last executing test programs:

20.028930338s ago: executing program 2 (id=1173):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x2, {}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x2, 0x0, 0x4, 0xe5ce}, 0x1}}, @TCA_MPLS_TC={0x5, 0x6, 0x6}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8100}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x24008041}, 0x10000800)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x19, 0x3, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x9, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r5, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0)
r6 = io_uring_setup(0x773d, &(0x7f0000000a40)={0x0, 0x0, 0x1000, 0x2, 0x3bc})
r7 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r7, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
listen(r7, 0x4)
close_range(r6, r7, 0x0)
r8 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402)
ioctl$USBDEVFS_CONTROL(r8, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x5, 0x6, 0x0, 0x5, 0x0})

20.016100713s ago: executing program 2 (id=1174):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042"})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010012, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

19.952678159s ago: executing program 2 (id=1175):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x2, {}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x2, 0x0, 0x4, 0xe5ce}, 0x1}}, @TCA_MPLS_TC={0x5, 0x6, 0x6}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8100}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x24008041}, 0x10000800)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x19, 0x3, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x9, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r5, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0)
r6 = io_uring_setup(0x773d, &(0x7f0000000a40)={0x0, 0x0, 0x1000, 0x2, 0x3bc})
r7 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r7, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
listen(r7, 0x4)
close_range(r6, r7, 0x0)
r8 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402)
ioctl$USBDEVFS_CONTROL(r8, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x5, 0x6, 0x0, 0x5, 0x0})

18.903925344s ago: executing program 2 (id=1183):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x2, {}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x2, 0x0, 0x4, 0xe5ce}, 0x1}}, @TCA_MPLS_TC={0x5, 0x6, 0x6}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8100}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x24008041}, 0x10000800)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x19, 0x3, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x9, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r5, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0)
r6 = io_uring_setup(0x773d, &(0x7f0000000a40)={0x0, 0x0, 0x1000, 0x2, 0x3bc})
r7 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r7, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
listen(r7, 0x4)
close_range(r6, r7, 0x0)
r8 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402)
ioctl$USBDEVFS_CONTROL(r8, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x5, 0x6, 0x0, 0x5, 0x0})

18.033465253s ago: executing program 2 (id=1186):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000840), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x2c, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0xc, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x3}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x20004050)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f00000002c0)=0x20)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
fsetxattr$system_posix_acl(r4, &(0x7f0000000000)='system.posix_acl_access\x00', 0x0, 0x0, 0x1)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4)
r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
write$sndseq(r5, &(0x7f0000001380)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x5}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}, {0x10, 0x0, 0x0, 0x0, @time={0x4, 0x7}, {}, {0x0, 0x80}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time}], 0x68)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x18)
r7 = openat$audio(0xffffff9c, &(0x7f0000000340), 0x40, 0x0)
ioctl$SOUND_MIXER_READ_VOLUME(r7, 0x80044d13, &(0x7f0000000380))
ioctl$BLKBSZGET(r5, 0x80041270, &(0x7f0000000080))
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r9, @ANYBLOB="0000000000000000b705000000000000850000002d00000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_FRAME(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000001c0)={0x34, r12, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r13}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x912}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0xd}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

17.965930425s ago: executing program 2 (id=1188):
getresuid(&(0x7f0000000000)=<r0=>0x0, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000080))
getresgid(&(0x7f00000000c0), &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140))
keyctl$chown(0x4, 0x0, r0, r2) (async)
read$FUSE(0xffffffffffffffff, &(0x7f0000000180)={0x2020, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
sched_setaffinity(r3, 0x8, &(0x7f00000021c0)=0xe) (async)
r4 = syz_open_dev$vbi(&(0x7f0000002200), 0x3, 0x2)
ioctl$VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000002240)={0x2, 0xa, 0x3, 0x0, 0x7f})
r5 = accept4$packet(0xffffffffffffffff, &(0x7f0000002280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000022c0)=0x14, 0x80000)
accept4$packet(r5, &(0x7f0000002300)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000002340)=0x14, 0x80000) (async)
mlock(&(0x7f0000bfd000/0x400000)=nil, 0x400000) (async)
r7 = pidfd_getfd(0xffffffffffffffff, r5, 0x0) (async)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f00000023c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r7, &(0x7f00000024c0)={&(0x7f0000002380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000002480)={&(0x7f0000002400)={0x68, r8, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}, @BATADV_ATTR_ISOLATION_MASK={0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xfff}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x68}, 0x1, 0x0, 0x0, 0x4001}, 0x10) (async)
ioctl$EVIOCGABS20(r7, 0x80184560, &(0x7f0000002500)) (async)
r9 = openat$binder_debug(0xffffff9c, &(0x7f0000002540)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffffff, &(0x7f0000002580)='./file0\x00', 0x40) (async)
sendto$inet(r7, &(0x7f00000025c0)="65ff1929b3138face836501224ed208c995ade88bb748f045710596dfbca40fba7dc2aee2138d89c27486d6d8c3abfdee0a8b9", 0x33, 0x4000010, &(0x7f0000002600)={0x2, 0x4e23, @empty}, 0x10)
chown(&(0x7f0000002640)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r1, 0xee00) (async)
r10 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt(r10, 0x57c, 0x7fffffff, &(0x7f0000002740)="b333208ce7bc86be6df43fba73749dd2ea668c43083de8ffdb346a8e9deb31d648f6c5047fbc27991a9fd13fe35fe1c76507afade5d742d3309fbdf3c7e774ff382897fa3f2ce1d4926e2f6e4202a4a9709e439c06acc8e962c7b6e8015ec9d614ab2c512e30d9e75ee7a75b3eff2548d962820a06eb93e7d76fc08411c04138bde4b4697ca6", 0x86)
syz_genetlink_get_family_id$tipc(&(0x7f0000002800), r9) (async)
io_uring_enter(r9, 0x7dd, 0x6987, 0x8, &(0x7f0000002840)={[0x8]}, 0x8)
mmap(&(0x7f0000d06000/0x2000)=nil, 0x2000, 0xd, 0x4010, r9, 0xceb9000)
r11 = userfaultfd(0x0)
ioctl$UFFDIO_CONTINUE(r11, 0xc020aa07, &(0x7f0000002880)={{&(0x7f0000f4e000/0x4000)=nil, 0x4000}, 0x1}) (async)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket$inet(0x2, 0x2, 0xfffffffe)
socket$inet_smc(0x2b, 0x1, 0x0) (async)
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000028c0)={0x2, 0x4, 0x8, 0x1, 0x80, r7, 0x7fffffff, '\x00', r6, r9, 0x2, 0x4, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000002940)=@bloom_filter={0x1e, 0x0, 0x3, 0xdd4, 0x1fd24, r12, 0x8, '\x00', r6, r9, 0x0, 0x1, 0x3, 0x9, @value, @void, @value}, 0x50)

15.734811852s ago: executing program 0 (id=1198):
connect$inet(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0xa5b, &(0x7f0000000380)=ANY=[@ANYBLOB="cdbfa0a5c597aaaaaaaaaabb86dd600000000a25000000000000000000000100200100000000ff020000000000000000000000000001aa47613f"], 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
r2 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x1)
fchdir(r3)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x10)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000740)=""/67, 0x0, 0xd000})
ioctl$SOUND_PCM_READ_CHANNELS(r5, 0x80045006, &(0x7f0000000080))
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x1b, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0xfe, 0x0}}, 0x1, 0x6, 0x3, 0x0, 0x400, 0x5}, 0x20)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/78, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000a40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
setsockopt$inet_int(r4, 0x0, 0x33, &(0x7f0000000300)=0x80000005, 0x4)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
unshare(0x64000600)

15.604565981s ago: executing program 0 (id=1199):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000dc0)={0x50, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x5}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x50}}, 0x0)

15.573457182s ago: executing program 0 (id=1200):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r1, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000038c0)={&(0x7f0000001500)={0x30, r0, 0x1, 0x70bd07, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x64}, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0xb, 0x43}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x40000a0}, 0x810)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x24, r3, 0x1, 0x50bd26, 0x25dfdbf8, {{}, {@val={0x8, 0x1, 0x4f}, @val={0x8, 0x3, r2}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x20044040}, 0x24008004)

15.453335512s ago: executing program 0 (id=1201):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$radio(&(0x7f0000000080), 0x0, 0x2)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000140)=@urb_type_iso={0x0, {0x1, 0x1}, 0x1, 0x80, 0x0, 0x0, 0x7172, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @link_local, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x9, @local, @multicast2, @broadcast, @loopback}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x31, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r4 = fcntl$dupfd(r1, 0x406, r1)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000300)=ANY=[@ANYRES64=r2], &(0x7f00000006c0)='GPL\x00', 0x4000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000001c0)='percpu_alloc_percpu\x00', r5}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x5, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x3d}, [@call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$9p(r4, 0x0, 0x0)
r6 = socket(0x10, 0x803, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r7, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$inet_tcp_int(r7, 0x6, 0x210000000013, &(0x7f0000000300)=0x100000001, 0x1d)
r8 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r8, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x5}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000040)="2703022b590241c90012002f1eafbcf706e1050000006558000f1102ee1680ca82973d2bd4b8bf4a8291a14b8a34f90186cee844000000080000000019b0fb0bba", 0x41}, {&(0x7f0000000440)="63f805d7649496db72959832930469edc7b7d050139bf7ada32bc9e37eed1153ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d3333ce2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26cb0000000000000000", 0x87}, {&(0x7f0000000280)="fe112162c63e6da8bc8432294ef18af53cc330a62a2c7035246635093ba4d30fcf19a90804f04a10939db8f4e13069cda6d167bf1b68c94d8d694d6ad1a4d51a715975560ad48770706eb1b88d021e1119f2eb75275cfe77f862368649be0f7aff5e7826729816e3d3e7986d9434f891c71ca6e4210c6757083cfd8e732048c504f28b6d309fc129ed8eb5a82e224eb648f90134d1d315977c6ea360a7fece4baa3dd7dcc970759f29df0e86469e954e2b050e87b203ca27a2a519b7555c3b73f2681d49442d9647ff5ea64110cc5020fdeafe53a7d8be70f3260816bc376bcdc5352771fa55d9733e27730ec7103520e8359c78edd21ee6c68feb3685a55722f5da09ffe8ba9f05081a8d214156376f99906245f2f390ad717979d98f0574f8c5b52dcc2fa494f461be6c2560ddbaafb80c5b4583cbe56d24f14ab78fd718947077ea736251c7b8eee267267534c84daa6f095e94bfb85986a03ddea362cc7e6682884e710727c1163cd4f336c13b844605b7a815fe39e43bd0d2e414410a82958455b8a6bd9194c631d66295675fed64c04107a595c421111a3af6e9fadab5c9", 0x1a1}, {&(0x7f0000000180)="6fe4dd9eeba3271dc700b581440284", 0xfe69}], 0x4}, 0x0)
r9 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "d4dfeb1ceb40eeefe68d6cf265b68e88a8bb314f3c0f82df67e25dad70d6b31e036f9f20b70c42a4dc5b21aa28f606af1557115f56805a217afe6b467cb413b3"}, 0x48, 0xffffffffffffffff)
keyctl$negate(0x4, r9, 0x0, 0xfffffffffffffffe)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newlink={0x4c, 0x10, 0x437, 0x70bd27, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0x8}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x81}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}]}}}]}, 0x4c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'})

15.142232339s ago: executing program 0 (id=1203):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000840), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x2c, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0xc, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x3}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x20004050)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f00000002c0)=0x20)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
fsetxattr$system_posix_acl(r4, &(0x7f0000000000)='system.posix_acl_access\x00', 0x0, 0x0, 0x1)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4)
r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
write$sndseq(r5, &(0x7f0000001380)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x5}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}, {0x10, 0x0, 0x0, 0x0, @time={0x4, 0x7}, {}, {0x0, 0x80}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time}], 0x68)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x18)
r7 = openat$audio(0xffffff9c, &(0x7f0000000340), 0x40, 0x0)
ioctl$SOUND_MIXER_READ_VOLUME(r7, 0x80044d13, &(0x7f0000000380))
ioctl$BLKBSZGET(r5, 0x80041270, &(0x7f0000000080))
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r9, @ANYBLOB="0000000000000000b705000000000000850000002d00000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_FRAME(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000001c0)={0x34, r12, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r13}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x912}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0xd}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

15.06137356s ago: executing program 0 (id=1205):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c)
setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x4e23, 0x0, @loopback}, {0xa, 0x0, 0xfffffffd, @mcast2}, 0x1f, {[0x0, 0x100, 0x0, 0xfffffffe, 0x0, 0x0, 0x9, 0xffffffff]}}, 0x5c)

4.505151347s ago: executing program 3 (id=1238):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400))
r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000080)=0x40)
chdir(&(0x7f0000000700)='./file1\x00')
r1 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_TRY_ENCODER_CMD(r1, 0xc028564e, &(0x7f00000000c0))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000c00)={{0x1, 0x1, 0x18, r2, {r2}}, './file0\x00'})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='comm\x00')
exit(0x7)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r7 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, 0x0, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r8, {0xc, 0x4}, {0x60, 0x9}, {0xb, 0x9}}}, 0x24}}, 0x20040054)
read$FUSE(r5, &(0x7f0000006300)={0x2020}, 0x2020)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010003904000000000000000000000000c5c88cb5a49b08b82276a595aa96611ad5d5d29bb404c5c82eb93b540b7cbd042252e4cffd2ca80900c120f07056c6caec0b82f1210b5e192f543993fb0d3caaa40e5d416436fcda36ee55234044052c5abb753128270f1e31234e6700000000ef89c684d6020000001ceeb83cd274378b9e6a", @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c0002800800120000000000"], 0x3c}}, 0x0)

3.674909703s ago: executing program 1 (id=1239):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYRESOCT, @ANYRES64, @ANYBLOB="44a837b4012918a47d0187", @ANYRES16, @ANYRESDEC=r1, @ANYRESOCT=r0], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x3, &(0x7f0000000100)=[{0x81, 0x6, 0x1, 0xe7}, {0x2, 0xcc, 0x5, 0xd}, {0x11c, 0xf, 0x9e, 0xffffffff}]})
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r6, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706b86e65204361707455726527203030303030303430303030"], 0xb8)
dup3(r2, r0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020100000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x60, 0x16, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'wlan0\x00'}]}]}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}]}], {0x14}}, 0x88}}, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xb, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x70}, {{0x18, 0x1, 0x1, 0x0, r9}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [], {{0x5, 0x1, 0x4, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0xc5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bind$x25(r8, &(0x7f0000000040), 0x12)
r10 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
close(r10)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e24, @local}, 0x10)

3.57887271s ago: executing program 3 (id=1240):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)={{0x14}, [@NFT_MSG_NEWRULE={0x30, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x58}}, 0x0)
syz_emit_ethernet(0x2e, &(0x7f0000000340)={@multicast, @random="866304000800", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3a, 0x1c, 0x0, 0x0, 0xf9, 0x11, 0x0, @empty, @multicast1}, {0xfffe, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x3, 0x100, @void}}}}}}}, 0x0)

3.474361909s ago: executing program 3 (id=1241):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x20000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x8042)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x15)
writev(r3, 0x0, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000000240)={0x0, 0xfffffffffffffe1a, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)

2.783066891s ago: executing program 1 (id=1242):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
r3 = fsopen(&(0x7f0000000040)='hpfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000440)='cq\xad\x87\xa5\xb5\xd5#/\xa4\xe9\xb8\xa4_\x1b\x11D\xcd\x15*\xdb\x02+cy]w\xb0u\x8cx\xcc\xbb\x1eO\x9dW(%\xa2d\xda\xf8C$u;x\xcfS\xfb', &(0x7f0000000740)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00 \xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$F\xba\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\x00\x00\x00\x00\x00\x00\x00\x01\xc7\xe6\xf28\x19\xa6\xa7\xb1\xc6x\x8cy\xcf\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x81g\x90\x01n%\x7f_\xe1.\xfd\xea\xd7j\xfb\"\xab\xdb\x062e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k\xb1Co\xc07\x19\xc6\"\x9c\x8d\xdfA\xf8T\xe5\xae\xbf\x00)WNW2$B$\x84\xf7\x9b\xfd1\x91\xc0;\x9dJ\x94\x196f\x11\xcfp\xef]\x05fgw\fX\xb5\xdd\x8a\x13o\x05\xbe\x94\xbaR\x9a/dy\xe5K\xe9aiv\xa5nb\xfa5\x98\x91\x1d~b2@~j\xc3\xd44\x81\x91q\x9b\xaaLp\xe3C{OF\xd1\x9e\xa7\xb0v)T', 0x0)
syz_emit_vhci(&(0x7f0000000340)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x2f}, "52ba6bbe6e36e522602706d661097c963dfecd4f25440e692186000000000e0000f33182eacce8d763bc4ebc1f829b"}, 0x33)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0xca1, &(0x7f0000000100)={0x0, 0x8de3, 0x10310, 0xfffffffe, 0x4a}, &(0x7f00000003c0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00'})
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000380)={0x8, 0xa0b0, 0x9, 0x6, 0x22, 0x2})
pipe2(0x0, 0x0)
tee(0xffffffffffffffff, r7, 0x100, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="24000000200001032abd7000ffdbdf250200000000000007ff"], 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r10, 0xc0045005, &(0x7f0000000140)=0x2000)
r11 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
write$dsp(r11, &(0x7f0000000300)='U', 0x1)
ppoll(&(0x7f00000000c0)=[{r10, 0x9620}], 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0)
openat$fuse(0xffffff9c, &(0x7f00000002c0), 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x140c, 0x31, 0x70bd2d, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x5}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004400}, 0x404)

