last executing test programs:

5.758166807s ago: executing program 2 (id=715):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@setneightbl={0x24, 0x43, 0x701, 0x0, 0x0, {0x2}, [@NDTA_THRESH3={0x8, 0x4, 0x7}, @NDTA_THRESH2={0x8, 0x3, 0x6}]}, 0x24}}, 0x0)
iopl(0x3)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
splice(r3, 0x0, r2, 0x0, 0x1, 0x0)
mkdir(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000e40), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x4})
r6 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_S_INPUT(r6, 0xc0045627, &(0x7f0000000000)=0x2)
ioctl$VIDIOC_S_STD(r6, 0x40085618, &(0x7f0000000080)=0x3200e0)
ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc0585609, &(0x7f00000001c0)=@multiplanar_userptr={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b34d6fde"}, 0x0, 0x2, {0x0}})
openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r7 = open(0x0, 0x0, 0x0)
mkdirat(r7, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
ioctl$NBD_SET_FLAGS(r7, 0xab0a, 0x9)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id', @ANYRESDEC])
read$FUSE(0xffffffffffffffff, &(0x7f0000006380)={0x2020}, 0x2020)

4.656276031s ago: executing program 2 (id=720):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000180)={0x28, 0x0, 0x0, @host}, 0x10)
pipe2(&(0x7f00000001c0)={<r3=>0xffffffffffffffff}, 0x80)
openat$cgroup_ro(r3, &(0x7f0000000240)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r1}, 0x10)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pipe(0x0)
syz_usb_connect(0x6, 0x0, 0x0, 0x0)
ioctl$TCFLSH(r4, 0x400455c8, 0x0)
socket$inet6_sctp(0xa, 0x0, 0x84)
ioctl$TIOCSTI(r4, 0x5437, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r2, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000010000000900010073797a300000000048000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000140003800800024000000000080001400000000008000740000000015c000000160a01010000000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014000100626f6e643000000000000000000000001400010076657468305f746f5f7465616d000000140000001000010000000000000000000000000a00"], 0xec}}, 0x0)

4.025941949s ago: executing program 1 (id=724):
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})
write$ppp(r0, &(0x7f0000000140)="1627", 0x2)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xf, &(0x7f0000000900)=@ringbuf={{0x18, 0x7}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x31}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet(0x2, 0x0, 0x84)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r2}, 0x38)
read$dsp(0xffffffffffffffff, &(0x7f00000004c0)=""/216, 0xd8)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="e501330080800000080211000000ffffffffffff90e488f9971a00000000000000000000000000000000000003010004060000000000002a010072060303030303037606000000000000dd352d5014b2109a59339408ad50548584c01cda5f3ced6f13b590b9aaf1bca488130effc03c7c2adf4757f254203300027902dd1fa777dd73eb13a8b3df323b58645505746aa35226d44912415c3d4ac256aa5c2291a3317d27815fda589135d0308f4ff131b3c4a96dde0f9c497c9bbde281223c0596f01156deb1f851f7602fb2299c382c07898a4d7dddbc046ef6a9b938b13f76ccceb4d339a7d92a6a7f45bd90df8b5bd53f1eec1a24dde44f2a899e94bcf0613609929460dda7b3421f2af277170aab1eef1bc7a6bad283ec72e75c78d8f4f30f5e2ee79daf8ece54852b5b93eabb5832b001d39227230802e601a7f9749d370367565ddb88a137c4572cce24103d4337027917c48d29a1860dad1f99fe412ea5a5eff0a43812f63ec34a05279e6dc25839f828e60b01f9b6a65bf411101d89dc154716566458aa4111340a6d895801f8d51908b9bdd47762550f4ee51c8a3f64cfe2f8b701e79d393a957fa4e3e620099b226f683280ec0f5d85f9c59d29d9159126c9f114d0e08f17f96e4757dd81825d8f432246cdb8ab571fcfdd075dad8ac12f9666"], 0x204}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r8, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r10, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0)
r11 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0)
r13 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r13, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f6873720000000050000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c000380180003801400018076657468305f746f5f687372000000000800074000000001140000001000010000000000000000000000000a"], 0xf0}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x2c, &(0x7f0000000240)=ANY=[@ANYRESHEX=r11, @ANYRES32=r2, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000181100", @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007b8af8ff0000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x90)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)

3.864060616s ago: executing program 1 (id=725):
r0 = openat$sysctl(0xffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_dsack\x00', 0x1, 0x0)
write$binfmt_script(r0, &(0x7f0000003780)={'#! ', './file0', [], 0xa, "dfa62e794eda2553ac838416f5104e45f426fabe6df699a220159a8256a48a2eea7750f43b4b568f7b5db64bcee59982ab6371c324ab12dcc0e0f7be1a629463178b5dda71828c65270c809c88d842426230f960147965da7aa9035662ebd1830f72da45afb41ce1b109a7cc4674106bb79aa70edbbc77b47181c27550e0a9b6d6b5d4595626bf98da77350434c2fe0e13c4c4974b21d50a8dfcf93449f52d818c537f8616f2439e645acd855523f00e93b4ef6f8d4d763f82882f69c38df2f84c9dbb3103d5543cd79b7d086bb7f01f267ee57f554b77d687e2024387a256a323f428879182f89db06bc1b85aac3ded2738cee1c7ffd5825180d4dcff746662a80cd8b8fef4d9b1c05d2ad13fabf847ca0db63b2296f60a2de8e6dc3a514b6d9265ee03b0b8845b395ad96a9f5978397bc886bda4a23bf95be73ee82b4d97b5a7f8be911693fad507531e56ba58c4ede079fce5dedb0e0246b11dc7da45e2a5c5a8f52f9f16e2d92cede4d392b93ea52de53fb8edc3945d1ed58bb99d27965ec118a318ba5bd367e00167db087606ea7bf4071fb47a7ca66a9361dafbdfc8d2af5da17f6cdfe1ce038dec9460810f6cb19055e7744c33a12c697d43ad8a842ad9ae56989b0f2ac691eaf7a4930be28633d72d6638b41dff3862b742f91cd6774bda27c2b285a5e799c3a90127bc370e674d86f102220e1ffa43c32f38fe8aabaf4277610ce264a6eb808867c7069e564334c5e8f2f23ea2483d2c8ca921063875350f9dbfd87ce6036b78ebce28e9cd9f378d01f634f37deffb4faecd427446af9ae8e6ea8219152484acd678329c566c01853a93977baa1d0222b5eda63ea4930ef34abf032eba86cbc713d8298ad6cbc066632638b903eec66f3b781de7281d7ed97a03435210bbd4205a9f37aa41c133dbc8c3cc389448d8c0813e9cda1e76d8cf78a141e0a3b3ea30e9b23d212b03a8bdb5f9d1ba5b7806e44e8031051fdf8bd5059b912de4abd336c4b8bef63bc481bc315413c39b48535f48853dc2b93c0731838cf84df7776d66eb04f72aea3c0f7172e4878f33e492f7f2f7543dc461e6d39de446c07279c7c91952280c1e5f9fb204af8322e72e1aea4bf4bafeeaf3fe66c9be462e163dc645974499412cb75bb564e837ae03c805af008e24cc0cc2c7be1f84eed2a4e9b0b4aa5b0a309b7e7e7cafe5bf046b96f960ac4ade94446344b9842f6d493b0848d36161e6ee09b2494a15e1b60e5ba26ca7016423971c3bbac3161bab93f25dc8310f94f05663f1a33b7d1d3e3caef8fabd4ca836ec513980c5f25cbea240e7662f7ada0389ba9772bdae53b0442655d1b20b2e95e3e7d3f9d85dccdcabe6485cda7708bed732041e43c2c830ef4bba368dd4eb4f1cb754689a778d287aa49daf2f68bf8b283dae4327e5fe099eb78bd84861cbcdcad947dd8fde51c55693c1d027577407c1ee54b7ce48e917e7ecdcf70b76a4d752e6ccb5374e13d94ab3d226be7d57d74132c221659e7ddb466778f5083eb31b118c07df1d67ea8e1e48c67207d6bdc533335949b9c141920dcce8ace0eca8e5b5e0def5df88924965efeb1e6028b2e834d879282cac766e0f917934d57c83671f643ec1e70aed5e9c11c71b58762a4ef03653c9bcb94a0f2883eead76fe52093606fdd989250036536132a4d1367e448c5953bfba588ad869c0420a1c1c2118a81dc98abd7db1826acaf21ce58a34b86bafa8395cff9585e099acb8985295efe6f5b0de9947061b40aa20da912c0b9590deea2f315d44c5bcc37c5d316e0599a99e157ebcc927dead52a2bbc1fa9fedf8cd82049389b00b21ce99a61fa7897926a07a2abd69d917fc92c012bbc4359a13166889e78c61d7749207316f43bb19907d39f3a5f197cbd3bdd4dfe00d36dd054e9c785102ef7ac103dabe64ff2bfa89951a2de69d0701058794b1c63314b503157f91f98f0cb531940ad56955e3b1d328d7e0f2ebf2a5844d57becb1916c494d7bff326cf419c616517761ce69bf65ab3fe12e840a81cb31134a357d10982a5b48479896fe504a1e95b93511b141288f09d0d44e9c5d3147108156c7d0310225a6713a09f34bfde0d37991e49adcbd4a7696b5078aa29773d62dec82d42ec52d898ec5bb68643c938a5de263962f8e7ca5eaf228e1ce606a42aabd80b728f544011d32c0f796b05022355c7f08f83d5cbc75b615f655bf26a2b741d276561ab2bbfbeed859ac863b6c94ee7a6135252677f020074b4dc7b1242369a2ecfe3563fc061d9a3fb35825e951c40acdb00b74c2c2c57a3c8450d83d30216d906ece9de4ce875d0b4eeeee27e9f286a0a679ccfcab6e00d68576903bac953c12c24e3964a3c7e6fc7390cfc4260fd7e3427519bb6dd5a105e60e428d71f4dd9accf2ab4fcb7d329d3b5e99bbe148f00b6be6383aa64021cb94af48d08bcbc040449eb0218cab9ba57d4658da5de91efe52275601c4e1d8dfdd1d1a5288f1049989e02287125259b87d2ad66ebd8dc1a3679f250b222125beddaa5fbdd7614a57def513b8a1808ad6685a648ae47c8fa241aac1dcbcf51de92e336f71f08dffba8fb327d05245af7e545f59e23c3c6b3174c565c0a5806f3a1db7383905b7bf23ca3303d97b060443a70a0f86f74a59fc878826cbd7c2a0082a887251a5617e09ad3ce3a50c0b508aeea13a629f2a99f522d8d64080a524fe7b181aff539645d051d7e0458b14241e5dcea71352a0d0fdabda11d89ef2e153b9af6e1db236e335c3a76ed1407e04a8a2063bfe73c1e79d4366445e2e254da2bd83d7d4d8547a4b6bad4e215a4f30fd2eadefe6372119fb5d872c2e20bb5ac60dc22bc4c70f7a7b479f93554431e5f295f36e91c4576ac40f351003b5966cdb83be4e10943aae59ddb2d77c93b92f7608ec4008e2f9229b806e0ee48ce02cd807bf6af5e1ac5cb0b467513316b6e859e70f06d913d528dc77da29ce9569c04215c83577cebf0099f6925ef49660f8c376a141862b794deea246e8eecb93f7c2a4015caa44880172e1db9933fea8ca36c88aaab7ae147a7636f9f9595b2201b63a0543f1a471a0f00fe594c23f58fed174a674bfddce077b05884fd075826f71e61ee2da7cf59dcf231fd627e6392294bbdf98bfe1ccf49341386a21a6baaa88f97a337c1fd152466be14b12d58b209c919bbbb1d76f0520c52899f99f5b25b673bed99c7b7333ec3986ebcff617a7ce56dd8641d49ef2ccf0514af12af537cc00e870e086a1e227b6ba74eb80e833983a1d7a2f6994361a4005fd8dbcc584b42541bccbd4a339772a309f9b801895aa2e5089b8df009aaee80a792624ef96b566f1619fda287ea2ccaa613c20ef224d7cec36f305905278291bad7125cc2fc66dc66f18f765c12ce3b5ff8a7f566a502d189c3116c43a431db3a846391c81f87a27fc9b35addefa296eca5b9f0aa0560593f7702e1fa315c575b63a529e930c88acef8a778ce1d1be0951cae679c6068be595ea14c6f2154749dbadfa96415d1d3e313e216fc691d024ed763cf735992a33ecd2a6b9c6851f3231dbb80a79aba4bc8b0f581d4f5708a57e250dc36983851ad22c3d4c60dfb65b6f8ab2e77b616db4fb4878b7d4c6646f329b7f2f9de9c23cd6e4a26e3f359dfb08a300ce9ae12c11e25273e3ef91b78e2747ccedb2a3621537e3eceeae86fe566ec046daee936c4a2540c8598bd24e7b5fbd580ae23cb8d58325e734ec7dd7ecae16d28dcaa60bbb0ccb2da3ea203b0088313a453228a2adcf52021a01518ae2aa7c6aac2e721f881e7ddd6384eeba7ee6bf0d116668f780f110706e8a56d4532d5fc56f4cb62e4b1bc62f3eb999b8146a4c9b5b5209bdca330af3b56b841896e82d5ede4c7a17d88fea722649e3f0d08dda46c4dd09d7c7e5df529bd60d9bc98e38983ead7fae7e25914447b9d67aa4046134b6dbfe42297c68cd6f8844df5885e3b77d355f9277f54f21cb1b83ff9c8355b3e58c2730f674dd057d5b260ede90d95629b8876405b8e6b604b49b26e90dee2e316b2c8cd7c3b9b17904a4ca5177c692f2a426623ba1b35710dae81dda1664d7fea93570f29c09efcb267c33997c8aa29fd6e31529b619d7d96c93285cc82eff061604c375ea666f63be2a26288e4506bf09677a6f6994053b813b821a7e2a94f0565cd2a940fd7e78126ce933951bae93d6dd5a5910cb38ef0146f1359f4e4ee7acc9a2553e116671b6d2b555958008bb11cfd01ce32a70c4e24f4a08216773c93e6992a409a6aeac7957979926b6e6d8bd5721d4532b7d31960f7c66251d333884b313a5ee53b0e76d7f4c20ee570fc7b3549b21a3e3e5af41464e21137c6d8d73b13538621a1613e052ddcb3a8dec0532a9657234964cdc1f2b5aec44cdd08bc2d2cb50d85fa08c99d3dd58b4b5e8a7ed1fe917d72bd6f0d00d4a3876858a0c7639413467ef0fb7f091337d64c94c535006fa6c3b04c1b4819aeb7624ebba4079a91fec1e6878071efa9e30ffd8fd99f74216a5c85e4a4ef565b85d605b32b9626b7ca2535682a3c28f81f0eab5057393b2a707ea1956fa5a50e848f0ed1680d08fa2ed8f0800256ce923af4c71dc098da874af205bc540a1e1d34d96cfd54ad3c46d9f6ef54472166d31e4848c03a24b5de1b111e71a339b33d68e5833c85d31b4d822e4c389f7886a6299b5ea7c8ffea2fe2f7c1d826a811593b66d79a251d1712ede3c97a9513359ed364e625aa9f78b99c512d4305ff7d1335ba58142c90f0a614b41973212e9aaf4d914ecfc7e0b6140e0e21ca75a530477d1b9e96cc4963f396570949b6f45bf55d02c2df2bf5c08a1468389aa1b4be02dc6c318aed88a910d6f3940721cea80697c4f7b0562c7edaed8d2d47d2ca235d39c1f2e1a68b67419ea6f89d75ee3bfc73014035dd6efd4a71e55aa775d8bd0699855b2a3aeb904b53301d9d47d769dea54c3a37cfd63e5b968f756e16cc89535fbde4b87e21e412e5f158fcf837ac80a61829d8eeea24e23d7336430d5bda887a01f197c59ff1df732ae906f3c9074677b9a06c7af2a9c1df8fe2db28b4e89a001e804c2294990f83c40d29f493d467b39467624c411a18e0208ad6c9ba07d620e9db23b99039a3f937bc180a9b79f7a6a129c6a001030eec466cec8c822560119f6582571311f173f34a30404d9af256638b9b120193150dd496643dca583d0694c89bb767091410360a9ad9a7e19bb6844bf1de171e0034205762c9148356cae3a1006c845933e8728736106f07f8e885207c5f778af9bf116368aa75c3df83db59e1fc40031091efd556277eecf4dce61a205f3b5a360f047c39e560852040f407de3f6a683d1d7c17f6df05756c635c4cbd57f2424f6f6bd5fceb4f933157accc556e14a2ef0873dc617f3653f996255149d001ca615e14bf59ab98d78cd6858b087983edd799cf0fe431f647228fc73b41e4fc1ce4018980623312b108401f91bc108888f40fcf74d2f72f8d261e69aa16476e6f54b518a85f51bed9e2dd29ddae99bb4e853d387e0b6513284ffc70472d814142f4e834cc70d951a6d6592dfeb1b9291380f9d74f2c7773692ca2edba723b2f20a5653e79109a56ba17560f997782cfbe32b44d93799063c3d0e819b269e0239967420a3cfcdc40b78514871cecc6c26a2050c95a195c066b20e146bb85d7bdcb1879ca8a760ae580c8610e7107a8084b312aa30c9e078e671ce438a45e0bbd4555ca4ac4e9c00363af2e553ef349bf34"}, 0xfff)

3.786156144s ago: executing program 1 (id=726):
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})
write$ppp(r0, &(0x7f0000000140)="1627", 0x2)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xf, &(0x7f0000000900)=@ringbuf={{0x18, 0x7}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x31}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet(0x2, 0x0, 0x84)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r2}, 0x38)
read$dsp(0xffffffffffffffff, &(0x7f00000004c0)=""/216, 0xd8)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="e501330080800000080211000000ffffffffffff90e488f9971a00000000000000000000000000000000000003010004060000000000002a010072060303030303037606000000000000dd352d5014b2109a59339408ad50548584c01cda5f3ced6f13b590b9aaf1bca488130effc03c7c2adf4757f254203300027902dd1fa777dd73eb13a8b3df323b58645505746aa35226d44912415c3d4ac256aa5c2291a3317d27815fda589135d0308f4ff131b3c4a96dde0f9c497c9bbde281223c0596f01156deb1f851f7602fb2299c382c07898a4d7dddbc046ef6a9b938b13f76ccceb4d339a7d92a6a7f45bd90df8b5bd53f1eec1a24dde44f2a899e94bcf0613609929460dda7b3421f2af277170aab1eef1bc7a6bad283ec72e75c78d8f4f30f5e2ee79daf8ece54852b5b93eabb5832b001d39227230802e601a7f9749d370367565ddb88a137c4572cce24103d4337027917c48d29a1860dad1f99fe412ea5a5eff0a43812f63ec34a05279e6dc25839f828e60b01f9b6a65bf411101d89dc154716566458aa4111340a6d895801f8d51908b9bdd47762550f4ee51c8a3f64cfe2f8b701e79d393a957fa4e3e620099b226f683280ec0f5d85f9c59d29d9159126c9f114d0e08f17f96e4757dd81825d8f432246cdb8ab571fcfdd075dad8ac12f9666"], 0x204}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r8, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r10, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0)
r11 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0)
r13 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r13, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f6873720000000050000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c000380180003801400018076657468305f746f5f687372000000000800074000000001140000001000010000000000000000000000000a"], 0xf0}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x2c, &(0x7f0000000240)=ANY=[@ANYRESHEX=r11, @ANYRES32=r2, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000001811", @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007b8af8ff0000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x90)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)

3.552268055s ago: executing program 1 (id=728):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@setneightbl={0x24, 0x43, 0x701, 0x0, 0x0, {0x2}, [@NDTA_THRESH3={0x8, 0x4, 0x7}, @NDTA_THRESH2={0x8, 0x3, 0x6}]}, 0x24}}, 0x0)
iopl(0x3)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
splice(r3, 0x0, r2, 0x0, 0x1, 0x0)
mkdir(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000e40), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x4})
r6 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_S_INPUT(r6, 0xc0045627, &(0x7f0000000000)=0x2)
ioctl$VIDIOC_S_STD(r6, 0x40085618, &(0x7f0000000080)=0x3200e0)
ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc0585609, &(0x7f00000001c0)=@multiplanar_userptr={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b34d6fde"}, 0x0, 0x2, {0x0}})
openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r7 = open(0x0, 0x0, 0x0)
mkdirat(r7, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
ioctl$NBD_SET_FLAGS(r7, 0xab0a, 0x9)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id', @ANYRESDEC])
read$FUSE(0xffffffffffffffff, &(0x7f0000006380)={0x2020}, 0x2020)

3.154821869s ago: executing program 0 (id=730):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x4}, 0x48)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

