last executing test programs:

6.702916694s ago: executing program 0 (id=1921):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x800007, "2c0f945d9e339aa45b8bb5dd7185d3ca5a09691057b355a26d6e18022632124c"})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000180)={0x100, "f960c51cf4953fba62e24e6ba2036741fb111300962b549168b2dd36449eb7cb"})
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000))
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8001, &(0x7f0000000000)=0x6, 0x8, 0x0)
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f00000003c0)={<r6=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000340))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000480))
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r5, 0xc0182101, &(0x7f0000000640)={r6})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000200)={0x10000, "d42e5644dca71ca86ac4f8d93367d1f6caaf1343125e6fd99f61b1720127e409"})

5.413606652s ago: executing program 0 (id=1926):
r0 = socket$netlink(0x10, 0x3, 0xa)
syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802)
r1 = syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=<r2=>0x0)
syz_io_uring_setup(0xa94, &(0x7f0000000080)={0x0, 0x0, 0x4}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000180))
r4 = socket(0x1, 0x5, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, 0x1c)
getsockopt$sock_buf(r4, 0x1, 0x1c, 0x0, &(0x7f00000001c0))
r5 = socket$inet(0x2, 0x3, 0x4)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x3a0ffffffff)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="b402000000000000791100000000000085000000110000009500000000000000359bb9f43d86b136000000008762000000f3"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0xc5, &(0x7f0000000300)=""/197, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000002c0), 0xffffffffffffff35}, 0x54)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x81, 0x7}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000071122f000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r6, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r7, 0x0, 0x0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
setsockopt$inet_int(r5, 0x0, 0xf, &(0x7f0000000000)=0x80000001, 0x4)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x64010100}, 0x10)
sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)={0x28c, 0x13, 0x1, 0x70bd2d, 0x5, {0x1d, 0x1, 0x6, 0x6, {0x4e23, 0x4e24, [0x5f, 0x0, 0xd1, 0x3], [0x7, 0xffff2e75, 0x2, 0x2], 0x0, [0x7, 0x9]}, 0x2, 0x6}, [@INET_DIAG_REQ_BYTECODE={0xf2, 0x1, "b6e558f279bbd56eeca7d85590013f074e5fe5d7c13ce526706568f447b2c9d0eb16052bbb51a250a451f677710866f23139acf2244ddf80a13762a411eaaa0ae1e2eecc456a68af7c2ead0a68dcd431c43a6c25140422306f46350d772e62b93d27ba8a3f73456cd8b2deeefeebc19e7e21d1144a4287f831947c1e3a18fd708aa2f1747ba02b24f0419a98009d9a2aedf0f46ff332eeadc0a6ec824311304cb64bdcb46b12595be07514a208d203572d7e2f635068ffb236caa363eaf6bc3bc183d741d7573a152404f4d8fa62ad3070b306603a9cd6158a96b09b6e475fed11dab6b3ed348df9a3f1c7fb4f20"}, @INET_DIAG_REQ_BYTECODE={0x66, 0x1, "20d725f8d96e843ed2d50d64fa72a1afd68e01e946e56720c3f9bd975663bdccedd01a90c9d5d97e1c85a847723ad3f5a04f44a83e085d90f3b3ccb9730abfdbbfe4913a528044d61479380aab7f93f435707d49871ad97482ac193322c5d93005d1"}, @INET_DIAG_REQ_BYTECODE={0x66, 0x1, "17befa2373990c65b931ce84651cac1f5c2a88405c1ead7f3ce27ef210835bf1fbde9f9dea0ac5f9bf981931e8650917b31d22dc205d2f2f97489ab2c4733ea26f3b0b6eeae91c89a15a3f29948ed0385e6bd1e625b77a72cb714cb54450d5322927"}, @INET_DIAG_REQ_BYTECODE={0x79, 0x1, "5e1ed64c80ebef71784891fe49d61bce8e947ed25dbb1664440b777adc49d4a05733439971398ae592893a35097043d93a4fbfaa4d8ced843e8f64ea7914264b699c4aa5523e1714c3b3d2914d51042ba18270808dd0f5fa55f3e7ee818106638d0970bc5310708a88efe9fb515159ef32eda569a0"}]}, 0x28c}, 0x1, 0x0, 0x0, 0x24000001}, 0x20040000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x6})
r8 = syz_open_dev$dri(&(0x7f0000000000), 0x3b94, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r8, 0x4010640d, &(0x7f0000000040)={0x2})
io_uring_enter(r1, 0x48e9, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000014c0)=ANY=[@ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0xc001}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r5, 0x89f7, &(0x7f0000000680)={'sit0\x00', &(0x7f00000005c0)={@multicast1, 0x1, 0x0, 0xa0, 0x0, [{@initdev}, {@dev}, {@remote}, {@dev}, {@empty}, {@initdev}, {@dev}, {@empty}, {@dev}, {@broadcast}]}})

4.961051753s ago: executing program 0 (id=1928):
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x2, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000c86c73b33970fc0d2a1d4c6726b29961f542f32c9c9a4af967d2e84b8e60c8c201be26b12467a2df24e4ba5916ea4b4c9fd420570a520a399213d932e49404ef5c75f0cef0e946a2266f23797f9aa6d2d8a8b990178a0817c7b333c78462c6e39b0d3a9c338079b786f6ecd8964afdc734e24e33f35a580e833e2f71b6e5b59b6dc14688c0932c58dc99da0ff406fc0754369451fca5215fa5c307633ed18a8732d3a31d18a0143f7259cf2bef38f6c4756cce31ee02ab0d292d93"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000002a00)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000000c0)=""/43, 0x2b}}, 0x120)
write$UHID_DESTROY(r0, &(0x7f0000000080), 0x4) (fail_nth: 5)

4.801604263s ago: executing program 0 (id=1929):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000240)='tlb_flush\x00', r0}, 0x10) (async)
openat$ubi_ctrl(0xffffff9c, 0x0, 0x3455a0, 0x0) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x0) (async)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) (async)
socketpair$unix(0x1, 0x0, 0x0, 0x0) (async)
socket$packet(0x11, 0x0, 0x300) (async)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f00000002c0)) (async)
process_vm_readv(0x0, &(0x7f0000000340)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0xe8}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)) (async)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000580)=@generic={&(0x7f0000000540)='./file0\x00', 0x0, 0x10}, 0x14)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="7a0af8ff75257075bfa100000000000007010000f9ffffffb702000005000000bf130000000000008500000006000000b7000000000000009500000000000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b257183fa3bcd48666d1ddd73f3047d248df061222193165274bc7f2382f6cda4bfdd45be583823c0f09601f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce7243d1aebd00000000000000005839c77edf2d34b12cd48a0c20fb7dd843267e0331759f4ec6b5b0af58e604f4942eb613eff289026d5045ef76d7d864409eb2dcc718a09f4886afc26abba34635d0e8b54bc76be40d435aa8b5202db761014b1b999a12df6bee431a666100"/296], &(0x7f0000000100)='GPL\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x2800000002000000, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x7300, 0x4000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x4}, 0x28)

4.563569015s ago: executing program 0 (id=1930):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x200401, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
umount2(&(0x7f0000000040)='./file0\x00', 0xb)
pwritev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00000000c0)="a82614486d00e343b4e3c9a580539c74724404877d3996d5fc5a0d7ad63e03e17050f88d07499c2e36719d51f77951a9bc4fa9f48cd4d3957f83a0ab00d2e59eda37176b56a9497e64823d944f90168df810115ebed78ae320b293de263f809b2fc603aece0f78af77ce44d95dfbdadad6a68cf8c2698784e6199aa1452aa0fb0f495f9665720e7a583ecc47c047f82339acba71b4bfeb1c988c062f33b6fa8fa37219dc7d5400122fc8bcdf284a7ea2ed586bae3eb15d3cae7fa60b0baf34c96b28f22474d895094361392ccac60029d7b1e70d172a6e8092eb07bf9ee8885c18b02a0cdb934d56e7dc7ff6c05d7b07b5712fba6e1d67db4093ca9af38333", 0xff}, {&(0x7f00000001c0)="1b836a6aa098842d76514c6cdd451aa2115b136f41c07ca2337ccdc4da82515bf4ff3cfe76bee30afa19587cf9c4279606b15fa5ff4a06b615435c1facf77b62337084c1b0d35b00bca6d35120072a0c9ffc30685284de7d5a29ff16ae3c8a1331e2cd197fb85f17", 0x68}, {&(0x7f0000000240)="731e34e6bdba045c31e8604472fecce6a1217dda8a89d65c13f46cfc666652cd22121a7d3c8378b6434c1fb74ce22ce24d5b8cea3ff7b76c947b5f86bf05f3cf591e626587723437bdadf396a2cec8d009c06f7632aeb7874a2d76be8c2de592e7ca7612ebf2de03db6c87cc1fee09adea9a01a92d190b3e31c238b38dde3c377aa7ebab903ab8fa3c283c6088e81aa78823c3abf6776ec5f9c05c7c2ad4da9c1dbfb97a0598c9b5b62f2066bad5659c99b4b184b08c9ec6046b373712225f8d31375afdf17f61131091f42b5afe4256a2d0170a1a0d4fd5e2bbc0ffdf5fc109aef70b32cf6d4e9465bfc4e9119b1aa4e551c82d3e540dfc14ac", 0xfa}], 0x3, 0xe98f, 0x315)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000040)=0xb6, 0x4)
r1 = syz_open_dev$MSR(&(0x7f0000019340), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0)

4.499760564s ago: executing program 1 (id=1932):
socket$kcm(0x10, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
r0 = getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067000000050000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x0, 0x0, 0x1}, 0x48)
r3 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
accept4(r3, 0x0, 0x0, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
r4 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r5 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r5, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r5, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="240000001800090000000000000000001c140000fe00000100000000"], 0x24}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r8, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000240)="5a8d7acda0b2", 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="240000001900090000040000086bb02f23"], 0x24}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="4800000002060101fa00000000000000000000000500014f99f88587fcc17c0073797a05000a000000050004000000000010000300686173683a697000000000000000"], 0x48}}, 0x0)
r9 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
quotactl_fd$Q_GETQUOTA(r9, 0xffffffff80000700, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

3.920154701s ago: executing program 0 (id=1934):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4}, 0x48)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$random(0xffffff9c, &(0x7f0000000140), 0x40100, 0x0)
ioctl$RNDGETENTCNT(r1, 0x80045200, &(0x7f0000000180))
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x638, 0xcc, 0x0, 0x1ac, 0x0, 0x1ac, 0x594, 0x594, 0x594, 0x594, 0x594, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xcc}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6, 0x0, 0x0, 0x44}, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xd0, 0x114, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}]}, @SNPT={0x44, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00', @ipv4=@private}}}, {{@uncond, 0x0, 0x11c, 0x140, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}}]}, @inet=@DSCP={0x24}}, {{@uncond, 0x0, 0x134, 0x170, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x694)
sched_setaffinity(0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
openat$vmci(0xffffff9c, 0x0, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000008c0)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES64=0x0, @ANYBLOB="2500000000000000249aec593f00b8596c6af953e7a857bf8f6e6400000000000000"], 0x44}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000003040)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x18bb, &(0x7f0000000800)={0x0, 0x10001855, 0x20, 0xfffffffc, 0x2b2}, &(0x7f00000007c0), &(0x7f0000000880))
r4 = memfd_secret(0x0)
ftruncate(r4, 0x5)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2, 0x11, r4, 0x0)
setuid(0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
futex(&(0x7f000000cffc), 0x100, 0x1, 0x0, &(0x7f0000048000)=0xfffffff2, 0x0)
syz_io_uring_submit(r5, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
gettid()
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
quotactl_fd$Q_SYNC(r6, 0xffffffff80000103, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x80000000000d, 0x0, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000780)=0x2)

3.694624734s ago: executing program 2 (id=1937):
ioperm(0x0, 0x8000, 0xffff)
ioperm(0x1, 0x8, 0x5)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x48)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, 0x0}, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0)
r1 = gettid()
sigaltstack(&(0x7f0000001040)={&(0x7f0000001580)=""/4110, 0x80000001, 0xfffffffffffffefd}, 0x0)
rt_sigqueueinfo(r1, 0x21, &(0x7f00000002c0))
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000003c0)=[@in6={0xa, 0x4e24, 0x0, @private1}]}, &(0x7f0000000180)=0xc)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x84, &(0x7f0000000000)={r5, @in={{0x2, 0x0, @empty}}}, 0x90)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x30, r2, 0xc11, 0x0, 0x0, {0x5}, [@ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_FEATURES_WANTED={0x4}]}, 0x30}}, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000200)={0x4}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
io_submit(0x0, 0x0, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
r9 = dup(r6)
write$UHID_INPUT(r9, &(0x7f0000002080)={0xc, {"a2e3ad204fc752f91b5d34f70b06d038e7ff7fc6e5539b325d098b089b3b08381a090890e0878f0e1ac6e7049b3344959b5d9a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31330d095d0636cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08c4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e800ba9abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40d4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889632b3570243f989cce3803f465e41e610c2021d653a5520094ec79553299388b0000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c2d88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b19bb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0545359bafffa45237f104b98110403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae2d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e709000000000000004fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83000000000000010058b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff7544130700000000000000f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc6c71737b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f9354b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c558069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e0090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c73144f8e4a737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c10613d17ca51075f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb401000000608d6f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655bff4801784c416b22f73d32d678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d7000bdbfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f4820000000000000900a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2e0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15f2dbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af500ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)

3.32242984s ago: executing program 2 (id=1938):
close(0x3)

3.313734388s ago: executing program 1 (id=1939):
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r1, 0x541b, &(0x7f0000000100))

3.114950807s ago: executing program 1 (id=1941):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000006240)={0x2020, 0x0, 0x0, <r3=>0x0, <r4=>0x0}, 0x2020)
shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000600)={{0x0, r3, 0x0, 0x0, 0x0, 0x18, 0x7}, 0x80000000, 0x10000, 0x3, 0xfffffffffffffffc, r2, r2, 0x1})
r5 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000005480)={0x0, <r6=>0x0}, &(0x7f00000054c0)=0x37)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000000c0)=<r7=>0x0)
fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f00000001c0)={{}, {0x1, 0x2}, [{0x2, 0x1, r3}, {0x2, 0x1, r6}, {0x2, 0x5, r7}], {}, [{0x8, 0x0, r4}, {0x8, 0x5, r4}, {0x8, 0x7, 0xee00}], {0x10, 0x4}, {0x20, 0x1}}, 0x54, 0x3)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r8=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRESDEC=r8, @ANYRES32=r8, @ANYBLOB="000000000000000024001280110001006272f0a58a78a0c17f5b0000ebffffff0c00"], 0x44}}, 0x0)

3.114543576s ago: executing program 2 (id=1942):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x200401, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
umount2(&(0x7f0000000040)='./file0\x00', 0xb)
pwritev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00000000c0)="a82614486d00e343b4e3c9a580539c74724404877d3996d5fc5a0d7ad63e03e17050f88d07499c2e36719d51f77951a9bc4fa9f48cd4d3957f83a0ab00d2e59eda37176b56a9497e64823d944f90168df810115ebed78ae320b293de263f809b2fc603aece0f78af77ce44d95dfbdadad6a68cf8c2698784e6199aa1452aa0fb0f495f9665720e7a583ecc47c047f82339acba71b4bfeb1c988c062f33b6fa8fa37219dc7d5400122fc8bcdf284a7ea2ed586bae3eb15d3cae7fa60b0baf34c96b28f22474d895094361392ccac60029d7b1e70d172a6e8092eb07bf9ee8885c18b02a0cdb934d56e7dc7ff6c05d7b07b5712fba6e1d67db4093ca9af38333", 0xff}, {&(0x7f00000001c0)="1b836a6aa098842d76514c6cdd451aa2115b136f41c07ca2337ccdc4da82515bf4ff3cfe76bee30afa19587cf9c4279606b15fa5ff4a06b615435c1facf77b62337084c1b0d35b00bca6d35120072a0c9ffc30685284de7d5a29ff16ae3c8a1331e2cd197fb85f17", 0x68}, {&(0x7f0000000240)="731e34e6bdba045c31e8604472fecce6a1217dda8a89d65c13f46cfc666652cd22121a7d3c8378b6434c1fb74ce22ce24d5b8cea3ff7b76c947b5f86bf05f3cf591e626587723437bdadf396a2cec8d009c06f7632aeb7874a2d76be8c2de592e7ca7612ebf2de03db6c87cc1fee09adea9a01a92d190b3e31c238b38dde3c377aa7ebab903ab8fa3c283c6088e81aa78823c3abf6776ec5f9c05c7c2ad4da9c1dbfb97a0598c9b5b62f2066bad5659c99b4b184b08c9ec6046b373712225f8d31375afdf17f61131091f42b5afe4256a2d0170a1a0d4fd5e2bbc0ffdf5fc109aef70b32cf6d4e9465bfc4e9119b1aa4e551c82d3e540dfc14ac", 0xfa}], 0x3, 0xe98f, 0x315)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000040)=0xb6, 0x4)
r1 = syz_open_dev$MSR(&(0x7f0000019340), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0)

2.254588664s ago: executing program 3 (id=1944):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000e000000000026d83ba4dfe87a0a1000000000040000000001000000"], &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(0xffffffffffffffff)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff9000/0x4000)=nil)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'})
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000440))
ppoll(&(0x7f0000000380)=[{}], 0x1, &(0x7f0000000300)={0x0, 0x3938700}, 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003276273883f50100000095000000000000002ea59b50795b2544b9060000000000000029372e8f17ccc0ceaa13"], &(0x7f0000000080)='GPL\x00'}, 0x76)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10)
r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SYNC(r8, 0xffffffff80000100, 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
r11 = dup(r10)
ioctl$KVM_SET_MSRS(r11, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000d004"])
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_VERDICT(r12, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x14, 0x1, 0x3, 0x201, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}}, 0x0)
ioctl$VIDIOC_S_STD(r7, 0x40085618, &(0x7f00000017c0)=0x8000)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000001280)=@raw={'raw\x00', 0x4001, 0x3, 0x26c, 0x138, 0x0, 0x148, 0x0, 0x148, 0x1d8, 0x240, 0x240, 0x1d8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00', {}, {}, 0x11, 0x0, 0x6c}, 0x0, 0x118, 0x138, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'vlan0\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@inet=@multiport={{0x50}, {0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd], [0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1]}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x2c8)
ioctl$KVM_SET_MSRS(r3, 0xc048aeca, &(0x7f0000000040)=ANY=[])

2.160911575s ago: executing program 1 (id=1945):
socket$l2tp(0x2, 0x2, 0x73)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default use'], 0x2a, 0xfffffffffffffffc)
r1 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000040), &(0x7f0000000000), &(0x7f00000019c0)='s', 0x1, 0xfffffffffffffffe)
keyctl$read(0xb, r1, &(0x7f0000000240)=""/112, 0x349b7f55)
r2 = syz_open_procfs(0x0, &(0x7f0000000300)='stat\x00')
lseek(r2, 0xc1e, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1a, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x14, 0xc, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='comm\x00')
write$FUSE_WRITE(r3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x5, 0x0, 0x3, 0x0)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r4, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102394, 0x18ffa}], 0x1, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2)
r5 = socket$packet(0x11, 0x0, 0x300)
setsockopt$packet_rx_ring(r5, 0x107, 0xd, &(0x7f00000003c0)=@req={0x8000, 0x0, 0x800, 0x1daf6}, 0x10)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, 0x0, 0x0)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x38}}, 0x0)
bind$rds(0xffffffffffffffff, 0x0, 0x0)

1.894713686s ago: executing program 2 (id=1946):
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc)
r1 = socket(0x0, 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000600))
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f00)=@newqdisc={0x88, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x0, [], 0x0, [0x0, 0x2], [0x0, 0x4]}}}}]}, 0x88}}, 0x0)
r3 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', <r4=>0x0})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRESOCT=r3], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'veth1_vlan\x00'})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000800)=@deltaction={0x14, 0x31, 0x306, 0x70bd2a, 0x25dfdbfb}, 0x14}}, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0xbc, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x8c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10], 0x0, [0x8, 0x4], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME_EXTENSION={0xc, 0x9, 0x3}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x2}]}}]}, 0xbc}}, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r9 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r9, 0x8933, &(0x7f0000000600)={'team0\x00', <r10=>0x0})
r11 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x94, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r10, {0x0, 0xfff2}, {0xffff, 0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x34, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xa, 0x9, 0x1, 0x3}}, @TCA_GRED_MAX_P={0x8, 0x4, 0xd4}, @TCA_GRED_MAX_P={0x8}, @TCA_GRED_LIMIT={0x8, 0x5, 0xb}, @TCA_GRED_LIMIT={0x8, 0x5, 0xe659}]}}, @TCA_STAB={0x30, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x94, 0x2c, 0x4, 0x5, 0x0, 0x3, 0x81, 0x6}}, {0x10, 0x2, [0x48, 0x9, 0x22, 0x800, 0x80, 0x2]}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x10}, 0x814)
r12 = socket(0x10, 0x3, 0x0)
setitimer(0x1, &(0x7f0000000000)={{0x77359400}, {0x0, 0xea60}}, 0x0)
getitimer(0x0, &(0x7f0000000080))
setitimer(0x2, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
sendmsg$nl_route_sched(r12, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000b40)=@getqdisc={0x34, 0x26, 0x10, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xa}, {0x6, 0xa}, {0xfff8, 0x8}}, [{0x4}, {0x4}, {0x4}, {0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'lo\x00'})
close(r0)

1.614476118s ago: executing program 3 (id=1947):
socket$inet6(0xa, 0x6, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001880)={0x10001b, 0xfa}, 0x2c)
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x140, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@multicast1}, {@in=@multicast2, 0x0, 0x32}, @in=@multicast2, {}, {}, {}, 0x0, 0x0, 0x2, 0x1}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @tfcpad={0x8, 0x16, 0x6}]}, 0x140}}, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000400)=0x9)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x48, 0x30, 0x9, 0x0, 0x0, {}, [{0x34, 0x1, [@m_skbedit={0x30, 0x1, 0x0, 0x0, {{0xc}, {0x4}, {0x4}, {0xc, 0xa}, {0xc, 0x9}}}]}]}, 0x48}}, 0x0)
connect$inet(r0, &(0x7f0000e5c000)={0x2, 0x0, @local}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3576], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0xffffffc1, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181014100000000010000000000000e000a000f00000002800200121f", 0x2e}], 0x1}, 0x0)