2.782697691s ago: executing program 32 (id=1188):
getresuid(&(0x7f0000000000)=<r0=>0x0, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000080))
getresgid(&(0x7f00000000c0), &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140))
keyctl$chown(0x4, 0x0, r0, r2) (async)
read$FUSE(0xffffffffffffffff, &(0x7f0000000180)={0x2020, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
sched_setaffinity(r3, 0x8, &(0x7f00000021c0)=0xe) (async)
r4 = syz_open_dev$vbi(&(0x7f0000002200), 0x3, 0x2)
ioctl$VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000002240)={0x2, 0xa, 0x3, 0x0, 0x7f})
r5 = accept4$packet(0xffffffffffffffff, &(0x7f0000002280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000022c0)=0x14, 0x80000)
accept4$packet(r5, &(0x7f0000002300)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000002340)=0x14, 0x80000) (async)
mlock(&(0x7f0000bfd000/0x400000)=nil, 0x400000) (async)
r7 = pidfd_getfd(0xffffffffffffffff, r5, 0x0) (async)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f00000023c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r7, &(0x7f00000024c0)={&(0x7f0000002380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000002480)={&(0x7f0000002400)={0x68, r8, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}, @BATADV_ATTR_ISOLATION_MASK={0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xfff}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x68}, 0x1, 0x0, 0x0, 0x4001}, 0x10) (async)
ioctl$EVIOCGABS20(r7, 0x80184560, &(0x7f0000002500)) (async)
r9 = openat$binder_debug(0xffffff9c, &(0x7f0000002540)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffffff, &(0x7f0000002580)='./file0\x00', 0x40) (async)
sendto$inet(r7, &(0x7f00000025c0)="65ff1929b3138face836501224ed208c995ade88bb748f045710596dfbca40fba7dc2aee2138d89c27486d6d8c3abfdee0a8b9", 0x33, 0x4000010, &(0x7f0000002600)={0x2, 0x4e23, @empty}, 0x10)
chown(&(0x7f0000002640)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r1, 0xee00) (async)
r10 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt(r10, 0x57c, 0x7fffffff, &(0x7f0000002740)="b333208ce7bc86be6df43fba73749dd2ea668c43083de8ffdb346a8e9deb31d648f6c5047fbc27991a9fd13fe35fe1c76507afade5d742d3309fbdf3c7e774ff382897fa3f2ce1d4926e2f6e4202a4a9709e439c06acc8e962c7b6e8015ec9d614ab2c512e30d9e75ee7a75b3eff2548d962820a06eb93e7d76fc08411c04138bde4b4697ca6", 0x86)
syz_genetlink_get_family_id$tipc(&(0x7f0000002800), r9) (async)
io_uring_enter(r9, 0x7dd, 0x6987, 0x8, &(0x7f0000002840)={[0x8]}, 0x8)
mmap(&(0x7f0000d06000/0x2000)=nil, 0x2000, 0xd, 0x4010, r9, 0xceb9000)
r11 = userfaultfd(0x0)
ioctl$UFFDIO_CONTINUE(r11, 0xc020aa07, &(0x7f0000002880)={{&(0x7f0000f4e000/0x4000)=nil, 0x4000}, 0x1}) (async)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket$inet(0x2, 0x2, 0xfffffffe)
socket$inet_smc(0x2b, 0x1, 0x0) (async)
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000028c0)={0x2, 0x4, 0x8, 0x1, 0x80, r7, 0x7fffffff, '\x00', r6, r9, 0x2, 0x4, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000002940)=@bloom_filter={0x1e, 0x0, 0x3, 0xdd4, 0x1fd24, r12, 0x8, '\x00', r6, r9, 0x0, 0x1, 0x3, 0x9, @value, @void, @value}, 0x50)

2.503428699s ago: executing program 3 (id=1244):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
r3 = fsopen(&(0x7f0000000040)='hpfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000440)='cq\xad\x87\xa5\xb5\xd5#/\xa4\xe9\xb8\xa4_\x1b\x11D\xcd\x15*\xdb\x02+cy]w\xb0u\x8cx\xcc\xbb\x1eO\x9dW(%\xa2d\xda\xf8C$u;x\xcfS\xfb', &(0x7f0000000740)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00 \xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$F\xba\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\x00\x00\x00\x00\x00\x00\x00\x01\xc7\xe6\xf28\x19\xa6\xa7\xb1\xc6x\x8cy\xcf\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x81g\x90\x01n%\x7f_\xe1.\xfd\xea\xd7j\xfb\"\xab\xdb\x062e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k\xb1Co\xc07\x19\xc6\"\x9c\x8d\xdfA\xf8T\xe5\xae\xbf\x00)WNW2$B$\x84\xf7\x9b\xfd1\x91\xc0;\x9dJ\x94\x196f\x11\xcfp\xef]\x05fgw\fX\xb5\xdd\x8a\x13o\x05\xbe\x94\xbaR\x9a/dy\xe5K\xe9aiv\xa5nb\xfa5\x98\x91\x1d~b2@~j\xc3\xd44\x81\x91q\x9b\xaaLp\xe3C{OF\xd1\x9e\xa7\xb0v)T', 0x0)
syz_emit_vhci(&(0x7f0000000340)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x32}, "52ba6bbe6e36e522602706d661097c963dfecd4f25440e692186000000000e0000f33182eacce8d763bc4ebc1f829b5e8700"}, 0x36)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0xca1, &(0x7f0000000100)={0x0, 0x8de3, 0x10310, 0xfffffffe, 0x4a}, &(0x7f00000003c0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00'})
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000380)={0x8, 0xa0b0, 0x9, 0x6, 0x22, 0x2})
pipe2(0x0, 0x0)
tee(0xffffffffffffffff, r7, 0x100, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="24000000200001032abd7000ffdbdf250200000000000007ff"], 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r10, 0xc0045005, &(0x7f0000000140)=0x2000)
r11 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
write$dsp(r11, &(0x7f0000000300)='U', 0x1)
ppoll(&(0x7f00000000c0)=[{r10, 0x9620}], 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0)
openat$fuse(0xffffff9c, &(0x7f00000002c0), 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x140c, 0x31, 0x70bd2d, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x5}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004400}, 0x404)

1.262271697s ago: executing program 1 (id=1245):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r1, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000038c0)={&(0x7f0000001500)={0x30, r0, 0x1, 0x70bd07, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x64}, @val={0x8}, @val={0xc, 0x99, {0xb, 0x43}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x40000a0}, 0x810)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x24, r2, 0x1, 0x50bd26, 0x25dfdbf8, {{}, {@val={0x8, 0x1, 0x4f}, @val={0x8}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x20044040}, 0x24008004)

1.174937736s ago: executing program 1 (id=1246):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000005c0)=@mangle={'mangle\x00', 0x2, 0x6, 0x56c, 0xec, 0x370, 0x1c4, 0x1c4, 0x370, 0x4a4, 0x4a4, 0x4a4, 0x4a4, 0x4a4, 0x6, 0x0, {[{{@uncond, 0x0, 0xc8, 0xec, 0x7000000, {0x7a00000000000000, 0x1d00}, [@inet=@rpfilter={{0x24}}]}, @HL={0x24}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, [], [0x0, 0x0, 0xff], 'syzkaller0\x00', 'team_slave_1\x00'}, 0x0, 0xa4, 0xd8}, @common=@inet=@SET3={0x34, 'SET\x00', 0x3, {{0xffffffffffffffff}, {0xffffffffffffffff}, {}, 0x400f3dd}}}, {{@ipv6={@remote, @private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xffffff00, 0xffffffff, 0xff000000], [0x0, 0xff, 0x0, 0xffffffff], 'ip6tnl0\x00', 'vlan0\x00', {0xff}, {0xff}, 0x11, 0x5, 0x1, 0x26}, 0x0, 0xa4, 0xc8}, @unspec=@CHECKSUM={0x24}}, {{@ipv6={@local, @loopback, [0xff, 0xff000000, 0xffffffff, 0xffffffff], [0xff, 0xff, 0xffffff00, 0xff], 'macvlan0\x00', 'veth0_to_bridge\x00', {0xff}, {0xff}, 0x0, 0x4, 0x1, 0x20}, 0x0, 0xa4, 0xe4}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x0, 0x7]}}}, {{@uncond, 0x0, 0x110, 0x134, 0x0, {}, [@common=@hbh={{0x48}, {0xfffffffb, 0x8, 0x0, [0x7a5e, 0x0, 0x2, 0x4, 0x6, 0xfffa, 0x8, 0x419, 0xd19, 0x3, 0xfff, 0x9, 0x0, 0x101, 0x6, 0x101], 0x6}}, @common=@eui64={{0x24}}]}, @unspec=@CHECKSUM={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x5c8)

1.174645626s ago: executing program 1 (id=1247):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x2, {}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x2, 0x0, 0x4, 0xe5ce}, 0x1}}, @TCA_MPLS_TC={0x5, 0x6, 0x6}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8100}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x24008041}, 0x10000800)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x19, 0x3, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x9, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r5, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0)
r6 = io_uring_setup(0x773d, &(0x7f0000000a40)={0x0, 0x0, 0x1000, 0x2, 0x3bc})
r7 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r7, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
listen(r7, 0x4)
close_range(r6, r7, 0x0)
r8 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402)
ioctl$USBDEVFS_CONTROL(r8, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x5, 0x6, 0x0, 0x5, 0x0})

943.658677ms ago: executing program 3 (id=1248):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400))
r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000080)=0x40)
chdir(&(0x7f0000000700)='./file1\x00')
r1 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_TRY_ENCODER_CMD(r1, 0xc028564e, &(0x7f00000000c0))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000c00)={{0x1, 0x1, 0x18, r2, {r2}}, './file0\x00'})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='comm\x00')
exit(0x7)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r7 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, 0x0, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r8, {0xc, 0x4}, {0x60, 0x9}, {0xb, 0x9}}}, 0x24}}, 0x20040054)
read$FUSE(r5, &(0x7f0000006300)={0x2020}, 0x2020)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010003904000000000000000000000000c5c88cb5a49b08b82276a595aa96611ad5d5d29bb404c5c82eb93b540b7cbd042252e4cffd2ca80900c120f07056c6caec0b82f1210b5e192f543993fb0d3caaa40e5d416436fcda36ee55234044052c5abb753128270f1e31234e6700000000ef89c684d6020000001ceeb83cd274378b9e6a", @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c0002800800120000000000"], 0x3c}}, 0x0)

943.169068ms ago: executing program 4 (id=1243):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000b80), r2)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000000c0), 0xffffffffffffffff)
r7 = socket$packet(0x11, 0x2, 0x300)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYBLOB="000000000000000608000a00", @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
setsockopt$packet_int(r7, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
recvmmsg(r7, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x0, 0x20000000)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

153.89996ms ago: executing program 1 (id=1249):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x2, {}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x2, 0x0, 0x4, 0xe5ce}, 0x1}}, @TCA_MPLS_TC={0x5, 0x6, 0x6}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8100}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x24008041}, 0x10000800)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x19, 0x3, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x9, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r4, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0)
r5 = io_uring_setup(0x773d, &(0x7f0000000a40)={0x0, 0x0, 0x1000, 0x2, 0x3bc})
r6 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r6, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
listen(r6, 0x4)
close_range(r5, r6, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402)
ioctl$USBDEVFS_CONTROL(r7, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x5, 0x6, 0x0, 0x5, 0x0})

56.064884ms ago: executing program 33 (id=1205):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c)
setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x4e23, 0x0, @loopback}, {0xa, 0x0, 0xfffffffd, @mcast2}, 0x1f, {[0x0, 0x100, 0x0, 0xfffffffe, 0x0, 0x0, 0x9, 0xffffffff]}}, 0x5c)

407.56µs ago: executing program 3 (id=1251):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000bc0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffb, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r2}, 0x18)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
socket$nl_route(0x10, 0x3, 0x0)
shmat(0x0, &(0x7f0000400000/0xc00000)=nil, 0x5000)
close(r3)
ioprio_get$pid(0x3, 0x0)
r5 = syz_io_uring_setup(0x4e1, &(0x7f0000000380)={0x0, 0x33f8, 0x10100, 0x0, 0x0, 0x0, r4}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r5, 0x708, 0x41e3, 0x0, 0x0, 0x0)
pipe2(&(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x0)
ppoll(&(0x7f00000001c0)=[{r8}], 0x1, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000554000/0x2000)=nil)
setresgid(0x0, 0x0, 0x0)
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r9)
ptrace$poke(0x5, r9, &(0x7f0000000100), 0x1)
madvise(&(0x7f0000697000/0x4000)=nil, 0x4000, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r10 = dup(r0)
sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="600000000206050000000000fffff0000000000005000100060000000900020073797a32000000000500040000000000140007800800124000080000080008400000000014000300686173683a69702c706f72742c6970000500050002"], 0x60}}, 0x0)
sendmsg$NFT_MSG_GETFLOWTABLE(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="34000000170a010400000000000000000a0000020900020073797a31000000000800074000000007040003fe0800074000000003"], 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)

0s ago: executing program 4 (id=1252):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
getitimer(0x0, &(0x7f0000000000))
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x9]}, 0x8, 0x80800)
socket(0x28, 0x5, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x800, 0x70bd2a}, 0xfffffffffffffde6}, 0x1, 0x0, 0x0, 0x804}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mremap(&(0x7f0000186000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f00000ad000/0x3000)=nil)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs$pagemap(r1, &(0x7f00000001c0))
socket(0xa, 0x3, 0x3a)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0x848000000015, 0x805, 0x0)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x6f0, r5, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_PEERS={0x6a4, 0x8, 0x0, 0x1, [{0x208, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0xfc, 0x9, 0x0, 0x1, [{0x34, 0x3f, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5, 0x3, 0x1}}]}, {0xc4, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x39}}, {0x5, 0x3, 0x3}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e24, 0x58b, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x3e03}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "2eb8284ca5a361794d123b372f12d30314e17be0513990c775957563f0bb2031"}, @WGPEER_A_ALLOWEDIPS={0x98, 0x9, 0x0, 0x1, [{0x94, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}]}]}]}, {0x54, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "48bcbd06f53c1d72cab7f0faaca67f2b99ad2573148f768238ae9f7699fdd2ee"}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}, {0x78, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x2}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "9510b650fb963d7df0f6e6771db6df70e94c4be727210c0000000300000007fc"}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3a}}}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "e21d7d291a41c76bb970d2ab845b8ff9ac0352ab18419d4778a81a476b097d1b"}]}, {0x70, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "9021d9ff4fd9b0d702828f689866ab6c04cc0e0c82f4163f15f5217e9728dab0"}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}]}, {0x90, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x4}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e22, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, 0x9}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x3ff}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x3}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x9}, @WGPEER_A_FLAGS={0x8, 0x3, 0x1}]}, {0x2cc, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x2c8, 0x9, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x1}}]}, {0x100, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x38}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x37}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x1}}]}, {0x4}, {0xac, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0xd}}, {0x5, 0x3, 0x3}}]}]}]}]}]}, 0x6f0}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r6=>0xffffffffffffffff}, './file0\x00'})
ioctl$UFFDIO_COPY(r6, 0xc028aa03, &(0x7f00000000c0)={&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff6000/0xa000)=nil, 0x1000})
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r7, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r8, 0xae03, 0x51)

kernel console output (not intermixed with test programs):