3.075859634s ago: executing program 0 (id=731):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, 0x0)
r2 = syz_open_pts(r1, 0x801)
r3 = dup3(r2, r1, 0x0)
write$char_usb(r3, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES64=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64, @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0}, 0x90)
open(&(0x7f0000000140)='./bus\x00', 0x40034d040, 0x0)
mkdir(0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$HIDIOCSUSAGES(0xffffffffffffffff, 0x501c4814, &(0x7f0000001100)={{}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe44e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3049, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffff587, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1]})
r7 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x862b01)
r8 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0)
ioctl$EVIOCGRAB(r8, 0x40044590, &(0x7f0000000000))
read$hiddev(r8, &(0x7f0000000080)=""/102, 0x66)
write$char_usb(r7, &(0x7f0000000040)="e2", 0x2250)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r10 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wg2\x00', <r11=>0x0})
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r9, @ANYBLOB="011f00000000000000000d0000000c00018008000100", @ANYRES32=r11], 0x20}}, 0x0)
r12 = socket(0x2, 0x3, 0xff)
bind$inet(r12, &(0x7f0000000140)={0x2, 0x0, @loopback}, 0x10)
connect$inet(r12, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
fsopen(&(0x7f0000000000)='ocfs2_dlmfs\x00', 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="580000000206010400000000000000000000000011000300686173683a6e65742c6e6574000000000900020073797a320000000005000400000000000c0007800800120000000000050005000a0000000500010006000000a9c7f5cd8790aaa33d625fb88a8bd09a1472d612b37c43c183f13e0cc1de7ef62f701e5b37688b00b5ef34290500240e1af21feceffb2d888ab65a7dd2c4b47e75b1307407cc590c3fb943315304150f0b3b72f471e29f0138b593b34c3513ea2a860b4e864576a376fadb4765c71dccec91aab35a8218af96ee380f7aaf4b9efda664307b72d46a6f79"], 0x58}}, 0x0)

2.965066969s ago: executing program 0 (id=733):
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})
write$ppp(r0, &(0x7f0000000140)="1627", 0x2)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xf, &(0x7f0000000900)=@ringbuf={{0x18, 0x7}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x31}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet(0x2, 0x0, 0x84)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r2}, 0x38)
read$dsp(0xffffffffffffffff, &(0x7f00000004c0)=""/216, 0xd8)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="e501330080800000080211000000ffffffffffff90e488f9971a00000000000000000000000000000000000003010004060000000000002a010072060303030303037606000000000000dd352d5014b2109a59339408ad50548584c01cda5f3ced6f13b590b9aaf1bca488130effc03c7c2adf4757f254203300027902dd1fa777dd73eb13a8b3df323b58645505746aa35226d44912415c3d4ac256aa5c2291a3317d27815fda589135d0308f4ff131b3c4a96dde0f9c497c9bbde281223c0596f01156deb1f851f7602fb2299c382c07898a4d7dddbc046ef6a9b938b13f76ccceb4d339a7d92a6a7f45bd90df8b5bd53f1eec1a24dde44f2a899e94bcf0613609929460dda7b3421f2af277170aab1eef1bc7a6bad283ec72e75c78d8f4f30f5e2ee79daf8ece54852b5b93eabb5832b001d39227230802e601a7f9749d370367565ddb88a137c4572cce24103d4337027917c48d29a1860dad1f99fe412ea5a5eff0a43812f63ec34a05279e6dc25839f828e60b01f9b6a65bf411101d89dc154716566458aa4111340a6d895801f8d51908b9bdd47762550f4ee51c8a3f64cfe2f8b701e79d393a957fa4e3e620099b226f683280ec0f5d85f9c59d29d9159126c9f114d0e08f17f96e4757dd81825d8f432246cdb8ab571fcfdd075dad8ac12f9666"], 0x204}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r8, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r10, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0)
r11 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0)
r13 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r13, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f6873720000000050000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c000380180003801400018076657468305f746f5f687372000000000800074000000001140000001000010000000000000000000000000a"], 0xf0}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x2c, &(0x7f0000000240)=ANY=[@ANYRESHEX=r11, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007b8af8ff0000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x90)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)

2.755770591s ago: executing program 0 (id=736):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, &(0x7f0000000380)})
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
listen(r1, 0x5)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x1}], 0x1)
r5 = accept4$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000003380)=[{&(0x7f0000000140)=""/120, 0x78}, {&(0x7f0000000040)=""/40, 0x28}, {&(0x7f0000003300)=""/107, 0x6b}], 0x3}}], 0x4000000000000a1, 0x2, 0x0)
recvmsg(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000480)=""/68, 0x44}], 0x1}, 0x4c2103a0)
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="034886dd090328000300300000006000000001002f0081e949b93897bc3b0000000000007d01ff020000000000000000000000000001"], 0xfdef)
r7 = syz_usbip_server_init(0x3)
write$usbip_server(r7, &(0x7f0000000080)=@ret_unlink, 0x30)
r8 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000000c0)={0x0, r8})
getgid()

2.546211734s ago: executing program 1 (id=738):
syz_io_uring_setup(0x4b5, 0x0, &(0x7f0000000240)=<r0=>0x0, &(0x7f0000000000)=<r1=>0x0)
syz_emit_ethernet(0x46, &(0x7f0000001100)=ANY=[@ANYRESDEC=r1], 0x0)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
fchdir(r3)
mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000000480)=[{&(0x7f0000000140)=""/54, 0x36}, {&(0x7f0000006180)=""/146, 0x92}, {&(0x7f0000000280)=""/194, 0xc2}], 0x3, &(0x7f0000000580)=[{&(0x7f0000000680)=""/203, 0xcb}, {&(0x7f0000000780)=""/94, 0x5e}, {&(0x7f0000000500)=""/43, 0x2b}], 0x3, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYRES16=r4, @ANYRES32=r2, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200a266aeef8d12530a475440069bed0b691f2a0f8c2c275451e4bb21de8017e920f2da7a12600097d9afd0b898447441da478cf826eb875eec851735ea512cd8d43faf1458318127930927f18400fd272b4d2c54e2530b006adbbeec88ad3a89", @ANYRES8=r4, @ANYRES32=r5, @ANYRES64=r4, @ANYRES16=0x0, @ANYRES8=r5, @ANYRES32=r2], 0x44}, 0x1, 0x0, 0x0, 0x4044800}, 0x80d0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000080)=0x74000000)
write$dsp(r2, &(0x7f0000000180)="6062fbfe835afe5242f6e879155610e4ff1365fb18d93e3547ba79f8fbba4ecf410d480bee4b7acb378cfddc0c00000000", 0x31)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sched_setparam(r4, &(0x7f00000004c0)=0x4)
modify_ldt$write2(0x11, &(0x7f0000000000)={0x0, 0x0, 0x2000}, 0x10)
modify_ldt$read(0x0, &(0x7f0000001240)=""/251, 0xfb)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000380)=[{0x0}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1c, 0x3, &(0x7f0000000200)=ANY=[@ANYRES32=r0, @ANYRES32=r5, @ANYRESDEC, @ANYRES64=r4], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
sched_setattr(r4, 0x0, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-aesni\x00'}, 0x58)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x200280, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x24, &(0x7f00000001c0)=0x2, 0x4)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000080)="c99b57381801238c09d0ff0f1d0dbd30", 0x5f)

2.521037582s ago: executing program 1 (id=739):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000400), 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x0, @local}, 0x2}}, 0x26)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @private=0xa010101}, 0x2, 0xfffffffd}}, 0x2e)
setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r2, 0x111, 0x2, 0x20000000, 0x4)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
r3 = open(&(0x7f0000000080)='./file1\x00', 0x0, 0x0)
fcntl$notify(r3, 0x402, 0x15)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f0000000000))
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000500)={0xa00, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
close(0x3)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)

1.875710214s ago: executing program 2 (id=745):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r0, &(0x7f0000001100)={'syz1\x00'}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4)
r1 = dup(r0)
ioctl$UI_DEV_CREATE(r1, 0x5501)
write$tun(r1, &(0x7f0000000240)={@void, @val, @ipv6=@icmpv6={0x0, 0x6, "41b0ca", 0x70, 0x3a, 0x0, @rand_addr=' \x01\x00', @empty, {[@routing, @fragment, @dstopts={0x0, 0x8, '\x00', [@pad1, @calipso={0x7, 0x38, {0x0, 0xc, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @jumbo]}], @ni}}}, 0xa2) (fail_nth: 8)

1.723858211s ago: executing program 2 (id=746):
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f00000000c0), 0x101, 0x0)
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x14}}, 0x0)
r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000002bc0)=""/206, 0xce}], 0x1}}], 0x13, 0x0, 0x0)
preadv(r0, &(0x7f0000000040)=[{&(0x7f00000001c0)=""/219, 0xdb}], 0x1, 0x0, 0x0)

1.723007856s ago: executing program 2 (id=747):
socket$kcm(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r1, 0x107, 0x13, &(0x7f0000000000), &(0x7f0000000040)=0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x1, 0x4800003e, r4, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000003c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000100000000fedbdf256c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900a4000000660000000800e78ce400ca653e6022013e020000080026009409000008002201140200000500180132000000080027000200000005001801070000000500190107000000050018012c0000000800270003000000"], 0x82}, 0x1, 0x0, 0x0, 0x4044880}, 0x4000000)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000440)={'vxcan0\x00', <r5=>0x0})
recvfrom$inet_nvme(0xffffffffffffffff, &(0x7f0000000040)=""/93, 0x5d, 0x40010000, &(0x7f00000000c0)=@can={0x1d, r5}, 0x80)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x102})
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0xc}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sys_exit\x00', r8}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'rose0\x00'})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRESHEX=0x0, @ANYRESOCT=r6], 0x20}}, 0x0)
r10 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_SELECTION(r10, 0xc040565f, &(0x7f0000000040)={0x2, 0x0, 0x2, {0x0, 0x4}})
r11 = openat$nullb(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$BLKTRACESETUP(r11, 0xc0401273, &(0x7f0000000100)={'\x00', 0x0, 0x1, 0xfffffff8})

1.224646506s ago: executing program 0 (id=752):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, 0x0)
r2 = syz_open_pts(r1, 0x801)
r3 = dup3(r2, r1, 0x0)
write$char_usb(r3, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES64=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64, @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0}, 0x90)
open(&(0x7f0000000140)='./bus\x00', 0x40034d040, 0x0)
mkdir(0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$HIDIOCSUSAGES(0xffffffffffffffff, 0x501c4814, &(0x7f0000001100)={{}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe44e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3049, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffff587, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1]})
r7 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x862b01)
r8 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0)
ioctl$EVIOCGRAB(r8, 0x40044590, &(0x7f0000000000))
read$hiddev(r8, &(0x7f0000000080)=""/102, 0x66)
write$char_usb(r7, &(0x7f0000000040)="e2", 0x2250)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r10 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wg2\x00', <r11=>0x0})
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r9, @ANYBLOB="011f00000000000000000d0000000c00018008000100", @ANYRES32=r11], 0x20}}, 0x0)
r12 = socket(0x2, 0x3, 0xff)
bind$inet(r12, &(0x7f0000000140)={0x2, 0x0, @loopback}, 0x10)
connect$inet(r12, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
fsopen(&(0x7f0000000000)='ocfs2_dlmfs\x00', 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="580000000206010400000000000000000000000011000300686173683a6e65742c6e6574000000000900020073797a320000000005000400000000000c0007800800120000000000050005000a0000000500010006000000a9c7f5cd8790aaa33d625fb88a8bd09a1472d612b37c43c183f13e0cc1de7ef62f701e5b37688b00b5ef34290500240e1af21feceffb2d888ab65a7dd2c4b47e75b1307407cc590c3fb943315304150f0b3b72f471e29f0138b593b34c3513ea2a860b4e864576a376fadb4765c71dccec91aab35a8218af96ee380f7aaf4b9efda664307b72d46a6f79"], 0x58}}, 0x0)

1.092546166s ago: executing program 0 (id=754):
pipe2(&(0x7f0000000300), 0x0)
syz_emit_ethernet(0x36, 0x0, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000002bc0)={0x2020}, 0x2020)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_pidfd_open(0x0, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
fanotify_init(0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001c80)=ANY=[@ANYBLOB="bf16000000000000b70700001f0000005070000000000000200000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bb3010100bd2321afb56fa54f26fb0b71afe6adfefcf1d8f7faf75e0f226bd99eea7960717142fa9ea4318123741c4a0e168c1886d0d4d94f2f4e345c652fbc16ee988e6e0dc8cedf3ce99fbfbf9b0a49ef23d410f6296b32a834388107200759cda9036b4e369a9e152ddcc7b1b85f3c4744aeac698890c864d59887a59905f1e07f40b1cd3641f8c192c368590f894cd4e1110bec4e9027a0c8055bbfc3a96d2e8910c2c3b35967dec6e802f5ab3eea57b09a2ed4048d3b867ddd58211d6ececb0cd2b6d357b85a0218ce740068f4025c0bf1aad90738725837079e468ee207d2f73902fbcfcf49822775985bf31b715f5888b24efa000000000000ffffff010100000000000000000000000000020000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9736bdeab29ea3323aa9fdfb52faf449c3bfd09000000b91ab219efdebb7b3de8f67581cfe36bc120e3b39a6e5a796a1d4223b9ff7ffcad3f6c962b9f292324b7ab7f7da31cf41ab11e0a494034127dd1c6592df1a6c64d8f20a67745409e011f1264d43e153b3d34899f40159e800ea2474b544035a30b23bcee46762c2093bcc9eae5ee3e980026c96f80ee1a74e04bde74fa4ffa4d9aaa705989b8e6731e2401b6a560e3296e52d337c56abf112874ec309bae5fa4c81e5c9f42d9383e41d277b10392a96286744f839c3f128f8f92ef992239eafce5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637598f37ad380a447483cac394c7b06000e3b1c39b2e00916de48a4e70f03cc4146a77af02c1d4cef5379da860aed8477dfa8ceefb405005c6977c78cdbf37704ec737555393c61a008280b064bda144910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06cd58b61799257ab55ff413c86ba9affb12ec757c7234c270246c87a901160e6c07bf6cf03b5ed04465746ff8809c3a0d46ff7f000000000000ad1e1f493354b2822b9837421134c0167d78e6c24ed0a2768e827172ea3b774a1467c89fa0f82e8440105051e5510a33dc5a5e143fbfff161c12ca389cbe4c51b3fa00055cc1b66c5fd9c26a54d43fa050645bd6109b113be7664e08add7115c61afcb718cf3c4680b2f6c7a84a4e378a9b15bc20f49e298727340e97cdefb40e56e9cfad973347d0de7ba4754ff231a1b033d8f841ba3442b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2ef79e184f5e93ba5c8c2a4c0443fb652b8d4c2ff030000000000000007b82e6044f643068cd47ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c99220002af8c5e13d52c83ac3fa7c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991a225c120a3c950942fe0bc9f2a1a7506d35e5b439edeb5288aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6640a9dea0b6c91996d65da6c24a8f2a86c814459f3cdaaf99000000000000000000bf2130d1b32c826563c508d0ad23bc83ba3f3757210afcf2a64783057e177615c068bd7d74233da1a3b56d4e04a7ec4792b1c4cffddbbdcfdd13ab52f5aaab812201d1aba3d70471fcd9b466569f3ef72f39d87fcccab514fc02b70be8629c9b73ce7bc4be7f8be71cb7b2d0a4acff8f6abe7dbad64d7cfa6396a6ab8487c383e24d4a8051f80e1811e387723a25dda119f64b35e71c5400000000000000000000000000000034c751ebdf3f20a95b817ea3df3d6c0002a41783499d4411ccbbeed215b745058e56c70afe8016b3dd359e785b36e609f173cc6b893ecd138289709839af6c95fbed6c33e401ec747820d6a6283b3452c57a5d44cacd363589845637071320921d22c1663964ed0700000062f3d90f0eb634ae331385d502fc7cc33158bc306d8c3bdae8108a2380000000000000008832ec0906aaec43659c79c8adfdeb1fd291c6fc6737b0f961f3beaa3e02f7762c5dd633d13b5e487e996597b2ab42c81eb7dd8390e13b395aacce4683e55bcfe8c17615257364365fd48bd77da79e52ce9edfe6dca9c43907f3a85cf655ccd9d624e8c6f7932c4d719347f39ef006c2df747e27a2d16304fa000008ffffffffffffff003049ca923d059c0ab5d886a491adacb7e4b43b1b57776e5fe25cf105fa57f000756755b7230e2c0c1fed5487271c4f2981cf8f4351ef5d08641dacaed0000800b805fbd1b474c9ed0dc19ad6e99b66ee0f8c9d697655ebdf5ef30d1b92bd283df88c1096d4bd3686e18ab07f9b580afbd4bd4d8979686422849b04024f609a7b76e902d35343793d99fe395ae73166187c64a501c1f4bb736fcf1dfde7da6bea1945a14f1c578093e6cfb4702a95fb4f653064244950ae227f2a22678e2ff4699bfcba3b7d5656d9be441d07cc3ba51f5b9e825fbec6aee7f9e1b04cdabf99bd760036f74dec91d341c885e785c8517cc50138be2447fa04b77acd2fd078f1da244051e44b5a881197733ba420c9d6b02fd01fa9369f8d3310be2ff1ad5952e025ce59c2dc8327d26fc4facd5915007d22dfccf67dfb53ae2f72a0812ad121fc7de5aba071b83ebf271a5140c6a0b115bd05d7fff46fe144d9fac4ee0a7a2f7242737fd622dc74ca2d79585d4c821d2294b779eebbaac7d81cdaa5ac506ab269be6ff4f7dd9d5ce2e0b1eef2"], &(0x7f0000000140)='GPL\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r2, 0x7, 0x0, 0x0, &(0x7f0000000040), 0x0, 0xffb0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = socket$nl_route(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x1dc, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa5"})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
syz_usb_connect$cdc_ncm(0x0, 0x91, &(0x7f0000000680)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7f, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, ';'}, {0x5, 0x24, 0x0, 0xfffe}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x0, 0x2f}, {0x6}, [@mbim_extended={0x8, 0x24, 0x1c, 0x3, 0x0, 0x1ff}, @network_terminal={0x7, 0x24, 0xa, 0x7, 0x0, 0x7}, @network_terminal={0x7, 0x24, 0xa, 0x6d, 0x0, 0xfe}, @mbim={0xc, 0x24, 0x1b, 0x100, 0x59d}]}}}}}]}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x8, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_DATA={0x4}]}}}]}, 0x38}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000b00)={{0x12, 0x1, 0x0, 0xa5, 0xaf, 0x5f, 0x20, 0xe8d, 0x23, 0x3aab, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x56, 0x0, 0x0, 0xa}}]}}]}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000880)=ANY=[@ANYBLOB="00000000000080000000148a3045e2d59b2f835be5ea0e158eca154cbab5354fbf743f5fc122403262404ab03d579ff00ae8803b1d4b880ed1f02b5aa5b0c2883f9126da4a26a5f382ff54dd48e667192affe59dc40ee4fc3ec1030a0850e9281e119ab2de5ada1393ab9069", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e64000000001100028005000100030000000500150000000000"], 0x44}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
syz_io_uring_setup(0x24f8, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000040), &(0x7f0000000080))
socket$inet6_sctp(0xa, 0x801, 0x84)
syz_io_uring_setup(0x1fbf, &(0x7f0000000040)={0x0, 0x0, 0x140}, &(0x7f0000000400), &(0x7f0000000100))

862.823384ms ago: executing program 3 (id=756):
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})
write$ppp(r0, &(0x7f0000000140)="1627", 0x2)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xf, &(0x7f0000000900)=@ringbuf={{0x18, 0x7}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x31}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet(0x2, 0x0, 0x84)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r2}, 0x38)
read$dsp(0xffffffffffffffff, &(0x7f00000004c0)=""/216, 0xd8)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="e501330080800000080211000000ffffffffffff90e488f9971a00000000000000000000000000000000000003010004060000000000002a010072060303030303037606000000000000dd352d5014b2109a59339408ad50548584c01cda5f3ced6f13b590b9aaf1bca488130effc03c7c2adf4757f254203300027902dd1fa777dd73eb13a8b3df323b58645505746aa35226d44912415c3d4ac256aa5c2291a3317d27815fda589135d0308f4ff131b3c4a96dde0f9c497c9bbde281223c0596f01156deb1f851f7602fb2299c382c07898a4d7dddbc046ef6a9b938b13f76ccceb4d339a7d92a6a7f45bd90df8b5bd53f1eec1a24dde44f2a899e94bcf0613609929460dda7b3421f2af277170aab1eef1bc7a6bad283ec72e75c78d8f4f30f5e2ee79daf8ece54852b5b93eabb5832b001d39227230802e601a7f9749d370367565ddb88a137c4572cce24103d4337027917c48d29a1860dad1f99fe412ea5a5eff0a43812f63ec34a05279e6dc25839f828e60b01f9b6a65bf411101d89dc154716566458aa4111340a6d895801f8d51908b9bdd47762550f4ee51c8a3f64cfe2f8b701e79d393a957fa4e3e620099b226f683280ec0f5d85f9c59d29d9159126c9f114d0e08f17f96e4757dd81825d8f432246cdb8ab571fcfdd075dad8ac12f9666"], 0x204}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r8, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r10, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0)
r11 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0)
r13 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r13, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f6873720000000050000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c000380180003801400018076657468305f746f5f687372000000000800074000000001140000001000010000000000000000000000000a"], 0xf0}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x2c, &(0x7f0000000240)=ANY=[@ANYRESHEX=r11, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007b8af8ff0000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x90)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)

625.480077ms ago: executing program 3 (id=757):
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d899e9252f99d3a2666343392fda11504800f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60ba0f013139929ccfec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a90139264a9ee8081973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"})
move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
close(0xffffffffffffffff)
ioctl$SIOCSIFHWADDR(r0, 0x8b1a, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0)
fcntl$lock(r1, 0x7, &(0x7f0000000140))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fcntl$lock(r2, 0x7, 0x0)
fcntl$lock(r1, 0x6, &(0x7f0000000100)={0x0, 0x0, 0x100, 0x1, 0xffffffffffffffff})
fcntl$lock(r1, 0x6, &(0x7f00000003c0)={0x0, 0x0, 0x73c, 0x6c04})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fcntl$lock(r0, 0x26, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x5})
socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
accept4$vsock_stream(r3, &(0x7f0000000500)={0x28, 0x0, 0x0, @my=0x1}, 0x10, 0x80000)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000280)={0x28, 0x0, 0x2711, @my=0x0}, 0x10)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000080)=0xb0000)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00'})
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f0000000640)={{@my=0x1}, @hyper, 0x0, 0x2925})
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
listxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/34, 0x22)
io_uring_setup(0x1951, &(0x7f00000000c0))