1.538132341s ago: executing program 2 (id=1948):
socket$kcm(0x10, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
r0 = getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067000000050000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x0, 0x0, 0x1}, 0x48)
r3 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
accept4(r3, 0x0, 0x0, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
r4 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r5 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r5, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r5, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="240000001800090000000000000000001c140000fe00000100000000"], 0x24}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r8, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000240)="5a8d7acda0b2", 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="240000001900090000040000086bb02f23"], 0x24}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="4800000002060101fa00000000000000000000000500014f99f88587fcc17c0073797a05000a000000050004000000000010000300686173683a697000000000000000"], 0x48}}, 0x0)
r9 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
quotactl_fd$Q_GETQUOTA(r9, 0xffffffff80000700, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

1.259651037s ago: executing program 1 (id=1949):
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
getpid()
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x835, 0x0)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000900), 0x0, 0x8, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read(r2, &(0x7f0000000000), 0x0)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000640)=ANY=[], 0x5c}}, 0x0)
write$uinput_user_dev(r2, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000], [0x0, 0x0, 0x501c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x3, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x810, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, 0x0, 0x0)
sendmsg$rds(r4, &(0x7f00000011c0)={&(0x7f0000000940)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000580)=[@rdma_args={0x48, 0x114, 0x2, {{0x7, 0x4}, {0x0}, 0x0, 0x27}}], 0x48}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000002000/0x1000)=nil})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)="4c0000001200ff09ff3a150099a283ff07b8008000f0ffff000300060040150024001d0042c411a0b598bc593ab6821148a730cc33a49868c62b2ca654a6613b6aab98eb1d9cc98c2a4f837c", 0x4c}], 0x1}, 0x0)

814.105376ms ago: executing program 3 (id=1950):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=@newtaction={0x6c, 0x30, 0xb, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ct={0x54, 0x1, 0x0, 0x0, {{0x7}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x3}}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_ACTION={0x6, 0x3, 0x19}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0}) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x4000, 0x0, 0x8800, 0x800}, 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r0, @ANYRES32=r4, @ANYRES64=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r6}, 0x10) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r7, r3, 0x25, 0x2, @val=@tcx}, 0x40) (async)
syz_emit_ethernet(0xfb, &(0x7f0000000780)={@broadcast, @local, @val={@void}, {@llc={0x4, {@llc={0xd4, 0xbc, "e85e", "4600e8252a758dc94e7129b1249b02a3a8661c6f9b120fea7cbfbf1090c21f17daaea7e20a52ecd2f3fc3f92cfb63b6f4349c47ed751045b36f0c4bb872ad4cfa49c0efbf0549a95bb4cfdca20d7a31aeed506dcb9cdce99baa7343223e80c00000000c8fe28f34dfdfae0179e84b2e7ff0062fdb62cf6456aa1a9fc1c3ebb59dab276e0abc630333ffa21f3a34c57592af272a49a9dac0f6b5d8100bf175ca35544b518ecfba7f65438acac31a6680e1daec728e235832060834caea3a6aea9b262a15ca428c7bbc3fc372e5f87586b34c59a76f11abadb38ebb51ba67200b54aca3917cd"}}}}}, 0x0)
r8 = syz_open_dev$vbi(&(0x7f0000000040), 0x1, 0x2)
pselect6(0x40, &(0x7f0000000040)={0xc, 0x200000000000000}, 0x0, 0x0, 0x0, 0x0) (async)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r8, 0x4020565a, &(0x7f0000000180)={0x3, 0x98f904, 0x1}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000200095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x90) (async)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r10, @ANYBLOB="010000000074575af3ab0d8d3c72"], 0x14}}, 0x0) (async)
r11 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0) (async)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$TIOCGPTPEER(r11, 0x90000915, 0x0) (async)
ioctl$TIOCL_GETKMSGREDIRECT(r11, 0x541c, &(0x7f00000000c0)) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000001000)='sched_switch\x00', r5}, 0x10) (async)
socket$kcm(0x2, 0x200000000000001, 0x106)

344.430943ms ago: executing program 3 (id=1951):
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, 0x0, <r0=>0xffffffffffffffff})
ioctl$HIDIOCGREPORTINFO(r0, 0xc00c4809, &(0x7f0000000080)={0x3, 0x2, 0xdb})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000100)={0x0, 0x0, <r1=>0x0, 0x0, 0x0, 0x2, &(0x7f00000000c0)=[0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000140)={0x0, r1, 0x9, 0xfffff000, 0x1000})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000980)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000940)={&(0x7f0000000200)={0x718, r2, 0x10, 0x70bd29, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_TX_RATES={0xb8, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x18, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x1ff, 0xf, 0x7fff, 0xfff8, 0x2, 0x5, 0x504, 0xff]}}]}, @NL80211_BAND_5GHZ={0x9c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x70, 0x8, 0xfff, 0x2, 0x401, 0x6, 0x101, 0x2]}}, @NL80211_TXRATE_HT={0x43, 0x2, [{0x7, 0x2}, {0x1, 0x8}, {0x1, 0x2}, {0x0, 0x9}, {0x7, 0x5}, {0x1, 0xa}, {0x6, 0x7}, {0x3, 0x7}, {0x5, 0x8}, {0x1, 0x7}, {0x6, 0x6}, {0x1, 0x6}, {0x6, 0x3}, {0x0, 0x1}, {0x6, 0x6}, {0x5, 0x3}, {0x1, 0x3}, {0x0, 0x4}, {0x4, 0x4}, {0x0, 0x6}, {0x1, 0x8}, {0x3, 0x8}, {0x7, 0x4}, {0x6, 0x7}, {0x3, 0xa}, {0x0, 0x2}, {0x6}, {}, {0x1, 0x8}, {0x4, 0x5}, {0x0, 0x9}, {0x0, 0x6}, {0x7, 0x8}, {0x7}, {0x6, 0x2}, {0x4, 0x1}, {0x4}, {0x0, 0x8}, {0x2, 0x2}, {0x7, 0x3}, {0x2, 0x1}, {0x4}, {0x6, 0x6}, {0x7, 0x5}, {0x5, 0x6}, {0x1, 0x3}, {0x5, 0xa}, {0x3, 0x7}, {0x5, 0x1}, {0x1, 0xa}, {0x5, 0x3}, {0x0, 0x6}, {0x7}, {0x5, 0xa}, {0x6, 0x5}, {0x7}, {0x0, 0x8}, {0x1, 0x8}, {0x1, 0x3}, {0x1, 0x6}, {0x1, 0x1}, {0x0, 0x3}, {0x6, 0x6}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xf7a0, 0x7, 0x8000, 0xb7, 0x2, 0x7f, 0x3ff, 0x5]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x401, 0x1000, 0x9, 0x943, 0x7, 0x0, 0x3, 0x6]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}]}, @NL80211_ATTR_TX_RATES={0x2cc, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x7c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x101, 0x0, 0xc, 0xde4e, 0x8, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0x23, 0x1, [0x4, 0x9, 0x5, 0x6, 0x1, 0x12, 0x18, 0x48, 0x1, 0x2, 0x30, 0x5, 0x16, 0x9, 0x16, 0x30, 0x16, 0x26, 0x2, 0x6c, 0x12, 0x5, 0x24, 0x16, 0x30, 0x2, 0x0, 0x1, 0xc, 0x6, 0x5]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8001, 0x3800, 0x8, 0x67c, 0x6, 0xfffb, 0x3, 0x5]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x14, 0x1, [0x12, 0x3, 0x36, 0x6c, 0x0, 0x4, 0x5, 0x6c, 0xb, 0x6, 0x3, 0x3, 0x6c, 0x2, 0x36, 0x24]}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x44, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xb0, 0xf, 0x98ab, 0x9, 0x8, 0x73, 0x2, 0x3]}}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0x20, 0x48, 0xc, 0x4, 0x16, 0x24, 0x64, 0x18, 0x12, 0x36, 0x2d, 0x6, 0x3, 0xc, 0x18, 0x1, 0x1, 0x18, 0x30, 0x30, 0x4, 0x0, 0x1b]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xae, 0x81, 0x7, 0x1fd, 0xfffb, 0x1ff, 0xa, 0xfff]}}]}, @NL80211_BAND_6GHZ={0x40, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x8, 0x5, 0x6, 0x7, 0x66, 0x6c, 0xfff8]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x6, 0x3, 0x89, 0x4, 0x7, 0x3, 0x7]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x20, 0x7ff8, 0x1, 0xeb, 0x5, 0x3, 0x465a, 0x4]}}]}, @NL80211_BAND_60GHZ={0x20, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x13, 0x2, [{0x4}, {0x0, 0x4}, {0x4, 0x2}, {0x2, 0x2}, {0x4, 0x8}, {0x1, 0xa}, {0x4, 0x1}, {0x0, 0x7}, {}, {0x1, 0x4}, {0x3, 0x3}, {0x6, 0x9}, {0x7, 0x9}, {0x7, 0x7}, {0x5, 0x5}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_2GHZ={0x24, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xc, 0x1, [0x1, 0x12, 0x36, 0x1, 0x60, 0x24, 0x6, 0x2]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xc, 0x9, 0x0, 0x8, 0x200, 0xe0, 0x0, 0x4]}}]}, @NL80211_BAND_60GHZ={0x8c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x37, 0x2, [{0x6}, {0x7, 0x4}, {0x1, 0x2}, {0x0, 0x9}, {0x5, 0x6}, {0x3, 0x6}, {}, {0x7, 0x1}, {0x7, 0x9}, {0x1, 0x9}, {0x6}, {0x3}, {0x2, 0x3}, {0x5, 0x6}, {0x5, 0x3}, {0x7, 0x4}, {0x7, 0x8}, {0x6, 0x4}, {0x1, 0x5}, {0x2, 0x2}, {0x1, 0x9}, {0x5, 0x1}, {0x5, 0x4}, {0x7, 0x8}, {0x4}, {0x0, 0xa}, {0x4, 0x1}, {0x6, 0x3}, {0x1, 0x5}, {0x0, 0xa}, {0x3, 0x2}, {0x3, 0x8}, {0x0, 0x7}, {0x7, 0xa}, {0x5}, {0x2, 0x1}, {0x6, 0x3}, {0x2}, {0x2, 0x3}, {0x2, 0x2}, {0x6, 0x2}, {0x0, 0x7}, {0x3, 0x8}, {0x1, 0x1}, {0x0, 0x5}, {0x6, 0x8}, {0x1, 0xa}, {0x0, 0x6}, {0x1, 0xa}, {0x1, 0x5}, {0x4, 0x8}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0xfffe, 0x8, 0x4, 0x1000, 0x4, 0x15dd, 0x1]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x5, 0x0, 0x101, 0x5, 0xe28, 0x1, 0x6]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3a21, 0x0, 0x6, 0x1, 0x8, 0x100, 0x0, 0x8]}}, @NL80211_TXRATE_LEGACY={0x14, 0x1, [0x0, 0x36, 0x1, 0x6c, 0x9, 0x1, 0x36, 0x9, 0x18, 0x36, 0x48, 0x60, 0xc, 0x5, 0x4, 0x36]}]}, @NL80211_BAND_2GHZ={0xb4, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x3}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xa76, 0x5, 0xa7, 0x5, 0x5, 0x417, 0xba5b, 0xb8a7]}}, @NL80211_TXRATE_HT={0x8, 0x2, [{0x1, 0x5}, {0x5, 0x4}, {0x2, 0xa}, {0x7}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0x0, 0x4, 0x1, 0x2, 0x6, 0x2]}}, @NL80211_TXRATE_HT={0x17, 0x2, [{0x2, 0x1}, {0x4, 0x7}, {0x1, 0xa}, {0x1, 0x5}, {0x6, 0xa}, {0x0, 0x2}, {0x2, 0x3}, {0x6, 0x5}, {0x1, 0x4}, {0x6, 0x5}, {0x7, 0x5}, {0x7, 0x3}, {0x4}, {0x0, 0x8}, {0x0, 0x7}, {0x5, 0x8}, {0x1, 0x5}, {0x1, 0x4}, {0x6, 0x9}]}, @NL80211_TXRATE_HT={0x1d, 0x2, [{0x4, 0x1}, {0x0, 0x2}, {0x3, 0xa}, {0x4, 0x3}, {0x2, 0x6}, {0x4, 0x9}, {0x1}, {0x0, 0x1a}, {0x6, 0xa}, {0x6, 0x5}, {0x3}, {0x7, 0x3}, {0x3, 0x6}, {0x7, 0x9}, {0x4, 0xa}, {0x6, 0x5}, {0x3, 0x2}, {0x4, 0x2}, {0x2, 0x5}, {0x6, 0x7}, {0x7, 0x9}, {0x6, 0x2}, {0x5, 0x5}, {0x1, 0x4}, {0x0, 0x9}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x1, 0x8000, 0x3, 0x8000, 0x6, 0x2, 0x8]}}, @NL80211_TXRATE_LEGACY={0x1c, 0x1, [0x48, 0x36, 0x1b, 0x1b, 0x60, 0x2, 0x2, 0x36, 0x0, 0x5, 0x6, 0x0, 0x60, 0x30, 0x1b, 0x5, 0x36, 0x16, 0x2, 0xc, 0x48, 0x1b, 0x16, 0x8]}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x2c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x7086, 0xff, 0x2, 0xfff, 0xa, 0x579e, 0x1, 0x1]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x2, 0xef4, 0x0, 0xa, 0x3f75, 0xe, 0x4, 0x8]}}]}]}, @NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x18, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0xd, 0x317, 0x1, 0x401, 0x4, 0x5, 0x6]}}]}]}, @NL80211_ATTR_TX_RATES={0x28c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x16, 0x1, [0x12, 0x69, 0x3, 0x3, 0x60, 0x24, 0x6, 0x16, 0x60, 0x1b, 0x3, 0x24, 0x5, 0x12, 0x30, 0x48, 0x30, 0x1b]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x3, 0xb, 0x12, 0x36, 0x16, 0x36, 0x9, 0xb]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_6GHZ={0x64, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x428, 0xff, 0x4, 0x9, 0x4, 0x6, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0xc, 0x6, 0x12, 0x3, 0x16, 0x12, 0x2, 0x4, 0x24, 0x0, 0xc, 0x30, 0x24, 0x12, 0xb, 0x24, 0x22, 0x36, 0x36, 0xb, 0x36, 0x18, 0x46, 0x1a, 0x65, 0x3, 0x48]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x7}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x39, 0x9, 0x1, 0x0, 0xba, 0x6, 0xdad]}}]}, @NL80211_BAND_5GHZ={0x34, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x12, 0x2, [{0x6, 0xa}, {0x5, 0x1}, {0x7, 0x4}, {0x2, 0x6}, {0x2, 0x1e}, {0x2, 0x8}, {0x6, 0x3}, {0x0, 0x6}, {0x1, 0x1}, {0x1, 0x7}, {0x5, 0xa}, {0x1, 0x1}, {0x3, 0x8}, {0x0, 0x6}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0xa, 0x18, 0x18, 0x1b, 0x16]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_60GHZ={0xac, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x40, 0x8, 0xc308, 0x80, 0x9, 0x98]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0xcaa, 0x2, 0x4, 0xfffb, 0x1000, 0x2, 0x3]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HT={0x3f, 0x2, [{0x0, 0x3}, {0x1, 0x3}, {0x1, 0x3}, {0x4, 0x8}, {0x1, 0x7}, {0x4, 0x5}, {0x6, 0x7}, {0x1, 0x6}, {0x5, 0x4}, {0x0, 0xa}, {0x4, 0xa}, {0x3, 0x6}, {0x6, 0x8}, {0x0, 0x2}, {0x7, 0x9}, {0x5, 0x9}, {0x6, 0x9}, {0x6, 0xa}, {0x1, 0x7}, {0x7}, {0x3, 0x8}, {0x4, 0x6}, {0x3, 0xa}, {0x7, 0x5}, {0x2, 0x1}, {0x0, 0x2}, {0x6, 0x4}, {0x6, 0xa}, {0x2, 0x5}, {0x4}, {0x0, 0x6}, {0x5, 0x1}, {0x6, 0x6}, {0x7, 0x8}, {0x1, 0x3}, {0x1, 0x1}, {0x6, 0x2}, {0x4, 0x9}, {0x1, 0x8}, {0x0, 0x2}, {0x2, 0x4}, {0x2, 0x6}, {0x3, 0x2}, {0x6, 0x3}, {0x0, 0x1}, {0x1, 0x8}, {0x6, 0x9}, {0x3, 0x5}, {0x1, 0x9}, {0x4, 0x5}, {0x5, 0x9}, {0x1, 0x8}, {0x5, 0x9}, {0x4, 0x4}, {0x0, 0x6}, {0x1, 0x6}, {0x0, 0x5}, {0x1}, {0x2, 0x7}]}, @NL80211_TXRATE_LEGACY={0x22, 0x1, [0x1, 0x3, 0x24, 0x6, 0x5, 0x4, 0x30, 0x2, 0xc, 0x60, 0x0, 0x16, 0x1, 0x5, 0x3, 0x2, 0x18, 0x0, 0x61, 0x69, 0x38, 0x5, 0xc, 0x1, 0x30, 0x5, 0x48, 0x2, 0xc, 0x30]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x6, 0x0, 0x6, 0x6, 0x7, 0x30dd, 0x1]}}]}, @NL80211_BAND_2GHZ={0x54, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4e, 0x2, [{0x4, 0x3}, {0x4, 0x7}, {0x1, 0x5}, {0x3, 0x8}, {0x1, 0x4}, {0x5, 0x1}, {0x7, 0x6}, {0x2, 0x9}, {0x6, 0x6}, {0x3, 0x7}, {0x6, 0x9}, {0x0, 0x5}, {0x3, 0x2}, {0x6, 0x3}, {0x5, 0xa}, {0x0, 0x7}, {0x5, 0x6}, {0x1, 0xa}, {0x2, 0x5}, {0x3, 0x2}, {0x1, 0x7}, {0x4, 0x2}, {0x0, 0x1}, {0x2, 0x2}, {0x7, 0x5}, {0x6, 0x4}, {0x1, 0x3}, {0x5}, {0x5, 0x7}, {0x0, 0x1}, {0x3}, {0x1, 0x6}, {0x2, 0x6}, {0x6, 0x2}, {0x7, 0x1}, {0x7, 0x9}, {0x3, 0x4}, {0x4, 0x1}, {0x0, 0x9}, {0x5, 0x9}, {0x6, 0x4}, {0x1, 0x8}, {0x6, 0x4}, {0x6, 0x3}, {0x5, 0x7}, {0x0, 0x3}, {0x1, 0x1}, {0x2, 0x8}, {0x1, 0x5}, {0x4, 0x8}, {0x6}, {0x6, 0x6}, {0x7}, {0x0, 0x9}, {0x4}, {0x4, 0x7}, {0x2, 0x6}, {0x4, 0x2}, {0x4}, {0x0, 0x6}, {0x0, 0x6}, {0x6, 0x3}, {0x1, 0x8}, {0x1, 0x1}, {0x3, 0xa}, {0x0, 0x2}, {0x0, 0x4}, {0x1}, {0x0, 0x4}, {0x7, 0x9}, {0x5, 0x3}, {0x1}, {0x1, 0x3}, {0x7, 0x4}]}]}, @NL80211_BAND_5GHZ={0x74, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0xb, 0x22, 0x2, 0xc, 0x60, 0x2, 0x60, 0x2, 0x4, 0x18]}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x30, 0x6, 0x12, 0x3, 0x3ebed970d42025cc]}, @NL80211_TXRATE_LEGACY={0x22, 0x1, [0x4, 0x6, 0xc, 0x9, 0x1, 0xc, 0x48, 0x5, 0xb, 0x5, 0x60, 0x24, 0x3, 0x60, 0xb, 0x30, 0x1, 0x24, 0x36, 0x1, 0x5, 0x16, 0x18, 0x5, 0x4, 0x1b, 0x2, 0x9, 0x16, 0x2]}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0x1, 0x12, 0x1, 0x1b, 0x4, 0x6d, 0x6, 0x5, 0x9, 0x60, 0x6, 0x18, 0x2, 0x30, 0x16, 0x24, 0x48, 0x3, 0x30, 0x24, 0x1, 0x18, 0x9, 0x60, 0x1b, 0x9, 0xc]}]}, @NL80211_BAND_60GHZ={0x30, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x14, 0x1, [0x4, 0x18, 0x4, 0x5, 0x12, 0xc, 0x5, 0x69, 0xb, 0xb, 0x48, 0x1, 0xa8, 0x1b, 0x1b, 0x4]}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x18, 0xf, 0x60, 0x1b, 0x12, 0x3b, 0x3, 0x4, 0x24, 0x1]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}]}, @NL80211_ATTR_TX_RATES={0xd8, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x6c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xa55, 0xfffc, 0x401, 0x7, 0x0, 0x0, 0x7, 0x8]}}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0x30, 0x2e, 0x6, 0x9, 0x1b, 0x16, 0x2, 0x5, 0x48, 0x9, 0x30, 0xc, 0x9, 0x4, 0x9, 0x2, 0x60, 0x14, 0x5, 0x18, 0x2, 0x20, 0xb, 0x2d8bd6332f4e5054, 0xc, 0x4, 0x3]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x1a, 0x1, [0x1b, 0x4, 0x6, 0x24, 0x3, 0xc, 0x2, 0x1b, 0x5, 0x12, 0x1, 0x48, 0x36, 0x12, 0x4, 0x67, 0x24, 0x36, 0x60, 0xc, 0x5, 0x1]}]}, @NL80211_BAND_5GHZ={0x68, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xdb4, 0x6, 0x8, 0xfff7, 0x2e, 0x8, 0x3, 0x9]}}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x5, 0x3}, {0x3, 0x8}, {0x1, 0x9}, {0x1, 0x1}, {0x1, 0xa}, {0x7, 0x8}, {0x1, 0x5}, {0x1, 0x5}, {0x1, 0x4}, {}, {0x4, 0x3}, {0x4, 0x2}, {0x7, 0x9}, {0x1, 0x3}, {0x3, 0xa}, {0x7, 0x2}, {0x4, 0x9}, {0x5, 0x1}, {0x0, 0x6}, {0x5, 0x8}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x4, 0x1ff, 0x0, 0x3c0, 0x2, 0x7, 0x2]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x7fff, 0x5, 0x8aac, 0x26, 0x2, 0x8, 0x4]}}]}]}]}, 0x718}, 0x1, 0x0, 0x0, 0x4004}, 0x4005)
mount$9p_fd(0x0, &(0x7f00000009c0)='./file0\x00', &(0x7f0000000a00), 0x20000, &(0x7f0000000a40)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_client}, {@nodevmap}]}})
ioctl$FBIOGET_VSCREENINFO(r0, 0x4600, &(0x7f0000000ac0))
r3 = openat$ttynull(0xffffff9c, &(0x7f0000000b80), 0x0, 0x0)
ioctl$GIO_FONT(r3, 0x4b60, &(0x7f0000000bc0)=""/10)
ioctl$HIDIOCGRAWNAME(0xffffffffffffffff, 0x80404804, &(0x7f0000000c00))
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000e80)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000e40)={&(0x7f0000000c80)={0x188, 0x1, 0x2, 0x101, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0xe9e}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x10001}, @CTA_EXPECT_NAT={0x130, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x5c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @remote}}, {0x14, 0x4, @loopback}}}]}, @CTA_EXPECT_NAT_TUPLE={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x5c, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x5, 0x0}}, {0x14, 0x4, @local}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8}]}, @CTA_EXPECT_MASTER={0x34, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}]}, 0x188}, 0x1, 0x0, 0x0, 0x24004081}, 0x4010)
r4 = syz_open_dev$loop(&(0x7f0000000ec0), 0x0, 0x46000)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000f00)={r4, 0x172, {0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0xa, 0x15, 0x4, "789ebaedc1feccf04db51648a41cecfee999653514384a1b9b7d5d2d3e7fa846c92cf49ddbdbe76b00992661d4489bf25899bdffa9f2c7c3b89bd78d1a122ac0", "035aa676fc9f804e972be29f6113928f72b1e3c2f486200cb8d11a91fc43b75d9c2f03ea606c3b8b8df7806df370618611988943073b5f4261e39f5bf9197fb1", "1e55a4de5de4555e9135950a7dd3ddbbedca68d1dfa3770190b33cc486ebca02", [0x7d, 0x6]}})
recvmsg(r0, &(0x7f00000013c0)={&(0x7f0000001040)=@qipcrtr, 0x80, &(0x7f0000001280)=[{&(0x7f00000010c0)=""/32, 0x20}, {&(0x7f0000001100)=""/251, 0xfb}, {&(0x7f0000001200)=""/82, 0x52}], 0x3, &(0x7f00000012c0)=""/215, 0xd7}, 0x0)
syz_open_dev$loop(&(0x7f0000001400), 0x3, 0x400)
ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000001440))
r5 = openat$capi20(0xffffff9c, &(0x7f0000001480), 0x80200, 0x0)
ioctl$CAPI_INSTALLED(r5, 0x80024322)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000014c0)={'macvtap0\x00'})
ioctl$CAPI_GET_FLAGS(r0, 0x80044323, &(0x7f0000001500))
setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000001540)={0x0, 0x2710}, 0x8)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000001580)='team_slave_0\x00', 0x10)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
pipe(&(0x7f00000015c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
epoll_pwait(r6, &(0x7f0000001600)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0xa, 0x1400, &(0x7f0000001680)={[0x101, 0xfffff30d]}, 0x8)
recvmmsg$unix(r7, &(0x7f0000001e40)=[{{&(0x7f00000016c0), 0x6e, &(0x7f0000001940)=[{&(0x7f0000001740)=""/105, 0x69}, {&(0x7f00000017c0)=""/106, 0x6a}, {&(0x7f0000001840)=""/247, 0xf7}], 0x3, &(0x7f0000001980)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x14, 0x1, 0x1, [<r8=>0xffffffffffffffff, 0xffffffffffffffff]}}], 0xd8}}, {{&(0x7f0000001a80)=@abs, 0x6e, &(0x7f0000001dc0)=[{&(0x7f0000001b00)=""/129, 0x81}, {&(0x7f0000001bc0)=""/103, 0x67}, {&(0x7f0000001c40)=""/95, 0x5f}, {&(0x7f0000001cc0)=""/223, 0xdf}], 0x4, &(0x7f0000001e00)=[@cred={{0x18}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, <r9=>0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, <r10=>0xffffffffffffffff]}}], 0x40}}], 0x2, 0x0, &(0x7f0000001e80)={0x77359400})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001f40)={{r10}, &(0x7f0000001ec0), &(0x7f0000001f00)=r9}, 0x1c)
read$hiddev(r7, &(0x7f0000001f80)=""/254, 0xfe)
setsockopt$packet_tx_ring(r8, 0x107, 0xd, &(0x7f0000002080)=@req3={0x1, 0x3, 0x3ff, 0xfc92, 0x1000, 0x9, 0x401}, 0x1c)