: mce write urb status = -71
[  158.922345][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  158.942846][ T6001] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0
[  158.947556][ T6001] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input33
[  158.953536][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  158.972352][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  158.992527][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  158.999135][   T57] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  159.003017][   T57] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  159.007247][   T57] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  159.010504][   T57] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  159.012663][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  159.015363][   T57] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  159.020041][   T57] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  159.022774][   T57] usb 8-1: Manufacturer: syz
[  159.026518][   T57] usb 8-1: config 0 descriptor??
[  159.032439][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  159.052299][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  159.056866][ T8632] FAULT_INJECTION: forcing a failure.
[  159.056866][ T8632] name failslab, interval 1, probability 0, space 0, times 0
[  159.060825][ T8632] CPU: 3 UID: 0 PID: 8632 Comm: syz.0.667 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  159.060840][ T8632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  159.060846][ T8632] Call Trace:
[  159.060850][ T8632]  <TASK>
[  159.060855][ T8632]  dump_stack_lvl+0x16c/0x1f0
[  159.060894][ T8632]  should_fail_ex+0x512/0x640
[  159.060914][ T8632]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  159.060939][ T8632]  should_failslab+0xc2/0x120
[  159.060953][ T8632]  __kmalloc_cache_noprof+0x6a/0x3e0
[  159.060964][ T8632]  ? percpu_ref_init+0xec/0x410
[  159.060978][ T8632]  ? __pfx_io_ring_ctx_ref_free+0x10/0x10
[  159.060995][ T8632]  percpu_ref_init+0xec/0x410
[  159.061010][ T8632]  io_uring_setup+0x453/0x1ff0
[  159.061026][ T8632]  ? __pfx_io_uring_setup+0x10/0x10
[  159.061039][ T8632]  ? __pfx_vfs_write+0x10/0x10
[  159.061051][ T8632]  ? find_held_lock+0x2b/0x80
[  159.061062][ T8632]  ? count_memcg_events_mm.constprop.0+0x138/0x340
[  159.061082][ T8632]  ? ksys_write+0x1b9/0x240
[  159.061092][ T8632]  ? __pfx_ksys_write+0x10/0x10
[  159.061105][ T8632]  __ia32_sys_io_uring_setup+0xc2/0x170
[  159.061120][ T8632]  __do_fast_syscall_32+0x73/0x120
[  159.061138][ T8632]  do_fast_syscall_32+0x32/0x80
[  159.061154][ T8632]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  159.061183][ T8632] RIP: 0023:0xf7f14579
[  159.061194][ T8632] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  159.061205][ T8632] RSP: 002b:00000000f503650c EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[  159.061215][ T8632] RAX: ffffffffffffffda RBX: 0000000000003c5f RCX: 0000000080000240
[  159.061222][ T8632] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  159.061228][ T8632] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  159.061233][ T8632] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  159.061239][ T8632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  159.061252][ T8632]  </TASK>
[  159.126937][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  159.142759][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  159.162309][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  159.182288][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  159.222428][ T6001] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  159.225670][ T6001] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  159.284917][ T6001] usb 6-1: USB disconnect, device number 9
[  159.377621][ T8640] block device autoloading is deprecated and will be removed.
[  159.412186][ T8639] md: md2 stopped.
[  159.452111][   T57] rc_core: IR keymap rc-hauppauge not found
[  159.454081][   T57] Registered IR keymap rc-empty
[  159.455745][   T57] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  159.854400][   T57] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  159.872924][   T57] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0
[  159.877793][   T57] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input34
[  159.884241][   T57] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  159.902129][   T57] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  159.922172][   T57] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  159.942191][   T57] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  159.965198][   T57] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  160.196230][   T57] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  160.212195][   T57] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  160.232285][   T57] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  160.254279][   T57] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  160.274187][   T57] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  160.293102][   T57] mceusb 8-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  160.296016][   T57] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  160.301569][   T57] usb 8-1: USB disconnect, device number 17
[  160.682161][ T8643] ALSA: mixer_oss: invalid index 40000
[  160.747205][ T8658] netlink: 12 bytes leftover after parsing attributes in process `syz.3.675'.
[  161.127557][ T8650] ALSA: mixer_oss: invalid index 40000
[  161.402195][ T8684] block device autoloading is deprecated and will be removed.
[  161.420922][ T8681] md: md2 stopped.
[  162.097678][ T8677] ALSA: mixer_oss: invalid index 40000
[  162.192704][ T8689] netlink: 28 bytes leftover after parsing attributes in process `syz.3.684'.
[  162.195608][ T8689] netlink: 8 bytes leftover after parsing attributes in process `syz.3.684'.
[  162.261296][ T8693] Cannot find set identified by id 0 to match
[  162.400781][ T8698] md: md2 stopped.
[  163.022112][ T6001] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  163.195476][ T6001] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  163.199320][ T6001] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  163.202563][ T6001] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  163.208782][ T6001] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  163.215357][ T6001] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.220711][ T6001] usb 6-1: config 0 descriptor??
[  163.495994][ T8719] block device autoloading is deprecated and will be removed.
[  163.671124][ T6001] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  163.680375][ T6001] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  163.698492][ T6001] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  163.704491][ T6001] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  163.710301][ T6001] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  163.722658][ T6001] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving
[  163.754644][ T6001] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  163.861506][ T6001] usb 6-1: USB disconnect, device number 10
[  163.886386][ T8708] capability: warning: `syz.1.691' uses deprecated v2 capabilities in a way that may be insecure
[  163.908344][ T8709] program syz.1.691 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  164.060617][ T8713] ALSA: mixer_oss: invalid index 40000
[  164.156028][ T8729] 9pnet_virtio: no channels available for device ./file0/file0
[  164.455194][ T8736] netlink: 8 bytes leftover after parsing attributes in process `syz.3.695'.
[  164.492274][ T8738] usb usb8: usbfs: process 8738 (syz.1.698) did not claim interface 0 before use
[  164.500277][ T8739] netlink: 28 bytes leftover after parsing attributes in process `syz.0.697'.
[  165.662611][ T8755] FAULT_INJECTION: forcing a failure.
[  165.662611][ T8755] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  165.666760][ T8755] CPU: 0 UID: 0 PID: 8755 Comm: syz.2.702 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  165.666774][ T8755] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  165.666781][ T8755] Call Trace:
[  165.666785][ T8755]  <TASK>
[  165.666789][ T8755]  dump_stack_lvl+0x16c/0x1f0
[  165.666808][ T8755]  should_fail_ex+0x512/0x640
[  165.666826][ T8755]  should_fail_alloc_page+0xe7/0x130
[  165.666843][ T8755]  prepare_alloc_pages+0x3c2/0x610
[  165.666862][ T8755]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  165.666875][ T8755]  ? copy_splice_read+0x1a8/0xba0
[  165.666891][ T8755]  ? stack_trace_save+0x8e/0xc0
[  165.666902][ T8755]  ? __pfx_stack_trace_save+0x10/0x10
[  165.666912][ T8755]  ? stack_depot_save_flags+0x28/0xa50
[  165.666928][ T8755]  ? __pfx_udp_sendmsg+0x10/0x10
[  165.666944][ T8755]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  165.666956][ T8755]  ? kasan_save_stack+0x33/0x60
[  165.666967][ T8755]  ? __kasan_kmalloc+0xaa/0xb0
[  165.666977][ T8755]  ? copy_splice_read+0x1a8/0xba0
[  165.666991][ T8755]  ? do_splice_read+0x285/0x370
[  165.667005][ T8755]  ? splice_direct_to_actor+0x2a1/0xa30
[  165.667020][ T8755]  ? do_splice_direct+0x174/0x240
[  165.667034][ T8755]  ? do_sendfile+0xafd/0xe50
[  165.667043][ T8755]  ? __ia32_compat_sys_sendfile+0x1e5/0x220
[  165.667055][ T8755]  ? __do_fast_syscall_32+0x73/0x120
[  165.667081][ T8755]  alloc_pages_bulk_noprof+0x703/0x13b0
[  165.667098][ T8755]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  165.667113][ T8755]  ? trace_kmalloc+0x2b/0xd0
[  165.667127][ T8755]  ? __kmalloc_noprof+0x242/0x510
[  165.667142][ T8755]  copy_splice_read+0x1e1/0xba0
[  165.667161][ T8755]  ? __pfx_copy_splice_read+0x10/0x10
[  165.667180][ T8755]  ? lockdep_init_map_type+0x5c/0x280
[  165.667196][ T8755]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  165.667207][ T8755]  ? __pfx_copy_splice_read+0x10/0x10
[  165.667222][ T8755]  do_splice_read+0x285/0x370
[  165.667239][ T8755]  splice_direct_to_actor+0x2a1/0xa30
[  165.667256][ T8755]  ? __pfx_direct_splice_actor+0x10/0x10
[  165.667274][ T8755]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  165.667289][ T8755]  ? get_pid_task+0xfc/0x250
[  165.667308][ T8755]  do_splice_direct+0x174/0x240
[  165.667324][ T8755]  ? __pfx_do_splice_direct+0x10/0x10
[  165.667340][ T8755]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  165.667360][ T8755]  ? bpf_lsm_file_permission+0x9/0x10
[  165.667370][ T8755]  ? security_file_permission+0x71/0x210
[  165.667386][ T8755]  ? rw_verify_area+0xcf/0x680
[  165.667403][ T8755]  do_sendfile+0xafd/0xe50
[  165.667415][ T8755]  ? __pfx_do_sendfile+0x10/0x10
[  165.667425][ T8755]  ? __fget_files+0x20e/0x3c0
[  165.667438][ T8755]  __ia32_compat_sys_sendfile+0x1e5/0x220
[  165.667451][ T8755]  ? ksys_write+0x1b9/0x240
[  165.667460][ T8755]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  165.667475][ T8755]  ? rcu_is_watching+0x12/0xc0
[  165.667487][ T8755]  __do_fast_syscall_32+0x73/0x120
[  165.667504][ T8755]  do_fast_syscall_32+0x32/0x80
[  165.667520][ T8755]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  165.667534][ T8755] RIP: 0023:0xf709e579
[  165.667543][ T8755] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  165.667553][ T8755] RSP: 002b:00000000f506d55c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  165.667563][ T8755] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000000000007
[  165.667569][ T8755] RDX: 0000000000000000 RSI: 0000000000023893 RDI: 0000000000000000
[  165.667575][ T8755] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  165.667581][ T8755] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  165.667587][ T8755] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  165.667600][ T8755]  </TASK>
[  165.667851][ T8755] net veth1_virt_wifi 
€Â: renamed from virt_wifi0
[  165.949249][ T8750] ALSA: mixer_oss: invalid index 40000
[  166.021588][ T5947] Bluetooth: hci1: SCO packet for unknown connection handle 201
[  166.031840][ T8766] netlink: 8 bytes leftover after parsing attributes in process `syz.1.705'.
[  166.142827][ T8771] netlink: 12 bytes leftover after parsing attributes in process `syz.1.705'.
[  166.297692][ T8774] usb usb8: usbfs: process 8774 (syz.3.707) did not claim interface 0 before use
[  166.335052][ T8757] ALSA: mixer_oss: invalid index 40000
[  166.884805][ T8793] netlink: 28 bytes leftover after parsing attributes in process `syz.0.711'.
[  167.914589][ T8811] usb usb8: usbfs: process 8811 (syz.0.716) did not claim interface 0 before use
[  168.328475][ T8817] 9pnet_virtio: no channels available for device ./file0/file0
[  168.633848][ T8822] netlink: 8 bytes leftover after parsing attributes in process `syz.3.719'.
[  168.828955][ T8825] openvswitch: netlink: Missing valid actions attribute.
[  168.831241][ T8825] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  168.835612][ T6001] usb 7-1: new full-speed USB device number 13 using dummy_hcd
[  169.085676][ T6001] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  169.088901][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  169.092795][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 115, setting to 64
[  169.096162][ T6001] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  169.115882][ T6001] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  169.118739][ T6001] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  169.121241][ T6001] usb 7-1: Manufacturer: syz
[  169.125848][ T8812] ALSA: mixer_oss: invalid index 40000
[  169.136760][ T6001] usb 7-1: config 0 descriptor??
[  169.260522][ T8833] autofs: Unknown parameter 'fd0x0000000000000000'
[  169.345397][ T8836] netlink: 28 bytes leftover after parsing attributes in process `syz.0.723'.
[  169.349994][ T8837] netlink: 28 bytes leftover after parsing attributes in process `syz.3.724'.
[  169.442148][ T6001] rc_core: IR keymap rc-hauppauge not found
[  169.444212][ T6001] Registered IR keymap rc-empty
[  169.446158][ T6001] mceusb 7-1:0.0: Error: mce write urb status = -71
[  169.462416][ T6001] mceusb 7-1:0.0: Error: mce write urb status = -71
[  169.492593][ T6001] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[  169.497105][ T6001] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input36
[  169.503784][ T6001] mceusb 7-1:0.0: Error: mce write urb status = -71
[  169.522260][ T6001] mceusb 7-1:0.0: Error: mce write urb status = -71
[  169.542264][ T6001] mceusb 7-1:0.0: Error: mce write urb status = -71
[  169.565006][ T6001] mceusb 7-1:0.0: Error: mce write urb status = -71
[  169.582309][ T6001] mceusb 7-1:0.0: Error: mce write urb status = -71
[  169.602473][ T6001] mceusb 7-1:0.0: Error: mce write urb status = -71
[  169.625833][ T6001] mceusb 7-1:0.0: Error: mce write urb status = -71
[  169.643101][ T6001] mceusb 7-1:0.0: Error: mce write urb status = -71
[  169.662365][ T6001] mceusb 7-1:0.0: Error: mce write urb status = -71
[  169.682450][ T6001] mceusb 7-1:0.0: Error: mce write urb status = -71
[  169.704464][ T6001] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  169.708284][ T6001] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  169.716382][ T6001] usb 7-1: USB disconnect, device number 13
[  169.904653][ T8841] usb usb8: usbfs: process 8841 (syz.1.725) did not claim interface 0 before use
[  170.296818][ T8852] 9pnet_virtio: no channels available for device ./file0/file0
[  170.722553][ T8859] netlink: 8 bytes leftover after parsing attributes in process `syz.2.728'.
[  171.104300][ T8864] lo speed is unknown, defaulting to 1000
[  171.148867][ T8849] ALSA: mixer_oss: invalid index 40000
[  171.509075][ T8874] md: md2 stopped.
[  172.193563][ T8889] netlink: 28 bytes leftover after parsing attributes in process `syz.2.736'.
[  172.369734][ T8892] netlink: 4 bytes leftover after parsing attributes in process `syz.0.738'.
[  172.372093][ T6001] usb 8-1: new full-speed USB device number 18 using dummy_hcd
[  172.523285][ T6001] usb 8-1: config 0 has no interfaces?
[  172.526239][ T6001] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  172.529177][ T6001] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  172.531693][ T6001] usb 8-1: Product: syz
[  172.533389][ T6001] usb 8-1: Manufacturer: syz
[  172.536995][ T6001] usb 8-1: config 0 descriptor??
[  172.741556][   T57] usb 8-1: USB disconnect, device number 18
[  172.954477][ T8899] e1000e 0000:00:02.0 eth1: NIC Link is Down
[  173.170459][ T8913] block device autoloading is deprecated and will be removed.
[  173.181203][ T8911] md: md2 stopped.
[  173.369531][ T8919] md: md2 stopped.
[  174.182142][ T6001] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  174.347071][ T6001] usb 8-1: config 0 has no interfaces?
[  174.353909][ T6001] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  174.357065][ T6001] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  174.360598][ T6001] usb 8-1: Product: syz
[  174.363174][ T6001] usb 8-1: Manufacturer: syz
[  174.379233][ T6001] usb 8-1: config 0 descriptor??
[  174.652685][ T8950] netlink: 4 bytes leftover after parsing attributes in process `syz.1.747'.
[  175.153545][ T8959] syz.0.749: attempt to access beyond end of device
[  175.153545][ T8959] nbd0: rw=0, sector=2, nr_sectors = 2 limit=0
[  175.161165][ T8959] syz.0.749: attempt to access beyond end of device
[  175.161165][ T8959] nbd0: rw=0, sector=16, nr_sectors = 2 limit=0
[  175.207677][ T8959] openvswitch: netlink: Missing key (keys=40, expected=80)
[  175.385730][ T8964] netlink: 28 bytes leftover after parsing attributes in process `syz.2.750'.
[  175.725193][ T5984] usb 8-1: USB disconnect, device number 19
[  175.988896][ T8973] block device autoloading is deprecated and will be removed.
[  176.292636][ T8978] usb usb8: usbfs: process 8978 (syz.2.754) did not claim interface 0 before use
[  176.377400][ T8982] overlayfs: conflicting lowerdir path
[  177.205542][ T6001] usb 6-1: new full-speed USB device number 11 using dummy_hcd
[  177.374173][ T6001] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  177.378922][ T6001] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  177.384457][ T6001] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 115, setting to 64
[  177.388739][ T6001] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  177.394636][ T6001] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  177.398010][ T6001] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  177.401177][ T6001] usb 6-1: Manufacturer: syz
[  177.418259][ T6001] usb 6-1: config 0 descriptor??
[  177.521849][ T9011] netlink: 28 bytes leftover after parsing attributes in process `syz.0.762'.
[  177.712152][ T6001] rc_core: IR keymap rc-hauppauge not found
[  177.714260][ T6001] Registered IR keymap rc-empty
[  177.716283][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  177.733383][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  177.752591][ T6001] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0
[  177.757094][ T6001] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input37
[  177.763614][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  177.782450][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  177.812330][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  177.833072][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  177.852308][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  177.872420][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  177.894621][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  177.913899][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  177.919334][ T9015] usb usb8: usbfs: process 9015 (syz.2.763) did not claim interface 0 before use
[  177.932794][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  177.953112][ T6001] mceusb 6-1:0.0: Error: mce write urb status = -71
[  177.972959][ T6001] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  177.975884][ T6001] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  177.981264][ T6001] usb 6-1: USB disconnect, device number 11
[  178.558217][ T9031] md: md2 stopped.
[  178.633666][ T9036] netlink: 40 bytes leftover after parsing attributes in process `syz.1.771'.
[  178.637237][ T9036] openvswitch: netlink: Flow key attr not present in new flow.
[  178.870961][ T9041] usb usb8: usbfs: process 9041 (syz.1.772) did not claim interface 0 before use
[  179.439546][ T9056] No control pipe specified
[  179.446239][ T9059] 9pnet_virtio: no channels available for device ./file0/file0
[  179.499201][ T9061] netlink: 28 bytes leftover after parsing attributes in process `syz.3.777'.
[  179.678589][ T9065] netlink: 8 bytes leftover after parsing attributes in process `syz.2.779'.
[  179.851471][ T9068] netlink: 8 bytes leftover after parsing attributes in process `syz.0.780'.
[  180.436550][ T9081] syz.3.784: attempt to access beyond end of device
[  180.436550][ T9081] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0
[  180.481576][ T9081] syz.3.784: attempt to access beyond end of device
[  180.481576][ T9081] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0
[  180.497683][ T9081] openvswitch: netlink: Missing key (keys=40, expected=80)
