ffff88802b33322b R11=0000000000000001
R12=0000000000000001 R13=ffff88801deca440 R14=ffffffff90a9a150 R15=0000000000000000
RIP=ffffffff8b8467cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097620000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055d1c01b8f40 CR3=0000000046672000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=4b76d6d728b71f67 108302ac20d76323 4b76d6d728b71f67 108302ac20d76323 4b76d6d728b71f67 108302ac20d76323 4b76d6d728b71f67 108302ac20d76323
ZMM18=0b5fdbef023852d7 7cf3f685fba805d2 0b5fdbef023852d7 7cf3f685fba805d2 0b5fdbef023852d7 7cf3f685fba805d2 0b5fdbef023852d7 7cf3f685fba805d2
ZMM19=311a000000000000 0000000000000004 311a000000000000 0000000000000003 311a000000000000 0000000000000002 311a000000000000 0000000000000001
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 02080008980301e8 0800068803020009 0000000700010005 0000000700010005
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000700010005 0100000100000000 000000000005060e 000000745e080380
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0303800206800306 8002089003000800 0888030fffffffff 0208800318080006
ZMM24=684173ab684173ab 684173ab684173ab 684173ab684173ab 684173ab684173ab 684173ab684173ab 684173ab684173ab 684173ab684173ab 684173ab684173ab
ZMM25=ac4b5926ac4b5926 ac4b5926ac4b5926 ac4b5926ac4b5926 ac4b5926ac4b5926 ac4b5926ac4b5926 ac4b5926ac4b5926 ac4b5926ac4b5926 ac4b5926ac4b5926
ZMM26=aae8a40caae8a40c aae8a40caae8a40c aae8a40caae8a40c aae8a40caae8a40c aae8a40caae8a40c aae8a40caae8a40c aae8a40caae8a40c aae8a40caae8a40c
ZMM27=0075682e0075682e 0075682e0075682e 0075682e0075682e 0075682e0075682e 0075682e0075682e 0075682e0075682e 0075682e0075682e 0075682e0075682e
ZMM28=000000900000008f 0000008e0000008d 0000008c0000008b 0000008a00000089 0000008800000087 0000008600000085 0000008400000083 0000008200000081
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=952a0000952a0000 952a0000952a0000 952a0000952a0000 952a0000952a0000 952a0000952a0000 952a0000952a0000 952a0000952a0000 952a0000952a0000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=ffff88802b241f20 RCX=ffffffff81af49cd RDX=ffff88805509c880
RSI=ffffffff81af49a9 RDI=0000000000000005 RBP=0000000000000001 RSP=ffffc900036278a0
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=dffffc0000000000 R13=0000000000000003 R14=ffffed10056483e5 R15=ffff88802b43b6c0
RIP=ffffffff81af49af RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097720000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73f3030 CR3=000000000e382000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=ffff88802b241f60 RCX=ffffffff81af49cd RDX=ffff88805fcda440
RSI=ffffffff81af49a9 RDI=0000000000000005 RBP=0000000000000001 RSP=ffffc9000319f648
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=000000000000001e
R12=dffffc0000000000 R13=0000000000000003 R14=ffffed10056483ed R15=ffff88802b53b6c0
RIP=ffffffff81af49af RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097820000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f511dfac CR3=000000000e382000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000c400000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000