219.803564ms ago: executing program 2 (id=1952):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x0, 0x2}, {0xfaf, 0x0, 0x40, 0x5}]}) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/mcfilter\x00')
lseek(r1, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
mmap(&(0x7f0000ff6000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) (async)
r2 = socket$inet6(0xa, 0x2, 0x0) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="6400000009000000855b7c17e3d4ba9fd6171054fbffb4bf822fb7ef27e56b2ede509400249fbf214ccb7103207f687ad8b3ab4066317eaadae0f242c832f7fe8c64d9b4424b22bf0f5140993a8e01cc", @ANYRES32=r0, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="3e00330000000000080211000001080211000000ffffffffffff0000000093000000002d1a0000000000000000000000000000000000000000000000000000000004008e000400cd0002b3eacdb2af5cf551997c92b81c9be2a219ca44753e32e2082226da14f9cb32e1a51724eb3d2222a47343e453cd32c4a22f86422ceb6e7faf7fd8638d89133c1264621d7e32ad6e4bd8aecae958af827cb7ec9af78db5a6ca7b79849c376d4826e5586795fa0e0562ed0db07ef1c2c332e09273c236aa2383ed374ee0d7b167471de70c35a77f998b34fa45cbd0fceacaadac3d26be30076b80c842d08ddc07a729e4b317c5d14a95296b34e15fd4b52a050708a1"], 0x64}}, 0x0) (async)
bind$inet6(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32)
connect$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e1f, 0x0, @rand_addr, 0x2}, 0x1c) (rerun: 32)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r5 = openat$vimc1(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r5, 0xc0f8565c, &(0x7f0000000340)={0x8bf, 0x9, 0x4, {0x8, @sliced={0x2, [0x4, 0x80, 0x101, 0x1, 0x4, 0x1, 0xf, 0x80, 0x8, 0x1000, 0x5, 0x6, 0x4, 0x80, 0x2, 0x400, 0x2, 0x8, 0x5, 0xc, 0x7078, 0x3, 0x9, 0xffff, 0x9aa, 0x1ff, 0x1000, 0x7, 0x1ff, 0x102, 0x10, 0x9, 0xfff0, 0x5, 0x5, 0x4, 0xc, 0x5a, 0x8, 0x5, 0x83, 0x3, 0x200, 0xcb, 0xfffb, 0xb, 0x0, 0xfff6], 0x7}}, 0x20ac}) (async, rerun: 64)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) (async, rerun: 64)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmmsg(r2, &(0x7f00000092c0), 0x8000000000002ad, 0x11) (async)
ioctl$PTP_PEROUT_REQUEST(r1, 0x40383d03, &(0x7f0000000000)={{0xe37, 0x101}, {0x1, 0x80000001}, 0x6, 0x1})
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r8 = dup(r7)
bind$bt_l2cap(r8, &(0x7f0000000300)={0x1f, 0x0, @none}, 0xe) (async)
listen(r8, 0x0) (async, rerun: 32)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r8, &(0x7f0000002440)={0x0, 0x0, &(0x7f0000002400)={&(0x7f0000004940)=ANY=[], 0xd0}}, 0x4004) (rerun: 32)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x11, 0xffffffffffffffff, 0x0) (async)
ftruncate(0xffffffffffffffff, 0x0) (async)
getgroups(0x0, 0x0)

134.890649ms ago: executing program 3 (id=1953):
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f00000001c0))

25.312508ms ago: executing program 3 (id=1954):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x200401, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d667363616368"])
chdir(&(0x7f0000000280)='./file0\x00')
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
umount2(&(0x7f0000000040)='./file0\x00', 0xb)
pwritev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00000000c0)="a82614486d00e343b4e3c9a580539c74724404877d3996d5fc5a0d7ad63e03e17050f88d07499c2e36719d51f77951a9bc4fa9f48cd4d3957f83a0ab00d2e59eda37176b56a9497e64823d944f90168df810115ebed78ae320b293de263f809b2fc603aece0f78af77ce44d95dfbdadad6a68cf8c2698784e6199aa1452aa0fb0f495f9665720e7a583ecc47c047f82339acba71b4bfeb1c988c062f33b6fa8fa37219dc7d5400122fc8bcdf284a7ea2ed586bae3eb15d3cae7fa60b0baf34c96b28f22474d895094361392ccac60029d7b1e70d172a6e8092eb07bf9ee8885c18b02a0cdb934d56e7dc7ff6c05d7b07b5712fba6e1d67db4093ca9af38333", 0xff}, {&(0x7f00000001c0)="1b836a6aa098842d76514c6cdd451aa2115b136f41c07ca2337ccdc4da82515bf4ff3cfe76bee30afa19587cf9c4279606b15fa5ff4a06b615435c1facf77b62337084c1b0d35b00bca6d35120072a0c9ffc30685284de7d5a29ff16ae3c8a1331e2cd197fb85f17", 0x68}, {&(0x7f0000000240)="731e34e6bdba045c31e8604472fecce6a1217dda8a89d65c13f46cfc666652cd22121a7d3c8378b6434c1fb74ce22ce24d5b8cea3ff7b76c947b5f86bf05f3cf591e626587723437bdadf396a2cec8d009c06f7632aeb7874a2d76be8c2de592e7ca7612ebf2de03db6c87cc1fee09adea9a01a92d190b3e31c238b38dde3c377aa7ebab903ab8fa3c283c6088e81aa78823c3abf6776ec5f9c05c7c2ad4da9c1dbfb97a0598c9b5b62f2066bad5659c99b4b184b08c9ec6046b373712225f8d31375afdf17f61131091f42b5afe4256a2d0170a1a0d4fd5e2bbc0ffdf5fc109aef70b32cf6d4e9465bfc4e9119b1aa4e551c82d3e540dfc14ac", 0xfa}], 0x3, 0xe98f, 0x315)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000040)=0xb6, 0x4)
r1 = syz_open_dev$MSR(&(0x7f0000019340), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0)

0s ago: executing program 1 (id=1955):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x144000, 0x7fe2, 0x1}, 0x48)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x4739, r0}, 0x38)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x4, @multicast2, 0x8000, 0x0, 'lc\x00', 0x1, 0xffffffff, 0xfffffffe}, 0x2c)
syz_emit_vhci(&(0x7f0000000340)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x94}, "c09b5cf980d0414e3fc5e3fdcfc704d3eac71904a978d44e07e891c56511abb862913b8c51b27b5ef9538bc8a685b8d61627eaaf2df8e03b5d510e501b69ef78eeebe87461d42079d4d5366d03869c4c51cdf61b1c8cf8975533ce643359c5ebb63dca3001cfe33234b26e97db51fb4121e887fc496833e90830bed1c28b54ba595f377745143bb9b7cc10bc01ed9c9421fad794"}, 0x98)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
socket$unix(0x1, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
io_uring_setup(0x7057, &(0x7f0000000180))
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_io_uring_setup(0x94c, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r4=>0x0, &(0x7f00000002c0)=<r5=>0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index})
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r3, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