[  180.776889][ T9091] FAULT_INJECTION: forcing a failure.
[  180.776889][ T9091] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  180.786060][ T9091] CPU: 0 UID: 0 PID: 9091 Comm: syz.0.787 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  180.786087][ T9091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  180.786094][ T9091] Call Trace:
[  180.786098][ T9091]  <TASK>
[  180.786103][ T9091]  dump_stack_lvl+0x16c/0x1f0
[  180.786124][ T9091]  should_fail_ex+0x512/0x640
[  180.786143][ T9091]  _copy_from_user+0x2e/0xd0
[  180.786161][ T9091]  copy_from_buffer+0x7f/0xc0
[  180.786179][ T9091]  copy_uabi_to_xstate+0x26d/0x670
[  180.786198][ T9091]  ? __pfx_copy_uabi_to_xstate+0x10/0x10
[  180.786218][ T9091]  ? __fpu_restore_sig+0xa79/0x13a0
[  180.786233][ T9091]  ? rcu_is_watching+0x12/0xc0
[  180.786243][ T9091]  ? __local_bh_enable_ip+0xa4/0x120
[  180.786257][ T9091]  __fpu_restore_sig+0xfdc/0x13a0
[  180.786278][ T9091]  ? __lock_acquire+0xaa4/0x1ba0
[  180.786292][ T9091]  ? __pfx___fpu_restore_sig+0x10/0x10
[  180.786315][ T9091]  ? __might_fault+0xe3/0x190
[  180.786327][ T9091]  ? __might_fault+0x13b/0x190
[  180.786342][ T9091]  fpu__restore_sig+0x115/0x190
[  180.786358][ T9091]  ia32_restore_sigcontext+0x44a/0x630
[  180.786370][ T9091]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  180.786383][ T9091]  ? rcu_is_watching+0x12/0xc0
[  180.786392][ T9091]  ? _raw_spin_unlock_irq+0x23/0x50
[  180.786407][ T9091]  ? lockdep_hardirqs_on+0x7c/0x110
[  180.786424][ T9091]  __do_compat_sys_rt_sigreturn+0x120/0x1f0
[  180.786435][ T9091]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  180.786447][ T9091]  ? rcu_is_watching+0x12/0xc0
[  180.786458][ T9091]  do_int80_emulation+0x104/0x200
[  180.786476][ T9091]  asm_int80_emulation+0x1a/0x20
[  180.786487][ T9091] RIP: 0023:0xf7f14577
[  180.786495][ T9091] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  180.786506][ T9091] RSP: 002b:00000000f503655c EFLAGS: 00000296
[  180.786515][ T9091] RAX: 00000000000000b4 RBX: 0000000000000005 RCX: 0000000000000000
[  180.786521][ T9091] RDX: 0000000000000000 RSI: 0000000000000ce2 RDI: 0000000000000000
[  180.786527][ T9091] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  180.786532][ T9091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  180.786538][ T9091] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  180.786551][ T9091]  </TASK>
[  180.862239][    C0] vkms_vblank_simulate: vblank timer overrun
[  180.867031][ T9072] ALSA: mixer_oss: invalid index 40000
[  181.199124][ T9099] netlink: 4 bytes leftover after parsing attributes in process `syz.1.788'.
[  181.335781][ T9082] ALSA: mixer_oss: invalid index 40000
[  181.390699][ T5947] Bluetooth: hci3: SCO packet for unknown connection handle 201
[  181.450822][ T9104] netlink: 8 bytes leftover after parsing attributes in process `syz.3.789'.
[  181.583035][ T9108] netlink: 12 bytes leftover after parsing attributes in process `syz.3.789'.
[  181.916795][ T9114] No control pipe specified
[  181.980502][ T9116] netlink: 28 bytes leftover after parsing attributes in process `syz.1.792'.
[  182.204899][    T9] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  182.398403][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  182.402852][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  182.407329][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 115, setting to 64
[  182.411753][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  182.417340][    T9] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  182.420373][    T9] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  182.423127][    T9] usb 5-1: Manufacturer: syz
[  182.427530][    T9] usb 5-1: config 0 descriptor??
[  182.612834][ T9122] block device autoloading is deprecated and will be removed.
[  182.632746][ T9121] md: md2 stopped.
[  182.752150][    T9] rc_core: IR keymap rc-hauppauge not found
[  182.754251][    T9] Registered IR keymap rc-empty
[  182.756181][    T9] mceusb 5-1:0.0: Error: mce write urb status = -71
[  182.782530][    T9] mceusb 5-1:0.0: Error: mce write urb status = -71
[  182.802920][    T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0
[  182.808905][    T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input38
[  182.816608][    T9] mceusb 5-1:0.0: Error: mce write urb status = -71
[  182.833215][    T9] mceusb 5-1:0.0: Error: mce write urb status = -71
[  182.852406][    T9] mceusb 5-1:0.0: Error: mce write urb status = -71
[  182.872268][    T9] mceusb 5-1:0.0: Error: mce write urb status = -71
[  182.892699][    T9] mceusb 5-1:0.0: Error: mce write urb status = -71
[  182.932554][    T9] mceusb 5-1:0.0: Error: mce write urb status = -71
[  183.032205][    T9] mceusb 5-1:0.0: Error: mce write urb status = -71
[  183.052329][    T9] mceusb 5-1:0.0: Error: mce write urb status = -71
[  183.082335][    T9] mceusb 5-1:0.0: Error: mce write urb status = -71
[  183.102315][    T9] mceusb 5-1:0.0: Error: mce write urb status = -71
[  183.127653][    T9] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  183.130541][    T9] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  183.138287][    T9] usb 5-1: USB disconnect, device number 7
[  183.176734][ T9137] overlayfs: conflicting lowerdir path
[  183.339180][ T9141] md: md2 stopped.
[  183.520194][ T9145] ieee802154 phy0 wpan0: encryption failed: -22
[  183.523484][ T9145] netlink: 20 bytes leftover after parsing attributes in process `syz.2.799'.
[  184.563790][ T9158] No control pipe specified
[  184.630268][ T9159] netlink: 28 bytes leftover after parsing attributes in process `syz.2.804'.
[  185.297753][ T9166] block device autoloading is deprecated and will be removed.
[  185.679356][ T9162] ALSA: mixer_oss: invalid index 40000
[  186.236977][ T9188] block device autoloading is deprecated and will be removed.
[  186.240635][ T9188] syz.2.808: attempt to access beyond end of device
[  186.240635][ T9188] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  186.496793][ T9194] netlink: 8 bytes leftover after parsing attributes in process `syz.0.812'.
[  186.506132][ T9194] IPVS: Error joining to the multicast group
[  186.550099][ T9197] 9pnet_virtio: no channels available for device ./file0/file0
[  186.972094][   T29] usb 8-1: new full-speed USB device number 20 using dummy_hcd
[  187.370597][ T9197] netlink: 8 bytes leftover after parsing attributes in process `syz.0.813'.
[  187.406276][   T29] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  187.409912][   T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  187.413239][   T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  187.416433][   T29] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  187.436464][   T29] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  187.440617][   T29] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  187.443265][   T29] usb 8-1: Manufacturer: syz
[  187.445999][   T29] usb 8-1: config 0 descriptor??
[  187.536022][ T9214] 9pnet_virtio: no channels available for device ./file0/file0
[  187.775310][   T29] rc_core: IR keymap rc-hauppauge not found
[  187.777158][   T29] Registered IR keymap rc-empty
[  187.778667][   T29] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  187.793293][   T29] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  187.812949][   T29] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0
[  187.817970][   T29] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input39
[  187.823146][   T29] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  187.955095][   T29] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  187.972265][   T29] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  187.992173][   T29] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  188.007094][ T9214] netlink: 8 bytes leftover after parsing attributes in process `syz.2.816'.
[  188.012290][   T29] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  188.032300][   T29] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  188.049350][ T9223] ALSA: mixer_oss: invalid index 40000
[  188.083581][   T29] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  188.132529][   T29] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  188.162236][   T29] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  188.312470][   T29] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  188.343864][   T29] mceusb 8-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  188.348042][   T29] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  188.359173][   T29] usb 8-1: USB disconnect, device number 20
[  188.512065][ T9232] netlink: 8 bytes leftover after parsing attributes in process `syz.2.819'.
[  188.539248][ T9234] batadv1: left allmulticast mode
[  188.541422][ T9234] batadv1: left promiscuous mode
[  188.544226][ T9234] bridge0: port 3(batadv1) entered disabled state
[  188.548002][ T9234] bridge_slave_1: left allmulticast mode
[  188.549873][ T9234] bridge_slave_1: left promiscuous mode
[  188.552884][ T9234] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.558259][ T9234] bridge_slave_0: left allmulticast mode
[  188.560595][ T9234] bridge_slave_0: left promiscuous mode
[  188.566564][ T9234] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.643274][ T9237] ieee802154 phy0 wpan0: encryption failed: -22
[  188.646551][ T9237] netlink: 20 bytes leftover after parsing attributes in process `syz.3.820'.
[  188.976597][ T9249] md: md2 stopped.
[  190.221986][ T9260] netlink: 24 bytes leftover after parsing attributes in process `syz.0.822'.
[  190.430314][ T9267] 9pnet_virtio: no channels available for device ./file0/file0
[  190.589961][ T5949] udevd[5949]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  190.641877][ T5947] Bluetooth: hci2: SCO packet for unknown connection handle 201
[  190.650056][ T9278] netlink: 8 bytes leftover after parsing attributes in process `syz.0.829'.
[  190.730799][ T9284] netlink: 8 bytes leftover after parsing attributes in process `syz.2.831'.
[  190.734347][ T9284] netlink: 8 bytes leftover after parsing attributes in process `syz.2.831'.
[  190.761199][ T9285] netlink: 12 bytes leftover after parsing attributes in process `syz.0.829'.
[  191.991647][ T9309] block device autoloading is deprecated and will be removed.
[  192.726967][ T9318] tun0: tun_chr_ioctl cmd 1074025675
[  192.728925][ T9318] tun0: persist disabled
[  192.808634][   T40] kauditd_printk_skb: 37 callbacks suppressed
[  192.808647][   T40] audit: type=1326 audit(1747451523.307:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9317 comm="syz.3.847" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  192.826590][   T40] audit: type=1326 audit(1747451523.307:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9317 comm="syz.3.847" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  192.845264][   T40] audit: type=1326 audit(1747451523.307:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9317 comm="syz.3.847" exe="/syz-executor" sig=0 arch=40000003 syscall=162 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  192.855618][   T40] audit: type=1326 audit(1747451523.307:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9317 comm="syz.3.847" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  192.865892][   T40] audit: type=1326 audit(1747451523.307:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9317 comm="syz.3.847" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  193.011516][ T9324] md: md2 stopped.
[  193.075615][   T40] audit: type=1326 audit(1747451523.317:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9317 comm="syz.3.847" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  193.083136][   T40] audit: type=1326 audit(1747451523.317:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9317 comm="syz.3.847" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  193.090009][   T40] audit: type=1326 audit(1747451523.317:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9317 comm="syz.3.847" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  193.097663][   T40] audit: type=1326 audit(1747451523.327:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9317 comm="syz.3.847" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  193.104258][   T40] audit: type=1326 audit(1747451523.327:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9317 comm="syz.3.847" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  193.768393][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  193.771210][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  193.861413][ T9328] md: md2 stopped.
[  194.238202][ T9336] 9pnet_virtio: no channels available for device ./file0/file0
[  194.407153][ T9344] netlink: 8 bytes leftover after parsing attributes in process `syz.3.845'.
[  194.415079][ T5947] Bluetooth: hci3: SCO packet for unknown connection handle 201
[  194.488634][ T9347] netlink: 12 bytes leftover after parsing attributes in process `syz.3.845'.
[  194.972119][   T29] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  195.164766][   T29] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  195.180890][   T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  195.184636][   T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 115, setting to 64
[  195.193677][   T29] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  195.198560][   T29] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  195.201429][   T29] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  195.205217][   T29] usb 6-1: Manufacturer: syz
[  195.214953][   T29] usb 6-1: config 0 descriptor??
[  195.260697][ T9359] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  195.263848][ T9359] overlayfs: failed to set xattr on upper
[  195.266206][ T9359] overlayfs: ...falling back to redirect_dir=nofollow.
[  195.269115][ T9359] overlayfs: ...falling back to index=off.
[  195.271639][ T9359] overlayfs: ...falling back to uuid=null.
[  195.864874][   T29] rc_core: IR keymap rc-hauppauge not found
[  195.866845][   T29] Registered IR keymap rc-empty
[  195.869707][   T29] mceusb 6-1:0.0: Error: mce write urb status = -71
[  195.894796][   T29] mceusb 6-1:0.0: Error: mce write urb status = -71
[  195.966931][   T29] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0
[  195.974215][   T29] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input40
[  195.981928][   T29] mceusb 6-1:0.0: Error: mce write urb status = -71
[  196.015329][   T29] mceusb 6-1:0.0: Error: mce write urb status = -71
[  196.042486][   T29] mceusb 6-1:0.0: Error: mce write urb status = -71
[  196.062445][   T29] mceusb 6-1:0.0: Error: mce write urb status = -71
[  196.077291][ T9367] netlink: 28 bytes leftover after parsing attributes in process `syz.0.850'.
[  196.082569][   T29] mceusb 6-1:0.0: Error: mce write urb status = -71
[  196.102625][   T29] mceusb 6-1:0.0: Error: mce write urb status = -71
[  196.122274][   T29] mceusb 6-1:0.0: Error: mce write urb status = -71
[  196.133230][ T9371] usb usb8: usbfs: process 9371 (syz.2.852) did not claim interface 0 before use
[  196.144745][   T29] mceusb 6-1:0.0: Error: mce write urb status = -71
[  196.166883][   T29] mceusb 6-1:0.0: Error: mce write urb status = -71
[  196.191916][   T29] mceusb 6-1:0.0: Error: mce write urb status = -71
[  196.217304][   T29] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  196.220259][   T29] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  196.365314][ T9373] block device autoloading is deprecated and will be removed.
[  197.202113][    T9] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  197.373506][    T9] usb 7-1: config 0 has no interfaces?
[  197.375396][    T9] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  197.379425][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.440169][    T9] usb 7-1: config 0 descriptor??
[  197.702537][    T9] usb 6-1: USB disconnect, device number 12
[  197.731730][ T5949] udevd[5949]: setting mode of /dev/input/event4 to 020660 failed: No such file or directory
[  197.732918][ T9378] tun0: tun_chr_ioctl cmd 1074025675
[  197.738991][ T9378] tun0: persist disabled
[  197.791579][ T5949] udevd[5949]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  197.815084][ T6001] usb 7-1: USB disconnect, device number 14
[  197.857666][   T40] kauditd_printk_skb: 965 callbacks suppressed
[  197.857677][   T40] audit: type=1326 audit(1747451528.357:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9377 comm="syz.1.854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  197.866577][   T40] audit: type=1326 audit(1747451528.367:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9377 comm="syz.1.854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  197.892542][   T40] audit: type=1326 audit(1747451528.397:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9377 comm="syz.1.854" exe="/syz-executor" sig=0 arch=40000003 syscall=162 compat=1 ip=0xf709e579 code=0x7ffc0000
[  197.900347][   T40] audit: type=1326 audit(1747451528.397:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9377 comm="syz.1.854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  197.915934][   T40] audit: type=1326 audit(1747451528.397:1374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9377 comm="syz.1.854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  197.940828][   T40] audit: type=1326 audit(1747451528.417:1375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9377 comm="syz.1.854" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf709e579 code=0x7ffc0000
[  197.981514][   T40] audit: type=1326 audit(1747451528.417:1376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9377 comm="syz.1.854" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf709e579 code=0x7ffc0000
[  197.988718][   T40] audit: type=1326 audit(1747451528.417:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9377 comm="syz.1.854" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf709e579 code=0x7ffc0000
[  197.995827][   T40] audit: type=1326 audit(1747451528.417:1378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9377 comm="syz.1.854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  198.022396][   T40] audit: type=1326 audit(1747451528.417:1379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9377 comm="syz.1.854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  198.074731][ T9386] 9pnet_virtio: no channels available for device ./file0/file0
[  198.266871][ T9376] syz.2.853 (9376) used greatest stack depth: 20856 bytes left
[  199.260104][ T9408] usb usb8: usbfs: process 9408 (syz.0.861) did not claim interface 0 before use
[  200.022251][    T9] usb 8-1: new full-speed USB device number 21 using dummy_hcd
[  200.533491][    T9] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  200.543000][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  200.548244][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  200.553602][    T9] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  200.567738][    T9] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  200.573049][    T9] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  200.576191][    T9] usb 8-1: Manufacturer: syz
[  200.650020][    T9] usb 8-1: config 0 descriptor??
[  201.202120][    T9] rc_core: IR keymap rc-hauppauge not found
[  201.204161][    T9] Registered IR keymap rc-empty
[  201.206190][    T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  201.224403][    T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  201.242545][    T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0
[  201.249937][    T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input41
[  201.272258][    T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  201.292260][    T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  201.296598][ T5947] Bluetooth: hci1: SCO packet for unknown connection handle 201
[  201.322949][    T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  201.497727][    T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  201.513448][    T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  201.535028][ T9444] netlink: 8 bytes leftover after parsing attributes in process `syz.1.869'.
[  201.552246][ T9447] 9pnet_virtio: no channels available for device ./file0/file0
[  201.585831][    T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  201.602266][    T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  201.622157][    T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  201.636029][ T9449] netlink: 12 bytes leftover after parsing attributes in process `syz.1.869'.
[  201.644551][    T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  201.662199][    T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  201.733953][    T9] mceusb 8-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  201.737784][    T9] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  201.754866][    T9] usb 8-1: USB disconnect, device number 21
[  201.953188][ T9460] netlink: 28 bytes leftover after parsing attributes in process `syz.0.872'.
[  203.104585][ T9491] netlink: 16 bytes leftover after parsing attributes in process `syz.3.880'.