532.993295ms ago: executing program 3 (id=758):
r0 = openat$nullb(0xffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_TMR_CONTINUE(r2, 0x5404)
ioctl$SNDCTL_TMR_TEMPO(r2, 0xc0045405, &(0x7f0000000140)=0x6a)
ioctl$SNDCTL_TMR_START(0xffffffffffffffff, 0x5402)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x7, &(0x7f0000002200)={0x0, 0x2, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff})
flock(r3, 0x2)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fdinfo/3\x00')
preadv(r4, &(0x7f00000017c0), 0x11c, 0x4800, 0x0)
r5 = fanotify_init(0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x2c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xff}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x7f}]}, 0x2c}}, 0x4)
writev(r5, &(0x7f0000000040)=[{&(0x7f0000000640)="dd01ffc2", 0x4}], 0x1)
r7 = dup2(r0, r1)
ioctl$BLKALIGNOFF(r7, 0x40041271, &(0x7f0000002b80))
r8 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r9, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r11, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc00080005000a000000140004"], 0x58}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r13=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x2c, r10, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0xfffffffffffffd80, 0xb7, 0x5a}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4044000}, 0x0)

395.755702ms ago: executing program 3 (id=759):
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})
write$ppp(r0, &(0x7f0000000140)="1627", 0x2)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet(0x2, 0x0, 0x84)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r1}, 0x38)
read$dsp(0xffffffffffffffff, &(0x7f00000004c0)=""/216, 0xd8)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="e501330080800000080211000000ffffffffffff90e488f9971a00000000000000000000000000000000000003010004060000000000002a010072060303030303037606000000000000dd352d5014b2109a59339408ad50548584c01cda5f3ced6f13b590b9aaf1bca488130effc03c7c2adf4757f254203300027902dd1fa777dd73eb13a8b3df323b58645505746aa35226d44912415c3d4ac256aa5c2291a3317d27815fda589135d0308f4ff131b3c4a96dde0f9c497c9bbde281223c0596f01156deb1f851f7602fb2299c382c07898a4d7dddbc046ef6a9b938b13f76ccceb4d339a7d92a6a7f45bd90df8b5bd53f1eec1a24dde44f2a899e94bcf0613609929460dda7b3421f2af277170aab1eef1bc7a6bad283ec72e75c78d8f4f30f5e2ee79daf8ece54852b5b93eabb5832b001d39227230802e601a7f9749d370367565ddb88a137c4572cce24103d4337027917c48d29a1860dad1f99fe412ea5a5eff0a43812f63ec34a05279e6dc25839f828e60b01f9b6a65bf411101d89dc154716566458aa4111340a6d895801f8d51908b9bdd47762550f4ee51c8a3f64cfe2f8b701e79d393a957fa4e3e620099b226f683280ec0f5d85f9c59d29d9159126c9f114d0e08f17f96e4757dd81825d8f432246cdb8ab571fcfdd075dad8ac12f9666"], 0x204}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r7, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r9, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0)
r10 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r11, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r12, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f6873720000000050000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c000380180003801400018076657468305f746f5f687372000000000800074000000001140000001000010000000000000000000000000a"], 0xf0}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x2c, &(0x7f0000000240)=ANY=[@ANYRESHEX=r10, @ANYRES32=r1, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007b8af8ff0000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x90)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r5, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)

99.924032ms ago: executing program 3 (id=760):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = gettid()
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r1, &(0x7f0000000440)=""/247, 0x26)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x1, @time})
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x5460, &(0x7f0000000100)={{}, {0x0, 0x5}})
tkill(r0, 0x7)

15.56887ms ago: executing program 2 (id=761):
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})
write$ppp(r0, &(0x7f0000000140)="1627", 0x2)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xf, &(0x7f0000000900)=@ringbuf={{0x18, 0x7}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x31}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet(0x2, 0x0, 0x84)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r2}, 0x38)
read$dsp(0xffffffffffffffff, &(0x7f00000004c0)=""/216, 0xd8)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r8, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r10, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0)
r11 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r12, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f6873720000000050000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c000380180003801400018076657468305f746f5f687372000000000800074000000001140000001000010000000000000000000000000a"], 0xf0}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x2c, &(0x7f0000000240)=ANY=[@ANYRESHEX=r11, @ANYRES32=r2, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYBLOB, @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x90)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)

0s ago: executing program 3 (id=762):
syz_io_uring_setup(0x0, &(0x7f00000003c0)={0x0, 0x0, 0x10100, 0x2}, &(0x7f00000000c0), &(0x7f0000000100))
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0xffffffffffffff0f, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x5b2b4293}], 0x1, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknod$loop(0x0, 0x0, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b48b0000000054161016bbfeca9b01b0fc0da3450000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x9, [@func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0x6}, {}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2e, 0x10]}}, &(0x7f0000000180)=""/129, 0x3d, 0x81, 0x1}, 0x20)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r3, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r2, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc)
unshare(0x400)
pipe(&(0x7f00000001c0)={<r5=>0xffffffffffffffff})
r6 = socket$inet_udp(0x2, 0x2, 0x0)
close(r6)
splice(r5, 0x0, r6, 0x0, 0x100000004, 0x0)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000c80)=@raw={'raw\x00', 0x3c1, 0x3, 0x2e0, 0x0, 0x111, 0x4b4, 0x118, 0xd4feffff, 0x218, 0x20a, 0x278, 0x218, 0x278, 0x3, 0x0, {[{{@ipv6={@private0, @empty, [], [], 'pimreg0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x0, 0xf4, 0x118, 0x0, {}, [@common=@inet=@tcp={{0x2c}, {[], [], 0x0, 0x0, 0x2, 0x4}}, @inet=@rpfilter={{0x24}}]}, @common=@inet=@TCPMSS={0x24}}, {{@uncond, 0x0, 0xdc, 0x100, 0x0, {}, [@common=@unspec=@quota={{0x38}}]}, @common=@inet=@TCPMSS={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x33c)
socket$netlink(0x10, 0x3, 0xf)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0xf400)
socket$netlink(0x10, 0x3, 0x0)

kernel console output (not intermixed with test programs):