batadv_slave_1
[  409.168487][T10730] batman_adv: batadv0: Interface deactivated: vlan1
[  409.172376][T10730] batman_adv: batadv0: Removing interface: vlan1
[  415.286957][T10776] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1619'.
[  415.292705][T10776] unsupported nlmsg_type 40
[  415.777562][T10798] FAULT_INJECTION: forcing a failure.
[  415.777562][T10798] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  415.834592][T10798] CPU: 2 UID: 0 PID: 10798 Comm: syz.3.1623 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  415.852639][T10798] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  415.857286][T10798] Call Trace:
[  415.859123][T10798]  <TASK>
[  415.860559][T10798]  dump_stack_lvl+0x16c/0x1f0
[  415.862541][T10798]  should_fail_ex+0x497/0x5b0
[  415.870479][T10798]  _copy_to_user+0x30/0xc0
[  415.872944][T10798]  bpf_test_finish.isra.0+0x582/0x6b0
[  415.875487][T10798]  ? __pfx___might_resched+0x10/0x10
[  415.878056][T10798]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  415.880733][T10798]  bpf_prog_test_run_xdp+0xa1f/0x1530
[  415.883177][T10798]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  415.885810][T10798]  ? fput+0x32/0x390
[  415.887733][T10798]  ? __bpf_prog_get+0xa0/0x2f0
[  415.890065][T10798]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  415.893056][T10798]  __sys_bpf+0x1af6/0x55e0
[  415.895283][T10798]  ? __pfx___sys_bpf+0x10/0x10
[  415.897863][T10798]  ? ksys_write+0x12f/0x260
[  415.900601][T10798]  ? find_held_lock+0x2d/0x110
[  415.903013][T10798]  ? ksys_write+0x21c/0x260
[  415.904850][T10798]  ? __pfx_lock_release+0x10/0x10
[  415.907044][T10798]  ? vfs_write+0x14d/0x1140
[  415.909502][T10798]  ? __mutex_unlock_slowpath+0x164/0x650
[  415.911970][T10798]  ? fput+0x32/0x390
[  415.913566][T10798]  ? ksys_write+0x1ab/0x260
[  415.915593][T10798]  ? __pfx_ksys_write+0x10/0x10
[  415.918058][T10798]  __ia32_sys_bpf+0x76/0xe0
[  415.920783][T10798]  __do_fast_syscall_32+0x73/0x120
[  415.923717][T10798]  do_fast_syscall_32+0x32/0x80
[  415.926491][T10798]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  415.930357][T10798] RIP: 0023:0xf741e579
[  415.932877][T10798] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  415.943578][T10798] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  415.947212][T10798] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000340
[  415.950795][T10798] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  415.955318][T10798] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  415.959541][T10798] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  415.963546][T10798] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  415.968013][T10798]  </TASK>
[  416.003606][T10801] FAULT_INJECTION: forcing a failure.
[  416.003606][T10801] name failslab, interval 1, probability 0, space 0, times 0
[  416.009593][T10801] CPU: 1 UID: 0 PID: 10801 Comm: syz.2.1625 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  416.014222][T10801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  416.030130][T10801] Call Trace:
[  416.031852][T10801]  <TASK>
[  416.033169][T10801]  dump_stack_lvl+0x16c/0x1f0
[  416.035194][T10801]  should_fail_ex+0x497/0x5b0
[  416.037196][T10801]  ? fs_reclaim_acquire+0xae/0x160
[  416.039861][T10801]  should_failslab+0xc2/0x120
[  416.041901][T10801]  __kmalloc_noprof+0xcb/0x410
[  416.043797][T10801]  ? __pfx_lock_acquire+0x10/0x10
[  416.045973][T10801]  tomoyo_realpath_from_path+0xbf/0x710
[  416.048509][T10801]  ? tomoyo_profile+0x47/0x60
[  416.050640][T10801]  tomoyo_path_number_perm+0x245/0x5b0
[  416.052921][T10801]  ? tomoyo_path_number_perm+0x232/0x5b0
[  416.055646][T10801]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  416.058774][T10801]  ? find_held_lock+0x2d/0x110
[  416.060924][T10801]  ? do_raw_spin_unlock+0x172/0x230
[  416.063135][T10801]  ? _raw_spin_unlock+0x28/0x50
[  416.065103][T10801]  ? d_add+0x43c/0x730
[  416.067394][T10801]  ? do_raw_spin_unlock+0x172/0x230
[  416.070460][T10801]  ? simple_lookup+0xd6/0x110
[  416.073272][T10801]  tomoyo_path_mkdir+0x9c/0xe0
[  416.076253][T10801]  ? __pfx_tomoyo_path_mkdir+0x10/0x10
[  416.079582][T10801]  ? get_current_fs_domain+0x188/0x1f0
[  416.082800][T10801]  security_path_mkdir+0x111/0x170
[  416.085626][T10801]  do_mkdirat+0x176/0x3a0
[  416.087454][T10801]  ? __pfx_do_mkdirat+0x10/0x10
[  416.089528][T10801]  ? getname_flags.part.0+0x1c5/0x550
[  416.092681][T10801]  __ia32_sys_mkdirat+0x82/0xb0
[  416.095150][T10801]  __do_fast_syscall_32+0x73/0x120
[  416.097795][T10801]  do_fast_syscall_32+0x32/0x80
[  416.100522][T10801]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  416.104217][T10801] RIP: 0023:0xf739e579
[  416.106634][T10801] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  416.117907][T10801] RSP: 002b:00000000f56a656c EFLAGS: 00000296 ORIG_RAX: 0000000000000128
[  416.122286][T10801] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000040
[  416.125969][T10801] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  416.129934][T10801] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  416.134542][T10801] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  416.139240][T10801] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  416.144046][T10801]  </TASK>
[  416.188557][T10801] ERROR: Out of memory at tomoyo_realpath_from_path.
[  416.197690][T10807] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  416.214290][ T5371] Bluetooth: hci2: SCO packet for unknown connection handle 200
[  416.409448][T10812] openvswitch: netlink: Missing key (keys=8040, expected=2000)
[  416.560119][T10817] FAULT_INJECTION: forcing a failure.
[  416.560119][T10817] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  416.570378][T10817] CPU: 0 UID: 0 PID: 10817 Comm: syz.2.1630 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  416.580415][T10817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  416.584912][T10817] Call Trace:
[  416.585924][T10817]  <TASK>
[  416.586899][T10817]  dump_stack_lvl+0x16c/0x1f0
[  416.588594][T10817]  should_fail_ex+0x497/0x5b0
[  416.590589][T10817]  _copy_from_user+0x30/0xf0
[  416.592460][T10817]  kstrtouint_from_user+0xd7/0x1c0
[  416.594618][T10817]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  416.597115][T10817]  ? __pfx_lock_acquire+0x10/0x10
[  416.599235][T10817]  proc_fail_nth_write+0x84/0x260
[  416.601244][T10817]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  416.603624][T10817]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  416.605816][T10817]  vfs_write+0x29a/0x1140
[  416.609653][T10817]  ? __fdget_pos+0xeb/0x180
[  416.611781][T10817]  ? __pfx_vfs_write+0x10/0x10
[  416.614192][T10817]  ? __pfx___mutex_lock+0x10/0x10
[  416.616707][T10817]  ? __fget_files+0x256/0x400
[  416.618892][T10817]  ksys_write+0x12f/0x260
[  416.620878][T10817]  ? __pfx_ksys_write+0x10/0x10
[  416.623109][T10817]  __do_fast_syscall_32+0x73/0x120
[  416.625393][T10817]  do_fast_syscall_32+0x32/0x80
[  416.627599][T10817]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  416.630265][T10817] RIP: 0023:0xf739e579
[  416.631942][T10817] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  416.640247][T10817] RSP: 002b:00000000f56855a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  416.643726][T10817] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5685620
[  416.647018][T10817] RDX: 0000000000000001 RSI: 00000000f7390ff4 RDI: 0000000000000000
[  416.650891][T10817] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  416.654272][T10817] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  416.657154][T10817] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  416.659916][T10817]  </TASK>
[  418.531151][T10855] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1642'.
[  419.261230][T10876] netlink: 'syz.3.1648': attribute type 29 has an invalid length.
[  419.269332][T10876] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1648'.
[  419.429875][T10878] FAULT_INJECTION: forcing a failure.
[  419.429875][T10878] name failslab, interval 1, probability 0, space 0, times 0
[  419.435044][T10878] CPU: 0 UID: 0 PID: 10878 Comm: syz.3.1649 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  419.454838][T10878] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  419.459349][T10878] Call Trace:
[  419.460691][T10878]  <TASK>
[  419.474533][T10878]  dump_stack_lvl+0x16c/0x1f0
[  419.476636][T10878]  should_fail_ex+0x497/0x5b0
[  419.479247][T10878]  ? fs_reclaim_acquire+0xae/0x160
[  419.481928][T10878]  should_failslab+0xc2/0x120
[  419.485337][T10878]  __kmalloc_noprof+0xcb/0x410
[  419.494526][T10878]  ? __pfx___mutex_trylock_common+0x10/0x10
[  419.498078][T10878]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  419.502601][T10878]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  419.506109][T10878]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  419.510072][T10878]  ? security_capable+0x98/0xd0
[  419.513218][T10878]  genl_rcv_msg+0x565/0x800
[  419.515989][T10878]  ? __pfx_genl_rcv_msg+0x10/0x10
[  419.518983][T10878]  ? __pfx_nl802154_pre_doit+0x10/0x10
[  419.522168][T10878]  ? __pfx_nl802154_set_channel+0x10/0x10
[  419.525784][T10878]  ? __pfx_nl802154_post_doit+0x10/0x10
[  419.529271][T10878]  ? __pfx___lock_acquire+0x10/0x10
[  419.532634][T10878]  netlink_rcv_skb+0x165/0x410
[  419.535736][T10878]  ? __pfx_genl_rcv_msg+0x10/0x10
[  419.539015][T10878]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  419.542430][T10878]  ? down_read+0xc9/0x330
[  419.545267][T10878]  ? __pfx_down_read+0x10/0x10
[  419.548254][T10878]  ? netlink_deliver_tap+0x1ae/0xcf0
[  419.551769][T10878]  genl_rcv+0x28/0x40
[  419.554348][T10878]  netlink_unicast+0x53c/0x7f0
[  419.557501][T10878]  ? __pfx_netlink_unicast+0x10/0x10
[  419.560939][T10878]  ? __phys_addr_symbol+0x30/0x80
[  419.563814][T10878]  ? __check_object_size+0x497/0x720
[  419.566641][T10878]  netlink_sendmsg+0x8b8/0xd70
[  419.568536][T10878]  ? __pfx_netlink_sendmsg+0x10/0x10
[  419.570549][T10878]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  419.572940][T10878]  ____sys_sendmsg+0x9b4/0xb50
[  419.575509][T10878]  ? __pfx_____sys_sendmsg+0x10/0x10
[  419.578349][T10878]  ? get_compat_msghdr+0x11b/0x170
[  419.587515][T10878]  ? __pfx___lock_acquire+0x10/0x10
[  419.589539][T10878]  ___sys_sendmsg+0x135/0x1e0
[  419.591727][T10878]  ? __pfx____sys_sendmsg+0x10/0x10
[  419.594316][T10878]  ? ksys_write+0x21c/0x260
[  419.596694][T10878]  ? __fget_light+0x173/0x210
[  419.599226][T10878]  __sys_sendmsg+0x117/0x1f0
[  419.601771][T10878]  ? __pfx___sys_sendmsg+0x10/0x10
[  419.605700][T10878]  __do_fast_syscall_32+0x73/0x120
[  419.609129][T10878]  do_fast_syscall_32+0x32/0x80
[  419.612811][T10878]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  419.616681][T10878] RIP: 0023:0xf741e579
[  419.619280][T10878] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  419.631989][T10878] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  419.637098][T10878] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000a80
[  419.640940][T10878] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  419.644531][T10878] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  419.647992][T10878] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  419.651578][T10878] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  419.655240][T10878]  </TASK>
[  419.995891][T10885] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  420.027785][ T5371] Bluetooth: hci2: SCO packet for unknown connection handle 200
[  420.368774][T10896] program syz.0.1656 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  420.398977][T10896] netlink: 'syz.0.1656': attribute type 2 has an invalid length.
[  420.406783][   T39] kauditd_printk_skb: 33 callbacks suppressed
[  420.406795][   T39] audit: type=1326 audit(1725207196.931:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10894 comm="syz.0.1656" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x0
[  420.901885][T10901] netlink: 'syz.2.1657': attribute type 29 has an invalid length.
[  420.905002][T10901] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1657'.
[  421.268004][T10907] FAULT_INJECTION: forcing a failure.
[  421.268004][T10907] name failslab, interval 1, probability 0, space 0, times 0
[  421.275824][T10907] CPU: 2 UID: 0 PID: 10907 Comm: syz.0.1659 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  421.281171][T10907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  421.285664][T10907] Call Trace:
[  421.287189][T10907]  <TASK>
[  421.289221][T10907]  dump_stack_lvl+0x16c/0x1f0
[  421.295810][T10907]  should_fail_ex+0x497/0x5b0
[  421.297792][T10907]  should_failslab+0xc2/0x120
[  421.300046][T10907]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  421.302421][T10907]  ? skb_clone+0x190/0x3f0
[  421.305222][T10907]  skb_clone+0x190/0x3f0
[  421.307507][T10907]  netlink_deliver_tap+0xb26/0xcf0
[  421.309861][T10907]  netlink_unicast+0x5e1/0x7f0
[  421.312989][T10907]  ? __pfx_netlink_unicast+0x10/0x10
[  421.316056][T10907]  ? __phys_addr_symbol+0x30/0x80
[  421.318919][T10907]  ? __check_object_size+0x497/0x720
[  421.321500][T10907]  netlink_sendmsg+0x8b8/0xd70
[  421.323722][T10907]  ? __pfx_netlink_sendmsg+0x10/0x10
[  421.326244][T10907]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  421.328711][T10907]  ____sys_sendmsg+0x9b4/0xb50
[  421.331086][T10907]  ? __pfx_____sys_sendmsg+0x10/0x10
[  421.334108][T10907]  ? get_compat_msghdr+0x11b/0x170
[  421.337136][T10907]  ? __pfx___lock_acquire+0x10/0x10
[  421.340209][T10907]  ___sys_sendmsg+0x135/0x1e0
[  421.342896][T10907]  ? __pfx____sys_sendmsg+0x10/0x10
[  421.346111][T10907]  ? ksys_write+0x21c/0x260
[  421.348293][T10907]  ? __fget_light+0x173/0x210
[  421.350817][T10907]  __sys_sendmsg+0x117/0x1f0
[  421.354177][T10907]  ? __pfx___sys_sendmsg+0x10/0x10
[  421.357622][T10907]  __do_fast_syscall_32+0x73/0x120
[  421.360174][T10907]  do_fast_syscall_32+0x32/0x80
[  421.362426][T10907]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  421.365293][T10907] RIP: 0023:0xf745e579
[  421.367228][T10907] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  421.380497][T10907] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  421.384821][T10907] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000200
[  421.390065][T10907] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  421.395041][T10907] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  421.398923][T10907] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  421.403426][T10907] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  421.407947][T10907]  </TASK>
[  421.775535][T10915] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  423.882631][T10947] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  424.151579][T10950] FAULT_INJECTION: forcing a failure.
[  424.151579][T10950] name failslab, interval 1, probability 0, space 0, times 0
[  424.158527][T10950] CPU: 0 UID: 0 PID: 10950 Comm: syz.2.1673 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  424.163534][T10950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  424.170090][T10950] Call Trace:
[  424.172616][T10950]  <TASK>
[  424.174785][T10950]  dump_stack_lvl+0x16c/0x1f0
[  424.178159][T10950]  should_fail_ex+0x497/0x5b0
[  424.180514][T10950]  should_failslab+0xc2/0x120
[  424.183478][T10950]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  424.188482][T10950]  ? skb_clone+0x190/0x3f0
[  424.190491][T10950]  skb_clone+0x190/0x3f0
[  424.192376][T10950]  netlink_deliver_tap+0xb26/0xcf0
[  424.194678][T10950]  netlink_unicast+0x5e1/0x7f0
[  424.196965][T10950]  ? __pfx_netlink_unicast+0x10/0x10
[  424.199342][T10950]  ? netlink_sendmsg+0x822/0xd70
[  424.201370][T10950]  netlink_sendmsg+0x8b8/0xd70
[  424.203702][T10950]  ? __pfx_netlink_sendmsg+0x10/0x10
[  424.206129][T10950]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  424.208462][T10950]  ____sys_sendmsg+0x9b4/0xb50
[  424.210747][T10950]  ? __pfx_____sys_sendmsg+0x10/0x10
[  424.213423][T10950]  ? get_compat_msghdr+0x11b/0x170
[  424.217531][T10950]  ? __pfx___lock_acquire+0x10/0x10
[  424.220136][T10950]  ___sys_sendmsg+0x135/0x1e0
[  424.222935][T10950]  ? __pfx____sys_sendmsg+0x10/0x10
[  424.225652][T10950]  ? ksys_write+0x21c/0x260
[  424.227942][T10950]  ? __fget_light+0x173/0x210
[  424.230910][T10950]  __sys_sendmsg+0x117/0x1f0
[  424.234019][T10950]  ? __pfx___sys_sendmsg+0x10/0x10
[  424.237388][T10950]  __do_fast_syscall_32+0x73/0x120
[  424.240844][T10950]  do_fast_syscall_32+0x32/0x80
[  424.244041][T10950]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  424.248126][T10950] RIP: 0023:0xf739e579
[  424.250453][T10950] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  424.259957][T10950] RSP: 002b:00000000f568556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  424.263315][T10950] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200001c0
[  424.266915][T10950] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  424.270169][T10950] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  424.273627][T10950] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  424.277296][T10950] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  424.280596][T10950]  </TASK>
[  427.305445][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.308971][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.313972][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.335236][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.356152][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.359753][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.363135][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.388387][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.394646][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.432188][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.435263][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.438086][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.441337][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.445027][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.449018][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.460799][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.519763][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.523115][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.555895][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.559645][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.563583][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.567538][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.574305][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.577439][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.581204][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.584845][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.588754][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.592773][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.596268][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.599712][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.602641][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.605885][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.609457][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.613035][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.618023][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.622429][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.626127][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.630172][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.633404][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.636610][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.640308][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.643873][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.646573][  T673] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  427.658409][  T673] hid-generic 0000:0000:0000.0005: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  427.689460][  T835] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  427.770842][T10979] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1680'.
[  427.780217][T10979] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1680'.
[  427.891723][  T835] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  427.902411][  T835] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  427.908173][  T835] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  427.919407][  T835] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.936592][T10974] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  427.943425][  T835] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  428.215284][T10967] netlink: 'syz.2.1678': attribute type 10 has an invalid length.
[  428.218576][T10967] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1678'.
[  428.234710][T10967] bond0: entered promiscuous mode
[  428.236968][T10967] bond_slave_0: entered promiscuous mode
[  428.239674][T10967] bond_slave_1: entered promiscuous mode
[  428.432953][    T8] usb 7-1: USB disconnect, device number 23
[  428.488657][T10985] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  428.513035][T10983] hfs: can't find a HFS filesystem on dev nullb0
[  428.707169][T10989] FAULT_INJECTION: forcing a failure.
[  428.707169][T10989] name failslab, interval 1, probability 0, space 0, times 0
[  428.719567][T10989] CPU: 2 UID: 0 PID: 10989 Comm: syz.1.1683 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  428.725945][T10989] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  428.730734][T10989] Call Trace:
[  428.732223][T10989]  <TASK>
[  428.733768][T10989]  dump_stack_lvl+0x16c/0x1f0
[  428.736079][T10989]  should_fail_ex+0x497/0x5b0
[  428.738337][T10989]  ? fs_reclaim_acquire+0xae/0x160
[  428.740802][T10989]  should_failslab+0xc2/0x120
[  428.743287][T10989]  __kmalloc_cache_noprof+0x6b/0x310
[  428.745467][T10989]  ? dev_ethtool+0xce/0x330
[  428.747051][T10989]  dev_ethtool+0xce/0x330
[  428.748535][T10989]  ? __pfx_dev_ethtool+0x10/0x10
[  428.750333][T10989]  ? netdev_name_node_lookup_rcu+0xf0/0x140
[  428.753014][T10989]  dev_ioctl+0x2a2/0x10c0
[  428.755057][T10989]  compat_sock_ioctl+0x452/0x7f0
[  428.757421][T10989]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  428.759910][T10989]  ? bpf_lsm_file_ioctl_compat+0x9/0x10
[  428.762416][T10989]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  428.765083][T10989]  __do_compat_sys_ioctl+0x2c3/0x330
[  428.767446][T10989]  __do_fast_syscall_32+0x73/0x120
[  428.769759][T10989]  do_fast_syscall_32+0x32/0x80
[  428.772223][T10989]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  428.775309][T10989] RIP: 0023:0xf73ee579
[  428.777149][T10989] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  428.785827][T10989] RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  428.789309][T10989] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008946
[  428.794620][T10989] RDX: 0000000020000d00 RSI: 0000000000000000 RDI: 0000000000000000
[  428.798136][T10989] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  428.801076][T10989] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  428.803969][T10989] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  428.807039][T10989]  </TASK>
[  428.914532][T10991] netlink: 'syz.3.1684': attribute type 5 has an invalid length.
[  428.931986][T10991] : entered promiscuous mode
[  429.246691][T11001] FAULT_INJECTION: forcing a failure.
[  429.246691][T11001] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  429.289488][T11001] CPU: 3 UID: 0 PID: 11001 Comm: syz.1.1685 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  429.294355][T11001] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  429.299508][T11001] Call Trace:
[  429.300994][T11001]  <TASK>
[  429.302308][T11001]  dump_stack_lvl+0x16c/0x1f0
[  429.304464][T11001]  should_fail_ex+0x497/0x5b0
[  429.309516][T11001]  _copy_from_user+0x30/0xf0
[  429.312557][T11001]  ipv6_flowlabel_opt+0x18a/0x2fb0
[  429.315387][T11001]  ? __pfx_ipv6_flowlabel_opt+0x10/0x10
[  429.318388][T11001]  ? sockopt_lock_sock+0x54/0x70
[  429.320979][T11001]  ? mark_held_locks+0x9f/0xe0
[  429.323432][T11001]  ? sockopt_lock_sock+0x54/0x70
[  429.326373][T11001]  ? __local_bh_enable_ip+0xa4/0x120
[  429.329106][T11001]  ? do_ipv6_setsockopt+0x1140/0x4800
[  429.332056][T11001]  do_ipv6_setsockopt+0x1140/0x4800
[  429.334680][T11001]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  429.337041][T11001]  ? mark_lock+0xb5/0xc60
[  429.338996][T11001]  ? aa_label_sk_perm+0x165/0x560
[  429.341250][T11001]  ? __lock_acquire+0xbdd/0x3cb0
[  429.343488][T11001]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  429.346504][T11001]  ? __might_fault+0x13b/0x190
[  429.348818][T11001]  ? __pfx___lock_acquire+0x10/0x10
[  429.351705][T11001]  ? hlock_class+0x4e/0x130
[  429.354211][T11001]  ? __lock_acquire+0xbdd/0x3cb0
[  429.357145][T11001]  ? ipv6_setsockopt+0xe3/0x1a0
[  429.360291][T11001]  ipv6_setsockopt+0xe3/0x1a0
[  429.362787][T11001]  rawv6_setsockopt+0xdc/0x700
[  429.364968][T11001]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  429.368891][T11001]  ? sock_common_setsockopt+0x2e/0xf0
[  429.382934][T11001]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  429.385103][T11001]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  429.387395][T11001]  do_sock_setsockopt+0x222/0x480
[  429.389361][T11001]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  429.391858][T11001]  ? __fget_light+0x173/0x210
[  429.393975][T11001]  __sys_setsockopt+0x1a4/0x270
[  429.396162][T11001]  ? __pfx___sys_setsockopt+0x10/0x10
[  429.398315][T11001]  ? fput+0x32/0x390
[  429.399879][T11001]  ? ksys_write+0x1ab/0x260
[  429.401825][T11001]  ? __pfx_ksys_write+0x10/0x10
[  429.404004][T11001]  __ia32_sys_setsockopt+0xbc/0x160
[  429.430395][T11001]  ? lockdep_hardirqs_on+0x7c/0x110
[  429.432726][T11001]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  429.435700][T11001]  __do_fast_syscall_32+0x73/0x120
[  429.438172][T11001]  do_fast_syscall_32+0x32/0x80
[  429.440819][T11001]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  429.443650][T11001] RIP: 0023:0xf73ee579
[  429.447106][T11001] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  429.455551][T11001] RSP: 002b:00000000f56b456c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  429.479147][T11001] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000000000029
[  429.482227][T11001] RDX: 0000000000000020 RSI: 0000000020000100 RDI: 0000000000000020
[  429.485289][T11001] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  429.488409][T11001] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  429.491719][T11001] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  429.495155][T11001]  </TASK>
[  429.650174][T11003] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1687'.
[  429.676628][T11003] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1687'.
[  429.872511][T11011] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  429.941971][T11014] FAULT_INJECTION: forcing a failure.
[  429.941971][T11014] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  429.947618][T11014] CPU: 1 UID: 0 PID: 11014 Comm: syz.2.1688 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  429.952672][T11014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  429.957787][T11014] Call Trace:
[  429.959370][T11014]  <TASK>
[  429.960340][T11014]  dump_stack_lvl+0x16c/0x1f0
[  429.964532][T11014]  should_fail_ex+0x497/0x5b0
[  429.969631][T11014]  _copy_to_user+0x30/0xc0
[  429.971482][T11014]  simple_read_from_buffer+0xd0/0x160
[  429.973554][T11014]  proc_fail_nth_read+0x19e/0x280
[  429.975490][T11014]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  429.977557][T11014]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  429.979853][T11014]  vfs_read+0x1d4/0xbd0
[  429.981764][T11014]  ? __fdget_pos+0xeb/0x180
[  429.984357][T11014]  ? __pfx_vfs_read+0x10/0x10
[  429.986504][T11014]  ? __pfx___mutex_lock+0x10/0x10
[  429.988744][T11014]  ? __fget_files+0x256/0x400
[  429.991633][T11014]  ksys_read+0x12f/0x260
[  429.994311][T11014]  ? __pfx_ksys_read+0x10/0x10
[  429.996978][T11014]  __do_fast_syscall_32+0x73/0x120
[  429.999383][T11014]  do_fast_syscall_32+0x32/0x80
[  430.001618][T11014]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  430.004468][T11014] RIP: 0023:0xf739e579
[  430.006676][T11014] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  430.023744][T11014] RSP: 002b:00000000f56645a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  430.027522][T11014] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f5664620
[  430.031070][T11014] RDX: 000000000000000f RSI: 00000000f7390ff4 RDI: 0000000000000000
[  430.035785][T11014] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  430.040200][T11014] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  430.044539][T11014] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  430.048069][T11014]  </TASK>
[  430.308462][T11027] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1692'.
[  430.314294][T11027] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1692'.
[  430.445030][T11030] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1697'.
[  430.508390][T11030] bridge_slave_1: left allmulticast mode
[  430.516148][T11030] bridge_slave_1: left promiscuous mode
[  430.522791][T11030] bridge2: port 1(bridge_slave_1) entered disabled state
[  430.571512][T11030] bridge3: port 1(bridge_slave_1) entered blocking state
[  430.576369][T11030] bridge3: port 1(bridge_slave_1) entered disabled state
[  430.589484][T11030] bridge_slave_1: entered allmulticast mode
[  430.593622][T11030] bridge_slave_1: entered promiscuous mode
[  430.737624][T11032] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1698'.
[  430.749969][T11032] FAULT_INJECTION: forcing a failure.
[  430.749969][T11032] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  430.755915][T11032] CPU: 0 UID: 0 PID: 11032 Comm: syz.0.1698 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  430.760668][T11032] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  430.765668][T11032] Call Trace:
[  430.767206][T11032]  <TASK>
[  430.768908][T11032]  dump_stack_lvl+0x16c/0x1f0
[  430.771017][T11032]  should_fail_ex+0x497/0x5b0
[  430.773126][T11032]  _copy_from_user+0x30/0xf0
[  430.775219][T11032]  get_compat_msghdr+0xa8/0x170
[  430.777415][T11032]  ? __pfx_get_compat_msghdr+0x10/0x10
[  430.779907][T11032]  ? __pfx___lock_acquire+0x10/0x10
[  430.782273][T11032]  ___sys_sendmsg+0x1b0/0x1e0
[  430.784418][T11032]  ? __pfx____sys_sendmsg+0x10/0x10
[  430.786755][T11032]  ? ksys_write+0x21c/0x260
[  430.788808][T11032]  ? __fget_light+0x173/0x210
[  430.791148][T11032]  __sys_sendmsg+0x117/0x1f0
[  430.793301][T11032]  ? __pfx___sys_sendmsg+0x10/0x10
[  430.795708][T11032]  __do_fast_syscall_32+0x73/0x120
[  430.798084][T11032]  do_fast_syscall_32+0x32/0x80
[  430.800407][T11032]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  430.803085][T11032] RIP: 0023:0xf745e579
[  430.804709][T11032] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  430.812488][T11032] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  430.817122][T11032] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000300