[  203.107563][ T9491] netlink: 16 bytes leftover after parsing attributes in process `syz.3.880'.
[  203.143031][ T9494] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  203.145827][ T9494] overlayfs: failed to set xattr on upper
[  203.148168][ T9494] overlayfs: ...falling back to redirect_dir=nofollow.
[  203.150857][ T9494] overlayfs: ...falling back to index=off.
[  203.153159][ T9494] overlayfs: ...falling back to uuid=null.
[  203.322145][ T5984] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  203.492186][ T5984] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  203.495370][ T5984] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  203.498697][ T5984] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  203.525497][ T9505] 9pnet_virtio: no channels available for device ./file0/file0
[  203.771982][ T5984] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  203.779681][ T5984] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  203.783357][ T5984] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  203.786852][ T5984] usb 5-1: Manufacturer: syz
[  203.790436][ T5984] usb 5-1: config 0 descriptor??
[  204.062145][ T5984] rc_core: IR keymap rc-hauppauge not found
[  204.074488][ T5984] Registered IR keymap rc-empty
[  204.076194][ T5984] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  204.241074][ T5984] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  204.263045][ T5984] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0
[  204.272926][ T5984] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input42
[  204.278095][ T5984] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  204.302158][ T5984] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  204.333731][ T5984] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  204.355521][ T5984] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  204.372131][ T5984] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  204.431714][ T5984] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  204.462171][ T5984] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  204.576053][ T5984] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  204.602523][ T5984] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  204.666214][ T5984] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  204.683361][ T5984] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  204.889872][ T5984] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  205.828863][ T9530] md: md2 stopped.
[  205.926955][ T1018] usb 5-1: USB disconnect, device number 8
[  206.339262][ T9545] netlink: 24 bytes leftover after parsing attributes in process `syz.3.891'.
[  206.434710][ T9545] netlink: 97 bytes leftover after parsing attributes in process `syz.3.891'.
[  206.782412][ T9534] ALSA: mixer_oss: invalid index 40000
[  207.420188][ T9559] could not allocate digest TFM handle cbcmac-aes-neon
[  207.505948][ T9564] usb usb8: usbfs: process 9564 (syz.3.895) did not claim interface 0 before use
[  207.770689][ T9570] xfrm1: entered promiscuous mode
[  207.772517][ T9570] xfrm1: entered allmulticast mode
[  207.814842][ T9576] usb usb8: usbfs: process 9576 (syz.1.906) did not claim interface 0 before use
[  207.959433][ T9582] netlink: 8 bytes leftover after parsing attributes in process `syz.2.899'.
[  208.091279][ T9590] netlink: 12 bytes leftover after parsing attributes in process `syz.2.899'.
[  209.149577][ T9597] ALSA: mixer_oss: invalid index 40000
[  209.353943][ T9617] usb usb8: usbfs: process 9617 (syz.2.909) did not claim interface 0 before use
[  209.700047][ T9613] could not allocate digest TFM handle cbcmac-aes-neon
[  210.560278][ T9661] block device autoloading is deprecated and will be removed.
[  210.567409][ T9659] md: md2 stopped.
[  210.844122][ T9641] ALSA: mixer_oss: invalid index 40000
[  210.971952][ T9665] ref_ctr_offset mismatch. inode: 0x4da offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4
[  211.020930][ T9666] netlink: 36 bytes leftover after parsing attributes in process `syz.0.920'.
[  211.326872][ T9657] ALSA: mixer_oss: invalid index 40000
[  211.642209][  T836] usb 8-1: new full-speed USB device number 22 using dummy_hcd
[  211.681211][ T9681] netlink: 24 bytes leftover after parsing attributes in process `syz.1.924'.
[  211.687735][ T9681] netlink: 97 bytes leftover after parsing attributes in process `syz.1.924'.
[  211.810102][  T836] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  211.813599][  T836] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  211.817520][  T836] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  211.820634][  T836] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  211.825812][  T836] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  211.828943][  T836] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  211.831904][  T836] usb 8-1: Manufacturer: syz
[  211.835630][  T836] usb 8-1: config 0 descriptor??
[  212.712093][  T836] rc_core: IR keymap rc-hauppauge not found
[  212.713999][  T836] Registered IR keymap rc-empty
[  212.715570][  T836] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  212.732140][  T836] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  212.755320][  T836] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0
[  212.759608][  T836] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input43
[  212.766082][  T836] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  212.782579][  T836] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  212.822645][  T836] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  212.852330][  T836] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  212.874001][  T836] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  213.101288][  T836] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  213.122125][  T836] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  213.126077][ T9683] ALSA: mixer_oss: invalid index 40000
[  213.136357][ T9704] 9pnet_virtio: no channels available for device ./file0/file0
[  213.142141][  T836] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  213.162126][  T836] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  213.192572][ T9706] netlink: 40 bytes leftover after parsing attributes in process `syz.0.930'.
[  213.193873][  T836] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  213.213030][  T836] mceusb 8-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  213.215882][  T836] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  213.222286][  T836] usb 8-1: USB disconnect, device number 22
[  213.293486][ T9711] xfrm1: entered promiscuous mode
[  213.295777][ T9711] xfrm1: entered allmulticast mode
[  213.402523][ T9714] netlink: 8 bytes leftover after parsing attributes in process `syz.2.929'.
[  213.531855][ T9713] process 'syz.0.933' launched '/dev/fd/4' with NULL argv: empty string added
[  213.578854][ T9690] ALSA: mixer_oss: invalid index 40000
[  213.671168][ T5947] Bluetooth: hci3: SCO packet for unknown connection handle 201
[  214.002132][ T9723] netlink: 8 bytes leftover after parsing attributes in process `syz.3.935'.
[  214.204980][ T9723] netlink: 12 bytes leftover after parsing attributes in process `syz.3.935'.
[  215.104392][ T9745] netlink: 36 bytes leftover after parsing attributes in process `syz.3.940'.
[  215.161982][ T9749] lo speed is unknown, defaulting to 1000
[  215.201463][ T9761] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  215.426586][ T9734] ALSA: mixer_oss: invalid index 40000
[  215.487350][ T9764] block device autoloading is deprecated and will be removed.
[  215.509885][ T9767] FAULT_INJECTION: forcing a failure.
[  215.509885][ T9767] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  215.515306][ T9767] CPU: 3 UID: 0 PID: 9767 Comm: syz.1.947 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  215.515327][ T9767] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  215.515337][ T9767] Call Trace:
[  215.515341][ T9767]  <TASK>
[  215.515345][ T9767]  dump_stack_lvl+0x16c/0x1f0
[  215.515374][ T9767]  should_fail_ex+0x512/0x640
[  215.515402][ T9767]  _copy_from_user+0x2e/0xd0
[  215.515427][ T9767]  snd_pcm_oss_write2+0x1c2/0x410
[  215.515453][ T9767]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  215.515474][ T9767]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[  215.515495][ T9767]  snd_pcm_oss_write+0x711/0xa10
[  215.515521][ T9767]  ? security_file_permission+0x71/0x210
[  215.515549][ T9767]  vfs_write+0x25c/0x1180
[  215.515561][ T9767]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  215.515588][ T9767]  ? __pfx_vfs_write+0x10/0x10
[  215.515602][ T9767]  ? find_held_lock+0x2b/0x80
[  215.515619][ T9767]  ? __fget_files+0x204/0x3c0
[  215.515637][ T9767]  ? __fget_files+0x20e/0x3c0
[  215.515654][ T9767]  ksys_write+0x12a/0x240
[  215.515668][ T9767]  ? __pfx_ksys_write+0x10/0x10
[  215.515686][ T9767]  ? rcu_is_watching+0x12/0xc0
[  215.515705][ T9767]  __do_fast_syscall_32+0x73/0x120
[  215.515730][ T9767]  do_fast_syscall_32+0x32/0x80
[  215.515750][ T9767]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  215.515769][ T9767] RIP: 0023:0xf709e579
[  215.515781][ T9767] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  215.515796][ T9767] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  215.515811][ T9767] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  215.515820][ T9767] RDX: 000000000000ffaa RSI: 0000000000000000 RDI: 0000000000000000
[  215.515828][ T9767] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  215.515834][ T9767] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  215.515842][ T9767] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  215.515863][ T9767]  </TASK>
[  215.754956][ T5947] Bluetooth: hci3: SCO packet for unknown connection handle 201
[  215.937996][ T9771] netlink: 8 bytes leftover after parsing attributes in process `syz.3.948'.
[  216.135569][ T9772] netlink: 12 bytes leftover after parsing attributes in process `syz.3.948'.
[  217.205632][ T9793] set match dimension is over the limit!
[  217.632213][ T6000] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  217.787303][ T6000] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  217.789969][ T9814] usb usb8: usbfs: process 9814 (syz.2.958) did not claim interface 0 before use
[  217.790621][ T6000] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  217.797134][ T6000] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  217.800371][ T6000] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  217.806009][ T6000] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  217.808979][ T6000] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  217.811636][ T6000] usb 5-1: Manufacturer: syz
[  217.815699][ T6000] usb 5-1: config 0 descriptor??
[  218.088177][ T9797] ALSA: mixer_oss: invalid index 40000
[  218.102167][ T6000] rc_core: IR keymap rc-hauppauge not found
[  218.104045][ T6000] Registered IR keymap rc-empty
[  218.105565][ T6000] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  218.122276][ T6000] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  218.142877][ T6000] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0
[  218.148002][ T6000] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input44
[  218.154473][ T6000] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  218.172769][ T6000] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  218.207523][ T6000] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  218.237084][ T6000] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  218.264032][ T6000] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  218.382091][ T6000] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  218.412235][ T6000] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  218.442199][ T6000] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  218.462218][ T6000] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  218.464320][ T9828] netlink: 8 bytes leftover after parsing attributes in process `syz.3.961'.
[  218.484973][ T6000] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  218.503871][ T6000] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  218.515339][ T6000] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  218.523584][ T6000] usb 5-1: USB disconnect, device number 9
[  219.053550][ T9844] usb usb8: usbfs: process 9844 (syz.2.967) did not claim interface 0 before use
[  219.473887][   T40] kauditd_printk_skb: 947 callbacks suppressed
[  219.473899][   T40] audit: type=1326 audit(1747451549.977:2327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.1.970" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  219.482582][   T40] audit: type=1326 audit(1747451549.977:2328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.1.970" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  219.489356][   T40] audit: type=1326 audit(1747451549.977:2329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.1.970" exe="/syz-executor" sig=0 arch=40000003 syscall=30 compat=1 ip=0xf709e579 code=0x7ffc0000
[  219.496707][   T40] audit: type=1326 audit(1747451549.977:2330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.1.970" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  219.503361][   T40] audit: type=1326 audit(1747451549.977:2331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.1.970" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  219.509834][   T40] audit: type=1326 audit(1747451549.977:2332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.1.970" exe="/syz-executor" sig=0 arch=40000003 syscall=321 compat=1 ip=0xf709e579 code=0x7ffc0000
[  219.516476][   T40] audit: type=1326 audit(1747451549.977:2333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.1.970" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  219.523076][   T40] audit: type=1326 audit(1747451549.977:2334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.1.970" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf709e579 code=0x7ffc0000
[  219.529810][   T40] audit: type=1326 audit(1747451549.977:2335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.1.970" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  219.536490][   T40] audit: type=1326 audit(1747451549.977:2336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.1.970" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf709e579 code=0x7ffc0000
[  219.632130][   T58] usb 7-1: new full-speed USB device number 15 using dummy_hcd
[  219.634626][ T6001] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  219.785661][ T6001] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  219.789552][   T58] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  219.792816][ T6001] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  219.795819][ T6001] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  219.799877][   T58] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  219.803570][   T58] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 115, setting to 64
[  219.806891][   T58] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  219.810906][ T6001] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  219.814003][ T6001] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.817106][   T58] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  219.819908][   T58] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  219.822926][   T58] usb 7-1: Manufacturer: syz
[  219.824835][ T9839] ALSA: mixer_oss: invalid index 40000
[  219.824872][ T6001] usb 5-1: config 0 descriptor??
[  219.870301][   T58] usb 7-1: config 0 descriptor??
[  220.162108][   T58] rc_core: IR keymap rc-hauppauge not found
[  220.165363][   T58] Registered IR keymap rc-empty
[  220.169907][   T58] mceusb 7-1:0.0: Error: mce write urb status = -71
[  220.192370][   T58] mceusb 7-1:0.0: Error: mce write urb status = -71
[  220.220237][   T58] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[  220.225062][   T58] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input45
[  220.249913][   T58] mceusb 7-1:0.0: Error: mce write urb status = -71
[  220.282172][   T58] mceusb 7-1:0.0: Error: mce write urb status = -71
[  220.287126][ T6001] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  220.294170][ T6001] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  220.302341][   T58] mceusb 7-1:0.0: Error: mce write urb status = -71
[  220.323023][   T58] mceusb 7-1:0.0: Error: mce write urb status = -71
[  220.343097][   T58] mceusb 7-1:0.0: Error: mce write urb status = -71
[  220.362307][   T58] mceusb 7-1:0.0: Error: mce write urb status = -71
[  220.382330][   T58] mceusb 7-1:0.0: Error: mce write urb status = -71
[  220.402367][   T58] mceusb 7-1:0.0: Error: mce write urb status = -71
[  220.422341][   T58] mceusb 7-1:0.0: Error: mce write urb status = -71
[  220.442313][   T58] mceusb 7-1:0.0: Error: mce write urb status = -71
[  220.463248][   T58] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  220.466114][   T58] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  220.479855][   T58] usb 7-1: USB disconnect, device number 15
[  220.595703][  T836] usb 5-1: USB disconnect, device number 10
[  220.948358][ T9879] usb usb8: usbfs: process 9879 (syz.2.976) did not claim interface 0 before use
[  221.082923][ T9884] netlink: 'syz.3.978': attribute type 4 has an invalid length.
[  221.086176][ T9884] netlink: 17 bytes leftover after parsing attributes in process `syz.3.978'.
[  221.181607][ T9892] binder_alloc: binder_alloc_mmap_handler: 9891 80ffc000-80ffd000 already mapped failed -16
[  221.242715][ T5947] Bluetooth: hci3: SCO packet for unknown connection handle 201
[  221.305358][ T9905] netlink: 8 bytes leftover after parsing attributes in process `syz.3.984'.
[  221.341156][ T5947] Bluetooth: hci2: SCO packet for unknown connection handle 201
[  221.480598][ T9914] netlink: 12 bytes leftover after parsing attributes in process `syz.3.984'.
[  221.864510][ T9915] netlink: 8 bytes leftover after parsing attributes in process `syz.0.985'.
[  222.024098][ T9923] netlink: 12 bytes leftover after parsing attributes in process `syz.0.985'.
[  222.504397][ T9927] usb usb8: usbfs: process 9927 (syz.2.987) did not claim interface 0 before use
[  222.828882][ T9936] md: md2 stopped.
[  223.030691][ T9940] md: md2 stopped.
[  223.152510][ T9938] netlink: 4 bytes leftover after parsing attributes in process `syz.2.990'.
[  223.912787][ T9960] netlink: 8 bytes leftover after parsing attributes in process `syz.1.997'.
[  224.025787][ T9964] netlink: 12 bytes leftover after parsing attributes in process `syz.1.997'.
[  224.127264][ T9968] netlink: 4 bytes leftover after parsing attributes in process `syz.3.999'.
[  224.500542][ T9979] mkiss: ax0: crc mode is auto.
[  224.602117][  T836] usb 7-1: new full-speed USB device number 16 using dummy_hcd
[  224.754822][  T836] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  224.758558][  T836] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  224.761797][  T836] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 115, setting to 64
[  224.765320][  T836] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  224.770410][  T836] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  224.773227][  T836] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  224.775794][  T836] usb 7-1: Manufacturer: syz
[  224.778294][  T836] usb 7-1: config 0 descriptor??
[  225.049420][ T9982] lo speed is unknown, defaulting to 1000
[  225.072085][  T836] rc_core: IR keymap rc-hauppauge not found
[  225.075198][  T836] Registered IR keymap rc-empty
[  225.077153][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  225.092886][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  225.113016][  T836] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[  225.117333][  T836] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input47
[  225.123301][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  225.142549][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  225.162402][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  225.182474][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  225.203859][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  225.227463][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  225.262296][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  225.296495][ T9993] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1004'.
[  225.298488][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  225.322194][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  225.347844][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  225.347959][ T9985] block device autoloading is deprecated and will be removed.
[  225.355343][ T9985] syz.3.1002: attempt to access beyond end of device
[  225.355343][ T9985] md2: rw=2048, sector=0, nr_sectors = 8 limit=0
[  225.363344][  T836] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  225.366137][  T836] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  225.370536][  T836] usb 7-1: USB disconnect, device number 16