9216][ T6031] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   83.621027][ T6031] vhci_hcd vhci_hcd.0: Device attached
[   83.893487][ T4994] usb 15-1: new low-speed USB device number 5 using vhci_hcd
[   84.363010][ T6120] input: syz1 as /devices/virtual/input/input9
[   84.398911][ T6034] vhci_hcd: connection reset by peer
[   84.407546][   T11] vhci_hcd: stop threads
[   84.412870][   T11] vhci_hcd: release socket
[   84.414949][   T11] vhci_hcd: disconnect device
[   84.623097][ T5242] vhci_hcd: vhci_device speed not set
[   85.067298][ T6131] __nla_validate_parse: 8 callbacks suppressed
[   85.067315][ T6131] netlink: 12 bytes leftover after parsing attributes in process `syz.1.238'.
[   85.084481][ T6128] netlink: 4 bytes leftover after parsing attributes in process `syz.1.238'.
[   85.441414][ T6146] netlink: 4 bytes leftover after parsing attributes in process `syz.1.242'.
[   85.460870][ T6146] netlink: 4 bytes leftover after parsing attributes in process `syz.1.242'.
[   85.803190][ T6157] dccp_invalid_packet: P.Data Offset(0) too small
[   85.824959][ T6154] FAULT_INJECTION: forcing a failure.
[   85.824959][ T6154] name failslab, interval 1, probability 0, space 0, times 0
[   85.830523][ T6154] CPU: 1 PID: 6154 Comm: syz.1.245 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[   85.834904][ T6154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.839627][ T6154] Call Trace:
[   85.841126][ T6154]  <TASK>
[   85.842444][ T6154]  dump_stack_lvl+0x16c/0x1f0
[   85.844560][ T6154]  should_fail_ex+0x497/0x5b0
[   85.846624][ T6154]  should_failslab+0x9/0x20
[   85.848683][ T6154]  kmalloc_trace_noprof+0x6b/0x310
[   85.850990][ T6154]  ? kobject_uevent_env+0x265/0x15f0
[   85.853348][ T6154]  kobject_uevent_env+0x265/0x15f0
[   85.855592][ T6154]  ? sysfs_remove_group+0xc6/0x180
[   85.857888][ T6154]  __kobject_del+0x168/0x1f0
[   85.859912][ T6154]  kobject_put+0x31c/0x5b0
[   85.861764][ T6154]  net_rx_queue_update_kobjects+0x478/0x5f0
[   85.864150][ T6154]  netdev_unregister_kobject+0x150/0x270
[   85.866619][ T6154]  unregister_netdevice_many_notify+0xc8a/0x19f0
[   85.869452][ T6154]  ? mutex_is_locked+0x12/0x50
[   85.871589][ T6154]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[   85.874036][ T6154]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[   85.876216][ T6154]  ? __nla_parse+0x40/0x60
[   85.878229][ T6154]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[   85.881064][ T6154]  rtnl_dellink+0x3c2/0xaf0
[   85.883135][ T6154]  ? kfree_skbmem+0x10e/0x200
[   85.885307][ T6154]  ? stack_trace_save+0x95/0xd0
[   85.887524][ T6154]  ? __pfx_rtnl_dellink+0x10/0x10
[   85.889828][ T6154]  ? hlock_class+0x4e/0x130
[   85.891946][ T6154]  ? trace_contention_end+0xea/0x140
[   85.894321][ T6154]  ? __mutex_lock+0x1a6/0x9c0
[   85.896326][ T6154]  ? rtnetlink_rcv_msg+0x372/0xea0
[   85.898644][ T6154]  ? __pfx___mutex_lock+0x10/0x10
[   85.900936][ T6154]  ? rtnetlink_rcv_msg+0x35a/0xea0
[   85.903275][ T6154]  ? __pfx_rtnl_dellink+0x10/0x10
[   85.905581][ T6154]  rtnetlink_rcv_msg+0x3c7/0xea0
[   85.907789][ T6154]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   85.910156][ T6154]  ? __dev_queue_xmit+0x87e/0x4130
[   85.912432][ T6154]  netlink_rcv_skb+0x165/0x410
[   85.914655][ T6154]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   85.917138][ T6154]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   85.919494][ T6154]  ? netlink_deliver_tap+0x1ae/0xcf0
[   85.921909][ T6154]  netlink_unicast+0x542/0x820
[   85.923864][ T6154]  ? __pfx_netlink_unicast+0x10/0x10
[   85.925959][ T6154]  ? __phys_addr_symbol+0x30/0x80
[   85.928145][ T6154]  ? __check_object_size+0x48e/0x720
[   85.930531][ T6154]  netlink_sendmsg+0x8b8/0xd70
[   85.932696][ T6154]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.935085][ T6154]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[   85.937498][ T6154]  ____sys_sendmsg+0x9b4/0xb50
[   85.939668][ T6154]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.941590][ T6154]  ? get_compat_msghdr+0x11b/0x170
[   85.943380][ T6154]  ? __pfx___lock_acquire+0x10/0x10
[   85.945263][ T6154]  ___sys_sendmsg+0x135/0x1e0
[   85.946875][ T6154]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.948702][ T6154]  ? ksys_write+0x21c/0x260
[   85.950269][ T6154]  ? __fget_light+0x173/0x210
[   85.951880][ T6154]  __sys_sendmsg+0x117/0x1f0
[   85.953518][ T6154]  ? __pfx___sys_sendmsg+0x10/0x10
[   85.955346][ T6154]  __do_fast_syscall_32+0x73/0x120
[   85.957203][ T6154]  do_fast_syscall_32+0x32/0x80
[   85.958891][ T6154]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   85.961084][ T6154] RIP: 0023:0xf73c5579
[   85.962519][ T6154] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   85.969659][ T6154] RSP: 002b:00000000f5cdd57c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[   85.973290][ T6154] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000200000c0
[   85.976732][ T6154] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   85.980053][ T6154] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   85.982816][ T6154] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   85.985575][ T6154] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   85.988349][ T6154]  </TASK>
[   86.041600][ T6154] netlink: 868 bytes leftover after parsing attributes in process `syz.1.245'.
[   86.283708][ T6159] netlink: 4 bytes leftover after parsing attributes in process `syz.1.246'.
[   86.289407][ T6159] netlink: 12 bytes leftover after parsing attributes in process `syz.1.246'.
[   86.298212][ T6159] netlink: 4 bytes leftover after parsing attributes in process `syz.1.246'.
[   86.902667][ T6175] netlink: 4 bytes leftover after parsing attributes in process `syz.0.251'.
[   86.915180][ T6175] netlink: 4 bytes leftover after parsing attributes in process `syz.0.251'.
[   87.154526][ T6182] netlink: 'syz.0.253': attribute type 3 has an invalid length.
[   88.346265][ T6207] process 'syz.2.258' launched './file1' with NULL argv: empty string added
[   88.752360][ T6210] usb 1-1: USB disconnect, device number 2
[   89.036465][ T4994] vhci_hcd: vhci_device speed not set
[   89.718579][ T6254] ipt_REJECT: TCP_RESET invalid for non-tcp
[   89.755565][ T6256] fuse: Bad value for 'fd'
[   89.870621][ T5242] IPVS: starting estimator thread 0...
[   89.964889][ T6262] IPVS: using max 19 ests per chain, 45600 per kthread
[   90.305843][ T6273] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[   90.308460][ T6273] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   90.322190][ T5209] Bluetooth: hci3: ACL packet for unknown connection handle 3584
[   90.331114][ T6273] vhci_hcd vhci_hcd.0: Device attached
[   90.377743][ T6274] vhci_hcd: cannot find the pending unlink 0
[   90.603502][ T5242] usb 15-1: new high-speed USB device number 6 using vhci_hcd
[   90.991275][ T6274] vhci_hcd: connection reset by peer
[   90.994246][ T1189] vhci_hcd: stop threads
[   90.996133][ T1189] vhci_hcd: release socket
[   91.001046][ T1189] vhci_hcd: disconnect device
[   91.192976][ T6281] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[   91.195940][ T6281] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   91.213263][ T6281] vhci_hcd vhci_hcd.0: Device attached
[   91.256049][ T6285] Illegal XDP return value 4294967274 on prog  (id 49) dev N/A, expect packet loss!
[   91.324854][ T6288] warning: `syz.3.276' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   91.342555][ T6289] batadv0: entered promiscuous mode
[   91.483096][ T4994] usb 17-1: new low-speed USB device number 3 using vhci_hcd
[   91.549303][ T6298] fuse: Bad value for 'fd'
[   91.910983][ T6303] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[   92.107781][ T6282] vhci_hcd: connection reset by peer
[   92.129211][ T1116] vhci_hcd: stop threads
[   92.130830][ T1116] vhci_hcd: release socket
[   92.137156][ T1116] vhci_hcd: disconnect device
[   92.334080][ T6309] fuse: Bad value for 'fd'
[   92.985561][ T6333] __nla_validate_parse: 12 callbacks suppressed
[   92.985573][ T6333] netlink: 4 bytes leftover after parsing attributes in process `syz.3.287'.
[   92.994915][ T6330] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[   92.997891][ T6330] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   93.004418][ T6330] vhci_hcd vhci_hcd.0: Device attached
[   93.036520][ T6331] vhci_hcd: cannot find the pending unlink 0
[   93.156632][ T6343] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[   93.159092][ T6343] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   93.162083][ T6343] vhci_hcd vhci_hcd.0: Device attached
[   93.460763][ T6358] netlink: 12 bytes leftover after parsing attributes in process `syz.0.295'.
[   93.477213][ T6358] netlink: 4 bytes leftover after parsing attributes in process `syz.0.295'.
[   93.705395][ T6331] vhci_hcd: connection closed
[   93.706382][ T1116] vhci_hcd: stop threads
[   93.710100][ T1116] vhci_hcd: release socket
[   93.711877][ T1116] vhci_hcd: disconnect device
[   93.799784][ T6368] fuse: Bad value for 'fd'
[   93.986322][ T6344] vhci_hcd: connection closed
[   93.986576][ T1189] vhci_hcd: stop threads
[   93.990311][ T1189] vhci_hcd: release socket
[   93.992270][ T1189] vhci_hcd: disconnect device
[   94.215889][ T6372] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[   94.219242][ T6372] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   94.224420][ T6372] vhci_hcd vhci_hcd.0: Device attached
[   94.229600][ T6373] vhci_hcd: cannot find the pending unlink 0
[   94.299008][ T6377] netlink: 12 bytes leftover after parsing attributes in process `syz.1.299'.
[   94.503021][   T57] usb 19-1: new high-speed USB device number 3 using vhci_hcd
[   94.671502][ T6386] fuse: Bad value for 'fd'
[   94.962910][ T6373] vhci_hcd: connection reset by peer
[   94.965686][   T97] vhci_hcd: stop threads
[   94.967424][   T97] vhci_hcd: release socket
[   94.970985][   T97] vhci_hcd: disconnect device
[   95.046974][ T6391] netlink: 4 bytes leftover after parsing attributes in process `syz.0.303'.
[   95.057989][ T6391] netlink: 4 bytes leftover after parsing attributes in process `syz.0.303'.
[   95.398450][ T6409] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[   95.401454][ T6409] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   95.409035][ T6409] vhci_hcd vhci_hcd.0: Device attached
[   95.454524][ T6410] vhci_hcd: cannot find the pending unlink 0
[   95.611681][ T6417] FAULT_INJECTION: forcing a failure.
[   95.611681][ T6417] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   95.617632][ T6417] CPU: 2 PID: 6417 Comm: syz.3.309 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[   95.621412][ T6417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   95.625453][ T6417] Call Trace:
[   95.626784][ T6417]  <TASK>
[   95.627980][ T6417]  dump_stack_lvl+0x16c/0x1f0
[   95.629938][ T6417]  should_fail_ex+0x497/0x5b0
[   95.632179][ T6417]  _copy_from_user+0x30/0xf0
[   95.632208][ T6417]  __sys_bpf+0x22b/0x5830
[   95.632234][ T6417]  ? __pfx___sys_bpf+0x10/0x10
[   95.632258][ T6417]  ? ksys_write+0x21c/0x260
[   95.632280][ T6417]  ? __pfx_lock_release+0x10/0x10
[   95.643449][ T6417]  ? __mutex_unlock_slowpath+0x164/0x650
[   95.645694][ T6417]  ? fput+0x32/0x390
[   95.647238][ T6417]  ? ksys_write+0x1ab/0x260
[   95.649067][ T6417]  ? __pfx_ksys_write+0x10/0x10
[   95.651029][ T6417]  __ia32_sys_bpf+0x76/0xe0
[   95.652861][ T6417]  __do_fast_syscall_32+0x73/0x120
[   95.654845][ T6417]  do_fast_syscall_32+0x32/0x80
[   95.656742][ T6417]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   95.659172][ T6417] RIP: 0023:0xf748c579
[   95.660782][ T6417] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   95.668137][ T6417] RSP: 002b:00000000f5da457c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[   95.671430][ T6417] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000200005c0
[   95.674562][ T6417] RDX: 000000000000004c RSI: 0000000000000000 RDI: 0000000000000000
[   95.678035][ T6417] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   95.681270][ T6417] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   95.684389][ T6417] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   95.687511][ T6417]  </TASK>
[   95.697266][  T825] usb 13-1: new high-speed USB device number 3 using vhci_hcd
[   95.744632][ T5242] vhci_hcd: vhci_device speed not set
[   95.775107][ T6419] FAULT_INJECTION: forcing a failure.
[   95.775107][ T6419] name failslab, interval 1, probability 0, space 0, times 0
[   95.780429][ T6419] CPU: 2 PID: 6419 Comm: syz.3.310 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[   95.784452][ T6419] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   95.788598][ T6419] Call Trace:
[   95.789946][ T6419]  <TASK>
[   95.791239][ T6419]  dump_stack_lvl+0x16c/0x1f0
[   95.793486][ T6419]  should_fail_ex+0x497/0x5b0
[   95.795802][ T6419]  should_failslab+0x9/0x20
[   95.797909][ T6419]  __kmalloc_noprof+0xcf/0x420
[   95.799950][ T6419]  ? __pfx_lock_acquire+0x10/0x10
[   95.802324][ T6419]  tomoyo_realpath_from_path+0xbf/0x710
[   95.804569][ T6419]  ? tomoyo_profile+0x47/0x60
[   95.806495][ T6419]  tomoyo_path_number_perm+0x245/0x5b0
[   95.808722][ T6419]  ? tomoyo_path_number_perm+0x232/0x5b0
[   95.811079][ T6419]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   95.813888][ T6419]  ? __pfx_lock_release+0x10/0x10
[   95.816226][ T6419]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   95.819005][ T6419]  ? __fget_files+0x256/0x400
[   95.821181][ T6419]  security_file_ioctl_compat+0x75/0xc0
[   95.823390][ T6419]  __do_compat_sys_ioctl+0x5d/0x330
[   95.825516][ T6419]  __do_fast_syscall_32+0x73/0x120
[   95.827542][ T6419]  do_fast_syscall_32+0x32/0x80
[   95.829455][ T6419]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   95.831972][ T6419] RIP: 0023:0xf748c579
[   95.833576][ T6419] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   95.840897][ T6419] RSP: 002b:00000000f5da457c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[   95.844211][ T6419] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000089f3
[   95.847280][ T6419] RDX: 00000000200001c0 RSI: 0000000000000000 RDI: 0000000000000000
[   95.850409][ T6419] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   95.853532][ T6419] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   95.856616][ T6419] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   95.859758][ T6419]  </TASK>
[   95.868957][ T6419] ERROR: Out of memory at tomoyo_realpath_from_path.
[   96.123573][ T6410] vhci_hcd: connection reset by peer
[   96.126082][ T1189] vhci_hcd: stop threads
[   96.127771][ T1189] vhci_hcd: release socket
[   96.131012][ T1189] vhci_hcd: disconnect device
[   96.141692][ T6431] overlay: Bad value for 'redirect_dir'
[   96.200546][ T6431] netlink: 'syz.3.314': attribute type 4 has an invalid length.
[   96.220416][ T6429] netlink: 4 bytes leftover after parsing attributes in process `syz.1.313'.
[   96.255031][ T6429] netlink: 4 bytes leftover after parsing attributes in process `syz.1.313'.
[   96.558317][ T6452] netlink: 72 bytes leftover after parsing attributes in process `syz.1.322'.
[   96.561432][ T6452] netlink: 12 bytes leftover after parsing attributes in process `syz.1.322'.
[   96.613027][ T4994] vhci_hcd: vhci_device speed not set
[   97.566736][ T6488] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[   97.850837][ T6493] FAULT_INJECTION: forcing a failure.
[   97.850837][ T6493] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   97.850958][ T6493] CPU: 2 PID: 6493 Comm: syz.2.334 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[   97.850977][ T6493] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   97.850988][ T6493] Call Trace:
[   97.850995][ T6493]  <TASK>
[   97.851003][ T6493]  dump_stack_lvl+0x16c/0x1f0
[   97.851028][ T6493]  should_fail_ex+0x497/0x5b0
[   97.851065][ T6493]  _copy_to_user+0x30/0xc0
[   97.851092][ T6493]  simple_read_from_buffer+0xd0/0x160
[   97.851123][ T6493]  proc_fail_nth_read+0x1b0/0x290
[   97.851148][ T6493]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   97.851177][ T6493]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   97.851200][ T6493]  vfs_read+0x1d4/0xbd0
[   97.851224][ T6493]  ? __fdget_pos+0xeb/0x180
[   97.851244][ T6493]  ? __pfx_vfs_read+0x10/0x10
[   97.851262][ T6493]  ? __pfx___mutex_lock+0x10/0x10
[   97.851288][ T6493]  ? __fget_files+0x256/0x400
[   97.851321][ T6493]  ksys_read+0x12f/0x260
[   97.851344][ T6493]  ? __pfx_ksys_read+0x10/0x10
[   97.851376][ T6493]  __do_fast_syscall_32+0x73/0x120
[   97.851403][ T6493]  do_fast_syscall_32+0x32/0x80
[   97.851428][ T6493]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   97.851448][ T6493] RIP: 0023:0xf7455579
[   97.851463][ T6493] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   97.851480][ T6493] RSP: 002b:00000000f5d6d5b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   97.851499][ T6493] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f5d6d630
[   97.851512][ T6493] RDX: 000000000000000f RSI: 00000000f743fff4 RDI: 0000000000000000
[   97.851523][ T6493] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   97.851534][ T6493] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[   97.851545][ T6493] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   97.851569][ T6493]  </TASK>
[   98.024560][ T6498] __nla_validate_parse: 4 callbacks suppressed
[   98.024576][ T6498] netlink: 4 bytes leftover after parsing attributes in process `syz.2.336'.
[   98.038204][ T6498] netlink: 12 bytes leftover after parsing attributes in process `syz.2.336'.
[   98.044914][ T6498] netlink: 4 bytes leftover after parsing attributes in process `syz.2.336'.
[   98.091774][ T6494] syz_tun: entered promiscuous mode
[   98.097487][ T6494] batadv_slave_0: entered promiscuous mode
[   98.122894][ T6509] netlink: 8 bytes leftover after parsing attributes in process `syz.3.338'.
[   98.197650][ T6513] FAULT_INJECTION: forcing a failure.
[   98.197650][ T6513] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   98.203016][ T6513] CPU: 3 PID: 6513 Comm: syz.2.339 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[   98.206997][ T6513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   98.211685][ T6513] Call Trace:
[   98.211699][ T6513]  <TASK>
[   98.211709][ T6513]  dump_stack_lvl+0x16c/0x1f0
[   98.211743][ T6513]  should_fail_ex+0x497/0x5b0
[   98.219154][ T6513]  _copy_from_user+0x30/0xf0
[   98.220864][ T6513]  do_sys_poll+0x1d6/0xde0
[   98.222480][ T6513]  ? hlock_class+0x4e/0x130
[   98.224335][ T6513]  ? __pfx_mark_lock+0x10/0x10
[   98.226042][ T6513]  ? __pfx_do_sys_poll+0x10/0x10
[   98.228246][ T6513]  ? __pfx___lock_acquire+0x10/0x10
[   98.230530][ T6513]  ? __pfx___lock_acquire+0x10/0x10
[   98.232579][ T6513]  ? __mutex_unlock_slowpath+0x164/0x650
[   98.234743][ T6513]  ? set_compat_user_sigmask+0x20f/0x2a0
[   98.236898][ T6513]  ? __pfx_set_compat_user_sigmask+0x10/0x10
[   98.239118][ T6513]  __ia32_compat_sys_ppoll_time32+0x24a/0x2c0
[   98.241751][ T6513]  ? __pfx___ia32_compat_sys_ppoll_time32+0x10/0x10
[   98.244175][ T6513]  ? ksys_write+0x1ab/0x260
[   98.245870][ T6513]  ? __pfx_ksys_write+0x10/0x10
[   98.247504][ T6513]  __do_fast_syscall_32+0x73/0x120
[   98.249317][ T6513]  do_fast_syscall_32+0x32/0x80
[   98.251099][ T6513]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   98.253565][ T6513] RIP: 0023:0xf7455579
[   98.255155][ T6513] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   98.262676][ T6513] RSP: 002b:00000000f5d6d57c EFLAGS: 00000292 ORIG_RAX: 0000000000000135
[   98.266129][ T6513] RAX: ffffffffffffffda RBX: 0000000020000180 RCX: 0000000000000001
[   98.268941][ T6513] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   98.272068][ T6513] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   98.274849][ T6513] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   98.277632][ T6513] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   98.280357][ T6513]  </TASK>
[   98.281558][    C3] vkms_vblank_simulate: vblank timer overrun
[   98.287032][ T6516] FAULT_INJECTION: forcing a failure.
[   98.287032][ T6516] name failslab, interval 1, probability 0, space 0, times 0
[   98.291694][ T6516] CPU: 1 PID: 6516 Comm: syz.0.340 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[   98.295229][ T6516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   98.299580][ T6516] Call Trace:
[   98.300972][ T6516]  <TASK>
[   98.302198][ T6516]  dump_stack_lvl+0x116/0x1f0
[   98.303832][ T6516]  should_fail_ex+0x497/0x5b0
[   98.305421][ T6516]  ? __pfx_lock_release+0x10/0x10
[   98.307352][ T6516]  should_failslab+0x9/0x20
[   98.309261][ T6516]  kmem_cache_alloc_noprof+0x6e/0x2f0
[   98.311503][ T6516]  ? __sigqueue_alloc+0x244/0x6b0
[   98.313646][ T6516]  __sigqueue_alloc+0x244/0x6b0
[   98.315679][ T6516]  __send_signal_locked+0x74c/0x1090
[   98.317905][ T6516]  group_send_sig_info+0x2aa/0x300
[   98.320084][ T6516]  ? __pfx_group_send_sig_info+0x10/0x10
[   98.322515][ T6516]  ? __pfx_lock_acquire+0x10/0x10
[   98.324731][ T6516]  ? __mutex_unlock_slowpath+0x164/0x650
[   98.327250][ T6516]  bpf_send_signal_common+0x2e8/0x3a0
[   98.329631][ T6516]  bpf_send_signal+0x19/0x30
[   98.331663][ T6516]  bpf_prog_8cc4ff36b5985b6a+0x1d/0x1f
[   98.333809][ T6516]  bpf_trace_run2+0x231/0x590
[   98.335484][ T6516]  ? __pfx_bpf_trace_run2+0x10/0x10
[   98.337679][ T6516]  syscall_trace_enter+0x1b2/0x240
[   98.339952][ T6516]  __do_fast_syscall_32+0xc2/0x120
[   98.342152][ T6516]  do_fast_syscall_32+0x32/0x80
[   98.344336][ T6516]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   98.347187][ T6516] RIP: 0023:0xf7493579
[   98.349010][ T6516] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   98.357354][ T6516] RSP: 002b:00000000f5dab57c EFLAGS: 00000292 ORIG_RAX: 00000000000000d9
[   98.360709][ T6516] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[   98.364208][ T6516] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   98.367660][ T6516] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   98.371123][ T6516] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   98.374646][ T6516] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   98.378137][ T6516]  </TASK>
[   98.421787][ T6520] FAULT_INJECTION: forcing a failure.
[   98.421787][ T6520] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   98.429578][ T6520] CPU: 3 PID: 6520 Comm: syz.0.341 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[   98.434169][ T6520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   98.438890][ T6520] Call Trace:
[   98.440458][ T6520]  <TASK>
[   98.441791][ T6520]  dump_stack_lvl+0x16c/0x1f0
[   98.443899][ T6520]  should_fail_ex+0x497/0x5b0
[   98.446080][ T6520]  _copy_from_user+0x30/0xf0
[   98.448186][ T6520]  __sys_bpf+0x22b/0x5830
[   98.450108][ T6520]  ? __pfx___sys_bpf+0x10/0x10
[   98.452340][ T6520]  ? ksys_write+0x21c/0x260
[   98.454400][ T6520]  ? __pfx_lock_release+0x10/0x10
[   98.456628][ T6520]  ? __mutex_unlock_slowpath+0x164/0x650
[   98.459145][ T6520]  ? fput+0x32/0x390
[   98.460983][ T6520]  ? ksys_write+0x1ab/0x260
[   98.462995][ T6520]  ? __pfx_ksys_write+0x10/0x10
[   98.465204][ T6520]  __ia32_sys_bpf+0x76/0xe0
[   98.467239][ T6520]  __do_fast_syscall_32+0x73/0x120
[   98.469515][ T6520]  do_fast_syscall_32+0x32/0x80
[   98.471733][ T6520]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   98.474486][ T6520] RIP: 0023:0xf7493579
[   98.476322][ T6520] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   98.484805][ T6520] RSP: 002b:00000000f5dab57c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[   98.488690][ T6520] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000200005c0
[   98.492217][ T6520] RDX: 000000000000004c RSI: 0000000000000000 RDI: 0000000000000000
[   98.495489][ T6520] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   98.498885][ T6520] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   98.502314][ T6520] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   98.505762][ T6520]  </TASK>
[   98.507307][    C3] vkms_vblank_simulate: vblank timer overrun
[   99.126525][ T6539] fuse: Bad value for 'fd'
[   99.288058][ T6538] netlink: 4 bytes leftover after parsing attributes in process `syz.1.347'.
[   99.304198][ T6538] netlink: 12 bytes leftover after parsing attributes in process `syz.1.347'.
[   99.311142][ T6538] netlink: 4 bytes leftover after parsing attributes in process `syz.1.347'.
[   99.663137][   T57] vhci_hcd: vhci_device speed not set
[   99.689854][ T6546] syz_tun: entered promiscuous mode
[   99.696374][ T6546] batadv_slave_0: entered promiscuous mode
[   99.701671][ T6546] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[   99.704879][ T6546] Cannot create hsr debugfs directory
[   99.709377][ T6551] overlay: Unknown parameter 'subj_user'
[   99.830793][ T6553] netlink: 8 bytes leftover after parsing attributes in process `syz.1.352'.
[  100.218021][ T5209] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  100.221997][ T5209] Bluetooth: hci2: Injecting HCI hardware error event
[  100.226915][ T5213] Bluetooth: hci2: hardware error 0x00
[  100.323119][  T815] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  100.428708][ T6558] evm: overlay not supported
[  100.465082][   T39] audit: type=1804 audit(1720168542.926:3): pid=6558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.353" name="/newroot/93/bus/file0" dev="overlay" ino=550 res=1 errno=0
[  100.512896][  T815] usb 8-1: Using ep0 maxpacket: 8
[  100.518295][  T815] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[  100.521406][  T815] usb 8-1: config 179 has no interface number 0
[  100.530269][  T815] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 64, changing to 10
[  100.537174][  T815] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 1024
[  100.547022][  T815] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  100.551531][  T815] usb 8-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  100.557998][  T815] usb 8-1: config 179 interface 65 has no altsetting 0
[  100.561432][  T815] usb 8-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  100.572938][  T815] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.587280][ T6562] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  100.650394][  T815] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:179.65/input/input10
[  100.723691][ T4681] input input10: unable to receive magic message: -110
[  100.737990][ T4681] input input10: unable to receive magic message: -32
[  100.817103][ T4681] input input10: unable to receive magic message: -71
[  100.831190][  T815] usb 8-1: USB disconnect, device number 8
[  100.833579][    C3] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  100.833914][    C3] xpad 8-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  100.852934][  T825] vhci_hcd: vhci_device speed not set
[  100.864635][  T815] xpad 8-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  100.936308][ T6571] syz.2.359[6571] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  100.936402][ T6571] syz.2.359[6571] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  100.964815][ T6571] ubi0: attaching mtd0
[  100.996738][ T6571] ubi0: scanning is finished
[  100.998829][ T6571] ubi0: empty MTD device detected
[  101.051737][ T6571] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  101.056632][ T6571] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  101.060809][ T6571] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  101.065108][ T6571] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  101.069195][ T6571] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  101.072621][ T6571] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  101.076706][ T6571] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2669727358
[  101.083678][ T6571] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  101.090328][ T6573] ubi0: background thread "ubi_bgt0d" started, PID 6573
[  101.427166][ T6587] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[  101.429940][ T6587] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  101.432950][  T815] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  101.434925][ T6587] vhci_hcd vhci_hcd.0: Device attached
[  101.441480][ T6588] vhci_hcd: cannot find the pending unlink 0
[  101.612915][  T815] usb 6-1: Using ep0 maxpacket: 8
[  101.624266][  T815] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  101.627472][  T815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  101.632714][  T815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  101.637612][  T815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  101.643709][  T815] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  101.647322][  T815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  101.652645][  T815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  101.657705][  T815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  101.665818][  T815] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  101.668847][  T815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  101.673418][  T815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  101.680524][  T815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  101.688143][  T815] usb 6-1: string descriptor 0 read error: -22
[  101.690914][  T815] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  101.696344][  T815] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.708090][  T815] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  101.894879][ T6597] netlink: 4 bytes leftover after parsing attributes in process `syz.3.368'.
[  101.906227][  T825] usb 13-1: device descriptor read/64, error -110
[  101.959483][ T6599] syz.3.369[6599] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  101.959634][ T6599] syz.3.369[6599] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  101.993578][ T6599] ubi: mtd0 is already attached to ubi0
[  102.015731][  T815] usb 6-1: USB disconnect, device number 3
[  102.062611][ T6603] CIFS: iocharset name too long
[  102.166903][ T6588] vhci_hcd: connection closed
[  102.173471][   T97] vhci_hcd: stop threads
[  102.177994][   T97] vhci_hcd: release socket
[  102.180045][   T97] vhci_hcd: disconnect device
[  102.202160][ T6609] dccp_invalid_packet: invalid packet type
[  102.205032][  T825] usb 13-1: new high-speed USB device number 4 using vhci_hcd
[  102.209789][  T825] usb 13-1: enqueue for inactive port 0
[  102.293021][  T825] vhci_hcd: vhci_device speed not set
[  102.293301][ T5213] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  102.572938][  T815] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  102.780945][  T815] usb 7-1: New USB device found, idVendor=0421, idProduct=026c, bcdDevice=1f.2f
[  102.785631][  T815] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.791088][  T815] usb 7-1: config 0 descriptor??
[  102.796944][  T815] rndis_host 7-1:0.0: More than one union descriptor, skipping ...
[  102.799675][  T815] rndis_host 7-1:0.0: skipping garbage
[  102.803498][  T815] rndis_host 7-1:0.0: probe with driver rndis_host failed with error -22
[  102.813102][  T815] cdc_acm 7-1:0.0: More than one union descriptor, skipping ...
[  102.816030][  T815] cdc_acm 7-1:0.0: skipping garbage
[  102.818663][  T815] cdc_acm 7-1:0.0: Control and data interfaces are not separated!
[  102.822297][  T815] cdc_acm 7-1:0.0: This needs exactly 3 endpoints
[  102.832974][  T815] cdc_acm 7-1:0.0: probe with driver cdc_acm failed with error -22
[  103.651531][ T6638] netlink: 4 bytes leftover after parsing attributes in process `syz.1.379'.
[  103.654981][ T6633] netlink: 4 bytes leftover after parsing attributes in process `syz.3.378'.
[  103.661448][ T6633] netlink: 12 bytes leftover after parsing attributes in process `syz.3.378'.
[  103.667323][ T6633] netlink: 4 bytes leftover after parsing attributes in process `syz.3.378'.
[  103.791693][ T6642] netlink: 'syz.3.381': attribute type 11 has an invalid length.
[  103.801379][ T6642] netlink: 8 bytes leftover after parsing attributes in process `syz.3.381'.
[  104.084085][ T6654] netlink: 12 bytes leftover after parsing attributes in process `syz.0.383'.
[  104.264036][ T6657] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  104.267034][ T6657] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  104.270485][ T6657] vhci_hcd vhci_hcd.0: Device attached
[  104.285770][ T6658] vhci_hcd: cannot find the pending unlink 0
[  104.552937][  T825] usb 19-1: new high-speed USB device number 4 using vhci_hcd
[  104.944098][ T6658] vhci_hcd: connection reset by peer
[  104.951473][   T97] vhci_hcd: stop threads
[  104.953599][   T97] vhci_hcd: release socket
[  104.956009][   T97] vhci_hcd: disconnect device
[  105.293282][ T4994] usb 7-1: USB disconnect, device number 4
[  105.484398][ T6667] netlink: 4 bytes leftover after parsing attributes in process `syz.1.388'.
[  105.536310][ T6672] netlink: 'syz.1.390': attribute type 11 has an invalid length.
[  105.544262][ T6672] netlink: 8 bytes leftover after parsing attributes in process `syz.1.390'.
[  105.628348][ T6676] netlink: 4 bytes leftover after parsing attributes in process `syz.0.389'.
[  105.648474][ T6669] netlink: 4 bytes leftover after parsing attributes in process `syz.0.389'.
[  106.776309][ T6704] netlink: 'syz.2.400': attribute type 11 has an invalid length.
[  107.263373][ T1618] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  107.452903][ T1618] usb 7-1: Using ep0 maxpacket: 8
[  107.456622][ T1618] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[  107.460048][ T1618] usb 7-1: config 179 has no interface number 0
[  107.462654][ T1618] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 64, changing to 10
[  107.468247][ T1618] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 1024
[  107.472742][ T1618] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  107.477868][ T1618] usb 7-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  107.483577][ T1618] usb 7-1: config 179 interface 65 has no altsetting 0
[  107.486248][ T1618] usb 7-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  107.489876][ T1618] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.496614][ T6713] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  107.515690][ T1618] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:179.65/input/input11
[  107.553155][ T6721] netlink: 'syz.1.406': attribute type 1 has an invalid length.
[  107.558026][ T6721] netlink: 'syz.1.406': attribute type 3 has an invalid length.
[  107.564498][ T4681] input input11: unable to receive magic message: -110
[  107.578561][ T4681] input input11: unable to receive magic message: -32
[  107.597822][ T6722] netlink: 'syz.1.406': attribute type 1 has an invalid length.
[  107.598418][ T4681] input input11: unable to receive magic message: -32
[  107.601148][ T6722] netlink: 'syz.1.406': attribute type 3 has an invalid length.
[  107.644114][ T4681] input input11: unable to receive magic message: -32
[  107.667265][ T4681] input input11: unable to receive magic message: -32
[  107.675904][ T4681] input input11: unable to receive magic message: -32
[  107.712167][ T5215] input input11: unable to receive magic message: -32
[  107.747861][ T4681] input input11: unable to receive magic message: -32
[  107.751907][ T5242] usb 7-1: USB disconnect, device number 5
[  107.751916][    C0] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  107.758072][ T5242] xpad 7-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  108.034133][ T6740] virtio-fs: tag <(null)> not found
[  108.037002][ T6741] virtio-fs: tag <(null)> not found
[  108.049153][ T6740] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(9)
[  108.051775][ T6740] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  108.055071][ T6741] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  108.057571][ T6741] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  108.060385][ T6740] vhci_hcd vhci_hcd.0: Device attached
[  108.065150][ T6741] vhci_hcd vhci_hcd.0: Device attached
[  108.108631][ T6738] netlink: 'syz.0.410': attribute type 11 has an invalid length.
[  108.612922][ T1618] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  108.789314][ T6742] vhci_hcd: connection closed
[  108.789544][ T6743] vhci_hcd: connection closed
[  108.789584][   T45] vhci_hcd: stop threads
[  108.795820][   T45] vhci_hcd: release socket
[  108.797760][   T45] vhci_hcd: disconnect device
[  108.799889][   T45] vhci_hcd: stop threads
[  108.801667][   T45] vhci_hcd: release socket
[  108.805358][   T45] vhci_hcd: disconnect device
[  108.808219][ T1618] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  108.813258][ T1618] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  108.817656][ T1618] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  108.821691][ T1618] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.830982][ T1618] usb 7-1: config 0 descriptor??
[  108.973199][   T57] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  109.163113][   T57] usb 6-1: Using ep0 maxpacket: 8
[  109.170231][   T57] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  109.173958][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  109.178363][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  109.183351][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  109.196100][   T57] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  109.199200][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  109.204220][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  109.209407][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  109.224975][   T57] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  109.228854][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  109.234285][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  109.239460][   T57] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  109.256151][ T1618] usb 7-1: string descriptor 0 read error: -71
[  109.261693][   T57] usb 6-1: string descriptor 0 read error: -22
[  109.265953][ T1618] usb 7-1: USB disconnect, device number 6
[  109.267167][   T57] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  109.272371][   T57] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.287838][   T57] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  109.645243][  T815] usb 6-1: USB disconnect, device number 4
[  109.653031][  T825] vhci_hcd: vhci_device speed not set
[  109.980569][ T6771] __nla_validate_parse: 6 callbacks suppressed
[  109.980586][ T6771] netlink: 4 bytes leftover after parsing attributes in process `syz.3.419'.
[  110.004726][ T6771] netlink: 4 bytes leftover after parsing attributes in process `syz.3.419'.
[  110.053612][   T56] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  110.146809][ T6775] netlink: 'syz.3.420': attribute type 11 has an invalid length.
[  110.165156][ T6775] netlink: 8 bytes leftover after parsing attributes in process `syz.3.420'.
[  110.225687][ T6777] netlink: 4 bytes leftover after parsing attributes in process `syz.3.421'.
[  110.236342][   T56] usb 5-1: Using ep0 maxpacket: 8
[  110.241072][   T56] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  110.251040][   T56] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  110.258651][   T56] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  110.262452][   T56] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  110.267613][   T56] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  110.271429][ T6779] FAULT_INJECTION: forcing a failure.
[  110.271429][ T6779] name failslab, interval 1, probability 0, space 0, times 0
[  110.272200][   T56] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  110.280535][ T6779] CPU: 3 PID: 6779 Comm: syz.3.422 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[  110.281668][   T56] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.285932][ T6779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  110.285952][ T6779] Call Trace:
[  110.285976][ T6779]  <TASK>
[  110.285986][ T6779]  dump_stack_lvl+0x16c/0x1f0
[  110.286043][ T6779]  should_fail_ex+0x497/0x5b0
[  110.302991][ T6779]  should_failslab+0x9/0x20
[  110.305349][ T6779]  __kmalloc_noprof+0xcf/0x420
[  110.307516][ T6779]  ? __pfx_lock_acquire+0x10/0x10
[  110.309781][ T6779]  tomoyo_realpath_from_path+0xbf/0x710
[  110.312164][ T6779]  ? tomoyo_profile+0x47/0x60
[  110.314323][ T6779]  tomoyo_path2_perm+0x2a3/0x760
[  110.317226][ T6779]  ? tomoyo_path2_perm+0x295/0x760
[  110.321525][ T6779]  ? __pfx_tomoyo_path2_perm+0x10/0x10