[  430.821883][T11032] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  430.826107][T11032] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  430.830241][T11032] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  430.833869][T11032] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  430.837412][T11032]  </TASK>
[  430.890573][T11034] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1699'.
[  431.193396][T11046] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  431.209222][ T5371] Bluetooth: hci2: SCO packet for unknown connection handle 200
[  431.900271][ T5371] Bluetooth: hci0: command tx timeout
[  432.160571][T11071] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  432.210800][T11069] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  432.235824][T11069] overlayfs: failed to set xattr on upper
[  432.238939][T11069] overlayfs: ...falling back to redirect_dir=nofollow.
[  432.243909][T11069] overlayfs: ...falling back to index=off.
[  432.247521][T11069] overlayfs: ...falling back to uuid=null.
[  432.535638][   T39] audit: type=1326 audit(1725207209.061:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11061 comm="syz.0.1708" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf745e579 code=0x0
[  436.064146][T11095] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  438.114112][T11119] __nla_validate_parse: 2 callbacks suppressed
[  438.114127][T11119] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1721'.
[  438.134607][T11119] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1721'.
[  438.306856][T11123] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  438.311324][ T5371] Bluetooth: hci2: SCO packet for unknown connection handle 200
[  439.890006][    C0] vkms_vblank_simulate: vblank timer overrun
[  440.663061][ T5361] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  440.668709][T11171] FAULT_INJECTION: forcing a failure.
[  440.668709][T11171] name failslab, interval 1, probability 0, space 0, times 0
[  440.670735][ T5361] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  440.690522][T11171] CPU: 2 UID: 0 PID: 11171 Comm: syz.3.1738 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  440.695275][T11171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  440.699425][ T5361] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  440.700987][T11171] Call Trace:
[  440.706077][T11171]  <TASK>
[  440.714369][T11171]  dump_stack_lvl+0x16c/0x1f0
[  440.716330][T11171]  should_fail_ex+0x497/0x5b0
[  440.718153][T11171]  should_failslab+0xc2/0x120
[  440.720040][T11171]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  440.727193][T11171]  ? skb_clone+0x190/0x3f0
[  440.746324][T11171]  skb_clone+0x190/0x3f0
[  440.748246][T11171]  netlink_deliver_tap+0xb26/0xcf0
[  440.750527][T11171]  netlink_unicast+0x5e1/0x7f0
[  440.752618][T11171]  ? __pfx_netlink_unicast+0x10/0x10
[  440.754713][T11171]  ? __phys_addr_symbol+0x30/0x80
[  440.756632][T11171]  ? __check_object_size+0x497/0x720
[  440.758742][T11171]  netlink_sendmsg+0x8b8/0xd70
[  440.760812][T11171]  ? __pfx_netlink_sendmsg+0x10/0x10
[  440.770542][T11171]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  440.772857][T11171]  ____sys_sendmsg+0x9b4/0xb50
[  440.780479][T11171]  ? __pfx_____sys_sendmsg+0x10/0x10
[  440.782744][T11171]  ? get_compat_msghdr+0x11b/0x170
[  440.784811][T11171]  ? __pfx___lock_acquire+0x10/0x10
[  440.786914][T11171]  ___sys_sendmsg+0x135/0x1e0
[  440.788893][T11171]  ? __pfx____sys_sendmsg+0x10/0x10
[  440.792612][T11171]  ? ksys_write+0x21c/0x260
[  440.794981][T11171]  ? __fget_light+0x173/0x210
[  440.797088][T11171]  __sys_sendmsg+0x117/0x1f0
[  440.799351][T11171]  ? __pfx___sys_sendmsg+0x10/0x10
[  440.802012][T11171]  __do_fast_syscall_32+0x73/0x120
[  440.804559][T11171]  do_fast_syscall_32+0x32/0x80
[  440.807066][T11171]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  440.810295][T11171] RIP: 0023:0xf741e579
[  440.812415][T11171] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  440.821556][T11171] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  440.825772][T11171] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
[  440.829794][T11171] RDX: 00000000000000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  440.834624][ T5361] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  440.834750][T11171] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  440.839766][ T5361] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  440.841681][T11171] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  440.841696][T11171] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  440.841722][T11171]  </TASK>
[  440.858186][ T5361] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  440.972748][    C0] vkms_vblank_simulate: vblank timer overrun
[  441.213986][    C0] vkms_vblank_simulate: vblank timer overrun
[  441.495233][T11174] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1739'.
[  441.498668][T11181] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1739'.
[  441.697675][T11167] chnl_net:caif_netlink_parms(): no params data found
[  442.027990][T11188] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1740'.
[  442.198649][T11184] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1740'.
[  442.219612][T11167] bridge0: port 1(bridge_slave_0) entered blocking state
[  442.222734][T11167] bridge0: port 1(bridge_slave_0) entered disabled state
[  442.225750][T11167] bridge_slave_0: entered allmulticast mode
[  442.229248][T11167] bridge_slave_0: entered promiscuous mode
[  442.234504][T11167] bridge0: port 2(bridge_slave_1) entered blocking state
[  442.237685][T11167] bridge0: port 2(bridge_slave_1) entered disabled state
[  442.240882][T11167] bridge_slave_1: entered allmulticast mode
[  442.277509][T11167] bridge_slave_1: entered promiscuous mode
[  442.377605][T11167] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  442.391235][T11167] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  442.609307][    C0] vkms_vblank_simulate: vblank timer overrun
[  442.634612][T11167] team0: Port device team_slave_0 added
[  442.665569][T11167] team0: Port device team_slave_1 added
[  442.857880][T11167] batman_adv: batadv0: Adding interface: batadv_slave_0
[  442.861738][T11167] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  442.880921][T11167] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  442.890638][T11167] batman_adv: batadv0: Adding interface: batadv_slave_1
[  442.895006][T11167] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  442.915116][T11167] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  442.942306][ T5361] Bluetooth: hci4: command tx timeout
[  443.160921][T11167] hsr_slave_0: entered promiscuous mode
[  443.168962][T11167] hsr_slave_1: entered promiscuous mode
[  443.177945][T11167] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  443.186551][T11167] Cannot create hsr debugfs directory
[  443.641434][T11201] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  443.902332][T11167] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.958364][T11205] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1745'.
[  444.281092][T11167] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.305539][    C0] vkms_vblank_simulate: vblank timer overrun
[  444.478004][T11167] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.585387][T11167] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.989715][T11167] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  445.016725][T11167] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  445.019502][ T5361] Bluetooth: hci4: command tx timeout
[  445.058350][T11167] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  445.071311][T11167] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  445.259237][T11167] 8021q: adding VLAN 0 to HW filter on device bond0
[  445.263216][ T1379] ieee802154 phy0 wpan0: encryption failed: -22
[  445.266637][ T1379] ieee802154 phy1 wpan1: encryption failed: -22
[  445.301640][T11167] 8021q: adding VLAN 0 to HW filter on device team0
[  445.353782][ T1161] bridge0: port 1(bridge_slave_0) entered blocking state
[  445.356643][ T1161] bridge0: port 1(bridge_slave_0) entered forwarding state
[  445.364925][ T1161] bridge0: port 2(bridge_slave_1) entered blocking state
[  445.370861][ T1161] bridge0: port 2(bridge_slave_1) entered forwarding state
[  445.486594][    T8] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  445.488842][T11230] overlay: ./file0 is not a directory
[  445.500109][T11229] overlay: ./file0 is not a directory
[  445.659117][    T8] usb 6-1: device descriptor read/64, error -71
[  445.839110][T11167] 8021q: adding VLAN 0 to HW filter on device batadv0
[  445.892737][T11167] veth0_vlan: entered promiscuous mode
[  445.918620][T11167] veth1_vlan: entered promiscuous mode
[  445.953544][    T8] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  446.048265][T11167] veth0_macvtap: entered promiscuous mode
[  446.056035][T11167] veth1_macvtap: entered promiscuous mode
[  446.076116][T11167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  446.089082][T11167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  446.109459][T11167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  446.111051][    T8] usb 6-1: device descriptor read/64, error -71
[  446.113865][T11167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  446.131315][T11167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  446.135609][T11167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  446.148113][T11167] batman_adv: batadv0: Interface activated: batadv_slave_0
[  446.176502][T11167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  446.195721][T11167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  446.211297][T11167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  446.234644][T11167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  446.245263][    T8] usb usb6-port1: attempt power cycle
[  446.260234][T11167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  446.265724][T11167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  446.293289][T11167] batman_adv: batadv0: Interface activated: batadv_slave_1
[  446.304371][T11167] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  446.308826][T11167] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  446.314096][T11167] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  446.319450][T11167] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  446.615574][T11238] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  446.621887][T11238] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  446.629406][T11238] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  446.652494][T11238] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  446.702057][    T8] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  446.739972][    T8] usb 6-1: device descriptor read/8, error -71
[  446.764659][  T101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  446.788901][  T101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  446.816575][ T1161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  446.822353][ T1161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  447.049495][    T8] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  447.080673][    T8] usb 6-1: device descriptor read/8, error -71
[  447.199704][    T8] usb usb6-port1: unable to enumerate USB device
[  447.606661][T11250] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1753'.
[  447.615842][T11250] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1753'.
[  447.979625][ T5361] Bluetooth: hci2: command 0x0c1a tx timeout
[  448.699748][ T5361] Bluetooth: hci4: command 0x0419 tx timeout
[  448.844547][T11261] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1755'.
[  448.865015][T11261] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1755'.
[  450.517472][T11293] i2c i2c-1: Invalid block write size 254
[  450.769956][ T5361] Bluetooth: hci4: command 0x0419 tx timeout
[  450.868872][T11298] fuse: Bad value for 'fd'
[  450.934672][T11293] block nbd0: shutting down sockets
[  451.196673][T11290] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  451.200700][T11290] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  451.560828][T11303] FAULT_INJECTION: forcing a failure.
[  451.560828][T11303] name failslab, interval 1, probability 0, space 0, times 0
[  451.567527][T11303] CPU: 3 UID: 0 PID: 11303 Comm: syz.1.1769 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  451.578043][T11303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  451.582347][T11303] Call Trace:
[  451.583887][T11303]  <TASK>
[  451.585211][T11303]  dump_stack_lvl+0x16c/0x1f0
[  451.587388][T11303]  should_fail_ex+0x497/0x5b0
[  451.589948][T11303]  should_failslab+0xc2/0x120
[  451.592728][T11303]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  451.597756][T11303]  ? skb_clone+0x190/0x3f0
[  451.600587][T11303]  skb_clone+0x190/0x3f0
[  451.603274][T11303]  netlink_deliver_tap+0xb26/0xcf0
[  451.606660][T11303]  netlink_unicast+0x5e1/0x7f0
[  451.613931][T11303]  ? __pfx_netlink_unicast+0x10/0x10
[  451.617078][T11303]  ? __phys_addr_symbol+0x30/0x80
[  451.619490][T11303]  ? __check_object_size+0x497/0x720
[  451.622748][T11303]  netlink_sendmsg+0x8b8/0xd70
[  451.625383][T11303]  ? __pfx_netlink_sendmsg+0x10/0x10
[  451.627875][T11303]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  451.631068][T11303]  ____sys_sendmsg+0x9b4/0xb50
[  451.633822][T11303]  ? __pfx_____sys_sendmsg+0x10/0x10
[  451.637410][T11303]  ? get_compat_msghdr+0x11b/0x170
[  451.640025][T11303]  ? __pfx___lock_acquire+0x10/0x10
[  451.642534][T11303]  ___sys_sendmsg+0x135/0x1e0
[  451.644655][T11303]  ? __pfx____sys_sendmsg+0x10/0x10
[  451.658169][T11303]  ? ksys_write+0x21c/0x260
[  451.660254][T11303]  ? __fget_light+0x173/0x210
[  451.662362][T11303]  __sys_sendmsg+0x117/0x1f0
[  451.664472][T11303]  ? __pfx___sys_sendmsg+0x10/0x10
[  451.666576][T11303]  __do_fast_syscall_32+0x73/0x120
[  451.668944][T11303]  do_fast_syscall_32+0x32/0x80
[  451.671179][T11303]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  451.680109][T11303] RIP: 0023:0xf73ee579
[  451.691705][T11303] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  451.706511][T11303] RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  451.710316][T11303] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020001200
[  451.713856][T11303] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  451.726666][T11303] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  451.745999][T11303] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  451.749305][T11303] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  451.752641][T11303]  </TASK>
[  452.211635][T11310] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  452.534011][ T5361] Bluetooth: hci2: command 0x0c1a tx timeout
[  452.958378][T11313] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1772'.
[  452.962820][T11313] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1772'.
[  453.262088][ T5361] Bluetooth: hci4: command 0x0419 tx timeout
[  453.993780][T11319] netlink: 'syz.1.1774': attribute type 4 has an invalid length.
[  454.179697][T11320] netlink: 'syz.1.1774': attribute type 17 has an invalid length.
[  454.579531][   T25] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  454.780260][   T25] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  454.785067][   T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  454.790016][   T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  454.811316][   T25] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  454.816819][   T25] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  454.837071][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  454.843963][   T25] usb 6-1: config 0 descriptor??
[  454.867754][T11324] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  455.365417][ T5361] Bluetooth: hci4: command 0x0419 tx timeout
[  455.482865][   T25] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  455.531076][   T25] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  455.533979][   T25] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  455.536458][   T25] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  455.555211][   T25] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  455.558601][   T25] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  455.562165][   T25] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  455.565384][   T25] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  455.568455][   T25] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  455.573567][T11338] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  455.591811][   T25] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  455.594795][   T25] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  455.597538][   T25] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  455.613044][   T25] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  455.615912][   T25] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  455.619026][   T25] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  455.634905][   T25] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  455.670774][T11330] FAULT_INJECTION: forcing a failure.
[  455.670774][T11330] name failslab, interval 1, probability 0, space 0, times 0
[  455.676948][   T25] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  455.689429][T11330] CPU: 1 UID: 0 PID: 11330 Comm: syz.2.1777 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  455.695196][T11330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  455.700113][T11330] Call Trace:
[  455.702083][T11330]  <TASK>
[  455.704021][T11330]  dump_stack_lvl+0x16c/0x1f0
[  455.707124][T11330]  should_fail_ex+0x497/0x5b0
[  455.710877][T11330]  should_failslab+0xc2/0x120
[  455.714992][T11330]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  455.717848][T11330]  ? skb_clone+0x190/0x3f0
[  455.720786][T11330]  skb_clone+0x190/0x3f0
[  455.723572][T11330]  netlink_deliver_tap+0xb26/0xcf0
[  455.727142][T11330]  netlink_unicast+0x5e1/0x7f0
[  455.730289][T11330]  ? __pfx_netlink_unicast+0x10/0x10
[  455.733773][T11330]  ? __phys_addr_symbol+0x30/0x80
[  455.737041][T11330]  ? __check_object_size+0x497/0x720
[  455.740648][T11330]  netlink_sendmsg+0x8b8/0xd70
[  455.743858][T11330]  ? __pfx_netlink_sendmsg+0x10/0x10
[  455.747330][T11330]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  455.751928][T11330]  ____sys_sendmsg+0x9b4/0xb50
[  455.755391][T11330]  ? __pfx_____sys_sendmsg+0x10/0x10
[  455.761446][T11330]  ? get_compat_msghdr+0x11b/0x170
[  455.766805][T11330]  ? __pfx___lock_acquire+0x10/0x10
[  455.770133][T11330]  ___sys_sendmsg+0x135/0x1e0
[  455.773243][T11330]  ? __pfx____sys_sendmsg+0x10/0x10
[  455.777353][T11330]  ? ksys_write+0x21c/0x260
[  455.782559][T11330]  ? __fget_light+0x173/0x210
[  455.782592][T11330]  __sys_sendmsg+0x117/0x1f0
[  455.782619][T11330]  ? __pfx___sys_sendmsg+0x10/0x10
[  455.782667][T11330]  __do_fast_syscall_32+0x73/0x120
[  455.782695][T11330]  do_fast_syscall_32+0x32/0x80
[  455.782720][T11330]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  455.782742][T11330] RIP: 0023:0xf7f96579
[  455.782758][T11330] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  455.782775][T11330] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  455.782793][T11330] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000100
[  455.782805][T11330] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  455.782816][T11330] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  455.782827][T11330] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  455.782838][T11330] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  455.782862][T11330]  </TASK>
[  455.822713][ T5371] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  455.840256][ T5371] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  455.914193][ T5371] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  455.937206][ T5371] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  455.945960][ T5371] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  455.949509][ T5371] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  456.400351][T11343] chnl_net:caif_netlink_parms(): no params data found
[  456.633368][T11352] netlink: 288 bytes leftover after parsing attributes in process `syz.2.1783'.
[  456.763476][   T35] usb 6-1: USB disconnect, device number 20
[  456.907510][T11343] bridge0: port 1(bridge_slave_0) entered blocking state
[  456.911714][T11343] bridge0: port 1(bridge_slave_0) entered disabled state
[  456.915265][T11343] bridge_slave_0: entered allmulticast mode
[  456.920120][T11343] bridge_slave_0: entered promiscuous mode
[  456.926859][T11343] bridge0: port 2(bridge_slave_1) entered blocking state
[  456.931128][T11343] bridge0: port 2(bridge_slave_1) entered disabled state
[  456.934868][T11343] bridge_slave_1: entered allmulticast mode
[  456.942340][T11343] bridge_slave_1: entered promiscuous mode
[  457.163377][T11343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  457.177293][T11343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  457.404402][T11360] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  457.408985][T11360] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  457.412784][T11360] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  457.431554][T11360] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  457.587303][T11360] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  457.731555][T11343] team0: Port device team_slave_0 added
[  457.742344][T11343] team0: Port device team_slave_1 added
[  457.745548][T11367] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1785'.
[  457.856131][T11365] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1785'.
[  457.864122][T11343] batman_adv: batadv0: Adding interface: batadv_slave_0
[  457.870272][T11343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  457.890814][T11343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  457.959702][T11343] batman_adv: batadv0: Adding interface: batadv_slave_1
[  457.962448][T11343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  457.976458][T11242] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  457.984684][T11343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  458.079032][T11343] hsr_slave_0: entered promiscuous mode
[  458.088868][T11343] hsr_slave_1: entered promiscuous mode
[  458.094775][T11343] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  458.097664][T11343] Cannot create hsr debugfs directory
[  458.210308][T11242] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  458.214585][T11242] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  458.237616][T11242] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  458.260033][T11242] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  458.266388][T11242] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  458.294064][T11242] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  458.298141][T11242] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  458.301943][T11242] usb 6-1: Product: syz
[  458.307255][T11242] usb 6-1: Manufacturer: syz
[  458.343216][T11242] cdc_wdm 6-1:1.0: skipping garbage
[  458.346012][T11242] cdc_wdm 6-1:1.0: skipping garbage
[  458.369717][T11242] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  458.372512][T11242] cdc_wdm 6-1:1.0: Unknown control protocol
[  458.690840][T11343] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.891845][T11343] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.932246][ T5361] Bluetooth: hci2: command 0x0c1a tx timeout
[  459.037450][T11343] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.266451][  T834] usb 6-1: USB disconnect, device number 21
[  459.309095][T11343] bond0: (slave netdevsim0): Releasing backup interface
[  459.315625][T11343] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.419609][ T5361] Bluetooth: hci5: command 0x041b tx timeout
[  459.423057][ T5371] Bluetooth: hci4: command 0x0419 tx timeout
[  459.484341][T11383] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  459.488250][ T5371] Bluetooth: hci4: SCO packet for unknown connection handle 200
[  459.598774][T11343] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  459.612264][T11343] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  459.622784][T11343] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  459.634206][T11343] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  459.833710][T11343] 8021q: adding VLAN 0 to HW filter on device bond0
[  459.906526][T11343] 8021q: adding VLAN 0 to HW filter on device team0
[  459.992278][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  459.995023][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  460.052614][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  460.058599][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  460.270601][T11390] netlink: 'syz.1.1791': attribute type 29 has an invalid length.
[  460.276897][T11390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1791'.
[  460.787212][T11343] 8021q: adding VLAN 0 to HW filter on device batadv0
[  460.876220][T11343] veth0_vlan: entered promiscuous mode
[  460.907423][T11343] veth1_vlan: entered promiscuous mode
[  461.009162][T11343] veth0_macvtap: entered promiscuous mode
[  461.017352][T11343] veth1_macvtap: entered promiscuous mode
[  461.064088][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  461.068731][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.077652][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  461.082067][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.086518][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  461.091756][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.095662][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  461.103973][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.114311][T11343] batman_adv: batadv0: Interface activated: batadv_slave_0
[  461.127747][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  461.132102][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.138087][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  461.143637][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.147425][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  461.153048][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.157783][T11343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  461.164752][T11343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  461.171191][T11343] batman_adv: batadv0: Interface activated: batadv_slave_1
[  461.186037][T11343] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  461.213050][T11343] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  461.218699][T11343] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  461.222401][T11343] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  461.326382][   T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  461.334124][   T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  461.425445][ T1161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  461.439544][ T1161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  461.489540][ T5371] Bluetooth: hci5: command 0x041b tx timeout
[  461.550566][T11411] FAULT_INJECTION: forcing a failure.
[  461.550566][T11411] name failslab, interval 1, probability 0, space 0, times 0
[  461.569410][T11411] CPU: 2 UID: 0 PID: 11411 Comm: syz.3.1778 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  461.574321][T11411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  461.579262][T11411] Call Trace:
[  461.580706][T11411]  <TASK>
[  461.582111][T11411]  dump_stack_lvl+0x16c/0x1f0
[  461.584233][T11411]  should_fail_ex+0x497/0x5b0
[  461.587092][T11411]  should_failslab+0xc2/0x120
[  461.589645][T11411]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  461.592118][T11411]  ? skb_clone+0x190/0x3f0
[  461.594507][T11411]  skb_clone+0x190/0x3f0
[  461.596730][T11411]  netlink_deliver_tap+0xb26/0xcf0
[  461.599095][T11411]  netlink_unicast+0x5e1/0x7f0
[  461.601696][T11411]  ? __pfx_netlink_unicast+0x10/0x10
[  461.604077][T11411]  ? __phys_addr_symbol+0x30/0x80
[  461.606537][T11411]  ? __check_object_size+0x497/0x720
[  461.608856][T11411]  netlink_sendmsg+0x8b8/0xd70
[  461.610662][T11411]  ? __pfx_netlink_sendmsg+0x10/0x10
[  461.612898][T11411]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  461.615100][T11411]  ____sys_sendmsg+0x9b4/0xb50
[  461.617095][T11411]  ? __pfx_____sys_sendmsg+0x10/0x10
[  461.619313][T11411]  ? get_compat_msghdr+0x11b/0x170
[  461.621446][T11411]  ? __pfx___lock_acquire+0x10/0x10
[  461.623614][T11411]  ___sys_sendmsg+0x135/0x1e0
[  461.625589][T11411]  ? __pfx____sys_sendmsg+0x10/0x10
[  461.627792][T11411]  ? ksys_write+0x21c/0x260
[  461.629566][T11411]  ? __fget_light+0x173/0x210
[  461.631559][T11411]  __sys_sendmsg+0x117/0x1f0
[  461.633512][T11411]  ? __pfx___sys_sendmsg+0x10/0x10
[  461.635675][T11411]  __do_fast_syscall_32+0x73/0x120
[  461.637830][T11411]  do_fast_syscall_32+0x32/0x80
[  461.639878][T11411]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  461.642483][T11411] RIP: 0023:0xf748e579
[  461.644038][T11411] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  461.652559][T11411] RSP: 002b:00000000f579656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  461.655818][T11411] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000400
[  461.658781][T11411] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  461.661853][T11411] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  461.665151][T11411] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  461.668127][T11411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  461.670485][T11411]  </TASK>
[  461.854559][T11413] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  461.857167][ T5371] Bluetooth: hci5: SCO packet for unknown connection handle 200
[  463.569523][ T5371] Bluetooth: hci5: command 0x041b tx timeout
[  463.976479][T11450] FAULT_INJECTION: forcing a failure.
[  463.976479][T11450] name failslab, interval 1, probability 0, space 0, times 0
[  463.984966][T11450] CPU: 2 UID: 0 PID: 11450 Comm: syz.1.1810 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  463.989991][T11450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  463.994984][T11450] Call Trace:
[  463.996771][T11450]  <TASK>
[  463.998115][T11450]  dump_stack_lvl+0x16c/0x1f0
[  464.000261][T11450]  should_fail_ex+0x497/0x5b0
[  464.002502][T11450]  ? fs_reclaim_acquire+0xae/0x160
[  464.005353][T11450]  should_failslab+0xc2/0x120
[  464.007479][T11450]  __kmalloc_node_noprof+0xd1/0x440
[  464.009815][T11450]  ? __kvmalloc_node_noprof+0x9d/0x1a0
[  464.012256][T11450]  __kvmalloc_node_noprof+0x9d/0x1a0
[  464.014617][T11450]  file_tty_write.constprop.0+0x6ef/0x9b0
[  464.017157][T11450]  vfs_write+0x6b6/0x1140
[  464.019289][T11450]  ? __pfx_tty_write+0x10/0x10
[  464.021436][T11450]  ? __pfx_vfs_write+0x10/0x10
[  464.023619][T11450]  ? __fget_files+0x256/0x400
[  464.025959][T11450]  ? __fget_light+0x173/0x210
[  464.028082][T11450]  ksys_write+0x12f/0x260
[  464.030148][T11450]  ? __pfx_ksys_write+0x10/0x10
[  464.032325][T11450]  __do_fast_syscall_32+0x73/0x120
[  464.035675][T11450]  do_fast_syscall_32+0x32/0x80
[  464.037874][T11450]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  464.041467][T11450] RIP: 0023:0xf73ee579