[  225.438406][T10006] program syz.0.1008 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  225.742253][T10014] 9pnet_virtio: no channels available for device ./file0/file0
[  225.970336][T10018] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1011'.
[  225.993369][T10021] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1010'.
[  226.134449][T10023] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1011'.
[  226.886347][T10035] FAULT_INJECTION: forcing a failure.
[  226.886347][T10035] name failslab, interval 1, probability 0, space 0, times 0
[  226.890604][T10035] CPU: 1 UID: 0 PID: 10035 Comm: syz.3.1014 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  226.890619][T10035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  226.890625][T10035] Call Trace:
[  226.890631][T10035]  <TASK>
[  226.890637][T10035]  dump_stack_lvl+0x16c/0x1f0
[  226.890658][T10035]  should_fail_ex+0x512/0x640
[  226.890675][T10035]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  226.890690][T10035]  should_failslab+0xc2/0x120
[  226.890704][T10035]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  226.890715][T10035]  ? rcu_is_watching+0x12/0xc0
[  226.890725][T10035]  ? __alloc_skb+0x2b2/0x380
[  226.890741][T10035]  __alloc_skb+0x2b2/0x380
[  226.890752][T10035]  ? __pfx___alloc_skb+0x10/0x10
[  226.890763][T10035]  ? find_held_lock+0x2b/0x80
[  226.890776][T10035]  ? aa_label_sk_perm+0x19b/0x5a0
[  226.890791][T10035]  alloc_skb_with_frags+0xe0/0x860
[  226.890805][T10035]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  226.890824][T10035]  sock_alloc_send_pskb+0x7fb/0x990
[  226.890836][T10035]  ? __lock_acquire+0x5ca/0x1ba0
[  226.890854][T10035]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  226.890867][T10035]  ? __pfx___might_resched+0x10/0x10
[  226.890880][T10035]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  226.890897][T10035]  hci_sock_sendmsg+0x1c7/0x25e0
[  226.890910][T10035]  ? __pfx_aa_sk_perm+0x10/0x10
[  226.890923][T10035]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  226.890938][T10035]  sock_write_iter+0x4fc/0x5b0
[  226.890954][T10035]  ? __pfx_sock_write_iter+0x10/0x10
[  226.890975][T10035]  ? bpf_lsm_file_permission+0x9/0x10
[  226.890985][T10035]  ? security_file_permission+0x71/0x210
[  226.891001][T10035]  ? rw_verify_area+0xcf/0x680
[  226.891018][T10035]  vfs_write+0x5bd/0x1180
[  226.891029][T10035]  ? __pfx_sock_write_iter+0x10/0x10
[  226.891046][T10035]  ? __pfx_vfs_write+0x10/0x10
[  226.891055][T10035]  ? find_held_lock+0x2b/0x80
[  226.891076][T10035]  ksys_write+0x205/0x240
[  226.891086][T10035]  ? __pfx_ksys_write+0x10/0x10
[  226.891097][T10035]  ? rcu_is_watching+0x12/0xc0
[  226.891109][T10035]  __do_fast_syscall_32+0x73/0x120
[  226.891127][T10035]  do_fast_syscall_32+0x32/0x80
[  226.891143][T10035]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  226.891157][T10035] RIP: 0023:0xf7f85579
[  226.891166][T10035] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  226.891177][T10035] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  226.891187][T10035] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000000
[  226.891194][T10035] RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000000000000
[  226.891199][T10035] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  226.891208][T10035] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  226.891217][T10035] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  226.891236][T10035]  </TASK>
[  227.343233][T10049] FAULT_INJECTION: forcing a failure.
[  227.343233][T10049] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  227.347596][T10049] CPU: 0 UID: 0 PID: 10049 Comm: syz.2.1019 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  227.347612][T10049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  227.347618][T10049] Call Trace:
[  227.347622][T10049]  <TASK>
[  227.347627][T10049]  dump_stack_lvl+0x16c/0x1f0
[  227.347646][T10049]  should_fail_ex+0x512/0x640
[  227.347665][T10049]  _copy_to_user+0x32/0xd0
[  227.347676][T10049]  simple_read_from_buffer+0xcb/0x170
[  227.347694][T10049]  proc_fail_nth_read+0x197/0x270
[  227.347710][T10049]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  227.347726][T10049]  ? rw_verify_area+0xcf/0x680
[  227.347741][T10049]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  227.347756][T10049]  vfs_read+0x1de/0xc70
[  227.347768][T10049]  ? __pfx___mutex_lock+0x10/0x10
[  227.347785][T10049]  ? __pfx_vfs_read+0x10/0x10
[  227.347798][T10049]  ? __fget_files+0x20e/0x3c0
[  227.347812][T10049]  ksys_read+0x12a/0x240
[  227.347822][T10049]  ? __pfx_ksys_read+0x10/0x10
[  227.347831][T10049]  ? rcu_is_watching+0x12/0xc0
[  227.347847][T10049]  ? rcu_is_watching+0x12/0xc0
[  227.347859][T10049]  __do_fast_syscall_32+0x73/0x120
[  227.347876][T10049]  do_fast_syscall_32+0x32/0x80
[  227.347892][T10049]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  227.347906][T10049] RIP: 0023:0xf709e579
[  227.347914][T10049] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  227.347925][T10049] RSP: 002b:00000000f508e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  227.347935][T10049] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f508e620
[  227.347941][T10049] RDX: 000000000000000f RSI: 00000000f7402ff4 RDI: 0000000000000000
[  227.347947][T10049] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  227.347953][T10049] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  227.347959][T10049] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  227.347971][T10049]  </TASK>
[  227.414234][ T6000] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  227.499062][T10058] 9pnet_virtio: no channels available for device ./file0/file0
[  227.572127][ T6000] usb 8-1: Using ep0 maxpacket: 8
[  227.574986][ T6000] usb 8-1: config 92 has an invalid interface number: 120 but max is 3
[  227.577624][ T6000] usb 8-1: config 92 has an invalid interface number: 136 but max is 3
[  227.580219][ T6000] usb 8-1: config 92 has an invalid interface number: 22 but max is 3
[  227.587280][ T6000] usb 8-1: config 92 has 3 interfaces, different from the descriptor's value: 4
[  227.590136][ T6000] usb 8-1: config 92 has no interface number 0
[  227.592245][ T6000] usb 8-1: config 92 has no interface number 1
[  227.594271][ T6000] usb 8-1: config 92 has no interface number 2
[  227.596167][ T6000] usb 8-1: config 92 interface 120 altsetting 9 has an invalid endpoint descriptor of length 6, skipping
[  227.599580][ T6000] usb 8-1: config 92 interface 120 altsetting 9 has 4 endpoint descriptors, different from the interface descriptor's value: 0
[  227.603998][ T6000] usb 8-1: config 92 interface 136 altsetting 175 endpoint 0x5 has invalid maxpacket 512, setting to 64
[  227.607431][ T6000] usb 8-1: config 92 interface 136 altsetting 175 has an invalid descriptor for endpoint zero, skipping
[  227.610804][ T6000] usb 8-1: config 92 interface 136 altsetting 175 has a duplicate endpoint with address 0x4, skipping
[  227.614384][ T6000] usb 8-1: config 92 interface 136 altsetting 175 endpoint 0xA has invalid maxpacket 1024, setting to 64
[  227.617796][ T6000] usb 8-1: config 92 interface 136 altsetting 175 has a duplicate endpoint with address 0x3, skipping
[  227.621074][ T6000] usb 8-1: config 92 interface 136 altsetting 175 endpoint 0xC has invalid maxpacket 512, setting to 64
[  227.624636][ T6000] usb 8-1: config 92 interface 136 altsetting 175 bulk endpoint 0x6 has invalid maxpacket 64
[  227.627771][ T6000] usb 8-1: config 92 interface 22 altsetting 129 has a duplicate endpoint with address 0xA, skipping
[  227.631115][ T6000] usb 8-1: config 92 interface 120 has no altsetting 0
[  227.633531][ T6000] usb 8-1: config 92 interface 136 has no altsetting 0
[  227.635696][ T6000] usb 8-1: config 92 interface 22 has no altsetting 0
[  227.639396][ T6000] usb 8-1: New USB device found, idVendor=0bb4, idProduct=0a52, bcdDevice=a0.d0
[  227.642514][ T6000] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.645100][ T6000] usb 8-1: Product: syz
[  227.646418][ T6000] usb 8-1: Manufacturer: syz
[  227.647880][ T6000] usb 8-1: SerialNumber: syz
[  227.654144][T10042] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  227.792133][T10067] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1023'.
[  227.856364][T10070] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1026'.
[  227.920278][T10042] bond0: Error: Cannot enslave bond to itself.
[  228.261867][T10051] ALSA: mixer_oss: invalid index 40000
[  228.642728][T10084] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1029'.
[  228.995546][ T6000] usb 8-1: USB disconnect, device number 23
[  229.623497][T10098] __nla_validate_parse: 1 callbacks suppressed
[  229.623514][T10098] netlink: 200 bytes leftover after parsing attributes in process `syz.3.1032'.
[  230.204385][T10113] netlink: 'syz.0.1036': attribute type 10 has an invalid length.
[  230.207261][T10113] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1036'.
[  230.217372][T10113] team0: Port device geneve0 added
[  230.353822][   T40] kauditd_printk_skb: 255 callbacks suppressed
[  230.353837][   T40] audit: type=1326 audit(1747451560.857:2592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10096 comm="syz.3.1032" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7fc00000
[  230.682088][T10125] can0: slcan on pty20.
[  230.732892][T10124] can0 (unregistered): slcan off pty20.
[  230.764722][T10129] netlink: 'syz.0.1041': attribute type 10 has an invalid length.
[  230.767942][T10129] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1041'.
[  230.770697][T10129] batadv0: entered promiscuous mode
[  230.772402][T10129] batadv0: entered allmulticast mode
[  230.774695][T10129] bridge0: port 2(batadv0) entered blocking state
[  230.776681][T10129] bridge0: port 2(batadv0) entered disabled state
[  230.780004][T10129] bridge0: port 2(batadv0) entered blocking state
[  230.782891][T10129] bridge0: port 2(batadv0) entered forwarding state
[  230.815112][T10133] usb usb8: usbfs: process 10133 (syz.0.1043) did not claim interface 0 before use
[  230.970872][T10144] evm: overlay not supported
[  230.982765][ T8086] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  230.986425][ T8086] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  230.990907][T10141] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1045'.
[  231.115953][T10110] ALSA: mixer_oss: invalid index 40000
[  231.639846][T10170] usb usb8: usbfs: process 10170 (syz.1.1055) did not claim interface 0 before use
[  231.809094][T10177] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1057'.
[  231.851451][T10179] binder: 10178:10179 ioctl 4018620d 0 returned -22
[  231.883339][T10181] netlink: 724 bytes leftover after parsing attributes in process `syz.1.1060'.
[  231.979506][T10177] syz.3.1057 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  231.999770][T10185] bond0: entered promiscuous mode
[  232.001455][T10185] bond_slave_0: entered promiscuous mode
[  232.018027][T10185] bond_slave_1: entered promiscuous mode
[  232.020710][T10185] batadv0: entered promiscuous mode
[  232.034508][T10185] bond0: left promiscuous mode
[  232.036062][T10185] bond_slave_0: left promiscuous mode
[  232.037836][T10185] bond_slave_1: left promiscuous mode
[  232.040197][T10191] FAULT_INJECTION: forcing a failure.
[  232.040197][T10191] name failslab, interval 1, probability 0, space 0, times 0
[  232.047251][T10191] CPU: 1 UID: 0 PID: 10191 Comm: syz.1.1061 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  232.047276][T10191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  232.047285][T10191] Call Trace:
[  232.047290][T10191]  <TASK>
[  232.047295][T10191]  dump_stack_lvl+0x16c/0x1f0
[  232.047348][T10191]  should_fail_ex+0x512/0x640
[  232.047377][T10191]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  232.047400][T10191]  should_failslab+0xc2/0x120
[  232.047422][T10191]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  232.047442][T10191]  ? __alloc_skb+0x2b2/0x380
[  232.047464][T10191]  __alloc_skb+0x2b2/0x380
[  232.047481][T10191]  ? __pfx___alloc_skb+0x10/0x10
[  232.047500][T10191]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  232.047525][T10191]  netlink_alloc_large_skb+0x69/0x130
[  232.047547][T10191]  netlink_sendmsg+0x6a1/0xdd0
[  232.047571][T10191]  ? __pfx_netlink_sendmsg+0x10/0x10
[  232.047589][T10191]  ? __import_iovec+0x1c8/0x660
[  232.047602][T10191]  ____sys_sendmsg+0xa98/0xc70
[  232.047620][T10191]  ? __pfx_____sys_sendmsg+0x10/0x10
[  232.047635][T10191]  ? get_compat_msghdr+0x11a/0x170
[  232.047654][T10191]  ___sys_sendmsg+0x134/0x1d0
[  232.047667][T10191]  ? __pfx____sys_sendmsg+0x10/0x10
[  232.047696][T10191]  __sys_sendmsg+0x16d/0x220
[  232.047709][T10191]  ? __pfx___sys_sendmsg+0x10/0x10
[  232.047736][T10191]  ? rcu_is_watching+0x12/0xc0
[  232.047754][T10191]  __do_fast_syscall_32+0x73/0x120
[  232.047780][T10191]  do_fast_syscall_32+0x32/0x80
[  232.047802][T10191]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  232.047821][T10191] RIP: 0023:0xf709e579
[  232.047836][T10191] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  232.047852][T10191] RSP: 002b:00000000f504c55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  232.047868][T10191] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800002c0
[  232.047878][T10191] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[  232.047886][T10191] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  232.047895][T10191] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  232.047904][T10191] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  232.047925][T10191]  </TASK>
[  232.048713][T10185] batadv0: left promiscuous mode
[  232.069143][T10193] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1063'.
[  232.232077][T10200] netlink: 'syz.0.1064': attribute type 10 has an invalid length.
[  232.242975][  T836] usb 7-1: new full-speed USB device number 17 using dummy_hcd
[  232.410333][T10212] syz.3.1068: attempt to access beyond end of device
[  232.410333][T10212] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0
[  232.414922][  T836] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  232.416038][T10212] syz.3.1068: attempt to access beyond end of device
[  232.416038][T10212] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0
[  232.420024][  T836] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  232.428614][  T836] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 115, setting to 64
[  232.437236][  T836] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  232.443250][  T836] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  232.446128][  T836] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  232.448671][  T836] usb 7-1: Manufacturer: syz
[  232.459241][  T836] usb 7-1: config 0 descriptor??
[  232.467915][T10212] FAULT_INJECTION: forcing a failure.
[  232.467915][T10212] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  232.472627][T10212] CPU: 3 UID: 0 PID: 10212 Comm: syz.3.1068 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  232.472648][T10212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  232.472655][T10212] Call Trace:
[  232.472659][T10212]  <TASK>
[  232.472663][T10212]  dump_stack_lvl+0x16c/0x1f0
[  232.472684][T10212]  should_fail_ex+0x512/0x640
[  232.472702][T10212]  _copy_from_user+0x2e/0xd0
[  232.472719][T10212]  get_compat_msghdr+0xa7/0x170
[  232.472733][T10212]  ? __pfx_get_compat_msghdr+0x10/0x10
[  232.472746][T10212]  ? __lock_acquire+0x5ca/0x1ba0
[  232.472763][T10212]  ___sys_recvmsg+0x191/0x1a0
[  232.472777][T10212]  ? __pfx____sys_recvmsg+0x10/0x10
[  232.472798][T10212]  ? get_pid_task+0x80/0x250
[  232.472812][T10212]  ? __pfx___might_resched+0x10/0x10
[  232.472827][T10212]  do_recvmmsg+0x568/0x740
[  232.472842][T10212]  ? __pfx_do_recvmmsg+0x10/0x10
[  232.472863][T10212]  ? __fget_files+0x20e/0x3c0
[  232.472875][T10212]  __sys_recvmmsg+0x21c/0x280
[  232.472889][T10212]  ? __pfx___sys_recvmmsg+0x10/0x10
[  232.472902][T10212]  ? __pfx_ksys_write+0x10/0x10
[  232.472915][T10212]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  232.472928][T10212]  ? lockdep_hardirqs_on+0x7c/0x110
[  232.472943][T10212]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  232.472959][T10212]  __do_fast_syscall_32+0x73/0x120
[  232.472977][T10212]  do_fast_syscall_32+0x32/0x80
[  232.472993][T10212]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  232.473006][T10212] RIP: 0023:0xf7f85579
[  232.473014][T10212] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  232.473024][T10212] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  232.473035][T10212] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000800066c0
[  232.473046][T10212] RDX: 0000000000000a0d RSI: 0000000000000000 RDI: 0000000000000000
[  232.473052][T10212] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  232.473058][T10212] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  232.473063][T10212] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  232.473076][T10212]  </TASK>
[  232.605258][ T5947] Bluetooth: hci1: SCO packet for unknown connection handle 201
[  232.626006][T10224] usb usb8: usbfs: process 10224 (syz.3.1072) did not claim interface 0 before use
[  232.675238][T10225] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1071'.
[  232.722190][  T836] rc_core: IR keymap rc-hauppauge not found
[  232.725019][  T836] Registered IR keymap rc-empty
[  232.728330][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  232.752398][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  232.772705][  T836] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[  232.777279][  T836] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input48
[  232.788609][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  232.802262][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  232.821843][T10236] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1071'.
[  232.832395][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  232.852477][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  232.872617][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  232.893935][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  232.912416][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  232.953248][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  232.992454][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  233.012794][  T836] mceusb 7-1:0.0: Error: mce write urb status = -71
[  233.043504][  T836] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  233.048166][  T836] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  233.054333][  T836] usb 7-1: USB disconnect, device number 17
[  233.789197][T10240] ALSA: mixer_oss: invalid index 40000
[  233.919461][T10270] 9pnet_virtio: no channels available for device ./file0/file0
[  234.336149][T10282] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1084'.
[  234.710884][   T40] audit: type=1326 audit(1747451565.207:2593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10292 comm="syz.1.1090" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  234.717862][   T40] audit: type=1326 audit(1747451565.207:2594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10292 comm="syz.1.1090" exe="/syz-executor" sig=0 arch=40000003 syscall=355 compat=1 ip=0xf709e579 code=0x7ffc0000
[  234.724591][   T40] audit: type=1326 audit(1747451565.207:2595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10292 comm="syz.1.1090" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  234.731358][   T40] audit: type=1326 audit(1747451565.207:2596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10292 comm="syz.1.1090" exe="/syz-executor" sig=0 arch=40000003 syscall=175 compat=1 ip=0xf709e579 code=0x7ffc0000
[  234.738780][   T40] audit: type=1326 audit(1747451565.207:2597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10292 comm="syz.1.1090" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  234.745500][   T40] audit: type=1326 audit(1747451565.207:2598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10292 comm="syz.1.1090" exe="/syz-executor" sig=0 arch=40000003 syscall=97 compat=1 ip=0xf709e579 code=0x7ffc0000
[  234.752206][   T40] audit: type=1326 audit(1747451565.207:2599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10292 comm="syz.1.1090" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  234.758879][   T40] audit: type=1326 audit(1747451565.217:2600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10292 comm="syz.1.1090" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x7ffc0000
[  235.297463][T10304] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1093'.
[  235.441956][T10308] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1093'.
[  235.818326][T10315] usb usb8: usbfs: process 10315 (syz.3.1095) did not claim interface 0 before use
[  237.333819][T10355] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1106'.
[  238.078272][T10348] ALSA: mixer_oss: invalid index 40000
[  238.251724][T10372] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1109'.
[  238.845205][T10385] kvm: user requested TSC rate below hardware speed