[  110.325231][ T6779]  ? __pfx___lock_acquire+0x10/0x10
[  110.327491][ T6779]  ? current_check_refer_path+0x2be/0x710
[  110.330018][ T6779]  ? reacquire_held_locks+0x411/0x4c0
[  110.332434][ T6779]  ? do_raw_spin_lock+0x12d/0x2c0
[  110.334529][ T6779]  ? __pfx_current_check_refer_path+0x10/0x10
[  110.337076][ T6779]  tomoyo_path_rename+0x102/0x1b0
[  110.339034][ T6779]  ? __pfx_tomoyo_path_rename+0x10/0x10
[  110.341384][ T6779]  ? d_lookup+0xe9/0x180
[  110.342942][ T6779]  security_path_rename+0x14b/0x240
[  110.345048][ T6779]  do_renameat2+0x7a0/0xdc0
[  110.347106][ T6779]  ? __pfx_do_renameat2+0x10/0x10
[  110.349485][ T6779]  ? __check_object_size+0x48e/0x720
[  110.352679][ T6779]  ? strncpy_from_user+0x213/0x300
[  110.355044][ T6779]  ? getname_flags.part.0+0x1e1/0x4f0
[  110.357467][ T6779]  ? ksys_write+0x1ab/0x260
[  110.359288][ T6779]  __ia32_sys_renameat2+0xeb/0x130
[  110.361707][ T6779]  __do_fast_syscall_32+0x73/0x120
[  110.364089][ T6779]  do_fast_syscall_32+0x32/0x80
[  110.366556][ T6779]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  110.370136][ T6779] RIP: 0023:0xf748c579
[  110.372611][ T6779] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  110.380007][ T6779] RSP: 002b:00000000f5da457c EFLAGS: 00000292 ORIG_RAX: 0000000000000161
[  110.383056][ T6779] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000b80
[  110.386286][ T6779] RDX: 00000000ffffff9c RSI: 0000000020000bc0 RDI: 0000000000000002
[  110.390166][ T6779] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  110.394553][ T6779] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  110.397681][ T6779] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  110.400809][ T6779]  </TASK>
[  110.403103][ T6779] ERROR: Out of memory at tomoyo_realpath_from_path.
[  110.501636][ T6782] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  110.505146][ T6782] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  110.513240][ T6782] vhci_hcd vhci_hcd.0: Device attached
[  110.571489][   T56] usb 5-1: usb_control_msg returned -32
[  110.582999][   T56] usbtmc 5-1:16.0: can't read capabilities
[  110.663332][ T6786] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  110.666390][ T6786] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  110.691808][ T6786] vhci_hcd vhci_hcd.0: Device attached
[  110.705482][ T6788] vhci_hcd: cannot find the pending unlink 0
[  110.723827][ T6784] vhci_hcd: connection closed
[  110.724094][   T13] vhci_hcd: stop threads
[  110.735337][   T13] vhci_hcd: release socket
[  110.737275][   T13] vhci_hcd: disconnect device
[  110.919618][ T6793] random: crng reseeded on system resumption
[  110.963265][   T56] usb 15-1: new high-speed USB device number 7 using vhci_hcd
[  111.317710][ T6788] vhci_hcd: connection reset by peer
[  111.320856][   T45] vhci_hcd: stop threads
[  111.323070][   T45] vhci_hcd: release socket
[  111.326211][   T45] vhci_hcd: disconnect device
[  111.341517][ T6797] netlink: 4 bytes leftover after parsing attributes in process `syz.3.427'.
[  111.360704][ T6797] netlink: 4 bytes leftover after parsing attributes in process `syz.3.427'.
[  111.525977][ T6802] netlink: 4 bytes leftover after parsing attributes in process `syz.3.428'.
[  111.532617][ T6802] netlink: 4 bytes leftover after parsing attributes in process `syz.3.428'.
[  111.704751][ T6809] fuse: Bad value for 'fd'
[  112.079312][ T6817] netlink: 12 bytes leftover after parsing attributes in process `syz.2.432'.
[  112.091178][ T6817] bridge_slave_1: left allmulticast mode
[  112.093241][ T6817] bridge_slave_1: left promiscuous mode
[  112.096442][ T6817] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.106345][ T6817] bridge1: port 1(bridge_slave_1) entered blocking state
[  112.109149][ T6817] bridge1: port 1(bridge_slave_1) entered disabled state
[  112.111683][ T6817] bridge_slave_1: entered allmulticast mode
[  112.115193][ T6817] bridge_slave_1: entered promiscuous mode
[  112.128666][ T6817] netlink: 'syz.2.432': attribute type 4 has an invalid length.
[  112.363067][   T30] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  112.543219][   T30] usb 6-1: Using ep0 maxpacket: 8
[  112.550848][   T30] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  112.555177][   T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  112.560441][   T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  112.565829][   T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  112.572581][   T30] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  112.576391][   T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  112.581895][   T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  112.587218][   T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  112.594955][   T30] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  112.599489][   T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  112.606238][   T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  112.611478][   T30] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  112.622406][   T30] usb 6-1: string descriptor 0 read error: -22
[  112.627900][   T30] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  112.632181][   T30] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.643235][   T30] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux1
[  112.717823][  T815] usb 5-1: USB disconnect, device number 2
[  112.788259][ T6828] netlink: 'syz.2.435': attribute type 11 has an invalid length.
[  112.810824][ T6828] netlink: 8 bytes leftover after parsing attributes in process `syz.2.435'.
[  112.868742][ T5242] usb 6-1: USB disconnect, device number 5
[  113.082008][ T6847] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  113.201940][ T6847] FAULT_INJECTION: forcing a failure.
[  113.201940][ T6847] name failslab, interval 1, probability 0, space 0, times 0
[  113.209889][ T6847] CPU: 3 PID: 6847 Comm: syz.2.439 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[  113.213671][ T6847] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  113.217780][ T6847] Call Trace:
[  113.219272][ T6847]  <TASK>
[  113.220621][ T6847]  dump_stack_lvl+0x16c/0x1f0
[  113.222763][ T6847]  should_fail_ex+0x497/0x5b0
[  113.224511][ T6847]  should_failslab+0x9/0x20
[  113.226340][ T6847]  kmalloc_trace_noprof+0x6b/0x310
[  113.228758][ T6847]  ? media_pipeline_add_pad+0xf3/0x990
[  113.231789][ T6847]  ? kasan_save_track+0x14/0x30
[  113.234260][ T6847]  media_pipeline_add_pad+0xf3/0x990
[  113.236716][ T6847]  __media_pipeline_start+0x51d/0x2020
[  113.239056][ T6847]  ? __pfx___mutex_lock+0x10/0x10
[  113.241239][ T6847]  ? __pfx___media_pipeline_start+0x10/0x10
[  113.243865][ T6847]  media_pipeline_start+0x49/0x70
[  113.246101][ T6847]  video_device_pipeline_start+0x79/0xa0
[  113.248436][ T6847]  vimc_capture_start_streaming+0x7d/0x130
[  113.251089][ T6847]  ? __pfx_vimc_capture_start_streaming+0x10/0x10
[  113.253974][ T6847]  vb2_start_streaming+0x15f/0x5a0
[  113.256457][ T6847]  ? __bitmap_weight+0xdc/0x110
[  113.259158][ T6847]  vb2_core_streamon+0x2a7/0x450
[  113.261732][ T6847]  vb2_ioctl_streamon+0xfa/0x170
[  113.264170][ T6847]  __video_do_ioctl+0xaf9/0xf00
[  113.266212][ T6847]  ? __pfx___video_do_ioctl+0x10/0x10
[  113.268540][ T6847]  video_usercopy+0x426/0x1500
[  113.270627][ T6847]  ? __pfx___video_do_ioctl+0x10/0x10
[  113.273000][ T6847]  ? __pfx_video_usercopy+0x10/0x10
[  113.275252][ T6847]  v4l2_ioctl+0x1c0/0x260
[  113.277179][ T6847]  v4l2_compat_ioctl32+0x21d/0x2c0
[  113.279470][ T6847]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  113.281880][ T6847]  __do_compat_sys_ioctl+0x2c3/0x330
[  113.284146][ T6847]  __do_fast_syscall_32+0x73/0x120
[  113.286453][ T6847]  do_fast_syscall_32+0x32/0x80
[  113.288613][ T6847]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  113.291306][ T6847] RIP: 0023:0xf7455579
[  113.293064][ T6847] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  113.301460][ T6847] RSP: 002b:00000000f5d6d57c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  113.305537][ T6847] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000040045612
[  113.309764][ T6847] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  113.313456][ T6847] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  113.317032][ T6847] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  113.320522][ T6847] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  113.324334][ T6847]  </TASK>
[  113.589974][ T6864] syz.3.444[6864] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  113.590137][ T6864] syz.3.444[6864] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  113.694148][ T6873] FAULT_INJECTION: forcing a failure.
[  113.694148][ T6873] name failslab, interval 1, probability 0, space 0, times 0
[  113.708664][ T6873] CPU: 1 PID: 6873 Comm: syz.1.446 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[  113.713845][ T6873] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  113.718601][ T6873] Call Trace:
[  113.720265][ T6873]  <TASK>
[  113.721721][ T6873]  dump_stack_lvl+0x16c/0x1f0
[  113.724563][ T6873]  should_fail_ex+0x497/0x5b0
[  113.727768][ T6873]  should_failslab+0x9/0x20
[  113.729815][ T6873]  kmalloc_trace_noprof+0x6b/0x310
[  113.732046][ T6873]  ? alloc_fs_context+0x57/0x9c0
[  113.734213][ T6873]  alloc_fs_context+0x57/0x9c0
[  113.736372][ T6873]  path_mount+0xbfb/0x1f10
[  113.738415][ T6873]  ? kmem_cache_free+0x12f/0x3a0
[  113.740532][ T6873]  ? __pfx_path_mount+0x10/0x10
[  113.742638][ T6873]  ? putname+0x12e/0x170
[  113.744652][ T6873]  __ia32_sys_mount+0x295/0x320
[  113.746839][ T6873]  ? __pfx___ia32_sys_mount+0x10/0x10
[  113.749311][ T6873]  __do_fast_syscall_32+0x73/0x120
[  113.751805][ T6873]  do_fast_syscall_32+0x32/0x80
[  113.753994][ T6873]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  113.757155][ T6873] RIP: 0023:0xf73c5579
[  113.759372][ T6873] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  113.768596][ T6873] RSP: 002b:00000000f5cdd57c EFLAGS: 00000292 ORIG_RAX: 0000000000000015
[  113.772201][ T6873] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000680
[  113.775512][ T6873] RDX: 0000000020000b80 RSI: 0000000000000000 RDI: 00000000200008c0
[  113.778864][ T6873] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  113.782258][ T6873] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  113.785641][ T6873] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  113.789117][ T6873]  </TASK>
[  113.955282][ T6882] netlink: 'syz.1.451': attribute type 5 has an invalid length.
[  113.962193][ T6882] netlink: 'syz.1.451': attribute type 11 has an invalid length.
[  113.969198][ T6882] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  114.015796][ T6885] xt_TCPMSS: Only works on TCP SYN packets
[  114.198899][ T6889] syzkaller1: entered promiscuous mode
[  114.203894][ T6889] syzkaller1: entered allmulticast mode
[  114.690796][ T6901] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  115.293792][ T6917] syzkaller1: entered promiscuous mode
[  115.296238][ T6917] syzkaller1: entered allmulticast mode
[  115.467883][ T5241] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  115.664811][ T5241] usb 8-1: New USB device found, idVendor=0421, idProduct=026c, bcdDevice=1f.2f
[  115.668726][ T5241] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.680586][ T5241] usb 8-1: config 0 descriptor??
[  115.686544][ T5241] rndis_host 8-1:0.0: More than one union descriptor, skipping ...
[  115.690022][ T5241] rndis_host 8-1:0.0: skipping garbage
[  115.703400][ T5241] rndis_host 8-1:0.0: probe with driver rndis_host failed with error -22
[  115.707463][ T5241] cdc_acm 8-1:0.0: More than one union descriptor, skipping ...
[  115.710836][ T5241] cdc_acm 8-1:0.0: skipping garbage
[  115.724195][ T5241] cdc_acm 8-1:0.0: Control and data interfaces are not separated!
[  115.735232][ T5241] cdc_acm 8-1:0.0: This needs exactly 3 endpoints
[  115.738132][ T5241] cdc_acm 8-1:0.0: probe with driver cdc_acm failed with error -22
[  115.818452][ T5209] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  115.829703][ T5209] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  115.834226][ T5209] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  115.837623][ T6535] syz_tun (unregistering): left promiscuous mode
[  115.838892][ T5209] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  115.845295][ T5209] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  115.849885][ T5209] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  115.957257][ T6933] __nla_validate_parse: 8 callbacks suppressed
[  115.957272][ T6933] netlink: 4 bytes leftover after parsing attributes in process `syz.2.467'.
[  115.973712][ T6933] netlink: 4 bytes leftover after parsing attributes in process `syz.2.467'.
[  116.055173][   T56] vhci_hcd: vhci_device speed not set
[  116.080816][ T6930] chnl_net:caif_netlink_parms(): no params data found
[  116.082061][ T6941] cdrom: dropping to single frame dma
[  116.106623][ T6948] ptrace attach of "/syz-executor exec"[5202] was attempted by "
     �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �     
            \x07    \x09  \x0a  \x0b  \x0c  \x0d                            \x1b             !  \x22  #  $  %  &  '  (  )  *  +  ,  -  .  /  0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  [  \x5c  ]  ^  _  `  a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  {  |  }  ~    �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �
[  116.128114][ T6945] =======================================================
[  116.128114][ T6945] WARNING: The mand mount option has been deprecated and
[  116.128114][ T6945]          and is ignored by this kernel. Remove the mand
[  116.128114][ T6945]          option from the mount to silence this warning.
[  116.128114][ T6945] =======================================================
[  116.143073][ T5209] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  116.179972][ T5209] Bluetooth: hci3: Injecting HCI hardware error event
[  116.185956][ T5209] Bluetooth: hci3: hardware error 0x00
[  116.257976][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.280968][ T6953] syz.0.471[6953] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  116.281068][ T6953] syz.0.471[6953] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  116.387142][ T6930] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.395999][ T6930] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.399287][ T6930] bridge_slave_0: entered allmulticast mode
[  116.406084][ T6930] bridge_slave_0: entered promiscuous mode
[  116.427464][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.438328][ T6930] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.441770][ T6930] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.446444][ T6930] bridge_slave_1: entered allmulticast mode
[  116.451039][ T6930] bridge_slave_1: entered promiscuous mode
[  116.515911][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.555563][ T6930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  116.562035][ T6930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  116.643434][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.665401][ T6930] team0: Port device team_slave_0 added
[  116.671764][ T6930] team0: Port device team_slave_1 added
[  116.697032][   T57] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  116.743580][ T6930] batman_adv: batadv0: Adding interface: batadv_slave_0
[  116.746902][ T6930] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.758077][ T6930] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  116.764332][ T6930] batman_adv: batadv0: Adding interface: batadv_slave_1
[  116.767468][ T6930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.783333][ T6930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  116.860756][   T57] usb 5-1: device descriptor read/64, error -71
[  116.916596][   T13] bridge_slave_1: left allmulticast mode
[  116.919142][   T13] bridge_slave_1: left promiscuous mode
[  116.924259][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.935661][   T13] bridge_slave_0: left allmulticast mode
[  116.938522][   T13] bridge_slave_0: left promiscuous mode
[  116.941080][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  117.142907][   T57] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  117.303008][   T57] usb 5-1: device descriptor read/64, error -71
[  117.434354][   T57] usb usb5-port1: attempt power cycle
[  117.498864][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  117.511456][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  117.518201][   T13] bond0 (unregistering): Released all slaves
[  117.530400][ T6930] hsr_slave_0: entered promiscuous mode
[  117.535377][ T6930] hsr_slave_1: entered promiscuous mode
[  117.539287][ T6930] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  117.544358][ T6930] Cannot create hsr debugfs directory
[  117.786399][ T6968] netlink: 'syz.2.476': attribute type 3 has an invalid length.
[  117.792302][ T6968] netlink: 36 bytes leftover after parsing attributes in process `syz.2.476'.
[  117.853368][   T57] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  117.893579][ T5213] Bluetooth: hci4: command tx timeout
[  117.897709][   T57] usb 5-1: device descriptor read/8, error -71
[  117.979039][   T13] batadv_slave_0: left promiscuous mode
[  117.991478][   T13] hsr_slave_0: left promiscuous mode
[  118.001219][   T13] hsr_slave_1: left promiscuous mode
[  118.006322][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  118.010689][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  118.039249][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  118.044634][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  118.090686][  T815] usb 8-1: USB disconnect, device number 9
[  118.094164][   T13] veth1_macvtap: left promiscuous mode
[  118.097066][   T13] veth0_macvtap: left promiscuous mode
[  118.099576][   T13] veth1_vlan: left promiscuous mode
[  118.114462][   T13] veth0_vlan: left promiscuous mode
[  118.142371][ T6975] netlink: 4 bytes leftover after parsing attributes in process `syz.2.477'.
[  118.199850][ T6980] netlink: 4 bytes leftover after parsing attributes in process `syz.2.477'.
[  118.202983][   T57] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  118.226675][ T5209] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  118.242882][   T57] usb 5-1: device descriptor read/8, error -71
[  118.363126][   T57] usb usb5-port1: unable to enumerate USB device
[  119.193706][   T13] team0 (unregistering): Port device team_slave_1 removed
[  119.302969][   T13] team0 (unregistering): Port device team_slave_0 removed
[  119.435362][ T6994] ptrace attach of "/syz-executor exec"[5207] was attempted by "
     �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �     
            \x07    \x09  \x0a  \x0b  \x0c  \x0d                            \x1b             !  \x22  #  $  %  &  '  (  )  *  +  ,  -  .  /  0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  [  \x5c  ]  ^  _  `  a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  {  |  }  ~    �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �
[  119.832442][ T7001] ptrace attach of "/syz-executor exec"[5207] was attempted by "
     �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �     
            \x07    \x09  \x0a  \x0b  \x0c  \x0d                            \x1b             !  \x22  #  $  %  &  '  (  )  *  +  ,  -  .  /  0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  [  \x5c  ]  ^  _  `  a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  {  |  }  ~    �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �  �
[  119.868545][    C1] vkms_vblank_simulate: vblank timer overrun
[  119.905347][    C1] vkms_vblank_simulate: vblank timer overrun
[  119.968226][ T7005] netlink: 'syz.3.485': attribute type 3 has an invalid length.
[  119.973953][ T7005] netlink: 36 bytes leftover after parsing attributes in process `syz.3.485'.
[  119.977369][ T5209] Bluetooth: hci4: command tx timeout
[  120.304001][ T7013] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  120.306689][ T7013] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  120.328179][ T7013] vhci_hcd vhci_hcd.0: Device attached
[  120.354473][ T7014] binder: 7011:7014 ioctl c0306201 0 returned -14
[  120.593123][ T5261] usb 13-1: new low-speed USB device number 5 using vhci_hcd
[  120.682649][ T6930] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  120.703423][ T6930] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  120.716522][ T6930] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  120.729404][ T6930] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  120.802071][   T13] IPVS: stop unused estimator thread 0...
[  120.835274][ T6930] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.852622][ T6930] 8021q: adding VLAN 0 to HW filter on device team0
[  120.863521][   T55] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.866837][   T55] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.885211][   T55] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.888484][   T55] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.114252][ T6930] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.117708][ T7015] vhci_hcd: connection reset by peer
[  121.121132][ T1189] vhci_hcd: stop threads
[  121.123402][ T1189] vhci_hcd: release socket
[  121.125655][ T1189] vhci_hcd: disconnect device
[  121.158547][ T6930] veth0_vlan: entered promiscuous mode
[  121.169216][ T6930] veth1_vlan: entered promiscuous mode
[  121.212732][ T6930] veth0_macvtap: entered promiscuous mode
[  121.218808][ T6930] veth1_macvtap: entered promiscuous mode
[  121.232609][ T6930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  121.237321][ T6930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.241002][ T6930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  121.247015][ T6930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.248411][ T7048] netlink: 4 bytes leftover after parsing attributes in process `syz.3.493'.
[  121.251250][ T6930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  121.259182][ T6930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.265447][ T6930] batman_adv: batadv0: Interface activated: batadv_slave_0
[  121.274205][ T6930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  121.278959][ T6930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.282283][ T6930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  121.287339][ T6930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.291285][ T6930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  121.295971][ T6930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.301991][ T6930] batman_adv: batadv0: Interface activated: batadv_slave_1
[  121.304566][ T7048] netlink: 4 bytes leftover after parsing attributes in process `syz.3.493'.
[  121.309241][ T6930] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.312385][ T6930] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.316303][ T6930] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.320151][ T6930] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.395756][   T97] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.399576][   T97] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.428504][ T1189] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.434206][ T1189] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.524246][ T7056] netlink: 4 bytes leftover after parsing attributes in process `syz.1.463'.
[  121.622382][ T7058] netlink: 4 bytes leftover after parsing attributes in process `syz.3.496'.
[  121.637746][ T7058] netlink: 4 bytes leftover after parsing attributes in process `syz.3.496'.
[  121.721472][    C2] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  121.794116][ T7070] xt_TCPMSS: Only works on TCP SYN packets
[  121.802134][ T7071] Process accounting resumed
[  121.841407][  T815] libceph: connect (1)[c::]:6789 error -101
[  121.845424][  T815] libceph: mon0 (1)[c::]:6789 connect error
[  121.914199][ T7079] netlink: 4 bytes leftover after parsing attributes in process `syz.0.501'.
[  121.917602][ T7080] netlink: 44 bytes leftover after parsing attributes in process `syz.3.500'.
[  121.923210][ T7071] ceph: No mds server is up or the cluster is laggy
[  121.923319][ T7080] netlink: 'syz.3.500': attribute type 3 has an invalid length.
[  121.940547][ T7073] netlink: 4 bytes leftover after parsing attributes in process `syz.0.501'.
[  122.059377][ T5209] Bluetooth: hci4: command tx timeout
[  122.163323][ T7091] netlink: 'syz.2.506': attribute type 4 has an invalid length.
[  122.166374][ T7091] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.506'.
[  122.174863][ T7091] netlink: 'syz.2.506': attribute type 16 has an invalid length.
[  122.179083][ T7091] netlink: 48 bytes leftover after parsing attributes in process `syz.2.506'.
[  122.187138][ T7093] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  122.189743][ T7093] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  122.213033][ T7093] vhci_hcd vhci_hcd.0: Device attached
[  122.379963][ T7094] vhci_hcd: connection closed
[  122.380343][ T1116] vhci_hcd: stop threads
[  122.385710][ T1116] vhci_hcd: release socket
[  122.393024][ T1116] vhci_hcd: disconnect device
[  122.432955][ T4994] vhci_hcd: vhci_device speed not set
[  123.068480][ T7123] FAULT_INJECTION: forcing a failure.
[  123.068480][ T7123] name failslab, interval 1, probability 0, space 0, times 0
[  123.075616][ T7123] CPU: 0 PID: 7123 Comm: syz.1.515 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[  123.079959][ T7123] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  123.084320][ T7123] Call Trace:
[  123.085660][ T7123]  <TASK>
[  123.086812][ T7123]  dump_stack_lvl+0x16c/0x1f0
[  123.088666][ T7123]  should_fail_ex+0x497/0x5b0
[  123.090166][ T7123]  should_failslab+0x9/0x20
[  123.091507][ T7123]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  123.093770][ T7123]  ? dst_alloc+0x99/0x1a0
[  123.095905][ T7123]  dst_alloc+0x99/0x1a0
[  123.097746][ T7123]  rt_dst_alloc+0x35/0x3a0
[  123.099553][ T7123]  ip_route_output_key_hash_rcu+0x8a5/0x2770
[  123.101925][ T7123]  ip_route_output_key_hash+0x138/0x2e0
[  123.104065][ T7123]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  123.106631][ T7123]  ? __call_rcu_common.constprop.0+0x2e6/0x790
[  123.109207][ T7123]  ? lockdep_hardirqs_on+0x7c/0x110
[  123.111337][ T7123]  ip_route_output_flow+0x27/0x150
[  123.113703][ T7123]  tcp_v4_connect+0x13b9/0x1b80
[  123.115804][ T7123]  ? __pfx_tcp_v4_connect+0x10/0x10
[  123.117980][ T7123]  ? __pfx_mark_lock+0x10/0x10
[  123.120028][ T7123]  __inet_stream_connect+0x3c7/0x1020
[  123.122297][ T7123]  ? find_held_lock+0x2d/0x110
[  123.124353][ T7123]  ? __pfx___inet_stream_connect+0x10/0x10
[  123.126826][ T7123]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  123.129110][ T7123]  ? mark_held_locks+0x9f/0xe0
[  123.130774][ T7123]  ? inet_stream_connect+0x43/0xa0
[  123.132751][ T7123]  ? __local_bh_enable_ip+0xa4/0x120
[  123.134635][ T7123]  inet_stream_connect+0x57/0xa0
[  123.136818][ T7123]  kernel_connect+0xdd/0x140
[  123.138968][ T7123]  ? __pfx_kernel_connect+0x10/0x10
[  123.141732][ T7123]  ? mark_held_locks+0x9f/0xe0
[  123.144140][ T7123]  ? smc_connect+0xd5/0x760
[  123.146168][ T7123]  ? __local_bh_enable_ip+0xa4/0x120
[  123.148502][ T7123]  smc_connect+0x4c7/0x760
[  123.150458][ T7123]  ? __pfx_smc_connect+0x10/0x10
[  123.152695][ T7123]  __sys_connect_file+0x15f/0x1a0
[  123.155600][ T7123]  __sys_connect+0x149/0x170
[  123.158249][ T7123]  ? __pfx___sys_connect+0x10/0x10
[  123.161430][ T7123]  ? __pfx_ksys_write+0x10/0x10
[  123.164044][ T7123]  __ia32_sys_connect+0x71/0xb0
[  123.166255][ T7123]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  123.169046][ T7123]  __do_fast_syscall_32+0x73/0x120
[  123.171310][ T7123]  do_fast_syscall_32+0x32/0x80
[  123.173429][ T7123]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  123.176326][ T7123] RIP: 0023:0xf7407579
[  123.178336][ T7123] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  123.188327][ T7123] RSP: 002b:00000000f5d1f57c EFLAGS: 00000292 ORIG_RAX: 000000000000016a
[  123.191727][ T7123] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
[  123.194978][ T7123] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  123.198448][ T7123] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  123.201982][ T7123] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  123.205242][ T7123] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  123.209254][ T7123]  </TASK>
[  123.537411][ T7141] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  123.540718][ T7141] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  123.544853][ T7141] vhci_hcd vhci_hcd.0: Device attached
[  123.694478][ T7143] vhci_hcd: connection closed
[  123.694820][   T45] vhci_hcd: stop threads
[  123.698788][   T45] vhci_hcd: release socket
[  123.700791][   T45] vhci_hcd: disconnect device
[  123.743065][   T57] vhci_hcd: vhci_device speed not set
[  124.112896][ T1618] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  124.133076][ T5209] Bluetooth: hci4: command tx timeout
[  124.313664][ T1618] usb 7-1: Using ep0 maxpacket: 8
[  124.317674][ T1618] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  124.320365][ T1618] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  124.326902][ T1618] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  124.330885][ T1618] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  124.336117][ T1618] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  124.338778][ T1618] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  124.342652][ T1618] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  124.347349][ T1618] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  124.352518][ T1618] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  124.355435][ T1618] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  124.359253][ T1618] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  124.363385][ T1618] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  124.370169][ T1618] usb 7-1: string descriptor 0 read error: -22
[  124.372723][ T1618] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  124.376647][ T1618] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.385927][ T1618] adutux 7-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  124.692354][   T30] usb 7-1: USB disconnect, device number 7
[  125.300106][   T39] audit: type=1326 audit(1720168567.755:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7185 comm="syz.1.534" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7407579 code=0x0
[  125.438687][ T5213] Bluetooth: hci0: sending frame failed (-49)
[  125.443999][ T5209] Bluetooth: hci0: Opcode 0x1003 failed: -49
[  125.516855][ T7200] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  125.555660][ T7202] random: crng reseeded on system resumption
[  125.734956][ T5261] vhci_hcd: vhci_device speed not set
[  126.200334][ T7211] ALSA: seq fatal error: cannot create timer (-22)
[  126.382534][ T7212] xt_TCPMSS: Only works on TCP SYN packets
[  127.403033][ T4994] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  127.564956][ T4994] usb 5-1: device descriptor read/64, error -71
[  127.853005][ T4994] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  128.003028][ T4994] usb 5-1: device descriptor read/64, error -71
[  128.094838][ T7260] FAULT_INJECTION: forcing a failure.
[  128.094838][ T7260] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  128.100633][ T7260] CPU: 3 PID: 7260 Comm: syz.3.556 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[  128.105180][ T7260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  128.109970][ T7260] Call Trace:
[  128.111593][ T7260]  <TASK>
[  128.113109][ T7260]  dump_stack_lvl+0x16c/0x1f0
[  128.115449][ T7260]  should_fail_ex+0x497/0x5b0
[  128.117622][ T7260]  _copy_from_user+0x30/0xf0
[  128.119670][ T7260]  get_compat_msghdr+0xa8/0x170
[  128.121839][ T7260]  ? __pfx_get_compat_msghdr+0x10/0x10
[  128.124329][ T7260]  ? kfree+0x245/0x3b0
[  128.126158][ T7260]  ? find_held_lock+0x2d/0x110
[  128.128066][ T7260]  ___sys_recvmsg+0x193/0x1a0
[  128.130575][ T7260]  ? __pfx____sys_recvmsg+0x10/0x10
[  128.133478][ T7260]  ? __pfx___might_resched+0x10/0x10
[  128.136206][ T7260]  ? __fget_light+0x173/0x210
[  128.138305][ T7260]  do_recvmmsg+0x51a/0x750
[  128.140351][ T7260]  ? __pfx_do_recvmmsg+0x10/0x10
[  128.142489][ T7260]  ? __pfx_lock_release+0x10/0x10
[  128.143416][ T4994] usb usb5-port1: attempt power cycle
[  128.144708][ T7260]  ? vfs_write+0x14d/0x1140
[  128.149057][ T7260]  __sys_recvmmsg+0x21e/0x280
[  128.151101][ T7260]  ? __pfx___sys_recvmmsg+0x10/0x10
[  128.153375][ T7260]  ? __pfx_ksys_write+0x10/0x10
[  128.155552][ T7260]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  128.158321][ T7260]  ? lockdep_hardirqs_on+0x7c/0x110
[  128.160661][ T7260]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  128.163567][ T7260]  __do_fast_syscall_32+0x73/0x120
[  128.165796][ T7260]  do_fast_syscall_32+0x32/0x80
[  128.167889][ T7260]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  128.170352][ T7260] RIP: 0023:0xf748c579
[  128.172148][ T7260] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  128.180684][ T7260] RSP: 002b:00000000f5d8357c EFLAGS: 00000292 ORIG_RAX: 0000000000000151
[  128.184400][ T7260] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200066c0
[  128.187930][ T7260] RDX: 0000000000000a0d RSI: 0000000000000000 RDI: 0000000000000000
[  128.191381][ T7260] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  128.194855][ T7260] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  128.198280][ T7260] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  128.201787][ T7260]  </TASK>
[  128.293588][ T7263] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  128.572953][ T4994] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  128.613812][ T4994] usb 5-1: device descriptor read/8, error -71
[  128.834121][ T7272] syzkaller1: entered promiscuous mode
[  128.841431][ T7272] syzkaller1: entered allmulticast mode
[  128.883267][ T4994] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  128.916669][ T4994] usb 5-1: device descriptor read/8, error -71
[  129.023717][ T5213] Bluetooth: hci4: command 0x0405 tx timeout
[  129.043611][ T4994] usb usb5-port1: unable to enumerate USB device
[  129.217152][ T7274] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.220659][ T7274] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.224133][ T7274] bridge0: port 2(bridge_slave_1) entered forwarding state
[  129.341554][ T7279] ALSA: seq fatal error: cannot create timer (-22)
[  129.651567][ T7283] __nla_validate_parse: 10 callbacks suppressed
[  129.651585][ T7283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.564'.
[  129.681978][ T7283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.564'.
[  129.819238][ T7288] netlink: 'syz.2.565': attribute type 11 has an invalid length.
[  129.828810][ T7288] netlink: 8 bytes leftover after parsing attributes in process `syz.2.565'.
[  129.916174][ T7292] Cannot find add_set index 0 as target
[  130.247922][ T7302] netlink: 4 bytes leftover after parsing attributes in process `syz.1.571'.
[  130.254499][ T7302] netlink: 12 bytes leftover after parsing attributes in process `syz.1.571'.
[  130.268803][ T7302] netlink: 4 bytes leftover after parsing attributes in process `syz.1.571'.
[  130.326760][ T7305] netlink: 4 bytes leftover after parsing attributes in process `syz.0.570'.
[  130.332173][ T7305] netlink: 12 bytes leftover after parsing attributes in process `syz.0.570'.
[  130.360315][ T7305] netlink: 4 bytes leftover after parsing attributes in process `syz.0.570'.
[  130.486016][ T7315] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  130.488753][ T7315] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  130.494990][ T7315] vhci_hcd vhci_hcd.0: Device attached
[  130.608691][ T7319] netlink: 4 bytes leftover after parsing attributes in process `syz.0.573'.
[  130.763115][ T5241] usb 15-1: new high-speed USB device number 8 using vhci_hcd
[  130.793419][ T7323] netlink: 'syz.0.574': attribute type 11 has an invalid length.
[  131.222013][ T7316] vhci_hcd: connection reset by peer
[  131.226990][ T1189] vhci_hcd: stop threads
[  131.229650][ T1189] vhci_hcd: release socket
[  131.232345][ T1189] vhci_hcd: disconnect device
[  131.904555][ T7356] netlink: 'syz.1.585': attribute type 11 has an invalid length.
[  132.144067][ T7365] fuse: Bad value for 'fd'
[  132.147900][ T5213] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  132.159257][ T5213] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  132.165305][ T5213] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  132.172129][ T5213] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  132.175515][ T5213] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  132.180239][ T5213] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  132.460123][ T7371] netlink: 'syz.0.589': attribute type 4 has an invalid length.
[  132.570337][ T1116] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.624205][ T7363] chnl_net:caif_netlink_parms(): no params data found
[  132.722738][ T1116] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.727668][ T7381] fuse: Bad value for 'fd'
[  132.813088][ T1116] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.821327][ T7363] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.828394][ T7363] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.831628][ T7363] bridge_slave_0: entered allmulticast mode
[  132.839481][ T7363] bridge_slave_0: entered promiscuous mode
[  132.848539][ T7363] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.851744][ T7363] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.855720][ T7363] bridge_slave_1: entered allmulticast mode
[  132.858695][ T7363] bridge_slave_1: entered promiscuous mode
[  132.939165][ T1354] ieee802154 phy0 wpan0: encryption failed: -22
[  132.943196][ T1354] ieee802154 phy1 wpan1: encryption failed: -22
[  133.004492][ T1116] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.025459][ T7363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  133.032358][ T7363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  133.104081][ T7363] team0: Port device team_slave_0 added
[  133.109878][ T7363] team0: Port device team_slave_1 added
[  133.190784][ T7363] batman_adv: batadv0: Adding interface: batadv_slave_0
[  133.194308][ T7363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  133.206027][ T7363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  133.212971][ T7363] batman_adv: batadv0: Adding interface: batadv_slave_1
[  133.216063][ T7363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  133.227136][ T7363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  133.283951][  T825] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  133.328456][ T7363] hsr_slave_0: entered promiscuous mode
[  133.332104][ T7363] hsr_slave_1: entered promiscuous mode
[  133.336080][ T7363] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  133.339317][ T7363] Cannot create hsr debugfs directory
[  133.419066][ T7391] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[  133.422025][ T7391] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  133.427185][ T7391] vhci_hcd vhci_hcd.0: Device attached
[  133.472956][  T825] usb 6-1: Using ep0 maxpacket: 8
[  133.477431][  T825] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  133.480972][  T825] usb 6-1: config 179 has no interface number 0
[  133.487070][  T825] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 64, changing to 10
[  133.492002][  T825] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 1024
[  133.501284][  T825] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  133.519529][ T1116] bridge_slave_0: left promiscuous mode
[  133.521781][ T1116] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.526220][  T825] usb 6-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  133.532442][  T825] usb 6-1: config 179 interface 65 has no altsetting 0
[  133.535897][  T825] usb 6-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  133.539079][  T825] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.549798][ T7385] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  133.554887][ T1116] bridge_slave_1: left allmulticast mode
[  133.557720][ T1116] bridge_slave_1: left promiscuous mode
[  133.563881][ T1116] bridge1: port 1(bridge_slave_1) entered disabled state