[  464.043750][T11450] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  464.053374][T11450] RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  464.057668][T11450] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020001040
[  464.061723][T11450] RDX: 0000000000001006 RSI: 0000000000000000 RDI: 0000000000000000
[  464.065740][T11450] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  464.070729][T11450] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  464.074900][T11450] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  464.079644][T11450]  </TASK>
[  464.087694][T11452] No source specified
[  464.148054][T11448] overlay: Unknown parameter 'func'
[  464.270130][T11454] ieee802154 phy0 wpan0: encryption failed: -22
[  464.470228][T11225] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  464.679537][T11225] usb 5-1: Using ep0 maxpacket: 16
[  464.684984][T11225] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  464.710373][T11225] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  464.718826][T11225] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  464.737922][T11225] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.751022][T11225] usb 5-1: config 0 descriptor??
[  465.085071][T11225] usbhid 5-1:0.0: can't add hid device: -71
[  465.088044][T11225] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  465.097553][T11225] usb 5-1: USB disconnect, device number 21
[  465.520446][T11465] block device autoloading is deprecated and will be removed.
[  465.709475][ T5371] Bluetooth: hci5: command 0x041b tx timeout
[  466.206377][T11472] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1815'.
[  466.247386][T11472] syz.1.1815 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  466.379473][  T835] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  466.573823][  T835] usb 8-1: Using ep0 maxpacket: 32
[  466.583509][  T835] usb 8-1: config index 0 descriptor too short (expected 156, got 27)
[  466.589002][  T835] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  466.595037][  T835] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  466.602949][  T835] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  466.612636][  T835] usb 8-1: config 0 interface 0 has no altsetting 0
[  466.618582][  T835] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  466.623607][  T835] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  466.629486][  T835] usb 8-1: Product: syz
[  466.632074][  T835] usb 8-1: Manufacturer: syz
[  466.634925][  T835] usb 8-1: SerialNumber: syz
[  466.640170][  T835] usb 8-1: config 0 descriptor??
[  466.651134][  T835] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  466.679761][  T835] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  466.994416][  T834] usb 8-1: USB disconnect, device number 21
[  466.994545][    C1] ldusb 8-1:0.0: usb_submit_urb failed (-19)
[  467.001132][  T834] ldusb 8-1:0.0: LD USB Device #0 now disconnected
[  467.809518][ T5371] Bluetooth: hci5: command 0x041b tx timeout
[  468.033213][T11494] input: syz0 as /devices/virtual/input/input90
[  468.118000][T11494] FAULT_INJECTION: forcing a failure.
[  468.118000][T11494] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  468.161929][T11494] CPU: 0 UID: 0 PID: 11494 Comm: syz.1.1823 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  468.166231][T11494] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  468.172878][T11494] Call Trace:
[  468.175469][T11494]  <TASK>
[  468.176790][T11494]  dump_stack_lvl+0x16c/0x1f0
[  468.178984][T11494]  should_fail_ex+0x497/0x5b0
[  468.181002][T11494]  _copy_from_user+0x30/0xf0
[  468.184206][T11494]  memdup_user+0x71/0xd0
[  468.186737][T11494]  strndup_user+0x78/0xe0
[  468.188673][T11494]  __ia32_sys_mount+0x138/0x310
[  468.190484][T11494]  ? __pfx___ia32_sys_mount+0x10/0x10
[  468.201647][T11494]  __do_fast_syscall_32+0x73/0x120
[  468.203619][T11494]  do_fast_syscall_32+0x32/0x80
[  468.205502][T11494]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  468.207956][T11494] RIP: 0023:0xf73ee579
[  468.209334][T11494] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  468.215997][T11494] RSP: 002b:00000000f56d556c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  468.226938][T11494] RAX: ffffffffffffffda RBX: 0000000020004dc0 RCX: 0000000020004e00
[  468.229968][T11494] RDX: 0000000020004e40 RSI: 0000000000000000 RDI: 0000000020000340
[  468.233202][T11494] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  468.236216][T11494] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  468.239382][T11494] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  468.242677][T11494]  </TASK>
[  468.757227][T11502] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  468.761926][ T5371] Bluetooth: hci4: SCO packet for unknown connection handle 200
[  468.970157][T11505] block nbd2: NBD_DISCONNECT
[  469.014847][T11505] block nbd2: Disconnected due to user request.
[  469.030849][T11505] block nbd2: shutting down sockets
[  469.115790][T11509] fuse: Unknown parameter ''
[  469.139969][T11509] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1829'.
[  469.257543][T11511] ieee802154 phy0 wpan0: encryption failed: -22
[  469.347931][T11507] netlink: 'syz.1.1828': attribute type 29 has an invalid length.
[  469.375389][T11507] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1828'.
[  469.651458][T11522] FAULT_INJECTION: forcing a failure.
[  469.651458][T11522] name failslab, interval 1, probability 0, space 0, times 0
[  469.657121][T11522] CPU: 3 UID: 0 PID: 11522 Comm: syz.0.1832 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  469.663466][T11522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  469.668303][T11522] Call Trace:
[  469.669798][T11522]  <TASK>
[  469.671171][T11522]  dump_stack_lvl+0x16c/0x1f0
[  469.673300][T11522]  should_fail_ex+0x497/0x5b0
[  469.675422][T11522]  ? fs_reclaim_acquire+0xae/0x160
[  469.678176][T11522]  should_failslab+0xc2/0x120
[  469.680396][T11522]  __kmalloc_noprof+0xcb/0x410
[  469.682670][T11522]  iovec_from_user.part.0+0xf3/0x130
[  469.685093][T11522]  __import_iovec+0xdc/0x6e0
[  469.687298][T11522]  import_iovec+0x108/0x140
[  469.689723][T11522]  get_compat_msghdr+0x10a/0x170
[  469.692227][T11522]  ? __pfx_get_compat_msghdr+0x10/0x10
[  469.694887][T11522]  ? find_held_lock+0x2d/0x110
[  469.697393][T11522]  ___sys_recvmsg+0x193/0x1a0
[  469.699617][T11522]  ? __pfx____sys_recvmsg+0x10/0x10
[  469.702035][T11522]  ? timekeeping_debug_get_ns+0x3e0/0x5b0
[  469.705135][T11522]  ? __fget_light+0x173/0x210
[  469.707656][T11522]  do_recvmmsg+0x51a/0x750
[  469.710179][T11522]  ? __pfx_do_recvmmsg+0x10/0x10
[  469.712530][T11522]  ? __pfx___might_resched+0x10/0x10
[  469.715195][T11522]  ? vfs_write+0x14d/0x1140
[  469.717737][T11522]  ? __might_fault+0xe3/0x190
[  469.720804][T11522]  ? __pfx_get_old_timespec32+0x10/0x10
[  469.730312][T11522]  __sys_recvmmsg+0x111/0x280
[  469.732457][T11522]  ? __pfx___sys_recvmmsg+0x10/0x10
[  469.734870][T11522]  ? __pfx_ksys_write+0x10/0x10
[  469.737010][T11522]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  469.742653][T11522]  ? lockdep_hardirqs_on+0x7c/0x110
[  469.745765][T11522]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  469.748468][T11522]  __do_fast_syscall_32+0x73/0x120
[  469.750557][T11522]  do_fast_syscall_32+0x32/0x80
[  469.752728][T11522]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  469.756448][T11522] RIP: 0023:0xf745e579
[  469.758787][T11522] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  469.771515][T11522] RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  469.775894][T11522] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000200037c0
[  469.780562][T11522] RDX: 00000000000003b4 RSI: 0000000000000000 RDI: 0000000020003700
[  469.785363][T11522] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  469.789551][T11522] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  469.793513][T11522] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  469.798535][T11522]  </TASK>
[  469.869447][   T57] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  469.899509][ T5371] Bluetooth: hci5: command 0x041b tx timeout
[  470.099366][   T57] usb 7-1: Using ep0 maxpacket: 8
[  470.120219][   T57] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  470.123391][   T57] usb 7-1: config 0 has no interface number 0
[  470.125946][   T57] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  470.143059][   T57] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  470.146712][   T57] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  470.152262][   T57] usb 7-1: config 0 descriptor??
[  470.175879][   T57] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  470.665247][T11536] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  471.455795][T11242] usb 7-1: USB disconnect, device number 24
[  471.461236][T11242] iowarrior 7-1:0.1: I/O-Warror #0 now disconnected
[  471.683061][T11558] FAULT_INJECTION: forcing a failure.
[  471.683061][T11558] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  471.699498][T11558] CPU: 0 UID: 0 PID: 11558 Comm: syz.3.1840 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  471.717934][T11558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  471.729890][T11558] Call Trace:
[  471.731382][T11558]  <TASK>
[  471.732697][T11558]  dump_stack_lvl+0x16c/0x1f0
[  471.734788][T11558]  should_fail_ex+0x497/0x5b0
[  471.736878][T11558]  _copy_from_user+0x30/0xf0
[  471.738856][T11558]  get_compat_msghdr+0xa8/0x170
[  471.741022][T11558]  ? __pfx_get_compat_msghdr+0x10/0x10
[  471.751856][T11558]  ? __pfx___lock_acquire+0x10/0x10
[  471.754112][T11558]  ___sys_sendmsg+0x1b0/0x1e0
[  471.756194][T11558]  ? __pfx____sys_sendmsg+0x10/0x10
[  471.758517][T11558]  ? ksys_write+0x21c/0x260
[  471.760420][T11558]  ? __fget_light+0x173/0x210
[  471.762526][T11558]  __sys_sendmsg+0x117/0x1f0
[  471.764472][T11558]  ? __pfx___sys_sendmsg+0x10/0x10
[  471.782792][T11558]  __do_fast_syscall_32+0x73/0x120
[  471.784958][T11558]  do_fast_syscall_32+0x32/0x80
[  471.787052][T11558]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  471.789854][T11558] RIP: 0023:0xf748e579
[  471.791709][T11558] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  471.816084][T11558] RSP: 002b:00000000f579656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  471.820177][T11558] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000180
[  471.823671][T11558] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[  471.826640][T11558] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  471.831774][T11558] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  471.835966][T11558] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  471.841051][T11558]  </TASK>
[  472.120704][T11565] ip_tunnel: non-ECT from 172.30.0.4 with TOS=0x2
[  472.214889][T11567] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  472.222996][ T5371] Bluetooth: hci4: SCO packet for unknown connection handle 200
[  473.467130][T11575] xt_CT: You must specify a L4 protocol and not use inversions on it
[  473.860583][T11580] block nbd1: shutting down sockets
[  473.968681][T11580] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4032167445 (64514679120 ns) > initial count (63607699792 ns). Using initial count to start timer.
[  474.119511][T10312] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  474.325858][T10312] usb 7-1: Using ep0 maxpacket: 8
[  474.333384][T10312] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  474.338803][T10312] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  474.343879][T10312] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12320, setting to 1024
[  474.373837][T10312] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  474.377970][T10312] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  474.388664][T10312] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  474.401158][T10312] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.629958][T10312] usb 7-1: GET_CAPABILITIES returned 0
[  474.632135][T10312] usbtmc 7-1:16.0: can't read capabilities
[  474.655693][  T101] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  474.840249][    C3] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  474.852586][T10312] usb 7-1: USB disconnect, device number 25
[  474.972930][  T101] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  474.988054][T11593] input: syz0 as /devices/virtual/input/input93
[  475.119877][T11593] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "�b�_v-f`��"
[  475.367009][  T101] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  475.371538][ T5361] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  475.381926][ T5361] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  475.386721][ T5361] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  475.391730][ T5361] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  475.398226][ T5361] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  475.453318][ T5361] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  475.649083][  T101] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  476.018084][T11595] chnl_net:caif_netlink_parms(): no params data found
[  476.051643][T11617] FAULT_INJECTION: forcing a failure.
[  476.051643][T11617] name failslab, interval 1, probability 0, space 0, times 0
[  476.063349][T11617] CPU: 1 UID: 0 PID: 11617 Comm: syz.0.1860 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  476.069066][T11617] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  476.074002][T11617] Call Trace:
[  476.075505][T11617]  <TASK>
[  476.076841][T11617]  dump_stack_lvl+0x16c/0x1f0
[  476.079021][T11617]  should_fail_ex+0x497/0x5b0
[  476.081694][T11617]  ? fs_reclaim_acquire+0xae/0x160
[  476.084340][T11617]  should_failslab+0xc2/0x120
[  476.086491][T11617]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  476.089241][T11617]  ? lock_acquire+0x1b1/0x560
[  476.091376][T11617]  ? skb_clone+0x190/0x3f0
[  476.093530][T11617]  skb_clone+0x190/0x3f0
[  476.095687][T11617]  pfkey_process+0xc7/0x840
[  476.098751][T11617]  ? __pfx___mutex_trylock_common+0x10/0x10
[  476.102559][T11617]  ? __pfx_pfkey_process+0x10/0x10
[  476.104866][T11617]  ? rcu_is_watching+0x12/0xc0
[  476.107027][T11617]  ? __virt_addr_valid+0x5e/0x590
[  476.109046][T11617]  ? __phys_addr_symbol+0x30/0x80
[  476.110993][T11617]  pfkey_sendmsg+0x43b/0x840
[  476.112781][T11617]  ____sys_sendmsg+0x9b4/0xb50
[  476.114632][T11617]  ? __pfx_____sys_sendmsg+0x10/0x10
[  476.116839][T11617]  ? get_compat_msghdr+0x11b/0x170
[  476.119529][T11617]  ? __pfx___lock_acquire+0x10/0x10
[  476.122738][T11617]  ___sys_sendmsg+0x135/0x1e0
[  476.125668][T11617]  ? __pfx____sys_sendmsg+0x10/0x10
[  476.127958][T11617]  ? ksys_write+0x21c/0x260
[  476.130136][T11617]  ? __fget_light+0x173/0x210
[  476.133051][T11617]  __sys_sendmsg+0x117/0x1f0
[  476.135916][T11617]  ? __pfx___sys_sendmsg+0x10/0x10
[  476.139031][T11617]  __do_fast_syscall_32+0x73/0x120
[  476.142092][T11617]  do_fast_syscall_32+0x32/0x80
[  476.145061][T11617]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  476.148935][T11617] RIP: 0023:0xf745e579
[  476.151332][T11617] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  476.162461][T11617] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  476.167023][T11617] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040
[  476.171737][T11617] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  476.175665][T11617] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  476.179119][T11617] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  476.182635][T11617] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  476.186188][T11617]  </TASK>
[  476.468515][T11595] bridge0: port 1(bridge_slave_0) entered blocking state
[  476.486320][T11595] bridge0: port 1(bridge_slave_0) entered disabled state
[  476.490649][T11595] bridge_slave_0: entered allmulticast mode
[  476.495149][T11595] bridge_slave_0: entered promiscuous mode
[  476.633894][T11595] bridge0: port 2(bridge_slave_1) entered blocking state
[  476.637126][T11595] bridge0: port 2(bridge_slave_1) entered disabled state
[  476.651036][T11595] bridge_slave_1: entered allmulticast mode
[  476.670644][T11595] bridge_slave_1: entered promiscuous mode
[  476.836722][  T101] bridge_slave_1: left allmulticast mode
[  476.841595][  T101] bridge_slave_1: left promiscuous mode
[  476.853892][  T101] bridge0: port 2(bridge_slave_1) entered disabled state
[  476.870880][  T101] bridge_slave_0: left allmulticast mode
[  476.873387][  T101] bridge_slave_0: left promiscuous mode
[  476.876745][  T101] bridge0: port 1(bridge_slave_0) entered disabled state
[  477.590444][ T5361] Bluetooth: hci5: command tx timeout
[  478.216228][T11656] trusted_key: syz.1.1869 sent an empty control message without MSG_MORE.
[  478.362856][  T101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  478.399936][  T101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  478.429044][  T101] bond0 (unregistering): Released all slaves
[  478.467918][T11595] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  478.478755][T11595] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  478.527404][T11663] 9pnet_virtio: no channels available for device syz
[  478.602718][T11665] FAULT_INJECTION: forcing a failure.
[  478.602718][T11665] name failslab, interval 1, probability 0, space 0, times 0
[  478.608732][T11665] CPU: 2 UID: 0 PID: 11665 Comm: syz.2.1872 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  478.613699][T11665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  478.618429][T11665] Call Trace:
[  478.619933][T11665]  <TASK>
[  478.621249][T11665]  dump_stack_lvl+0x16c/0x1f0
[  478.623440][T11665]  should_fail_ex+0x497/0x5b0
[  478.625537][T11665]  should_failslab+0xc2/0x120
[  478.627624][T11665]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  478.630138][T11665]  ? skb_clone+0x190/0x3f0
[  478.632138][T11665]  skb_clone+0x190/0x3f0
[  478.634196][T11665]  netlink_deliver_tap+0xb26/0xcf0
[  478.636452][T11665]  netlink_unicast+0x5e1/0x7f0
[  478.638553][T11665]  ? __pfx_netlink_unicast+0x10/0x10
[  478.640754][T11665]  ? __phys_addr_symbol+0x30/0x80
[  478.642831][T11665]  ? __check_object_size+0x497/0x720
[  478.645275][T11665]  netlink_sendmsg+0x8b8/0xd70
[  478.647417][T11665]  ? __pfx_netlink_sendmsg+0x10/0x10
[  478.649792][T11665]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  478.651847][T11665]  ____sys_sendmsg+0x9b4/0xb50
[  478.653695][T11665]  ? __pfx_____sys_sendmsg+0x10/0x10
[  478.655665][T11665]  ? get_compat_msghdr+0x11b/0x170
[  478.658120][T11665]  ? __pfx___lock_acquire+0x10/0x10
[  478.660389][T11665]  ___sys_sendmsg+0x135/0x1e0
[  478.662531][T11665]  ? __pfx____sys_sendmsg+0x10/0x10
[  478.664800][T11665]  ? ksys_write+0x21c/0x260
[  478.667373][T11665]  ? __fget_light+0x173/0x210
[  478.678729][T11665]  __sys_sendmsg+0x117/0x1f0
[  478.680518][T11665]  ? __pfx___sys_sendmsg+0x10/0x10
[  478.682560][T11665]  __do_fast_syscall_32+0x73/0x120
[  478.684582][T11665]  do_fast_syscall_32+0x32/0x80
[  478.686595][T11665]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  478.689047][T11665] RIP: 0023:0xf7f96579
[  478.690676][T11665] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  478.716299][T11665] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  478.719920][T11665] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000380
[  478.723367][T11665] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  478.726797][T11665] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  478.730111][T11665] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  478.733499][T11665] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  478.736983][T11665]  </TASK>
[  479.346699][T11595] team0: Port device team_slave_0 added
[  479.380597][T11595] team0: Port device team_slave_1 added
[  479.470233][T11679] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  479.502834][T11679] bridge0: port 2(bridge_slave_1) entered disabled state
[  479.523916][T11679] bridge0: port 1(bridge_slave_0) entered disabled state
[  479.527842][T11679] bridge0: entered allmulticast mode
[  479.651622][ T5361] Bluetooth: hci5: command tx timeout
[  479.719756][T11595] batman_adv: batadv0: Adding interface: batadv_slave_0
[  479.723848][T11595] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  479.743323][T11595] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  480.056466][T11595] batman_adv: batadv0: Adding interface: batadv_slave_1
[  480.061209][T11595] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  480.077488][T11595] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  480.284185][  T101] hsr_slave_0: left promiscuous mode
[  480.300516][  T101] hsr_slave_1: left promiscuous mode
[  480.324576][  T101] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  480.328353][  T101] batman_adv: batadv0: Removing interface: batadv_slave_0
[  480.339828][  T101] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  480.343525][  T101] batman_adv: batadv0: Removing interface: batadv_slave_1
[  480.497612][  T101] veth1_macvtap: left promiscuous mode
[  480.513970][  T101] veth0_macvtap: left promiscuous mode
[  480.519480][  T101] veth1_vlan: left promiscuous mode
[  480.522688][  T101] veth0_vlan: left promiscuous mode
[  481.065115][T11720] FAULT_INJECTION: forcing a failure.
[  481.065115][T11720] name failslab, interval 1, probability 0, space 0, times 0
[  481.076506][T11720] CPU: 2 UID: 0 PID: 11720 Comm: syz.2.1886 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  481.084386][T11720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  481.089632][T11720] Call Trace:
[  481.091428][T11720]  <TASK>
[  481.092780][T11720]  dump_stack_lvl+0x16c/0x1f0
[  481.095464][T11720]  should_fail_ex+0x497/0x5b0
[  481.098452][T11720]  should_failslab+0xc2/0x120
[  481.101419][T11720]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  481.104873][T11720]  ? skb_clone+0x190/0x3f0
[  481.107072][T11720]  skb_clone+0x190/0x3f0
[  481.109094][T11720]  netlink_deliver_tap+0xb26/0xcf0
[  481.112319][T11720]  netlink_unicast+0x5e1/0x7f0
[  481.115532][T11720]  ? __pfx_netlink_unicast+0x10/0x10
[  481.119265][T11720]  ? __phys_addr_symbol+0x30/0x80
[  481.121911][T11720]  ? __check_object_size+0x497/0x720
[  481.124622][T11720]  netlink_sendmsg+0x8b8/0xd70
[  481.129196][T11720]  ? __pfx_netlink_sendmsg+0x10/0x10
[  481.132220][T11720]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  481.135843][T11720]  ____sys_sendmsg+0x9b4/0xb50
[  481.138188][T11720]  ? __pfx_____sys_sendmsg+0x10/0x10
[  481.140762][T11720]  ? get_compat_msghdr+0x11b/0x170
[  481.143177][T11720]  ? __pfx___lock_acquire+0x10/0x10
[  481.145785][T11720]  ___sys_sendmsg+0x135/0x1e0
[  481.147863][T11720]  ? __pfx____sys_sendmsg+0x10/0x10
[  481.150722][T11720]  ? ksys_write+0x21c/0x260
[  481.154684][T11720]  ? __fget_light+0x173/0x210
[  481.158220][T11720]  __sys_sendmsg+0x117/0x1f0
[  481.160909][T11720]  ? __pfx___sys_sendmsg+0x10/0x10
[  481.164206][T11720]  __do_fast_syscall_32+0x73/0x120
[  481.167465][T11720]  do_fast_syscall_32+0x32/0x80
[  481.170545][T11720]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  481.174626][T11720] RIP: 0023:0xf7f96579
[  481.177264][T11720] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  481.206118][T11720] RSP: 002b:00000000f573656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  481.215046][T11720] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000240
[  481.219189][T11720] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000
[  481.223294][T11720] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  481.227408][T11720] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  481.230765][T11720] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  481.234609][T11720]  </TASK>
[  481.327213][   T39] audit: type=1326 audit(1725207257.831:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.2.1887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96579 code=0x7ffc0000
[  481.347193][   T39] audit: type=1326 audit(1725207257.831:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.2.1887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96579 code=0x7ffc0000
[  481.372873][   T39] audit: type=1326 audit(1725207257.861:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.2.1887" exe="/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf7f96579 code=0x7ffc0000
[  481.384269][   T39] audit: type=1326 audit(1725207257.861:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.2.1887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96579 code=0x7ffc0000
[  481.396252][   T39] audit: type=1326 audit(1725207257.861:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.2.1887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96579 code=0x7ffc0000
[  481.407901][   T39] audit: type=1326 audit(1725207257.861:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.2.1887" exe="/syz-executor" sig=0 arch=40000003 syscall=107 compat=1 ip=0xf7f96579 code=0x7ffc0000
[  481.426093][   T39] audit: type=1326 audit(1725207257.861:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.2.1887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96579 code=0x7ffc0000
[  481.438548][   T39] audit: type=1326 audit(1725207257.861:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.2.1887" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f96579 code=0x7ffc0000
[  481.453844][   T39] audit: type=1326 audit(1725207257.861:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.2.1887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96579 code=0x7ffc0000
[  481.472188][   T39] audit: type=1326 audit(1725207257.861:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11721 comm="syz.2.1887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96579 code=0x7ffc0000
[  481.744414][ T5361] Bluetooth: hci5: command tx timeout
[  482.608412][    C2] vkms_vblank_simulate: vblank timer overrun
[  482.845549][    C2] vkms_vblank_simulate: vblank timer overrun
[  483.598843][  T101] team0 (unregistering): Port device team_slave_1 removed
[  483.807215][  T101] team0 (unregistering): Port device team_slave_0 removed
[  483.819635][ T5371] Bluetooth: hci5: command tx timeout
[  484.609617][    C2] vkms_vblank_simulate: vblank timer overrun
[  484.673479][    C2] vkms_vblank_simulate: vblank timer overrun
[  484.712700][    C2] vkms_vblank_simulate: vblank timer overrun
[  485.185529][    C2] vkms_vblank_simulate: vblank timer overrun
[  485.941825][T11701] netlink: 'syz.1.1879': attribute type 29 has an invalid length.
[  485.944522][T11701] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1879'.
[  486.184013][T11733] netlink: 'syz.2.1891': attribute type 1 has an invalid length.
[  486.365353][T11595] hsr_slave_0: entered promiscuous mode
[  486.375806][T11595] hsr_slave_1: entered promiscuous mode
[  486.402032][T11595] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  486.406074][T11595] Cannot create hsr debugfs directory
[  486.434740][    C2] vkms_vblank_simulate: vblank timer overrun
[  486.474076][T11760] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1895'.
[  486.558112][T11747] pimreg: entered allmulticast mode
[  487.161764][T11758] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  487.173811][T11758] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  487.177725][T11758] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  487.183630][T11758] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  487.192305][T11758] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  487.237340][T11757] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  488.205569][T11595] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  488.247425][T11595] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  488.275158][T11595] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  488.297558][T11595] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  488.355751][T11803] loop0: detected capacity change from 0 to 7
[  488.376551][T11803] Dev loop0: unable to read RDB block 7
[  488.379343][T11803]  loop0: unable to read partition table
[  488.381789][T11803] loop0: partition table beyond EOD, truncated
[  488.384546][T11803] loop_reread_partitions: partition scan of loop0 (�被x������d����) failed (rc=-5)
[  488.558684][T11595] 8021q: adding VLAN 0 to HW filter on device bond0
[  488.643978][T11595] 8021q: adding VLAN 0 to HW filter on device team0
[  488.677532][ T1161] bridge0: port 1(bridge_slave_0) entered blocking state
[  488.680367][ T1161] bridge0: port 1(bridge_slave_0) entered forwarding state
[  488.700168][ T5371] Bluetooth: hci2: command 0x0c1a tx timeout
[  488.706339][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  488.709228][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  488.779990][T11814] netlink: 'syz.1.1904': attribute type 12 has an invalid length.
[  489.249853][ T5371] Bluetooth: hci4: command 0x0419 tx timeout
[  489.249992][ T5361] Bluetooth: hci5: command 0x0c1a tx timeout
[  489.327208][T11595] 8021q: adding VLAN 0 to HW filter on device batadv0
[  489.453103][T11595] veth0_vlan: entered promiscuous mode
[  489.472656][T11595] veth1_vlan: entered promiscuous mode
[  489.572749][T11595] veth0_macvtap: entered promiscuous mode
[  489.711518][T11595] veth1_macvtap: entered promiscuous mode
[  489.761280][T11595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  489.782244][T11595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  489.786320][T11595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  489.791624][T11595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  489.798484][T11595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  489.803008][T11595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  489.817751][T11595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  489.823832][T11595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  489.838290][T11595] batman_adv: batadv0: Interface activated: batadv_slave_0
[  489.865166][T11595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  489.870025][T11595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  489.875182][T11595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  489.888646][T11595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  489.892982][T11595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  489.896428][T11595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  489.906469][T11595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  489.923565][T11595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  489.929168][T11595] batman_adv: batadv0: Interface activated: batadv_slave_1
[  489.938428][T11595] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  489.941815][T11595] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  489.964030][T11595] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  489.968127][T11595] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  490.105070][   T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  490.108677][   T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  490.232734][ T1161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  490.235964][ T1161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  490.451033][T11835] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1907'.