[  238.849296][T10385] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  239.157527][T10398] fuse: Bad value for 'fd'
[  239.254099][T10407] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1119'.
[  239.526981][T10415] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1122'.
[  240.364883][T10421] hsr0: entered promiscuous mode
[  240.366862][T10421] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1124'.
[  240.371647][T10421] hsr_slave_0: left promiscuous mode
[  240.374472][T10421] hsr_slave_1: left promiscuous mode
[  240.387405][T10421] hsr0 (unregistering): left promiscuous mode
[  240.420828][   T40] audit: type=1800 audit(1747451570.917:2601): pid=10424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1124" name="bus" dev="tmpfs" ino=2 res=0 errno=0
[  240.630784][T10436] 9pnet_virtio: no channels available for device ./file0/file0
[  240.900182][T10442] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1130'.
[  241.128377][T10449] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1132'.
[  241.831317][T10457] fuse: Bad value for 'fd'
[  241.997368][T10462] random: crng reseeded on system resumption
[  242.039570][T10465] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  242.436602][T10476] 9pnet_virtio: no channels available for device ./file0/file0
[  242.797497][T10483] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1141'.
[  243.214841][T10473] ALSA: mixer_oss: invalid index 40000
[  243.284329][T10489] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  243.301287][T10489] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1143'.
[  243.367668][T10498] overlay: Unknown parameter '
'
[  243.382471][T10498] overlay: Unknown parameter '
'
[  243.387903][T10498] overlay: Unknown parameter '
'
[  243.400156][T10498] overlay: Unknown parameter '
'
[  243.417904][T10498] overlay: Unknown parameter '
'
[  243.419418][T10505] usb usb8: usbfs: process 10505 (syz.1.1149) did not claim interface 0 before use
[  243.424058][T10498] overlay: Unknown parameter '
'
[  243.469478][T10508] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  243.476187][T10508] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  243.502510][T10498] overlay: Unknown parameter '
'
[  243.504965][T10498] overlay: Unknown parameter '
'
[  243.507182][T10498] overlay: Unknown parameter '
'
[  243.511152][T10498] overlay: Unknown parameter '
'
[  243.515591][T10498] overlay: Unknown parameter '
'
[  243.518327][T10498] overlay: Unknown parameter '
'
[  243.521222][T10498] overlay: Unknown parameter '
'
[  243.526318][T10498] overlay: Unknown parameter '
'
[  243.537376][T10498] overlay: Unknown parameter '
'
[  243.540959][T10498] overlay: Unknown parameter '
'
[  243.557189][T10498] overlay: Unknown parameter '
'
[  243.559744][T10498] overlay: Unknown parameter '
'
[  243.566607][T10511] netlink: 'syz.0.1151': attribute type 10 has an invalid length.
[  243.569706][T10511] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1151'.
[  243.572678][T10498] overlay: Unknown parameter '
'
[  243.575582][T10498] overlay: Unknown parameter '
'
[  243.582322][T10498] overlay: Unknown parameter '
'
[  243.584679][T10498] overlay: Unknown parameter '
'
[  243.588723][T10498] overlay: Unknown parameter '
'
[  243.590885][T10498] overlay: Unknown parameter '
'
[  243.596493][T10498] overlay: Unknown parameter '
'
[  243.598420][T10498] overlay: Unknown parameter '
'
[  243.600368][T10498] overlay: Unknown parameter '
'
[  243.603254][T10498] overlay: Unknown parameter '
'
[  243.605957][T10498] overlay: Unknown parameter '
'
[  243.608071][T10498] overlay: Unknown parameter '
'
[  243.610165][T10498] overlay: Unknown parameter '
'
[  243.612302][T10498] overlay: Unknown parameter '
'
[  243.614423][T10498] overlay: Unknown parameter '
'
[  243.616241][T10498] overlay: Unknown parameter '
'
[  243.617733][T10515] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1153'.
[  243.626045][T10498] overlay: Unknown parameter '
'
[  243.628197][T10498] overlay: Unknown parameter '
'
[  243.630079][T10498] overlay: Unknown parameter '
'
[  243.632659][T10498] overlay: Unknown parameter '
'
[  243.642394][T10498] overlay: Unknown parameter '
'
[  243.652343][T10498] overlay: Unknown parameter '
'
[  243.655018][T10498] overlay: Unknown parameter '
'
[  243.656486][T10519] 9pnet_virtio: no channels available for device ./file0/file0
[  243.657620][ T5947] Bluetooth: hci2: SCO packet for unknown connection handle 201
[  243.659638][T10498] overlay: Unknown parameter '
'
[  243.672296][T10498] overlay: Unknown parameter '
'
[  243.684847][T10498] overlay: Unknown parameter '
'
[  243.687170][T10498] overlay: Unknown parameter '
'
[  243.689487][T10498] overlay: Unknown parameter '
'
[  243.691799][T10498] overlay: Unknown parameter '
'
[  243.698314][T10498] overlay: Unknown parameter '
'
[  243.701509][T10498] overlay: Unknown parameter '
'
[  243.704284][T10498] overlay: Unknown parameter '
'
[  243.706584][T10498] overlay: Unknown parameter '
'
[  243.709046][T10498] overlay: Unknown parameter '
'
[  243.711492][T10498] overlay: Unknown parameter '
'
[  243.721389][T10520] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1154'.
[  243.722508][T10498] overlay: Unknown parameter '
'
[  243.732502][T10498] overlay: Unknown parameter '
'
[  243.736959][T10498] overlay: Unknown parameter '
'
[  243.739553][T10498] overlay: Unknown parameter '
'
[  243.741973][T10498] overlay: Unknown parameter '
'
[  243.757171][T10498] overlay: Unknown parameter '
'
[  243.759533][T10498] overlay: Unknown parameter '
'
[  243.761971][T10498] overlay: Unknown parameter '
'
[  243.764723][T10498] overlay: Unknown parameter '
'
[  243.767119][T10498] overlay: Unknown parameter '
'
[  243.769681][T10498] overlay: Unknown parameter '
'
[  243.774913][T10498] overlay: Unknown parameter '
'
[  243.846053][T10525] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1154'.
[  243.944746][T10529] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1155'.
[  244.412349][T10512] ALSA: mixer_oss: invalid index 40000
[  244.548599][T10536] openvswitch: netlink: Missing valid actions attribute.
[  244.551778][T10536] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  245.071848][T10553] usb usb8: usbfs: process 10553 (syz.0.1161) did not claim interface 0 before use
[  245.212278][T10560] 9pnet_virtio: no channels available for device syz
[  245.215201][T10560] 9pnet_virtio: no channels available for device syz
[  245.218088][T10560] 9pnet_virtio: no channels available for device syz
[  245.220574][T10560] 9pnet_virtio: no channels available for device syz
[  245.223537][T10560] 9pnet_virtio: no channels available for device syz
[  245.225916][T10560] 9pnet_virtio: no channels available for device syz
[  245.228285][T10560] 9pnet_virtio: no channels available for device syz
[  245.230701][T10560] 9pnet_virtio: no channels available for device syz
[  245.233323][T10560] 9pnet_virtio: no channels available for device syz
[  245.235881][T10560] 9pnet_virtio: no channels available for device syz
[  245.238267][T10560] 9pnet_virtio: no channels available for device syz
[  245.240556][T10560] 9pnet_virtio: no channels available for device syz
[  245.243013][T10560] 9pnet_virtio: no channels available for device syz
[  245.245287][T10560] 9pnet_virtio: no channels available for device syz
[  245.247537][T10560] 9pnet_virtio: no channels available for device syz
[  245.249865][T10560] 9pnet_virtio: no channels available for device syz
[  245.252187][T10560] 9pnet_virtio: no channels available for device syz
[  245.254471][T10560] 9pnet_virtio: no channels available for device syz
[  245.256730][T10560] 9pnet_virtio: no channels available for device syz
[  245.258997][T10560] 9pnet_virtio: no channels available for device syz
[  245.261356][T10560] 9pnet_virtio: no channels available for device syz
[  245.263706][T10560] 9pnet_virtio: no channels available for device syz
[  245.265958][T10560] 9pnet_virtio: no channels available for device syz
[  245.268208][T10560] 9pnet_virtio: no channels available for device syz
[  245.270469][T10560] 9pnet_virtio: no channels available for device syz
[  245.272836][T10560] 9pnet_virtio: no channels available for device syz
[  245.275120][T10560] 9pnet_virtio: no channels available for device syz
[  245.277401][T10560] 9pnet_virtio: no channels available for device syz
[  245.279655][T10560] 9pnet_virtio: no channels available for device syz
[  245.281923][T10560] 9pnet_virtio: no channels available for device syz
[  245.284326][T10560] 9pnet_virtio: no channels available for device syz
[  245.286591][T10560] 9pnet_virtio: no channels available for device syz
[  245.288854][T10560] 9pnet_virtio: no channels available for device syz
[  245.291127][T10560] 9pnet_virtio: no channels available for device syz
[  245.293477][T10560] 9pnet_virtio: no channels available for device syz
[  245.295793][T10560] 9pnet_virtio: no channels available for device syz
[  245.298089][T10560] 9pnet_virtio: no channels available for device syz
[  245.300445][T10560] 9pnet_virtio: no channels available for device syz
[  245.303197][T10560] 9pnet_virtio: no channels available for device syz
[  245.305505][T10560] 9pnet_virtio: no channels available for device syz
[  245.308049][T10560] 9pnet_virtio: no channels available for device syz
[  245.310328][T10560] 9pnet_virtio: no channels available for device syz
[  245.312671][T10560] 9pnet_virtio: no channels available for device syz
[  245.314896][T10560] 9pnet_virtio: no channels available for device syz
[  245.317199][T10560] 9pnet_virtio: no channels available for device syz
[  245.319523][T10560] 9pnet_virtio: no channels available for device syz
[  245.321795][T10560] 9pnet_virtio: no channels available for device syz
[  245.324125][T10560] 9pnet_virtio: no channels available for device syz
[  245.326393][T10560] 9pnet_virtio: no channels available for device syz
[  245.328646][T10560] 9pnet_virtio: no channels available for device syz
[  245.330989][T10560] 9pnet_virtio: no channels available for device syz
[  245.333334][T10560] 9pnet_virtio: no channels available for device syz
[  245.335634][T10560] 9pnet_virtio: no channels available for device syz
[  245.337910][T10560] 9pnet_virtio: no channels available for device syz
[  245.340184][T10560] 9pnet_virtio: no channels available for device syz
[  245.342509][T10560] 9pnet_virtio: no channels available for device syz
[  245.344807][T10560] 9pnet_virtio: no channels available for device syz
[  245.347104][T10560] 9pnet_virtio: no channels available for device syz
[  245.349377][T10560] 9pnet_virtio: no channels available for device syz
[  245.351637][T10560] 9pnet_virtio: no channels available for device syz
[  245.354032][T10560] 9pnet_virtio: no channels available for device syz
[  245.356282][T10560] 9pnet_virtio: no channels available for device syz
[  245.358569][T10560] 9pnet_virtio: no channels available for device syz
[  245.360854][T10560] 9pnet_virtio: no channels available for device syz
[  245.764822][T10568] __nla_validate_parse: 1 callbacks suppressed
[  245.764852][T10568] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1163'.
[  245.961867][T10572] usb usb8: usbfs: process 10572 (syz.3.1165) did not claim interface 0 before use
[  246.144105][ T5947] Bluetooth: hci3: SCO packet for unknown connection handle 201
[  246.209053][T10586] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1169'.
[  246.327752][T10589] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1169'.
[  246.468709][T10596] FAULT_INJECTION: forcing a failure.
[  246.468709][T10596] name failslab, interval 1, probability 0, space 0, times 0
[  246.492278][T10596] CPU: 0 UID: 0 PID: 10596 Comm: syz.0.1171 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  246.492305][T10596] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  246.492315][T10596] Call Trace:
[  246.492322][T10596]  <TASK>
[  246.492329][T10596]  dump_stack_lvl+0x16c/0x1f0
[  246.492359][T10596]  should_fail_ex+0x512/0x640
[  246.492412][T10596]  should_failslab+0xc2/0x120
[  246.492434][T10596]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  246.492454][T10596]  ? skb_clone+0x190/0x3f0
[  246.492480][T10596]  skb_clone+0x190/0x3f0
[  246.492501][T10596]  netlink_deliver_tap+0xabd/0xd30
[  246.492528][T10596]  netlink_unicast+0x5df/0x7f0
[  246.492553][T10596]  ? __pfx_netlink_unicast+0x10/0x10
[  246.492582][T10596]  netlink_sendmsg+0x8d1/0xdd0
[  246.492608][T10596]  ? __pfx_netlink_sendmsg+0x10/0x10
[  246.492631][T10596]  ? __import_iovec+0x1c8/0x660
[  246.492653][T10596]  ____sys_sendmsg+0xa98/0xc70
[  246.492680][T10596]  ? __pfx_____sys_sendmsg+0x10/0x10
[  246.492704][T10596]  ? get_compat_msghdr+0x11a/0x170
[  246.492737][T10596]  ___sys_sendmsg+0x134/0x1d0
[  246.492759][T10596]  ? __pfx____sys_sendmsg+0x10/0x10
[  246.492827][T10596]  __sys_sendmsg+0x16d/0x220
[  246.492850][T10596]  ? __pfx___sys_sendmsg+0x10/0x10
[  246.492882][T10596]  ? rcu_is_watching+0x12/0xc0
[  246.492903][T10596]  __do_fast_syscall_32+0x73/0x120
[  246.492937][T10596]  do_fast_syscall_32+0x32/0x80
[  246.492962][T10596]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  246.492983][T10596] RIP: 0023:0xf7f14579
[  246.492997][T10596] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  246.493012][T10596] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  246.493029][T10596] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  246.493039][T10596] RDX: 000000000000c000 RSI: 0000000000000000 RDI: 0000000000000000
[  246.493049][T10596] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  246.493058][T10596] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  246.493068][T10596] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  246.493090][T10596]  </TASK>
[  246.494466][T10596] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  246.696534][T10606] loop2: detected capacity change from 0 to 7
[  246.703846][ T5949]  loop2:
[  246.704925][ T5949] loop2: partition table partially beyond EOD, truncated
[  246.711050][T10606]  loop2:
[  246.711778][T10607] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1172'.
[  246.713232][T10606] loop2: partition table partially beyond EOD, truncated
[  246.792235][T10613] usb usb8: usbfs: process 10613 (syz.1.1177) did not claim interface 0 before use
[  246.973785][T10619] usb usb8: usbfs: process 10619 (syz.1.1178) did not claim interface 0 before use
[  247.148560][T10622] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1179'.
[  247.702210][  T836] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  247.852345][  T836] usb 5-1: Using ep0 maxpacket: 8
[  247.856189][  T836] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  247.858953][  T836] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  247.863453][  T836] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  247.867626][  T836] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  247.871071][  T836] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  247.875223][  T836] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  247.878481][  T836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.030415][T10628] syz.1.1180 (10628) used greatest stack depth: 19192 bytes left
[  248.084724][  T836] usb 5-1: GET_CAPABILITIES returned 0
[  248.086486][  T836] usbtmc 5-1:16.0: can't read capabilities
[  248.642188][T10640] usbtmc 5-1:16.0: usb_control_msg returned -32
[  248.704750][T10648] FAULT_INJECTION: forcing a failure.
[  248.704750][T10648] name failslab, interval 1, probability 0, space 0, times 0
[  248.710714][T10648] CPU: 1 UID: 0 PID: 10648 Comm: syz.1.1187 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  248.710738][T10648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  248.710749][T10648] Call Trace:
[  248.710755][T10648]  <TASK>
[  248.710762][T10648]  dump_stack_lvl+0x16c/0x1f0
[  248.710793][T10648]  should_fail_ex+0x512/0x640
[  248.710817][T10648]  ? __kvmalloc_node_noprof+0x122/0x600
[  248.710840][T10648]  should_failslab+0xc2/0x120
[  248.710861][T10648]  __kvmalloc_node_noprof+0x135/0x600
[  248.710880][T10648]  ? rcu_is_watching+0x12/0xc0
[  248.710897][T10648]  ? alloc_netdev_mqs+0xd2/0x1570
[  248.710923][T10648]  ? __pfx_xfrmi_dev_setup+0x10/0x10
[  248.710942][T10648]  ? alloc_netdev_mqs+0xd2/0x1570
[  248.710963][T10648]  alloc_netdev_mqs+0xd2/0x1570
[  248.710990][T10648]  rtnl_create_link+0xc10/0xfa0
[  248.711017][T10648]  rtnl_newlink+0xb69/0x2000
[  248.711047][T10648]  ? __pfx_rtnl_newlink+0x10/0x10
[  248.711081][T10648]  ? kfree_skbmem+0x1a4/0x1f0
[  248.711116][T10648]  ? rcu_is_watching+0x12/0xc0
[  248.711133][T10648]  ? trace_cap_capable+0x18d/0x200
[  248.711158][T10648]  ? find_held_lock+0x2b/0x80
[  248.711174][T10648]  ? __pfx_rtnl_newlink+0x10/0x10
[  248.711194][T10648]  ? __pfx_rtnl_newlink+0x10/0x10
[  248.711213][T10648]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  248.711235][T10648]  ? __pfx_rtnl_newlink+0x10/0x10
[  248.711258][T10648]  rtnetlink_rcv_msg+0x95e/0xe90
[  248.711281][T10648]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  248.711317][T10648]  netlink_rcv_skb+0x16d/0x440
[  248.711341][T10648]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  248.711365][T10648]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  248.711403][T10648]  ? netlink_deliver_tap+0x1ae/0xd30
[  248.711430][T10648]  netlink_unicast+0x53a/0x7f0
[  248.711456][T10648]  ? __pfx_netlink_unicast+0x10/0x10
[  248.711486][T10648]  netlink_sendmsg+0x8d1/0xdd0
[  248.711514][T10648]  ? __pfx_netlink_sendmsg+0x10/0x10
[  248.711539][T10648]  ? __import_iovec+0x1c8/0x660
[  248.711562][T10648]  ____sys_sendmsg+0xa98/0xc70
[  248.711590][T10648]  ? __pfx_____sys_sendmsg+0x10/0x10
[  248.711614][T10648]  ? get_compat_msghdr+0x11a/0x170
[  248.711651][T10648]  ___sys_sendmsg+0x134/0x1d0
[  248.711674][T10648]  ? __pfx____sys_sendmsg+0x10/0x10
[  248.711734][T10648]  __sys_sendmsg+0x16d/0x220
[  248.711756][T10648]  ? __pfx___sys_sendmsg+0x10/0x10
[  248.711788][T10648]  ? rcu_is_watching+0x12/0xc0
[  248.711808][T10648]  __do_fast_syscall_32+0x73/0x120
[  248.711837][T10648]  do_fast_syscall_32+0x32/0x80
[  248.711862][T10648]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  248.711884][T10648] RIP: 0023:0xf709e579
[  248.711897][T10648] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  248.711913][T10648] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  248.711929][T10648] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  248.711940][T10648] RDX: 000000002000c0d0 RSI: 0000000000000000 RDI: 0000000000000000
[  248.711949][T10648] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  248.711959][T10648] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  248.711969][T10648] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  248.711993][T10648]  </TASK>
[  248.828601][    C1] vkms_vblank_simulate: vblank timer overrun
[  248.884653][ T5947] Bluetooth: hci1: SCO packet for unknown connection handle 201
[  248.938428][T10654] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1190'.
[  249.024580][T10657] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1190'.
[  249.173741][T10659] usb usb8: usbfs: process 10659 (syz.3.1191) did not claim interface 0 before use
[  250.555739][T10675] trusted_key: encrypted_key: insufficient parameters specified
[  250.560103][T10675] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1195'.
[  250.610232][  T836] usb 5-1: USB disconnect, device number 11
[  250.965164][T10688] lo speed is unknown, defaulting to 1000
[  251.234351][T10706] usb usb8: usbfs: process 10706 (syz.0.1201) did not claim interface 0 before use
[  251.624120][ T5947] Bluetooth: hci3: SCO packet for unknown connection handle 201
[  251.705021][T10731] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1204'.
[  251.782165][T10734] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1204'.
[  252.259998][T10737] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1206'.
[  253.081190][T10739] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1207'.
[  253.157305][T10750] usb usb8: usbfs: process 10750 (syz.1.1211) did not claim interface 0 before use
[  253.451432][T10758] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1212'.
[  254.466366][T10771] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1216'.
[  255.155139][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  255.157701][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  255.598260][T10781] netlink: 'syz.3.1220': attribute type 10 has an invalid length.
[  255.600531][T10781] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1220'.
[  255.618669][T10781] team0: Port device geneve0 added
[  255.751660][T10786] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.776634][T10787] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1221'.