[  133.579991][  T825] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:179.65/input/input12
[  133.624083][ T4681] input input12: unable to receive magic message: -110
[  133.635614][ T4681] input input12: unable to receive magic message: -32
[  133.645178][ T4681] input input12: unable to receive magic message: -32
[  133.659487][ T4681] input input12: unable to receive magic message: -32
[  133.694882][   T30] usb 13-1: new high-speed USB device number 6 using vhci_hcd
[  133.715917][ T5215] input input12: unable to receive magic message: -32
[  133.739566][ T4681] input input12: unable to receive magic message: -32
[  133.744184][ T4681] input input12: unable to receive magic message: -32
[  133.753929][ T4681] input input12: unable to receive magic message: -32
[  133.776970][  T825] usb 6-1: USB disconnect, device number 6
[  133.779303][    C2] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  133.783871][  T825] xpad 6-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  134.073878][ T1116] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  134.080522][ T1116] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  134.086785][ T1116] bond0 (unregistering): Released all slaves
[  134.107223][ T7392] vhci_hcd: connection reset by peer
[  134.109348][   T97] vhci_hcd: stop threads
[  134.111157][   T97] vhci_hcd: release socket
[  134.115970][   T97] vhci_hcd: disconnect device
[  134.213682][ T5213] Bluetooth: hci0: command tx timeout
[  134.538600][ T1116] hsr_slave_0: left promiscuous mode
[  134.545183][ T1116] hsr_slave_1: left promiscuous mode
[  134.551074][ T1116] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  134.554848][ T1116] batman_adv: batadv0: Removing interface: batadv_slave_0
[  134.559257][ T1116] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  134.562533][ T1116] batman_adv: batadv0: Removing interface: batadv_slave_1
[  134.604793][ T1116] veth1_macvtap: left promiscuous mode
[  134.606858][ T1116] veth0_macvtap: left promiscuous mode
[  134.609204][ T1116] veth1_vlan: left promiscuous mode
[  134.611725][ T1116] veth0_vlan: left promiscuous mode
[  134.984784][ T7420] tmpfs: Bad value for 'size'
[  135.808599][ T1116] team0 (unregistering): Port device team_slave_1 removed
[  135.903116][ T5241] vhci_hcd: vhci_device speed not set
[  135.936999][ T1116] team0 (unregistering): Port device team_slave_0 removed
[  136.303122][ T5213] Bluetooth: hci0: command tx timeout
[  136.403500][ T7446] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  136.406530][ T7446] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  136.410578][ T7446] vhci_hcd vhci_hcd.0: Device attached
[  136.736302][ T5241] usb 15-1: device descriptor read/64, error -110
[  136.866406][ T7363] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  136.878631][ T7363] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  136.892023][ T7363] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  136.898880][ T7363] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  136.962167][ T7363] 8021q: adding VLAN 0 to HW filter on device bond0
[  136.978793][ T7363] 8021q: adding VLAN 0 to HW filter on device team0
[  136.986806][ T4994] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.989850][ T4994] bridge0: port 1(bridge_slave_0) entered forwarding state
[  137.004297][   T55] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.007259][   T55] bridge0: port 2(bridge_slave_1) entered forwarding state
[  137.014010][ T5241] usb 15-1: new high-speed USB device number 9 using vhci_hcd
[  137.033397][ T7363] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  137.037191][ T7363] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  137.064855][ T7447] vhci_hcd: connection reset by peer
[  137.071789][   T11] vhci_hcd: stop threads
[  137.075528][   T11] vhci_hcd: release socket
[  137.077414][   T11] vhci_hcd: disconnect device
[  137.133890][ T5242] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  137.141772][ T7363] 8021q: adding VLAN 0 to HW filter on device batadv0
[  137.177679][ T7363] veth0_vlan: entered promiscuous mode
[  137.187204][ T7363] veth1_vlan: entered promiscuous mode
[  137.220109][ T7363] veth0_macvtap: entered promiscuous mode
[  137.226727][ T7363] veth1_macvtap: entered promiscuous mode
[  137.240258][ T7363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.244619][ T7363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.248461][ T7363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.252785][ T7363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.258795][ T7363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.263088][ T7363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.268763][ T7363] batman_adv: batadv0: Interface activated: batadv_slave_0
[  137.279345][ T7363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  137.286100][ T7363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.289481][ T7363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  137.293633][ T7363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.297126][ T7363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  137.301381][ T7363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.306570][ T7363] batman_adv: batadv0: Interface activated: batadv_slave_1
[  137.313077][ T7363] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  137.316041][ T7363] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  137.318916][ T7363] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  137.322061][ T7363] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  137.333156][ T5242] usb 8-1: Using ep0 maxpacket: 8
[  137.339645][ T5242] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[  137.344270][ T5242] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  137.349780][ T5242] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  137.356186][ T5242] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  137.371809][ T5242] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[  137.376311][ T5242] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  137.381192][ T5242] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  137.386536][ T5242] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  137.389557][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  137.394515][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.396123][ T5242] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[  137.400784][ T5242] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  137.405660][ T5242] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  137.410323][ T5242] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  137.412719][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  137.418373][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.421498][ T5242] usb 8-1: string descriptor 0 read error: -22
[  137.423968][ T5242] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  137.427074][ T5242] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.435428][ T5242] adutux 8-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  137.747570][ T4994] usb 8-1: USB disconnect, device number 10
[  137.801298][ T7489] __nla_validate_parse: 6 callbacks suppressed
[  137.801309][ T7489] netlink: 8 bytes leftover after parsing attributes in process `syz.1.609'.
[  137.818211][ T7491] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  137.821043][ T7491] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  137.825291][ T7491] vhci_hcd vhci_hcd.0: Device attached
[  137.987995][ T7500] 9pnet: p9_errstr2errno: server reported unknown error 1844674407370
[  138.079710][ T7505] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  138.082241][ T7505] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  138.092964][ T7505] vhci_hcd vhci_hcd.0: Device attached
[  138.220129][ T7514] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  138.223057][ T7514] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  138.228645][ T7514] vhci_hcd vhci_hcd.0: Device attached
[  138.363012][   T57] usb 17-1: new low-speed USB device number 4 using vhci_hcd
[  138.635889][ T7492] vhci_hcd: connection closed
[  138.636077][ T1189] vhci_hcd: stop threads
[  138.639607][ T1189] vhci_hcd: release socket
[  138.641621][ T1189] vhci_hcd: disconnect device
[  138.883020][   T30] vhci_hcd: vhci_device speed not set
[  138.887972][ T7508] vhci_hcd: connection reset by peer
[  138.891205][   T45] vhci_hcd: stop threads
[  138.893673][   T45] vhci_hcd: release socket
[  138.896154][   T45] vhci_hcd: disconnect device
[  138.965968][ T7515] vhci_hcd: connection closed
[  138.966343][   T97] vhci_hcd: stop threads
[  138.971804][   T97] vhci_hcd: release socket
[  138.975752][   T97] vhci_hcd: disconnect device
[  139.222083][ T7522] capability: warning: `syz.0.619' uses 32-bit capabilities (legacy support in use)
[  139.450115][ T7535] netlink: 4 bytes leftover after parsing attributes in process `syz.3.621'.
[  139.683983][ T7541] netlink: 4 bytes leftover after parsing attributes in process `syz.1.623'.
[  139.689773][ T7541] netlink: 12 bytes leftover after parsing attributes in process `syz.1.623'.
[  139.773099][   T35] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  139.964180][   T35] usb 7-1: not running at top speed; connect to a high speed hub
[  139.969153][   T35] usb 7-1: config 1 interface 0 altsetting 148 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  139.975791][   T35] usb 7-1: config 1 interface 0 has no altsetting 0
[  139.983367][   T35] usb 7-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.40
[  139.988234][   T35] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.991790][   T35] usb 7-1: Product: 똢ళ숤ꗾ㳜䖩᰸艿ꍑ隕ݸ鷖徃⡷콭焤⃀풢铛ᳪ嘽첬徴⣲낐
[  139.997752][   T35] usb 7-1: Manufacturer: Х
[  139.999880][   T35] usb 7-1: SerialNumber: I
[  140.005248][ T7537] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  140.133202][ T5213] Bluetooth: hci0: command tx timeout
[  140.445576][   T35] usbhid 7-1:1.0: can't add hid device: -71
[  140.448498][   T35] usbhid 7-1:1.0: probe with driver usbhid failed with error -71
[  140.475547][   T35] usb 7-1: USB disconnect, device number 8
[  140.506723][ T7555] netlink: 'syz.3.626': attribute type 11 has an invalid length.
[  140.523325][ T7555] netlink: 8 bytes leftover after parsing attributes in process `syz.3.626'.
[  140.577239][ T7557] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  140.581108][ T7557] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  140.586123][ T7557] vhci_hcd vhci_hcd.0: Device attached
[  140.712960][ T7558] vhci_hcd: connection closed
[  140.713351][   T11] vhci_hcd: stop threads
[  140.717601][   T11] vhci_hcd: release socket
[  140.719916][   T11] vhci_hcd: disconnect device
[  140.803098][ T5261] vhci_hcd: vhci_device speed not set
[  141.081734][ T7562] netlink: 4 bytes leftover after parsing attributes in process `syz.2.628'.
[  141.089906][ T7562] netlink: 12 bytes leftover after parsing attributes in process `syz.2.628'.
[  141.100520][ T7562] netlink: 4 bytes leftover after parsing attributes in process `syz.2.628'.
[  141.336632][ T7571] FAULT_INJECTION: forcing a failure.
[  141.336632][ T7571] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  141.344153][ T7571] CPU: 0 PID: 7571 Comm: syz.3.631 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[  141.348771][ T7571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  141.353389][ T7571] Call Trace:
[  141.354869][ T7571]  <TASK>
[  141.356120][ T7571]  dump_stack_lvl+0x16c/0x1f0
[  141.358022][ T7571]  should_fail_ex+0x497/0x5b0
[  141.360278][ T7571]  copy_fpstate_to_sigframe+0x812/0xaa0
[  141.363378][ T7571]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  141.366865][ T7571]  ? __pfx_lock_acquire+0x10/0x10
[  141.369363][ T7571]  ? do_raw_spin_unlock+0x172/0x230
[  141.371920][ T7571]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  141.374449][ T7571]  ? find_held_lock+0x2d/0x110
[  141.376707][ T7571]  get_sigframe+0x455/0x930
[  141.378880][ T7571]  ? __pfx_get_sigframe+0x10/0x10
[  141.382001][ T7571]  ? _raw_spin_unlock_irq+0x23/0x50
[  141.385243][ T7571]  ? siginfo_layout+0x177/0x290
[  141.387907][ T7571]  ia32_setup_rt_frame+0xe4/0xb20
[  141.390224][ T7571]  ? __do_sys_flock+0xd6/0x520
[  141.392412][ T7571]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[  141.394880][ T7571]  ? __mutex_unlock_slowpath+0x164/0x650
[  141.397417][ T7571]  arch_do_signal_or_restart+0x47b/0x7e0
[  141.400122][ T7571]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  141.403680][ T7571]  ? ksys_write+0x1ab/0x260
[  141.406080][ T7571]  ? __pfx_ksys_write+0x10/0x10
[  141.408767][ T7571]  syscall_exit_to_user_mode+0x14a/0x2a0
[  141.411210][ T7571]  __do_fast_syscall_32+0x80/0x120
[  141.413502][ T7571]  do_fast_syscall_32+0x32/0x80
[  141.415776][ T7571]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  141.418649][ T7571] RIP: 0023:0xf748c577
[  141.420656][ T7571] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  141.430744][ T7571] RSP: 002b:00000000f5da457c EFLAGS: 00000292 ORIG_RAX: 000000000000008f
[  141.434122][ T7571] RAX: 000000000000008f RBX: 0000000000000009 RCX: 0000000000000002
[  141.437602][ T7571] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  141.441025][ T7571] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  141.444512][ T7571] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  141.448081][ T7571] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  141.452629][ T7571]  </TASK>
[  141.497057][ T7574] netlink: 4 bytes leftover after parsing attributes in process `syz.1.632'.
[  141.508581][ T7574] netlink: 4 bytes leftover after parsing attributes in process `syz.1.632'.
[  141.976097][ T7582] overlay: ./file0 is not a directory
[  142.136265][ T5241] vhci_hcd: vhci_device speed not set
[  142.211160][ T7599] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  142.213920][ T7599] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  142.219495][ T7599] vhci_hcd vhci_hcd.0: Device attached
[  143.039742][ T7600] vhci_hcd: connection closed
[  143.039989][ T1116] vhci_hcd: stop threads
[  143.044581][ T1116] vhci_hcd: release socket
[  143.046825][ T1116] vhci_hcd: disconnect device
[  143.366171][ T7616] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  143.368676][ T7616] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  143.371445][ T7616] vhci_hcd vhci_hcd.0: Device attached
[  143.506678][   T57] vhci_hcd: vhci_device speed not set
[  143.653449][ T1265] usb 15-1: new high-speed USB device number 10 using vhci_hcd
[  143.669370][ T7624] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10)
[  143.686172][ T7624] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  143.690398][ T7624] vhci_hcd vhci_hcd.0: Device attached
[  143.700530][ T7625] vhci_hcd: connection closed
[  143.700910][   T97] vhci_hcd: stop threads
[  143.704891][   T97] vhci_hcd: release socket
[  143.707090][   T97] vhci_hcd: disconnect device
[  144.032723][ T7631] __nla_validate_parse: 3 callbacks suppressed
[  144.032741][ T7631] netlink: 4 bytes leftover after parsing attributes in process `syz.3.644'.
[  144.048041][ T7628] netlink: 4 bytes leftover after parsing attributes in process `syz.3.644'.
[  144.110987][ T7617] vhci_hcd: connection reset by peer
[  144.115422][   T13] vhci_hcd: stop threads
[  144.117028][   T13] vhci_hcd: release socket
[  144.118986][   T13] vhci_hcd: disconnect device
[  144.332135][ T7638] netlink: 4 bytes leftover after parsing attributes in process `syz.0.648'.
[  144.360417][ T7638] netlink: 4 bytes leftover after parsing attributes in process `syz.0.648'.
[  144.375129][ T7651] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  144.377934][ T7651] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  144.381037][ T7651] vhci_hcd vhci_hcd.0: Device attached
[  144.657079][ T7662] fuse: Bad value for 'fd'
[  144.762919][   T57] usb 17-1: new high-speed USB device number 5 using vhci_hcd
[  144.950051][ T7667] fuse: Bad value for 'fd'
[  145.201360][ T7652] vhci_hcd: connection reset by peer
[  145.204585][   T45] vhci_hcd: stop threads
[  145.208038][   T45] vhci_hcd: release socket
[  145.210135][   T45] vhci_hcd: disconnect device
[  145.862417][ T7672] netlink: 4 bytes leftover after parsing attributes in process `syz.0.656'.
[  145.896978][ T7672] netlink: 4 bytes leftover after parsing attributes in process `syz.0.656'.
[  146.173164][ T7693] netlink: 4 bytes leftover after parsing attributes in process `syz.0.660'.
[  146.184500][ T7693] netlink: 12 bytes leftover after parsing attributes in process `syz.0.660'.
[  146.189471][ T7684] netlink: 4 bytes leftover after parsing attributes in process `syz.1.659'.
[  146.198956][ T7687] netlink: 4 bytes leftover after parsing attributes in process `syz.0.660'.
[  146.328912][ T7695] program syz.0.661 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  146.498136][ T7703] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  146.501122][ T7703] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  146.516030][ T7703] vhci_hcd vhci_hcd.0: Device attached
[  146.530832][ T7706] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  146.534150][ T7706] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  146.538337][ T7706] vhci_hcd vhci_hcd.0: Device attached
[  146.542066][ T7707] vhci_hcd: cannot find the pending unlink 0
[  146.618038][ T7704] vhci_hcd: connection closed
[  146.619018][   T45] vhci_hcd: stop threads
[  146.622104][   T45] vhci_hcd: release socket
[  146.626344][   T45] vhci_hcd: disconnect device
[  146.933016][ T4994] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  147.037601][ T7721] netlink: 'syz.2.668': attribute type 11 has an invalid length.
[  147.128271][ T4994] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11
[  147.132488][ T4994] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  147.136694][ T4994] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  147.142082][ T4994] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  147.146187][ T4994] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.152996][ T4994] usb 5-1: config 0 descriptor??
[  147.155902][ T7710] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  147.236517][ T7707] vhci_hcd: connection closed
[  147.238170][   T97] vhci_hcd: stop threads
[  147.243187][   T97] vhci_hcd: release socket
[  147.244955][   T97] vhci_hcd: disconnect device
[  147.430688][ T7728] overlayfs: failed to resolve './file0': -2
[  147.497767][ T7730] program syz.3.671 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  147.543014][   T39] audit: type=1326 audit(1720168589.995:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7729 comm="syz.3.671" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf748c579 code=0x0
[  147.632155][ T4994] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  147.636401][ T4994] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  147.639159][ T4994] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  147.643459][ T4994] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  147.647318][ T4994] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  147.647551][ T7731] FAULT_INJECTION: forcing a failure.
[  147.647551][ T7731] name failslab, interval 1, probability 0, space 0, times 0
[  147.650103][ T4994] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  147.654592][ T7731] CPU: 3 PID: 7731 Comm: syz.3.671 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[  147.654609][ T7731] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  147.654616][ T7731] Call Trace:
[  147.654622][ T7731]  <TASK>
[  147.654627][ T7731]  dump_stack_lvl+0x16c/0x1f0
[  147.654646][ T7731]  should_fail_ex+0x497/0x5b0
[  147.657628][ T4994] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  147.661044][ T7731]  ? __pfx_rwsem_read_trylock+0x10/0x10
[  147.661063][ T7731]  ? find_held_lock+0x2d/0x110
[  147.661079][ T7731]  should_failslab+0x9/0x20
[  147.661094][ T7731]  kmalloc_trace_noprof+0x6b/0x310
[  147.661109][ T7731]  ? nfc_genl_rcv_nl_event+0xc1/0x2e0
[  147.661123][ T7731]  nfc_genl_rcv_nl_event+0xc1/0x2e0
[  147.661134][ T7731]  notifier_call_chain+0xb9/0x410
[  147.661149][ T7731]  ? __pfx_nfc_genl_rcv_nl_event+0x10/0x10
[  147.667254][ T4994] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  147.667771][ T7731]  blocking_notifier_call_chain+0x69/0xa0
[  147.667807][ T7731]  netlink_release+0x184c/0x2000
[  147.669627][ T4994] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  147.670975][ T7731]  ? netlink_release+0x1df/0x2000
[  147.670997][ T7731]  ? __pfx_netlink_release+0x10/0x10
[  147.671017][ T7731]  __sock_release+0xb0/0x270
[  147.671031][ T7731]  ? __pfx_sock_close+0x10/0x10
[  147.671042][ T7731]  sock_close+0x1c/0x30
[  147.671053][ T7731]  __fput+0x408/0xbb0
[  147.671065][ T7731]  ? _raw_spin_unlock_irq+0x23/0x50
[  147.673972][ T4994] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  147.675967][ T7731]  task_work_run+0x14e/0x250
[  147.675988][ T7731]  ? __pfx_task_work_run+0x10/0x10
[  147.675999][ T7731]  ? __pfx___close_range+0x10/0x10
[  147.676019][ T7731]  ? __pfx_ksys_write+0x10/0x10
[  147.676047][ T7731]  syscall_exit_to_user_mode+0x275/0x2a0
[  147.677988][ T4994] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  147.679428][ T7731]  __do_fast_syscall_32+0x80/0x120
[  147.679454][ T7731]  do_fast_syscall_32+0x32/0x80
[  147.679470][ T7731]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  147.679483][ T7731] RIP: 0023:0xf748c579
[  147.679493][ T7731] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  147.679503][ T7731] RSP: 002b:00000000f5d8357c EFLAGS: 00000292 ORIG_RAX: 00000000000001b4
[  147.679515][ T7731] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000ffffffff
[  147.681561][ T4994] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  147.683238][ T7731] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  147.683250][ T7731] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  147.683256][ T7731] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  147.683285][ T7731] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  147.683302][ T7731]  </TASK>
[  147.766489][ T4994] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  147.769192][ T4994] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  147.772965][ T4994] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  147.779630][ T4994] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving
[  147.787975][ T4994] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  147.954597][ T7710] usb usb8: usbfs: process 7710 (syz.0.666) did not claim interface 0 before use
[  147.974448][ T4994] usb 5-1: USB disconnect, device number 11
[  148.131308][ T7750] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  148.133629][ T7750] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  148.142576][ T7750] vhci_hcd vhci_hcd.0: Device attached
[  148.150802][ T5213] Bluetooth: hci4: unexpected event for opcode 0x0c22
[  148.281932][ T7755] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  148.284844][ T7755] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  148.294063][ T7755] vhci_hcd vhci_hcd.0: Device attached
[  148.529904][ T7757] vhci_hcd: connection closed
[  148.531034][ T1189] vhci_hcd: stop threads
[  148.535299][ T1189] vhci_hcd: release socket
[  148.538003][ T1189] vhci_hcd: disconnect device
[  148.563710][ T4994] usb 19-1: new low-speed USB device number 8 using vhci_hcd
[  148.567153][ T4994] usb 19-1: enqueue for inactive port 0
[  148.663207][ T4994] vhci_hcd: vhci_device speed not set
[  148.790848][ T7766] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[  148.793484][ T7766] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  148.797073][ T7766] vhci_hcd vhci_hcd.0: Device attached
[  148.961798][ T7751] vhci_hcd: connection reset by peer
[  148.964290][   T45] vhci_hcd: stop threads
[  148.966028][   T45] vhci_hcd: release socket
[  148.968268][   T45] vhci_hcd: disconnect device
[  149.043066][ T1265] vhci_hcd: vhci_device speed not set
[  149.142790][ T7779] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10)
[  149.145732][ T7779] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  149.151433][ T7779] vhci_hcd vhci_hcd.0: Device attached
[  149.159725][ T7780] vhci_hcd: cannot find the pending unlink 0
[  149.164590][ T7780] vhci_hcd: connection closed
[  149.164817][   T97] vhci_hcd: stop threads
[  149.169103][   T97] vhci_hcd: release socket
[  149.171161][   T97] vhci_hcd: disconnect device
[  149.508138][ T7767] vhci_hcd: connection closed
[  149.513857][   T13] vhci_hcd: stop threads
[  149.517188][   T13] vhci_hcd: release socket
[  149.520044][   T13] vhci_hcd: disconnect device
[  149.620931][ T7785] netlink: 'syz.1.685': attribute type 11 has an invalid length.
[  149.633025][ T7785] __nla_validate_parse: 12 callbacks suppressed
[  149.633044][ T7785] netlink: 8 bytes leftover after parsing attributes in process `syz.1.685'.
[  149.757487][ T7787] netlink: 4 bytes leftover after parsing attributes in process `syz.1.686'.
[  149.776973][ T7787] netlink: 4 bytes leftover after parsing attributes in process `syz.1.686'.
[  149.894939][   T57] vhci_hcd: vhci_device speed not set
[  149.998160][ T7796] netlink: 4 bytes leftover after parsing attributes in process `syz.1.689'.
[  150.005856][ T7796] netlink: 12 bytes leftover after parsing attributes in process `syz.1.689'.
[  150.018477][ T7796] netlink: 4 bytes leftover after parsing attributes in process `syz.1.689'.
[  150.354947][ T7806] netlink: 4 bytes leftover after parsing attributes in process `syz.1.692'.
[  150.369143][ T7806] netlink: 12 bytes leftover after parsing attributes in process `syz.1.692'.
[  150.381342][ T7806] netlink: 4 bytes leftover after parsing attributes in process `syz.1.692'.
[  150.610398][ T7816] netlink: 4 bytes leftover after parsing attributes in process `syz.1.693'.
[  150.997036][ T7828] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  150.999882][ T7828] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  151.004219][ T7828] vhci_hcd vhci_hcd.0: Device attached
[  151.010048][ T7829] vhci_hcd: cannot find the pending unlink 0
[  151.073642][ T7831] xt_TCPMSS: Only works on TCP SYN packets
[  151.273212][   T57] usb 15-1: new high-speed USB device number 11 using vhci_hcd
[  151.489959][ T7838] xt_TCPMSS: Only works on TCP SYN packets
[  151.730620][ T7829] vhci_hcd: connection reset by peer
[  151.738006][   T13] vhci_hcd: stop threads
[  151.740107][   T13] vhci_hcd: release socket
[  151.742490][   T13] vhci_hcd: disconnect device
[  151.975845][ T7849] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  151.978967][ T7849] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  151.983389][ T7849] vhci_hcd vhci_hcd.0: Device attached
[  151.990097][ T7850] vhci_hcd: cannot find the pending unlink 0
[  152.273197][ T4994] usb 19-1: new high-speed USB device number 9 using vhci_hcd
[  152.681094][ T7869] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  152.683899][ T7869] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  152.687627][ T7869] vhci_hcd vhci_hcd.0: Device attached
[  152.692521][ T7850] vhci_hcd: connection reset by peer
[  152.695480][   T97] vhci_hcd: stop threads
[  152.698290][   T97] vhci_hcd: release socket
[  152.700661][   T97] vhci_hcd: disconnect device
[  152.963911][ T5261] usb 17-1: new low-speed USB device number 6 using vhci_hcd
[  153.227658][ T7885] xt_TCPMSS: Only works on TCP SYN packets
[  153.469622][ T7889] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  153.472650][ T7889] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  153.477037][ T7889] vhci_hcd vhci_hcd.0: Device attached
[  153.482535][ T7890] vhci_hcd: cannot find the pending unlink 0
[  153.513662][ T7870] vhci_hcd: connection reset by peer
[  153.517135][ T1189] vhci_hcd: stop threads
[  153.519540][ T1189] vhci_hcd: release socket
[  153.521378][ T1189] vhci_hcd: disconnect device
[  154.166858][ T7897] fuse: Bad value for 'fd'
[  154.197105][ T7890] vhci_hcd: connection closed
[  154.197353][   T13] vhci_hcd: stop threads
[  154.202067][   T13] vhci_hcd: release socket
[  154.205061][   T13] vhci_hcd: disconnect device
[  154.754418][ T7903] fuse: Bad value for 'fd'
[  155.000639][ T7908] __nla_validate_parse: 13 callbacks suppressed
[  155.000655][ T7908] netlink: 12 bytes leftover after parsing attributes in process `syz.3.717'.
[  155.033825][ T7908] netlink: 4 bytes leftover after parsing attributes in process `syz.3.717'.
[  155.276151][ T1189] Bluetooth: hci3: Frame reassembly failed (-84)
[  155.376346][ T7914] netlink: 12 bytes leftover after parsing attributes in process `syz.2.720'.
[  155.414037][ T7926] netlink: 'syz.0.722': attribute type 4 has an invalid length.
[  155.657353][ T7930] netlink: 4 bytes leftover after parsing attributes in process `syz.1.723'.
[  155.665281][ T7930] netlink: 12 bytes leftover after parsing attributes in process `syz.1.723'.
[  155.679716][ T7930] netlink: 4 bytes leftover after parsing attributes in process `syz.1.723'.
[  155.893515][ T7935] netlink: 4 bytes leftover after parsing attributes in process `syz.1.724'.
[  155.898915][ T7935] netlink: 12 bytes leftover after parsing attributes in process `syz.1.724'.
[  155.907924][ T7935] netlink: 4 bytes leftover after parsing attributes in process `syz.1.724'.
[  156.163659][ T7942] netlink: 4 bytes leftover after parsing attributes in process `syz.1.726'.
[  156.383041][   T57] vhci_hcd: vhci_device speed not set
[  157.183683][ T7979] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[  157.186536][ T7979] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  157.189981][ T7979] vhci_hcd vhci_hcd.0: Device attached
[  157.201204][ T7980] vhci_hcd: cannot find the pending unlink 0
[  157.333450][ T5209] Bluetooth: hci3: command 0x1003 tx timeout
[  157.333693][ T5213] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  157.423061][ T4994] vhci_hcd: vhci_device speed not set
[  157.472999][   T35] usb 13-1: new high-speed USB device number 7 using vhci_hcd
[  157.530924][ T7991] overlayfs: missing 'lowerdir'
[  157.886986][ T7980] vhci_hcd: connection reset by peer
[  157.889631][ T1116] vhci_hcd: stop threads
[  157.891465][ T1116] vhci_hcd: release socket
[  157.893729][ T1116] vhci_hcd: disconnect device
[  157.940797][ T8005] input: syz1 as /devices/virtual/input/input13
[  157.952266][ T8005] FAULT_INJECTION: forcing a failure.
[  157.952266][ T8005] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  157.959110][ T8005] CPU: 0 PID: 8005 Comm: syz.2.745 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[  157.963236][ T8005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  157.967917][ T8005] Call Trace:
[  157.969038][ T8005]  <TASK>
[  157.970050][ T8005]  dump_stack_lvl+0x16c/0x1f0
[  157.971878][ T8005]  should_fail_ex+0x497/0x5b0
[  157.973751][ T8005]  _copy_from_user+0x30/0xf0
[  157.975617][ T8005]  input_event_from_user+0x22d/0x3b0
[  157.977729][ T8005]  ? __pfx_input_event_from_user+0x10/0x10
[  157.979915][ T8005]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  157.982205][ T8005]  ? input_event+0x8e/0xa0
[  157.983805][ T8005]  uinput_write+0xbc2/0x12c0
[  157.985766][ T8005]  ? __pfx_uinput_write+0x10/0x10
[  157.987837][ T8005]  ? bpf_lsm_file_permission+0x9/0x10
[  157.989790][ T8005]  ? security_file_permission+0x98/0xc0
[  157.991835][ T8005]  ? __pfx_uinput_write+0x10/0x10
[  157.993744][ T8005]  vfs_write+0x29a/0x1140
[  157.995428][ T8005]  ? __pfx_vfs_write+0x10/0x10
[  157.997415][ T8005]  ? __fget_files+0x256/0x400
[  157.999345][ T8005]  ? __fget_light+0x173/0x210
[  158.001322][ T8005]  ksys_write+0x1f8/0x260
[  158.003189][ T8005]  ? __pfx_ksys_write+0x10/0x10
[  158.004988][ T8005]  __do_fast_syscall_32+0x73/0x120
[  158.006853][ T8005]  do_fast_syscall_32+0x32/0x80
[  158.008860][ T8005]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  158.011527][ T8005] RIP: 0023:0xf744b579
[  158.013303][ T8005] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  158.020354][ T8005] RSP: 002b:00000000f5d6357c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  158.023387][ T8005] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000240
[  158.026605][ T8005] RDX: 00000000000000a2 RSI: 0000000000000000 RDI: 0000000000000000
[  158.029915][ T8005] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  158.033147][ T8005] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  158.036468][ T8005] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  158.039831][ T8005]  </TASK>
[  158.134256][ T5261] vhci_hcd: vhci_device speed not set
[  159.084084][ T4994] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  159.263011][ T4994] usb 5-1: Using ep0 maxpacket: 32
[  159.272152][ T4994] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  159.277550][ T4994] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  159.283229][ T4994] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  159.291677][ T4994] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  159.297038][ T4994] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  159.301278][ T4994] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  159.312986][ T4994] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  159.317995][ T4994] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.321617][ T4994] usb 5-1: Product: syz
[  159.324265][ T4994] usb 5-1: Manufacturer: syz
[  159.326403][ T4994] usb 5-1: SerialNumber: syz
[  159.341226][ T8046] netlink: 'syz.3.758': attribute type 11 has an invalid length.
[  159.416300][ T5213] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  159.420644][ T5213] Bluetooth: hci1: Injecting HCI hardware error event
[  159.427169][ T5209] Bluetooth: hci1: hardware error 0x00
[  159.566239][ T8034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  159.576676][ T8034] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  159.687058][ T4994] cdc_ncm 5-1:1.0: bind() failure
[  159.706231][ T4994] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  159.717611][ T4994] cdc_ncm 5-1:1.1: bind() failure
[  159.723377][ T4994] usb 5-1: USB disconnect, device number 12
[  159.958906][ T8062] xt_TCPMSS: Only works on TCP SYN packets
[  160.058539][ T1116] ------------[ cut here ]------------
[  160.061054][ T1116] WARNING: CPU: 1 PID: 1116 at net/wireless/nl80211.c:19473 cfg80211_bss_color_notify+0x60b/0x7d0
[  160.065831][ T1116] Modules linked in:
[  160.067799][ T1116] CPU: 1 PID: 1116 Comm: kworker/u32:9 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[  160.074625][ T1116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  160.079219][ T1116] Workqueue: phy7 ieee80211_color_collision_detection_work
[  160.082767][ T1116] RIP: 0010:cfg80211_bss_color_notify+0x60b/0x7d0
SYZFAIL: failed to recv rpc
fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)
[  160.085882][ T1116] Code: bc 5b f7 49 8d 7f 68 be ff ff ff ff e8 ce 3b a9 00 31 ff 89 c3 89 c6 e8 e3 b7 5b f7 85 db 0f 85 16 fb ff ff e8 d6 bc 5b f7 90 <0f> 0b 90 e9 08 fb ff ff e8 c8 bc 5b f7 0f b6 44 24 1c ba 01 00 00
[  160.094088][ T1116] RSP: 0018:ffffc90007007bf8 EFLAGS: 00010293
[  160.096277][ T1116] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8a32d1ad
[  160.098697][ T1116] RDX: ffff8880195f0000 RSI: ffffffff8a32d1ba RDI: 0000000000000005
[  160.101088][ T1116] RBP: 000000000000008d R08: 0000000000000005 R09: 0000000000000000
[  160.104000][ T1116] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888027670000
[  160.106398][ T1116] R13: ffff8880154b0000 R14: ffff888027670cb0 R15: ffff88800d7e8700
[  160.108840][ T1116] FS:  0000000000000000(0000) GS:ffff88802c100000(0000) knlGS:0000000000000000
[  160.111594][ T1116] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  160.114166][ T1116] CR2: 00000000f7fa25b8 CR3: 0000000053292000 CR4: 0000000000350ef0
[  160.117407][ T1116] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  160.120682][ T1116] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  160.124042][ T1116] Call Trace:
[  160.125512][ T1116]  <TASK>
[  160.126745][ T1116]  ? show_regs+0x8c/0xa0
[  160.128587][ T1116]  ? __warn+0xe5/0x3c0
[  160.130352][ T1116]  ? cfg80211_bss_color_notify+0x60b/0x7d0
[  160.132939][ T1116]  ? report_bug+0x3c0/0x580
[  160.134873][ T1116]  ? handle_bug+0x3d/0x70
[  160.136666][ T1116]  ? exc_invalid_op+0x17/0x50
[  160.138514][ T1116]  ? asm_exc_invalid_op+0x1a/0x20
[  160.140341][ T1116]  ? cfg80211_bss_color_notify+0x5fd/0x7d0
[  160.142252][ T1116]  ? cfg80211_bss_color_notify+0x60a/0x7d0
[  160.144444][ T1116]  ? cfg80211_bss_color_notify+0x60b/0x7d0
[  160.146489][ T1116]  ? cfg80211_bss_color_notify+0x60a/0x7d0
[  160.148842][ T1116]  ? __pfx_lock_acquire+0x10/0x10
[  160.150803][ T1116]  ? __pfx_cfg80211_bss_color_notify+0x10/0x10
[  160.153490][ T1116]  process_one_work+0x958/0x1ad0
[  160.155477][ T1116]  ? __pfx_lock_acquire+0x10/0x10
[  160.157879][ T1116]  ? __pfx_process_one_work+0x10/0x10
[  160.160244][ T1116]  ? assign_work+0x1a0/0x250
[  160.162255][ T1116]  worker_thread+0x6c8/0xf30
[  160.164562][ T1116]  ? __kthread_parkme+0x148/0x220
[  160.166245][ T5191] syz-executor (5191) used greatest stack depth: 21088 bytes left
[  160.166739][ T1116]  ? __pfx_worker_thread+0x10/0x10
[  160.172163][ T1116]  kthread+0x2c1/0x3a0
[  160.174073][ T1116]  ? _raw_spin_unlock_irq+0x23/0x50
[  160.176380][ T1116]  ? __pfx_kthread+0x10/0x10
[  160.178441][ T1116]  ret_from_fork+0x45/0x80
[  160.180370][ T1116]  ? __pfx_kthread+0x10/0x10
[  160.182256][ T1116]  ret_from_fork_asm+0x1a/0x30
[  160.184418][ T1116]  </TASK>
[  160.185883][ T1116] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  160.188974][ T1116] CPU: 1 PID: 1116 Comm: kworker/u32:9 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
[  160.193223][ T1116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  160.197675][ T1116] Workqueue: phy7 ieee80211_color_collision_detection_work
[  160.200711][ T1116] Call Trace:
[  160.202186][ T1116]  <TASK>
[  160.203491][ T1116]  dump_stack_lvl+0x3d/0x1f0
[  160.205490][ T1116]  panic+0x6f5/0x7a0
[  160.206957][ T1116]  ? __pfx_panic+0x10/0x10
[  160.208715][ T1116]  ? show_trace_log_lvl+0x363/0x500
[  160.210446][ T1116]  ? check_panic_on_warn+0x1f/0xb0
[  160.212379][ T1116]  ? cfg80211_bss_color_notify+0x60b/0x7d0
[  160.214139][ T1116]  check_panic_on_warn+0xab/0xb0
[  160.215774][ T1116]  __warn+0xf1/0x3c0
[  160.217093][ T1116]  ? cfg80211_bss_color_notify+0x60b/0x7d0
[  160.219030][ T1116]  report_bug+0x3c0/0x580
[  160.220502][ T1116]  handle_bug+0x3d/0x70
[  160.221886][ T1116]  exc_invalid_op+0x17/0x50
[  160.223430][ T1116]  asm_exc_invalid_op+0x1a/0x20
[  160.225102][ T1116] RIP: 0010:cfg80211_bss_color_notify+0x60b/0x7d0
[  160.227262][ T1116] Code: bc 5b f7 49 8d 7f 68 be ff ff ff ff e8 ce 3b a9 00 31 ff 89 c3 89 c6 e8 e3 b7 5b f7 85 db 0f 85 16 fb ff ff e8 d6 bc 5b f7 90 <0f> 0b 90 e9 08 fb ff ff e8 c8 bc 5b f7 0f b6 44 24 1c ba 01 00 00
[  160.234122][ T1116] RSP: 0018:ffffc90007007bf8 EFLAGS: 00010293
[  160.236332][ T1116] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8a32d1ad
[  160.239647][ T1116] RDX: ffff8880195f0000 RSI: ffffffff8a32d1ba RDI: 0000000000000005
[  160.242689][ T1116] RBP: 000000000000008d R08: 0000000000000005 R09: 0000000000000000
[  160.246017][ T1116] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888027670000
[  160.249314][ T1116] R13: ffff8880154b0000 R14: ffff888027670cb0 R15: ffff88800d7e8700
[  160.251846][ T1116]  ? cfg80211_bss_color_notify+0x5fd/0x7d0
[  160.254019][ T1116]  ? cfg80211_bss_color_notify+0x60a/0x7d0
[  160.256208][ T1116]  ? cfg80211_bss_color_notify+0x60a/0x7d0
[  160.258352][ T1116]  ? __pfx_lock_acquire+0x10/0x10
[  160.260546][ T1116]  ? __pfx_cfg80211_bss_color_notify+0x10/0x10
[  160.263282][ T1116]  process_one_work+0x958/0x1ad0
[  160.265466][ T1116]  ? __pfx_lock_acquire+0x10/0x10
[  160.267647][ T1116]  ? __pfx_process_one_work+0x10/0x10
[  160.270030][ T1116]  ? assign_work+0x1a0/0x250
[  160.272012][ T1116]  worker_thread+0x6c8/0xf30
[  160.274036][ T1116]  ? __kthread_parkme+0x148/0x220
[  160.276139][ T1116]  ? __pfx_worker_thread+0x10/0x10
[  160.278412][ T1116]  kthread+0x2c1/0x3a0
[  160.280222][ T1116]  ? _raw_spin_unlock_irq+0x23/0x50
[  160.282588][ T1116]  ? __pfx_kthread+0x10/0x10
[  160.284652][ T1116]  ret_from_fork+0x45/0x80
[  160.286591][ T1116]  ? __pfx_kthread+0x10/0x10
[  160.288634][ T1116]  ret_from_fork_asm+0x1a/0x30
[  160.290729][ T1116]  </TASK>
[  160.292734][ T1116] Kernel Offset: disabled
[  160.294723][ T1116] Rebooting in 86400 seconds..