[  490.477443][T11838] FAULT_INJECTION: forcing a failure.
[  490.477443][T11838] name failslab, interval 1, probability 0, space 0, times 0
[  490.483971][T11838] CPU: 0 UID: 0 PID: 11838 Comm: syz.0.1908 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  490.490486][T11838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  490.495377][T11835] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1907'.
[  490.496377][T11838] Call Trace:
[  490.496388][T11838]  <TASK>
[  490.496396][T11838]  dump_stack_lvl+0x16c/0x1f0
[  490.506051][T11838]  should_fail_ex+0x497/0x5b0
[  490.508431][T11838]  should_failslab+0xc2/0x120
[  490.510981][T11838]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  490.513878][T11838]  ? dst_alloc+0x99/0x1a0
[  490.516506][T11838]  dst_alloc+0x99/0x1a0
[  490.519094][T11838]  rt_dst_alloc+0x35/0x3a0
[  490.521916][T11838]  ip_route_output_key_hash_rcu+0x8a5/0x2770
[  490.525494][T11838]  ip_route_output_key_hash+0x138/0x2e0
[  490.527617][T11838]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  490.529785][T11838]  ? __pfx_lock_release+0x10/0x10
[  490.531614][T11838]  ? ip_cmsg_send+0x7d/0xba0
[  490.533405][T11838]  ip_route_output_flow+0x27/0x150
[  490.536003][T11838]  raw_sendmsg+0xc54/0x3ae0
[  490.538362][T11838]  ? audit_mount.constprop.0+0x4d0/0x570
[  490.541178][T11838]  ? __pfx_raw_sendmsg+0x10/0x10
[  490.543877][T11838]  ? __pfx_tomoyo_check_inet_address+0x10/0x10
[  490.547532][T11838]  ? __pfx_lock_release+0x10/0x10
[  490.549706][T11838]  ? __pfx___might_resched+0x10/0x10
[  490.551864][T11838]  ? aa_sk_perm+0x2f5/0xb20
[  490.553678][T11838]  ? __pfx_cmsghdr_from_user_compat_to_kern+0x10/0x10
[  490.556369][T11838]  ? __import_iovec+0x1fd/0x6e0
[  490.558351][T11838]  ? __pfx_raw_sendmsg+0x10/0x10
[  490.560317][T11838]  ? inet_sendmsg+0x119/0x140
[  490.562199][T11838]  inet_sendmsg+0x119/0x140
[  490.564459][T11838]  ____sys_sendmsg+0x90d/0xb50
[  490.567656][T11838]  ? __pfx_____sys_sendmsg+0x10/0x10
[  490.569821][T11838]  ? get_compat_msghdr+0x11b/0x170
[  490.573111][T11838]  ? __pfx___lock_acquire+0x10/0x10
[  490.577475][T11838]  ___sys_sendmsg+0x135/0x1e0
[  490.579262][T11838]  ? __pfx____sys_sendmsg+0x10/0x10
[  490.581179][T11838]  ? ksys_write+0x21c/0x260
[  490.582970][T11838]  ? __fget_light+0x173/0x210
[  490.584806][T11838]  __sys_sendmsg+0x117/0x1f0
[  490.586593][T11838]  ? __pfx___sys_sendmsg+0x10/0x10
[  490.588494][T11838]  __do_fast_syscall_32+0x73/0x120
[  490.590393][T11838]  do_fast_syscall_32+0x32/0x80
[  490.592242][T11838]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  490.611013][T11838] RIP: 0023:0xf745e579
[  490.613762][T11838] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  490.635750][T11838] RSP: 002b:00000000f576656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  490.638892][T11838] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000ac0
[  490.641921][T11838] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  490.644848][T11838] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  490.658558][T11838] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  490.662104][T11838] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  490.665089][T11838]  </TASK>
[  490.732435][T11839] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  490.756251][ T5361] Bluetooth: hci5: SCO packet for unknown connection handle 200
[  490.885067][T11844] syz.3.1910[11844] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  490.889591][T11844] syz.3.1910[11844] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  491.140523][T11844] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  491.162395][T10591] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  491.337570][ T5361] Bluetooth: hci5: command 0x0c1a tx timeout
[  491.365836][    C3] vkms_vblank_simulate: vblank timer overrun
[  491.419458][T10591] usb 5-1: Using ep0 maxpacket: 8
[  491.445923][T10591] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  491.456031][T10591] usb 5-1: config 179 has no interface number 0
[  491.459251][T10591] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 64, changing to 10
[  491.472240][T10591] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 1024
[  491.491116][T10591] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  491.496306][T10591] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  491.523543][T10591] usb 5-1: config 179 interface 65 has no altsetting 0
[  491.528517][T10591] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  491.532704][T10591] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.549792][T11842] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  491.578170][T10591] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:179.65/input/input95
[  491.677204][ T4828] input input95: unable to receive magic message: -110
[  491.872393][   T57] usb 5-1: USB disconnect, device number 22
[  491.872457][    C2] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  491.882751][   T57] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  492.001456][    C3] vkms_vblank_simulate: vblank timer overrun
[  492.049393][    C3] vkms_vblank_simulate: vblank timer overrun
[  493.417612][ T5361] Bluetooth: hci5: command 0x0c1a tx timeout
[  493.604652][T11869] 9p: Unknown Cache mode or invalid value fsca
[  494.356078][T11879] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1919'.
[  494.534297][T11873] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1919'.
[  495.124970][T11892] FAULT_INJECTION: forcing a failure.
[  495.124970][T11892] name failslab, interval 1, probability 0, space 0, times 0
[  495.133006][T11887] netlink: 'syz.1.1922': attribute type 29 has an invalid length.
[  495.146192][T11887] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1922'.
[  495.173476][T11892] CPU: 2 UID: 0 PID: 11892 Comm: syz.3.1924 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  495.177937][T11892] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  495.196925][T11892] Call Trace:
[  495.198447][T11892]  <TASK>
[  495.199771][T11892]  dump_stack_lvl+0x16c/0x1f0
[  495.202061][T11892]  should_fail_ex+0x497/0x5b0
[  495.204436][T11892]  should_failslab+0xc2/0x120
[  495.206577][T11892]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  495.222876][T11892]  ? skb_clone+0x190/0x3f0
[  495.224929][T11892]  skb_clone+0x190/0x3f0
[  495.227273][T11892]  netlink_deliver_tap+0xb26/0xcf0
[  495.230474][T11892]  netlink_unicast+0x5e1/0x7f0
[  495.232688][T11892]  ? __pfx_netlink_unicast+0x10/0x10
[  495.235547][T11892]  ? __phys_addr_symbol+0x30/0x80
[  495.237926][T11892]  ? __check_object_size+0x497/0x720
[  495.241032][T11892]  netlink_sendmsg+0x8b8/0xd70
[  495.243691][T11892]  ? __pfx_netlink_sendmsg+0x10/0x10
[  495.246337][T11892]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  495.249466][T11892]  ____sys_sendmsg+0x9b4/0xb50
[  495.252043][T11892]  ? __pfx_____sys_sendmsg+0x10/0x10
[  495.254767][T11892]  ? get_compat_msghdr+0x11b/0x170
[  495.257345][T11892]  ? __pfx___lock_acquire+0x10/0x10
[  495.259897][T11892]  ___sys_sendmsg+0x135/0x1e0
[  495.262060][T11892]  ? __pfx____sys_sendmsg+0x10/0x10
[  495.265322][T11892]  ? ksys_write+0x21c/0x260
[  495.267786][T11892]  ? __fget_light+0x173/0x210
[  495.270796][T11892]  __sys_sendmsg+0x117/0x1f0
[  495.273680][T11892]  ? __pfx___sys_sendmsg+0x10/0x10
[  495.276496][T11892]  __do_fast_syscall_32+0x73/0x120
[  495.279113][T11892]  do_fast_syscall_32+0x32/0x80
[  495.281707][T11892]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  495.284944][T11892] RIP: 0023:0xf7fd7579
[  495.287421][T11892] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  495.297417][T11892] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  495.302186][T11892] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000180
[  495.307110][T11892] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  495.311476][T11892] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  495.314992][T11892] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  495.318732][T11892] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  495.322210][T11892]  </TASK>
[  496.170714][    C3] vkms_vblank_simulate: vblank timer overrun
[  496.315178][T11908] 9p: Unknown Cache mode or invalid value fsca
[  496.591348][T11919] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1932'.
[  496.596753][T11919] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1932'.
[  496.605735][T11920] FAULT_INJECTION: forcing a failure.
[  496.605735][T11920] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  496.639442][T11920] CPU: 1 UID: 0 PID: 11920 Comm: syz.3.1933 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  496.644652][T11920] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  496.649026][T11920] Call Trace:
[  496.650427][T11920]  <TASK>
[  496.651742][T11920]  dump_stack_lvl+0x16c/0x1f0
[  496.653822][T11920]  should_fail_ex+0x497/0x5b0
[  496.655880][T11920]  _copy_from_user+0x30/0xf0
[  496.670177][T11920]  udp_lib_setsockopt+0x19b/0x1030
[  496.672152][T11920]  ? __pfx_udp_push_pending_frames+0x10/0x10
[  496.674430][T11920]  ? __pfx_udp_lib_setsockopt+0x10/0x10
[  496.676518][T11920]  ? __pfx_aa_sk_perm+0x10/0x10
[  496.678378][T11920]  udp_setsockopt+0xbc/0xd0
[  496.694116][T11920]  ? __pfx_udp_push_pending_frames+0x10/0x10
[  496.696370][T11920]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  496.698654][T11920]  do_sock_setsockopt+0x222/0x480
[  496.700576][T11920]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  496.702683][T11920]  ? __fget_light+0x173/0x210
[  496.704489][T11920]  __sys_setsockopt+0x1a4/0x270
[  496.706552][T11920]  ? __pfx___sys_setsockopt+0x10/0x10
[  496.708895][T11920]  ? fput+0x32/0x390
[  496.710653][T11920]  ? ksys_write+0x1ab/0x260
[  496.712607][T11920]  ? __pfx_ksys_write+0x10/0x10
[  496.721967][T11920]  __ia32_sys_setsockopt+0xbc/0x160
[  496.724264][T11920]  ? lockdep_hardirqs_on+0x7c/0x110
[  496.726487][T11920]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  496.729144][T11920]  __do_fast_syscall_32+0x73/0x120
[  496.731136][T11920]  do_fast_syscall_32+0x32/0x80
[  496.733044][T11920]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  496.735517][T11920] RIP: 0023:0xf7fd7579
[  496.737093][T11920] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  496.752257][T11920] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  496.756010][T11920] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000088
[  496.759448][T11920] RDX: 0000000000000024 RSI: 0000000020000080 RDI: 0000000000000008
[  496.762883][T11920] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  496.766164][T11920] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  496.769532][T11920] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  496.772857][T11920]  </TASK>
[  496.900936][T11922] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1934'.
[  497.582881][T11938] FAULT_INJECTION: forcing a failure.
[  497.582881][T11938] name failslab, interval 1, probability 0, space 0, times 0
[  497.589041][T11938] CPU: 2 UID: 0 PID: 11938 Comm: syz.3.1940 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  497.593780][T11938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  497.598495][T11938] Call Trace:
[  497.600062][T11938]  <TASK>
[  497.601094][T11938]  dump_stack_lvl+0x16c/0x1f0
[  497.605728][T11938]  should_fail_ex+0x497/0x5b0
[  497.608165][T11938]  ? fs_reclaim_acquire+0xae/0x160
[  497.610399][T11938]  should_failslab+0xc2/0x120
[  497.612620][T11938]  __kmalloc_noprof+0xcb/0x410
[  497.615956][T11938]  ? __pfx___mutex_trylock_common+0x10/0x10
[  497.619082][T11938]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  497.622953][T11938]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  497.625915][T11938]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  497.629699][T11938]  ? __radix_tree_lookup+0x21f/0x2c0
[  497.635837][T11938]  genl_rcv_msg+0x565/0x800
[  497.645906][T11938]  ? __pfx_genl_rcv_msg+0x10/0x10
[  497.648591][T11938]  ? __pfx_nbd_genl_connect+0x10/0x10
[  497.651787][T11938]  ? __pfx___lock_acquire+0x10/0x10
[  497.654286][T11938]  netlink_rcv_skb+0x165/0x410
[  497.656897][T11938]  ? __pfx_genl_rcv_msg+0x10/0x10
[  497.664974][T11938]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  497.667221][T11938]  ? down_read+0xc9/0x330
[  497.669051][T11938]  ? __pfx_down_read+0x10/0x10
[  497.671312][T11938]  ? netlink_deliver_tap+0x1ae/0xcf0
[  497.673702][T11938]  genl_rcv+0x28/0x40
[  497.675852][T11938]  netlink_unicast+0x53c/0x7f0
[  497.678589][T11938]  ? __pfx_netlink_unicast+0x10/0x10
[  497.681673][T11938]  ? __phys_addr_symbol+0x30/0x80
[  497.685419][T11938]  ? __check_object_size+0x497/0x720
[  497.688297][T11938]  netlink_sendmsg+0x8b8/0xd70
[  497.693735][T11938]  ? __pfx_netlink_sendmsg+0x10/0x10
[  497.697084][T11938]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  497.700341][T11938]  ____sys_sendmsg+0x9b4/0xb50
[  497.703296][T11938]  ? __pfx_____sys_sendmsg+0x10/0x10
[  497.706551][T11938]  ? get_compat_msghdr+0x11b/0x170
[  497.709718][T11938]  ? __pfx___lock_acquire+0x10/0x10
[  497.712929][T11938]  ___sys_sendmsg+0x135/0x1e0
[  497.716064][T11938]  ? __pfx____sys_sendmsg+0x10/0x10
[  497.719612][T11938]  ? ksys_write+0x21c/0x260
[  497.723017][T11938]  ? __fget_light+0x173/0x210
[  497.725453][T11938]  __sys_sendmsg+0x117/0x1f0
[  497.727762][T11938]  ? __pfx___sys_sendmsg+0x10/0x10
[  497.730256][T11938]  __do_fast_syscall_32+0x73/0x120
[  497.732535][T11938]  do_fast_syscall_32+0x32/0x80
[  497.734750][T11938]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  497.737589][T11938] RIP: 0023:0xf7fd7579
[  497.739852][T11938] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  497.750410][T11938] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  497.756001][T11938] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000200002c0
[  497.760407][T11938] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  497.764030][T11938] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  497.767992][T11938] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  497.772196][T11938] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  497.779715][T11938]  </TASK>
[  497.795801][T11943] 9p: Unknown Cache mode or invalid value fsca
[  497.946399][T11946] FAULT_INJECTION: forcing a failure.
[  497.946399][T11946] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  497.969958][T11946] CPU: 3 UID: 0 PID: 11946 Comm: syz.3.1943 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  497.977312][T11946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  497.982845][T11946] Call Trace:
[  497.984451][T11946]  <TASK>
[  497.986296][T11946]  dump_stack_lvl+0x16c/0x1f0
[  497.989609][T11946]  should_fail_ex+0x497/0x5b0
[  497.992084][T11946]  _copy_to_user+0x30/0xc0
[  497.994096][T11946]  kvm_arch_vm_ioctl+0x73f/0x1ca0
[  497.996261][T11946]  ? hlock_class+0x4e/0x130
[  497.998518][T11946]  ? __pfx_kvm_arch_vm_ioctl+0x10/0x10
[  498.001700][T11946]  ? hlock_class+0x4e/0x130
[  498.003899][T11946]  ? mark_lock+0xb5/0xc60
[  498.006242][T11946]  ? hlock_class+0x4e/0x130
[  498.008492][T11946]  ? __pfx_mark_lock+0x10/0x10
[  498.011477][T11946]  ? __pfx_mark_lock+0x10/0x10
[  498.014805][T11946]  ? hlock_class+0x4e/0x130
[  498.018558][T11946]  ? mark_lock+0xb5/0xc60
[  498.020591][T11946]  ? __pfx_mark_lock+0x10/0x10
[  498.023021][T11946]  ? find_held_lock+0x2d/0x110
[  498.025351][T11946]  ? hlock_class+0x4e/0x130
[  498.027490][T11946]  ? __lock_acquire+0xbdd/0x3cb0
[  498.029904][T11946]  ? hlock_class+0x4e/0x130
[  498.032100][T11946]  ? __lock_acquire+0xbdd/0x3cb0
[  498.034882][T11946]  ? __pfx___lock_acquire+0x10/0x10
[  498.038130][T11946]  ? find_held_lock+0x2d/0x110
[  498.041600][T11946]  ? find_held_lock+0x2d/0x110
[  498.044351][T11946]  ? is_bpf_text_address+0x8a/0x1a0
[  498.047391][T11946]  ? __pfx_lock_release+0x10/0x10
[  498.050623][T11946]  ? __orc_find+0x104/0x130
[  498.053256][T11946]  ? stack_access_ok+0xf9/0x270
[  498.055940][T11946]  ? __module_address+0x55/0x3c0
[  498.058849][T11946]  ? bpf_ksym_find+0x124/0x1c0
[  498.062277][T11946]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  498.065428][T11946]  ? is_bpf_text_address+0x94/0x1a0
[  498.067817][T11946]  ? kernel_text_address+0x8d/0x100
[  498.072128][T11946]  ? __kernel_text_address+0xd/0x40
[  498.074873][T11946]  ? unwind_get_return_address+0x45/0xe0
[  498.077743][T11946]  ? arch_stack_walk+0x118/0x170
[  498.080458][T11946]  kvm_vm_ioctl+0x1a75/0x3de0
[  498.082834][T11946]  ? tomoyo_path_number_perm+0x467/0x5b0
[  498.085553][T11946]  ? stack_trace_save+0x95/0xd0
[  498.087930][T11946]  ? __pfx_stack_trace_save+0x10/0x10
[  498.090473][T11946]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  498.092820][T11946]  ? __pfx_mark_lock+0x10/0x10
[  498.094911][T11946]  ? tomoyo_path_number_perm+0x467/0x5b0
[  498.097173][T11946]  ? kasan_save_stack+0x42/0x60
[  498.117924][T11946]  ? kasan_save_stack+0x33/0x60
[  498.120329][T11946]  ? kasan_save_track+0x14/0x30
[  498.122829][T11946]  ? kasan_save_free_info+0x3b/0x60
[  498.125259][T11946]  ? poison_slab_object+0xf7/0x160
[  498.143509][T11946]  ? __kasan_slab_free+0x32/0x50
[  498.146401][T11946]  ? kfree+0x12a/0x3b0
[  498.148664][T11946]  ? tomoyo_path_number_perm+0x467/0x5b0
[  498.151427][T11946]  ? security_file_ioctl_compat+0x75/0xc0
[  498.154178][T11946]  ? __do_compat_sys_ioctl+0x5d/0x330
[  498.156625][T11946]  ? __do_fast_syscall_32+0x73/0x120
[  498.159405][T11946]  ? do_fast_syscall_32+0x32/0x80
[  498.162050][T11946]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  498.165002][T11946]  ? kvm_arch_vm_compat_ioctl+0x2d7/0x480
[  498.167409][T11946]  ? hlock_class+0x4e/0x130
[  498.169541][T11946]  ? mark_lock+0xb5/0xc60
[  498.171975][T11946]  ? __pfx_kvm_arch_vm_compat_ioctl+0x10/0x10
[  498.175129][T11946]  ? __pfx_mark_lock+0x10/0x10
[  498.177930][T11946]  ? find_held_lock+0x2d/0x110
[  498.180967][T11946]  ? tomoyo_path_number_perm+0x292/0x5b0
[  498.183697][T11946]  ? __pfx_lock_release+0x10/0x10
[  498.187066][T11946]  ? kfree+0x12a/0x3b0
[  498.189569][T11946]  ? tomoyo_path_number_perm+0x467/0x5b0
[  498.192363][T11946]  ? tomoyo_path_number_perm+0x190/0x5b0
[  498.195970][T11946]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  498.199269][T11946]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  498.202155][T11946]  ? do_vfs_ioctl+0x515/0x1a90
[  498.204583][T11946]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  498.206861][T11946]  ? __pfx_lock_release+0x10/0x10
[  498.209006][T11946]  kvm_vm_compat_ioctl+0x39f/0x400
[  498.211962][T11946]  ? __pfx_kvm_vm_compat_ioctl+0x10/0x10
[  498.216203][T11946]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  498.221098][T11946]  ? __fget_files+0x256/0x400
[  498.224629][T11946]  ? bpf_lsm_file_ioctl_compat+0x9/0x10
[  498.228103][T11946]  ? __pfx_kvm_vm_compat_ioctl+0x10/0x10
[  498.231804][T11946]  __do_compat_sys_ioctl+0x2c3/0x330
[  498.234360][T11946]  __do_fast_syscall_32+0x73/0x120
[  498.237457][T11946]  do_fast_syscall_32+0x32/0x80
[  498.239969][T11946]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  498.245063][T11946] RIP: 0023:0xf7fd7579
[  498.248381][T11946] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  498.260983][T11946] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  498.269177][T11946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c048ae65
[  498.273020][T11946] RDX: 00000000200004c0 RSI: 0000000000000000 RDI: 0000000000000000
[  498.277150][T11946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  498.280962][T11946] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  498.284200][T11946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  498.287489][T11946]  </TASK>
[  498.714706][T11955] trusted_key: encrypted_key: master key parameter 'use' is invalid
[  499.250825][T11963] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1947'.
[  499.520334][T11963] netlink: 'syz.3.1947': attribute type 10 has an invalid length.
[  499.717037][T11963] geneve0: entered promiscuous mode
[  499.774974][T11963] bond0: (slave geneve0): Enslaving as an active interface with an up link
[  499.803501][T11967] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1948'.
[  499.808206][T11970] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1948'.
[  499.826438][T11971] netlink: 'syz.1.1949': attribute type 29 has an invalid length.
[  499.839481][T11971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1949'.
[  500.843325][T11987] 9p: Unknown Cache mode or invalid value fscach
[  500.847008][T11987] 9pnet: Tag 65535 still in use
[  500.859553][    C0] ------------[ cut here ]------------
[  500.863448][    C0] refcount_t: underflow; use-after-free.
[  500.866660][    C0] WARNING: CPU: 0 PID: 0 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210
[  500.871412][    C0] Modules linked in:
[  500.873520][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  500.878174][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  500.890708][    C0] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  500.893554][    C0] Code: ff 89 de e8 d8 8e 0a fd 84 db 0f 85 66 ff ff ff e8 eb 8c 0a fd c6 05 77 20 7a 0b 01 90 48 c7 c7 60 23 b0 8b e8 67 45 cd fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 c8 8c 0a fd 0f b6 1d 52 20 7a 0b 31
[  500.903004][    C0] RSP: 0018:ffffc90000007bf8 EFLAGS: 00010086
[  500.906004][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814dd3f9
[  500.909552][    C0] RDX: ffffffff8da957c0 RSI: ffffffff814dd406 RDI: 0000000000000001
[  500.913287][    C0] RBP: ffff8880664e1108 R08: 0000000000000001 R09: 0000000000000000
[  500.916719][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880664e1108
[  500.920153][    C0] R13: ffff88806644fc00 R14: 0000000000000015 R15: 0000000000000000
[  500.923674][    C0] FS:  0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000
[  500.927691][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  500.930437][    C0] CR2: 00000000f7f455b8 CR3: 000000004b0c8000 CR4: 0000000000352ef0
[  500.933475][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  500.936509][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  500.939521][    C0] Call Trace:
[  500.940824][    C0]  <IRQ>
[  500.942154][    C0]  ? show_regs+0x8c/0xa0
[  500.945013][    C0]  ? __warn+0xe5/0x3c0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  500.947770][    C0]  ? refcount_warn_saturate+0x14a/0x210
[  500.951742][    C0]  ? report_bug+0x3c0/0x580
[  500.954214][    C0]  ? handle_bug+0x3d/0x70
[  500.956816][    C0]  ? exc_invalid_op+0x17/0x50
[  500.974271][    C0]  ? asm_exc_invalid_op+0x1a/0x20
[  500.976518][    C0]  ? __warn_printk+0x199/0x350
[  500.978661][    C0]  ? __warn_printk+0x1a6/0x350
[  500.980738][    C0]  ? refcount_warn_saturate+0x14a/0x210
[  500.983177][    C0]  ? refcount_warn_saturate+0x149/0x210
[  500.985614][    C0]  p9_req_put+0x1ec/0x250
[  500.987533][    C0]  req_done+0x1e7/0x2f0
[  501.003572][    C0]  ? __pfx_req_done+0x10/0x10
[  501.011059][    C0]  ? __pfx_req_done+0x10/0x10
[  501.011323][T11990] IPVS: set_ctl: invalid protocol: 4 224.0.0.2:32768
[  501.013177][    C0]  vring_interrupt+0x31b/0x400
[  501.033077][    C0]  ? __pfx_vring_interrupt+0x10/0x10
[  501.035418][    C0]  __handle_irq_event_percpu+0x229/0x7c0
[  501.037884][    C0]  handle_irq_event+0xab/0x1e0
[  501.040011][    C0]  handle_edge_irq+0x263/0xd10
[  501.058234][    C0]  __common_interrupt+0xdf/0x250
[  501.060687][    C0]  common_interrupt+0x52/0xd0
[  501.063081][    C0]  asm_common_interrupt+0x26/0x40
[  501.065772][    C0] RIP: 0010:handle_softirqs+0x1da/0x8f0
[  501.068757][    C0] Code: 89 44 24 18 48 89 6c 24 10 48 c7 c7 00 70 4b 8b e8 ab 60 b8 09 65 66 c7 05 49 13 b4 7e 00 00 e8 4c 99 42 00 fb bb ff ff ff ff <49> c7 c6 c0 a0 a0 8d 41 0f bc dc 83 c3 01 0f 85 a7 00 00 00 e9 b4
[  501.094792][    C0] RSP: 0018:ffffc90000007f30 EFLAGS: 00000206
[  501.097684][    C0] RAX: 000000000082e312 RBX: 00000000ffffffff RCX: 1ffffffff20232e9
[  501.100967][    C0] RDX: 0000000000000000 RSI: ffffffff8b4cd060 RDI: ffffffff8bb07de0
[  501.104232][    C0] RBP: ffffffff8da957c0 R08: 0000000000000001 R09: 0000000000000001
[  501.107468][    C0] R10: ffffffff9011db9f R11: 0000000000000000 R12: 0000000000000382
[  501.115584][    C0] R13: 000000000000000a R14: 0000000000000001 R15: 0000000000000000
[  501.142092][    C0]  ? __pfx_sched_clock_cpu+0x10/0x10
[  501.144442][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  501.146818][    C0]  irq_exit_rcu+0xbb/0x120
[  501.148972][    C0]  sysvec_apic_timer_interrupt+0x95/0xb0
[  501.152251][    C0]  </IRQ>
[  501.153600][    C0]  <TASK>
[  501.155009][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  501.165684][    C0] RIP: 0010:default_idle+0xf/0x20
[  501.167933][    C0] Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 93 5f 3e 00 fb f4 <fa> c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90
[  501.176416][    C0] RSP: 0018:ffffffff8da07e20 EFLAGS: 00000246
[  501.191064][    C0] RAX: 000000000082e309 RBX: 0000000000000000 RCX: ffffffff8b081fd9
[  501.194499][    C0] RDX: 0000000000000000 RSI: ffffffff8b4cd060 RDI: ffffffff8bb07de0
[  501.200818][    C0] RBP: fffffbfff1b52af8 R08: 0000000000000001 R09: ffffed10056c6fd9
[  501.204238][    C0] R10: ffff88802b637ecb R11: 0000000000000000 R12: 0000000000000000
[  501.224490][    C0] R13: ffffffff8da957c0 R14: ffffffff9011db98 R15: 0000000000000000
[  501.241325][    C0]  ? ct_kernel_exit+0x139/0x190
[  501.243966][    C0]  default_idle_call+0x6d/0xb0
[  501.245857][    C0]  do_idle+0x32c/0x3f0
[  501.247437][    C0]  ? __pfx_do_idle+0x10/0x10
[  501.249012][    C0]  cpu_startup_entry+0x4f/0x60
[  501.250822][    C0]  rest_init+0x16b/0x2b0
[  501.252443][    C0]  ? acpi_subsystem_init+0x133/0x180
[  501.254616][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  501.256911][    C0]  start_kernel+0x3df/0x4c0
[  501.259021][    C0]  x86_64_start_reservations+0x18/0x30
[  501.261625][    C0]  x86_64_start_kernel+0xb2/0xc0
[  501.263952][    C0]  common_startup_64+0x13e/0x148
[  501.266387][    C0]  </TASK>
[  501.268059][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  501.271510][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.11.0-rc5-syzkaller-00219-g1934261d8974 #0
[  501.276269][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  501.281091][    C0] Call Trace:
[  501.282774][    C0]  <IRQ>
[  501.284056][    C0]  dump_stack_lvl+0x3d/0x1f0
[  501.286029][    C0]  panic+0x6dc/0x7c0
[  501.288096][    C0]  ? __pfx_panic+0x10/0x10
[  501.290229][    C0]  ? show_trace_log_lvl+0x363/0x500
[  501.292348][    C0]  ? check_panic_on_warn+0x1f/0xb0
[  501.294247][    C0]  ? refcount_warn_saturate+0x14a/0x210
[  501.296071][    C0]  check_panic_on_warn+0xab/0xb0
[  501.297734][    C0]  __warn+0xf1/0x3c0
[  501.299159][    C0]  ? refcount_warn_saturate+0x14a/0x210
[  501.303771][    C0]  report_bug+0x3c0/0x580
[  501.305803][    C0]  handle_bug+0x3d/0x70
[  501.307230][    C0]  exc_invalid_op+0x17/0x50
[  501.309865][    C0]  asm_exc_invalid_op+0x1a/0x20
[  501.312551][    C0] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  501.316170][    C0] Code: ff 89 de e8 d8 8e 0a fd 84 db 0f 85 66 ff ff ff e8 eb 8c 0a fd c6 05 77 20 7a 0b 01 90 48 c7 c7 60 23 b0 8b e8 67 45 cd fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 c8 8c 0a fd 0f b6 1d 52 20 7a 0b 31
[  501.326612][    C0] RSP: 0018:ffffc90000007bf8 EFLAGS: 00010086
[  501.329330][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814dd3f9
[  501.331643][    C0] RDX: ffffffff8da957c0 RSI: ffffffff814dd406 RDI: 0000000000000001
[  501.334846][    C0] RBP: ffff8880664e1108 R08: 0000000000000001 R09: 0000000000000000
[  501.338073][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880664e1108
[  501.341176][    C0] R13: ffff88806644fc00 R14: 0000000000000015 R15: 0000000000000000
[  501.344282][    C0]  ? __warn_printk+0x199/0x350
[  501.346238][    C0]  ? __warn_printk+0x1a6/0x350
[  501.348912][    C0]  ? refcount_warn_saturate+0x149/0x210
[  501.352419][    C0]  p9_req_put+0x1ec/0x250
[  501.354626][    C0]  req_done+0x1e7/0x2f0
[  501.356137][    C0]  ? __pfx_req_done+0x10/0x10
[  501.358120][    C0]  ? __pfx_req_done+0x10/0x10
[  501.360246][    C0]  vring_interrupt+0x31b/0x400
[  501.362835][    C0]  ? __pfx_vring_interrupt+0x10/0x10
[  501.365302][    C0]  __handle_irq_event_percpu+0x229/0x7c0
[  501.367335][    C0]  handle_irq_event+0xab/0x1e0
[  501.369346][    C0]  handle_edge_irq+0x263/0xd10
[  501.371583][    C0]  __common_interrupt+0xdf/0x250
[  501.373745][    C0]  common_interrupt+0x52/0xd0
[  501.375644][    C0]  asm_common_interrupt+0x26/0x40
[  501.377358][    C0] RIP: 0010:handle_softirqs+0x1da/0x8f0
[  501.379231][    C0] Code: 89 44 24 18 48 89 6c 24 10 48 c7 c7 00 70 4b 8b e8 ab 60 b8 09 65 66 c7 05 49 13 b4 7e 00 00 e8 4c 99 42 00 fb bb ff ff ff ff <49> c7 c6 c0 a0 a0 8d 41 0f bc dc 83 c3 01 0f 85 a7 00 00 00 e9 b4
[  501.386426][    C0] RSP: 0018:ffffc90000007f30 EFLAGS: 00000206
[  501.388869][    C0] RAX: 000000000082e312 RBX: 00000000ffffffff RCX: 1ffffffff20232e9
[  501.391728][    C0] RDX: 0000000000000000 RSI: ffffffff8b4cd060 RDI: ffffffff8bb07de0
[  501.394676][    C0] RBP: ffffffff8da957c0 R08: 0000000000000001 R09: 0000000000000001
[  501.398304][    C0] R10: ffffffff9011db9f R11: 0000000000000000 R12: 0000000000000382
[  501.401988][    C0] R13: 000000000000000a R14: 0000000000000001 R15: 0000000000000000
[  501.405446][    C0]  ? __pfx_sched_clock_cpu+0x10/0x10
[  501.407606][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  501.411726][    C0]  irq_exit_rcu+0xbb/0x120
[  501.413584][    C0]  sysvec_apic_timer_interrupt+0x95/0xb0
[  501.415782][    C0]  </IRQ>
[  501.416951][    C0]  <TASK>
[  501.421615][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  501.423690][    C0] RIP: 0010:default_idle+0xf/0x20
[  501.425733][    C0] Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 93 5f 3e 00 fb f4 <fa> c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90
[  501.433879][    C0] RSP: 0018:ffffffff8da07e20 EFLAGS: 00000246
[  501.437263][    C0] RAX: 000000000082e309 RBX: 0000000000000000 RCX: ffffffff8b081fd9
[  501.441976][    C0] RDX: 0000000000000000 RSI: ffffffff8b4cd060 RDI: ffffffff8bb07de0
[  501.445882][    C0] RBP: fffffbfff1b52af8 R08: 0000000000000001 R09: ffffed10056c6fd9
[  501.449434][    C0] R10: ffff88802b637ecb R11: 0000000000000000 R12: 0000000000000000
[  501.452932][    C0] R13: ffffffff8da957c0 R14: ffffffff9011db98 R15: 0000000000000000
[  501.456190][    C0]  ? ct_kernel_exit+0x139/0x190
[  501.458596][    C0]  default_idle_call+0x6d/0xb0
[  501.461393][    C0]  do_idle+0x32c/0x3f0
[  501.463661][    C0]  ? __pfx_do_idle+0x10/0x10
[  501.466463][    C0]  cpu_startup_entry+0x4f/0x60
[  501.468565][    C0]  rest_init+0x16b/0x2b0
[  501.470671][    C0]  ? acpi_subsystem_init+0x133/0x180
[  501.473476][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  501.476341][    C0]  start_kernel+0x3df/0x4c0
[  501.478759][    C0]  x86_64_start_reservations+0x18/0x30
[  501.481685][    C0]  x86_64_start_kernel+0xb2/0xc0
[  501.484321][    C0]  common_startup_64+0x13e/0x148
[  501.486881][    C0]  </TASK>
[  501.489755][    C0] Kernel Offset: disabled
[  501.492604][    C0] Rebooting in 86400 seconds..