VM DIAGNOSIS:
08:32:25  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000007 RBX=ffffffff8fe2cc98 RCX=ffffffff816caf69 RDX=0000000000000000
RSI=0000000000000000 RDI=ffff888016f32f1c RBP=1ffff920001c5f4e RSP=ffffc90000e2fa60
R8 =0000000000000000 R9 =fffffbfff1fc533a R10=ffffffff8fe299d7 R11=0000000000000002
R12=ffffffff8dbb4ea0 R13=ffff88802b7317c8 R14=ffff888016f32440 R15=ffffffff8aa11a80
RIP=ffffffff816cb011 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802c000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000ffaacd1c CR3=00000000269ae000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000006001 Opmask01=0000000000180040 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd98201eb0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20746e696f70646e 65203020676e6974 7400007a7973203a 746375646f725000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2074646365706464 6520302067646374 7400007073732030 7463756465725000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30303030203a3541 3030303030302030 3932303030203020 3a52204135303020
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020302020352030 30202e3020302020 3030203000203020 2030202030202020
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a3c382a3e682a6e 322a3a3a2a3a3a2a 3a3a2a3a3a2a3c38 2a3e682a6e322a3a
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 693d3f393c6e3f6c 3a3a3a3a3a3a3a3a 3068383a3a2a305a 59582a573f3a3a32
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff84f94585 RDI=ffffffff94d59e00 RBP=ffffffff94d59dc0 RSP=ffffc900070075e0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000005
R12=0000000000000000 R13=0000000000000031 R14=ffffffff84f94520 R15=0000000000000000
RIP=ffffffff84f945af RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802c100000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7fa25b8 CR3=0000000053292000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000001 RBX=00000000000008d6 RCX=ffffffff81e3375d RDX=fffff940001614d7
RSI=0000000000000004 RDI=ffffea0000b0a6b4 RBP=ffffea0000b0a680 RSP=ffffc900037578a8
R8 =0000000000000001 R9 =fffff940001614d6 R10=ffffea0000b0a6b7 R11=0000000000000001
R12=ffffea0000b0a6b4 R13=0000000000000000 R14=00000000000008d7 R15=0000000000000003
RIP=ffffffff81e33761 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f43b7496d00 ffffffff 00c00000
GS =0000 ffff88802c200000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00005636477bd000 CR3=000000001d006000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=0360319d0360319d 0360319d0360319d 0360319d0360319d 0360319d0360319d 0360319d0360319d 0360319d0360319d 0360319d0360319d 0360319d0360319d
ZMM22=2b8c3efc2b8c3efc 2b8c3efc2b8c3efc 2b8c3efc2b8c3efc 2b8c3efc2b8c3efc 2b8c3efc2b8c3efc 2b8c3efc2b8c3efc 2b8c3efc2b8c3efc 2b8c3efc2b8c3efc
ZMM23=ce933c03ce933c03 ce933c03ce933c03 ce933c03ce933c03 ce933c03ce933c03 ce933c03ce933c03 ce933c03ce933c03 ce933c03ce933c03 ce933c03ce933c03
ZMM24=1b4bef4d1b4bef4d 1b4bef4d1b4bef4d 1b4bef4d1b4bef4d 1b4bef4d1b4bef4d 1b4bef4d1b4bef4d 1b4bef4d1b4bef4d 1b4bef4d1b4bef4d 1b4bef4d1b4bef4d
ZMM25=8276386482763864 8276386482763864 8276386482763864 8276386482763864 8276386482763864 8276386482763864 8276386482763864 8276386482763864
ZMM26=eb61a70deb61a70d eb61a70deb61a70d eb61a70deb61a70d eb61a70deb61a70d eb61a70deb61a70d eb61a70deb61a70d eb61a70deb61a70d eb61a70deb61a70d
ZMM27=8733fa2c8733fa2c 8733fa2c8733fa2c 8733fa2c8733fa2c 8733fa2c8733fa2c 8733fa2c8733fa2c 8733fa2c8733fa2c 8733fa2c8733fa2c 8733fa2c8733fa2c
ZMM28=000000700000006f 0000006e0000006d 0000006c0000006b 0000006a00000069 0000006800000067 0000006600000065 0000006400000063 0000006200000061
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=7d0a00007d0a0000 7d0a00007d0a0000 7d0a00007d0a0000 7d0a00007d0a0000 7d0a00007d0a0000 7d0a00007d0a0000 7d0a00007d0a0000 7d0a00007d0a0000
info registers vcpu 3

CPU#3
RAX=dffffc0000000000 RBX=0000000000000021 RCX=ffffffff816bcb0e RDX=0000000000000000
RSI=0000000000000008 RDI=ffffffff941f32c0 RBP=1ffffffff283e658 RSP=ffffc90000eff508
R8 =0000000000000000 R9 =ffffffff941f32c7 R10=ffffffff941f32c7 R11=0000000000000001
R12=0000000000000000 R13=0000000000000000 R14=ffff88801a275388 R15=0000000000000021
RIP=ffffffff81ebafbd RFL=00000802 [-O-----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802c300000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f5318fa90d0 CR3=000000001cebe000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000044000001 Opmask01=000000000000001f Opmask02=000000000000ffdf Opmask03=2040000404420020
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdabd589d0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ff00000000 00ff000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000ff00
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 60212a3df7ef33d9 7373253ea556f037
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737142 737373435c021e73
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6d25203a7325206b 6e696c6d79732065 7461657263206f74 2064656c69614600
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4800051f5600054e 4b4c49485c560540 5144405746054a51 054140494c444600
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1352594e849c40aa 00000005648b2ae6 0000000000000171 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 316134612f353235 3d544355444f5250 000030343936313d 4d554e5145530039
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 722072336a617c7c 3d31203c322a3670 64695c554f58581d 61262b2429327619
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7f777f776f777e7f 3d7b3f7d7f7f7f7f 777f7f7f6f7f797f 7f7f7f3f7f7f7f7f
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 264c383a3a264f38 3a3a264e383a3a26 49383a3a2648383a 3a2633383a3a2632
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 313d454400323d49 4400494d00373d45 4f4a414d00300032 4955555f3d454d41
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 313d344400320035 30003d4d00373d45 0000302f002f0032 45504e510030002f
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000