VM DIAGNOSIS:
21:58:32  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff84fc0625 RDI=ffffffff9a513600 RBP=ffffffff9a5135c0 RSP=ffffc90000007600
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000032 R14=ffffffff84fc05c0 R15=0000000000000000
RIP=ffffffff84fc064f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7f455b8 CR3=000000004b0c8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000005cbf35 RBX=0000000000000001 RCX=ffffffff8b081fd9 RDX=0000000000000000
RSI=ffffffff8b4cd060 RDI=ffffffff8bb07de0 RBP=ffffed10036fd910 RSP=ffffc90000477e08
R8 =0000000000000001 R9 =ffffed10056e6fd9 R10=ffff88802b737ecb R11=0000000000000000
R12=0000000000000001 R13=ffff88801b7ec880 R14=ffffffff9011db98 R15=0000000000000000
RIP=ffffffff8b0833cf RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000578744c0 CR3=000000004b0c8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000004 RBX=ffff888020ad8000 RCX=ffff88801cece000 RDX=0000000000000000
RSI=ffffffff81cf1628 RDI=ffff888020ad8444 RBP=ffff888020ad8000 RSP=ffffc90000edf6a0
R8 =0000000000000007 R9 =0000000000000000 R10=0000000020000000 R11=0000000000000000
R12=ffff88801ed44808 R13=ffff88801cece000 R14=0000000000000000 R15=ffffc90000edf888
RIP=ffffffff81718d6d RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 000fffff 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 000fffff 00000000
FS =0000 0000000000000000 000fffff 00000000
GS =0000 ffff88802b800000 000fffff 00000000
LDT=0000 0000000000000000 000fffff 00000000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000555ced3a5000 CR3=0000000073a88000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000252c55 RBX=0000000000000003 RCX=ffffffff8b081fd9 RDX=0000000000000000
RSI=ffffffff8b4cd060 RDI=ffffffff8bb07de0 RBP=ffffed100377e488 RSP=ffffc90000497e08
R8 =0000000000000001 R9 =ffffed1005726fd9 R10=ffff88802b937ecb R11=0000000000000000
R12=0000000000000003 R13=ffff88801bbf2440 R14=ffffffff9011db98 R15=0000000000000000
RIP=ffffffff8b0833cf RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b900000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7439178 CR3=000000007593a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000