[  255.831274][T10786] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.984475][T10786] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.094062][T10786] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.186892][T10786] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  256.197980][T10786] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  256.208745][T10786] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  256.216464][T10786] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  256.245398][T10789] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1222'.
[  256.248262][T10789] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1222'.
[  257.373677][T10802] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1226'.
[  257.441588][T10803] syz.1.1225: attempt to access beyond end of device
[  257.441588][T10803] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  259.202126][ T1021] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  259.249420][T10822] ALSA: mixer_oss: invalid index 40000
[  259.437890][ T1021] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  259.441241][ T1021] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 12335, setting to 1024
[  259.444593][ T1021] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  259.447591][ T1021] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  259.450225][ T1021] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.454521][T10827] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  259.459252][ T1021] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  261.792095][ T5947] Bluetooth: hci1: command 0x0c1a tx timeout
[  261.794132][T10827] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  261.939734][T10827] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  261.942450][T10827] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  261.961102][   T57] usb 6-1: USB disconnect, device number 13
[  262.292624][T10846] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1238'.
[  263.749293][T10856] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1241'.
[  263.772685][T10847] ALSA: mixer_oss: invalid index 40000
[  263.859604][T10833] udevd[10833]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  263.873205][T10828] udevd[10828]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  263.882419][ T5947] Bluetooth: hci2: command 0x0c1a tx timeout
[  263.903366][ T5947] Bluetooth: hci1: SCO packet for unknown connection handle 201
[  263.962111][ T5947] Bluetooth: hci3: command 0x0405 tx timeout
[  264.023033][T10863] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1242'.
[  264.214843][ T5947] Bluetooth: hci3: SCO packet for unknown connection handle 201
[  264.230757][ T5943] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  264.237265][T10865] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1242'.
[  264.245239][ T5943] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  264.250691][ T5943] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  264.261861][ T5943] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  264.276616][ T5943] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  264.293981][T10871] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1244'.
[  264.363127][T10869] lo speed is unknown, defaulting to 1000
[  264.423431][T10873] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1244'.
[  264.551370][T10869] chnl_net:caif_netlink_parms(): no params data found
[  264.665074][T10869] bridge0: port 1(bridge_slave_0) entered blocking state
[  264.668011][T10869] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.670838][T10869] bridge_slave_0: entered allmulticast mode
[  264.674821][T10869] bridge_slave_0: entered promiscuous mode
[  264.678706][T10869] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.681537][T10869] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.684563][T10869] bridge_slave_1: entered allmulticast mode
[  264.687866][T10869] bridge_slave_1: entered promiscuous mode
[  264.724602][T10869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  264.729243][T10869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  264.794398][T10869] team0: Port device team_slave_0 added
[  264.798928][T10869] team0: Port device team_slave_1 added
[  264.837120][T10869] batman_adv: batadv0: Adding interface: batadv_slave_0
[  264.839353][T10869] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  264.847578][T10869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  264.851939][T10869] batman_adv: batadv0: Adding interface: batadv_slave_1
[  264.854284][T10869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  264.862897][T10869] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  264.903635][T10869] hsr_slave_0: entered promiscuous mode
[  264.905925][T10869] hsr_slave_1: entered promiscuous mode
[  265.044930][T10869] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  265.058142][T10869] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  265.062584][T10869] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  265.067145][T10869] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  265.079092][T10869] bridge0: port 2(bridge_slave_1) entered blocking state
[  265.081377][T10869] bridge0: port 2(bridge_slave_1) entered forwarding state
[  265.083923][T10869] bridge0: port 1(bridge_slave_0) entered blocking state
[  265.086228][T10869] bridge0: port 1(bridge_slave_0) entered forwarding state
[  265.121610][T10869] 8021q: adding VLAN 0 to HW filter on device bond0
[  265.131733][ T8087] bridge0: port 1(bridge_slave_0) entered disabled state
[  265.135911][ T8087] bridge0: port 2(bridge_slave_1) entered disabled state
[  265.153194][T10869] 8021q: adding VLAN 0 to HW filter on device team0
[  265.161042][ T8087] bridge0: port 1(bridge_slave_0) entered blocking state
[  265.163531][ T8087] bridge0: port 1(bridge_slave_0) entered forwarding state
[  265.170739][ T8087] bridge0: port 2(bridge_slave_1) entered blocking state
[  265.173132][ T8087] bridge0: port 2(bridge_slave_1) entered forwarding state
[  265.309427][T10869] 8021q: adding VLAN 0 to HW filter on device batadv0
[  265.486391][T10894] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6
[  265.523804][T10869] veth0_vlan: entered promiscuous mode
[  265.531168][T10869] veth1_vlan: entered promiscuous mode
[  265.554199][T10869] veth0_macvtap: entered promiscuous mode
[  265.558965][T10869] veth1_macvtap: entered promiscuous mode
[  265.570432][T10869] batman_adv: batadv0: Interface activated: batadv_slave_0
[  265.577190][T10869] batman_adv: batadv0: Interface activated: batadv_slave_1
[  265.583285][T10869] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  265.586200][T10869] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  265.589312][T10869] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  265.592149][T10869] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  265.665030][ T8083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  265.667544][ T8083] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  265.690903][ T8083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  265.693780][ T8083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  265.804174][T10903] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1248'.
[  266.117425][T10906] bridge_slave_0: left allmulticast mode
[  266.119423][T10906] bridge_slave_0: left promiscuous mode
[  266.121643][T10906] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.129499][T10906] bridge_slave_1: left allmulticast mode
[  266.131938][T10906] bridge_slave_1: left promiscuous mode
[  266.134570][T10906] bridge0: port 2(bridge_slave_1) entered disabled state
[  266.147166][T10906] bond0: (slave bond_slave_0): Releasing backup interface
[  266.154704][T10906] bond0: (slave bond_slave_1): Releasing backup interface
[  266.177682][T10906] team0: Port device team_slave_0 removed
[  266.187879][T10906] team0: Port device team_slave_1 removed
[  266.191436][T10906] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  266.194163][T10906] batman_adv: batadv0: Removing interface: batadv_slave_0
[  266.197411][T10906] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  266.199952][T10906] batman_adv: batadv0: Removing interface: batadv_slave_1
[  266.362426][ T5947] Bluetooth: hci4: command tx timeout
[  266.806809][   T40] audit: type=1326 audit(1747451597.247:2602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10914 comm="syz.4.1252" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  266.842169][   T40] audit: type=1326 audit(1747451597.247:2603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10914 comm="syz.4.1252" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  266.848979][   T40] audit: type=1326 audit(1747451597.247:2604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10914 comm="syz.4.1252" exe="/syz-executor" sig=0 arch=40000003 syscall=163 compat=1 ip=0xf703e579 code=0x7ffc0000
[  266.855982][   T40] audit: type=1326 audit(1747451597.247:2605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10914 comm="syz.4.1252" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  266.862736][   T40] audit: type=1326 audit(1747451597.247:2606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10914 comm="syz.4.1252" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  266.869352][   T40] audit: type=1326 audit(1747451597.247:2607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10914 comm="syz.4.1252" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf703e579 code=0x7ffc0000
[  266.875996][   T40] audit: type=1326 audit(1747451597.337:2608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10914 comm="syz.4.1252" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  266.882591][   T40] audit: type=1326 audit(1747451597.337:2609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10914 comm="syz.4.1252" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  266.918270][ T5943] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  266.923967][ T5943] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  266.927777][ T5943] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  266.938300][ T5943] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  266.940973][   T40] audit: type=1326 audit(1747451597.447:2610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10914 comm="syz.4.1252" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf703e579 code=0x7ffc0000
[  266.948680][   T40] audit: type=1326 audit(1747451597.447:2611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10914 comm="syz.4.1252" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  266.951343][ T5943] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  267.006808][T10921] lo speed is unknown, defaulting to 1000
[  267.291176][T10927] ==================================================================
[  267.293753][T10927] BUG: KASAN: global-out-of-bounds in fib6_ifdown+0x7f5/0x8f0
[  267.296084][T10927] Read of size 8 at addr ffffffff9af83c90 by task syz.4.1252/10927
[  267.300131][T10927] 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  267.301266][T10927] CPU: 1 UID: 0 PID: 10927 Comm: syz.4.1252 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  267.301281][T10927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  267.301288][T10927] Call Trace:
[  267.301292][T10927]  <TASK>
[  267.301297][T10927]  dump_stack_lvl+0x116/0x1f0
[  267.301316][T10927]  print_report+0xc3/0x670
[  267.301330][T10927]  ? __virt_addr_valid+0x5e/0x590
[  267.301345][T10927]  ? __phys_addr+0xc6/0x150
[  267.301360][T10927]  ? fib6_ifdown+0x7f5/0x8f0
[  267.301373][T10927]  kasan_report+0xe0/0x110
[  267.301387][T10927]  ? fib6_ifdown+0x7f5/0x8f0
[  267.301406][T10927]  fib6_ifdown+0x7f5/0x8f0
[  267.301420][T10927]  ? __pfx_fib6_ifdown+0x10/0x10
[  267.301432][T10927]  fib6_clean_node+0x2a4/0x5b0
[  267.301444][T10927]  ? __pfx_fib6_clean_node+0x10/0x10
[  267.301459][T10927]  fib6_walk_continue+0x44f/0x8d0
[  267.301471][T10927]  fib6_walk+0x182/0x370
[  267.301481][T10927]  ? __pfx_fib6_ifdown+0x10/0x10
[  267.301493][T10927]  fib6_clean_tree+0xd4/0x110
[  267.301503][T10927]  ? __pfx_fib6_clean_tree+0x10/0x10
[  267.301513][T10927]  ? find_held_lock+0x2b/0x80
[  267.301526][T10927]  ? __pfx_fib6_clean_node+0x10/0x10
[  267.301538][T10927]  ? __pfx_fib6_ifdown+0x10/0x10
[  267.301552][T10927]  ? __pfx_fib6_ifdown+0x10/0x10
[  267.301564][T10927]  __fib6_clean_all+0x107/0x2d0
[  267.301576][T10927]  rt6_disable_ip+0x2ec/0x990
[  267.301592][T10927]  ? __mutex_trylock_common+0xe9/0x250
[  267.301608][T10927]  ? __pfx___mutex_trylock_common+0x10/0x10
[  267.301623][T10927]  ? __pfx_rt6_disable_ip+0x10/0x10
[  267.301639][T10927]  ? rcu_is_watching+0x12/0xc0
[  267.301650][T10927]  addrconf_ifdown.isra.0+0x11d/0x1a90
[  267.301664][T10927]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  267.301682][T10927]  ? __pfx_addrconf_ifdown.isra.0+0x10/0x10
[  267.301697][T10927]  addrconf_notify+0x220/0x19e0
[  267.301712][T10927]  ? ip6mr_device_event+0x1bc/0x230
[  267.301728][T10927]  notifier_call_chain+0xbc/0x410
[  267.301741][T10927]  ? __pfx_addrconf_notify+0x10/0x10
[  267.301757][T10927]  call_netdevice_notifiers_info+0xbe/0x140
[  267.301774][T10927]  dev_close_many+0x319/0x630
[  267.301790][T10927]  ? rcu_is_watching+0x12/0xc0
[  267.301799][T10927]  ? trace_contention_end+0xdd/0x130
[  267.301813][T10927]  ? __pfx_dev_close_many+0x10/0x10
[  267.301828][T10927]  ? __mutex_lock+0x1ca/0xb90
[  267.301843][T10927]  ? __lock_acquire+0xaa4/0x1ba0
[  267.301856][T10927]  ? cfg80211_rfkill_set_block+0x29/0x50
[  267.301870][T10927]  netif_close+0x17f/0x230
[  267.301885][T10927]  ? __pfx_netif_close+0x10/0x10
[  267.301902][T10927]  dev_close+0xaa/0x240
[  267.301916][T10927]  cfg80211_shutdown_all_interfaces+0x9a/0x200
[  267.301930][T10927]  cfg80211_rfkill_set_block+0x35/0x50
[  267.301942][T10927]  ? __pfx_cfg80211_rfkill_set_block+0x10/0x10
[  267.301954][T10927]  rfkill_set_block+0x1fb/0x550
[  267.301967][T10927]  rfkill_fop_write+0x2c0/0x580
[  267.301979][T10927]  ? __pfx_rfkill_fop_write+0x10/0x10
[  267.301991][T10927]  ? __pfx_bpf_lsm_kernfs_init_security+0x10/0x10
[  267.302002][T10927]  ? security_file_permission+0x71/0x210
[  267.302018][T10927]  ? rw_verify_area+0xcf/0x680
[  267.302035][T10927]  vfs_write+0x25c/0x1180
[  267.302044][T10927]  ? __pfx_rfkill_fop_write+0x10/0x10
[  267.302058][T10927]  ? __pfx_vfs_write+0x10/0x10
[  267.302067][T10927]  ? find_held_lock+0x2b/0x80
[  267.302077][T10927]  ? __fget_files+0x204/0x3c0
[  267.302087][T10927]  ? __fget_files+0x20e/0x3c0
[  267.302098][T10927]  ksys_write+0x205/0x240
[  267.302108][T10927]  ? __pfx_ksys_write+0x10/0x10
[  267.302118][T10927]  ? rcu_is_watching+0x12/0xc0
[  267.302127][T10927]  ? rcu_is_watching+0x12/0xc0
[  267.302138][T10927]  __do_fast_syscall_32+0x73/0x120
[  267.302154][T10927]  do_fast_syscall_32+0x32/0x80
[  267.302170][T10927]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  267.302184][T10927] RIP: 0023:0xf703e579
[  267.302193][T10927] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  267.302203][T10927] RSP: 002b:00000000f4fec55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  267.302214][T10927] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000080000080
[  267.302220][T10927] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000
[  267.302226][T10927] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  267.302232][T10927] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  267.302239][T10927] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  267.302248][T10927]  </TASK>
[  267.302252][T10927] 
[  267.438966][T10927] The buggy address belongs to the variable:
[  267.440862][T10927]  __key.0+0x30/0x40
[  267.442106][T10927] 
[  267.442878][T10927] The buggy address belongs to the physical page:
[  267.444881][T10927] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1af83
[  267.447595][T10927] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff)
[  267.450053][T10927] raw: 00fff00000002000 ffffea00006be0c8 ffffea00006be0c8 0000000000000000
[  267.452723][T10927] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  267.455400][T10927] page dumped because: kasan: bad access detected
[  267.457419][T10927] page_owner info is not present (never set?)
[  267.459329][T10927] 
[  267.460102][T10927] Memory state around the buggy address:
[  267.461875][T10927]  ffffffff9af83b80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
[  267.464378][T10927]  ffffffff9af83c00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9
[  267.466884][T10927] >ffffffff9af83c80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
[  267.469542][T10927]                          ^
[  267.471019][T10927]  ffffffff9af83d00: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9
[  267.473541][T10927]  ffffffff9af83d80: 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9
[  267.475979][T10927] ==================================================================
[  267.478584][T10927] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  267.481008][T10927] CPU: 1 UID: 0 PID: 10927 Comm: syz.4.1252 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  267.484752][T10927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  267.488197][T10927] Call Trace:
[  267.489280][T10927]  <TASK>
[  267.490233][T10927]  dump_stack_lvl+0x3d/0x1f0
[  267.491720][T10927]  panic+0x71c/0x800
[  267.492979][T10927]  ? __pfx_panic+0x10/0x10
[  267.494429][T10927]  ? mark_held_locks+0x49/0x80
[  267.495947][T10927]  ? fib6_ifdown+0x7f5/0x8f0
[  267.497390][T10927]  ? fib6_ifdown+0x7f5/0x8f0
[  267.498821][T10927]  check_panic_on_warn+0xab/0xb0
[  267.500360][T10927]  end_report+0x107/0x170
[  267.501698][T10927]  kasan_report+0xee/0x110
[  267.503140][T10927]  ? fib6_ifdown+0x7f5/0x8f0
[  267.504611][T10927]  fib6_ifdown+0x7f5/0x8f0
[  267.505988][T10927]  ? __pfx_fib6_ifdown+0x10/0x10
[  267.507517][T10927]  fib6_clean_node+0x2a4/0x5b0
[  267.509045][T10927]  ? __pfx_fib6_clean_node+0x10/0x10
[  267.510714][T10927]  fib6_walk_continue+0x44f/0x8d0
[  267.512313][T10927]  fib6_walk+0x182/0x370
[  267.513689][T10927]  ? __pfx_fib6_ifdown+0x10/0x10
[  267.515253][T10927]  fib6_clean_tree+0xd4/0x110
[  267.516759][T10927]  ? __pfx_fib6_clean_tree+0x10/0x10
[  267.518449][T10927]  ? find_held_lock+0x2b/0x80
[  267.519940][T10927]  ? __pfx_fib6_clean_node+0x10/0x10
[  267.521644][T10927]  ? __pfx_fib6_ifdown+0x10/0x10
[  267.523219][T10927]  ? __pfx_fib6_ifdown+0x10/0x10
[  267.524819][T10927]  __fib6_clean_all+0x107/0x2d0
[  267.526359][T10927]  rt6_disable_ip+0x2ec/0x990
[  267.527854][T10927]  ? __mutex_trylock_common+0xe9/0x250
[  267.529591][T10927]  ? __pfx___mutex_trylock_common+0x10/0x10
[  267.531479][T10927]  ? __pfx_rt6_disable_ip+0x10/0x10
[  267.533131][T10927]  ? rcu_is_watching+0x12/0xc0
[  267.534704][T10927]  addrconf_ifdown.isra.0+0x11d/0x1a90
[  267.536427][T10927]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  267.538190][T10927]  ? __pfx_addrconf_ifdown.isra.0+0x10/0x10
[  267.540063][T10927]  addrconf_notify+0x220/0x19e0
[  267.541615][T10927]  ? ip6mr_device_event+0x1bc/0x230
[  267.543274][T10927]  notifier_call_chain+0xbc/0x410
[  267.544881][T10927]  ? __pfx_addrconf_notify+0x10/0x10
[  267.546554][T10927]  call_netdevice_notifiers_info+0xbe/0x140
[  267.548416][T10927]  dev_close_many+0x319/0x630
[  267.549936][T10927]  ? rcu_is_watching+0x12/0xc0
[  267.551450][T10927]  ? trace_contention_end+0xdd/0x130
[  267.553135][T10927]  ? __pfx_dev_close_many+0x10/0x10
[  267.554764][T10927]  ? __mutex_lock+0x1ca/0xb90
[  267.556262][T10927]  ? __lock_acquire+0xaa4/0x1ba0
[  267.557826][T10927]  ? cfg80211_rfkill_set_block+0x29/0x50
[  267.559622][T10927]  netif_close+0x17f/0x230
[  267.561051][T10927]  ? __pfx_netif_close+0x10/0x10
[  267.562593][T10927]  dev_close+0xaa/0x240
[  267.563920][T10927]  cfg80211_shutdown_all_interfaces+0x9a/0x200
[  267.565910][T10927]  cfg80211_rfkill_set_block+0x35/0x50
[  267.567627][T10927]  ? __pfx_cfg80211_rfkill_set_block+0x10/0x10
[  267.569560][T10927]  rfkill_set_block+0x1fb/0x550
[  267.571103][T10927]  rfkill_fop_write+0x2c0/0x580
[  267.572653][T10927]  ? __pfx_rfkill_fop_write+0x10/0x10
[  267.574348][T10927]  ? __pfx_bpf_lsm_kernfs_init_security+0x10/0x10
[  267.576357][T10927]  ? security_file_permission+0x71/0x210
[  267.578128][T10927]  ? rw_verify_area+0xcf/0x680
[  267.579690][T10927]  vfs_write+0x25c/0x1180
[  267.581081][T10927]  ? __pfx_rfkill_fop_write+0x10/0x10
[  267.582768][T10927]  ? __pfx_vfs_write+0x10/0x10
[  267.584302][T10927]  ? find_held_lock+0x2b/0x80
[  267.585794][T10927]  ? __fget_files+0x204/0x3c0
[  267.587274][T10927]  ? __fget_files+0x20e/0x3c0
[  267.588779][T10927]  ksys_write+0x205/0x240
[  267.590149][T10927]  ? __pfx_ksys_write+0x10/0x10
[  267.591684][T10927]  ? rcu_is_watching+0x12/0xc0
[  267.593202][T10927]  ? rcu_is_watching+0x12/0xc0
[  267.594741][T10927]  __do_fast_syscall_32+0x73/0x120
[  267.596392][T10927]  do_fast_syscall_32+0x32/0x80
[  267.597931][T10927]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  267.599922][T10927] RIP: 0023:0xf703e579
[  267.601206][T10927] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  267.607150][T10927] RSP: 002b:00000000f4fec55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  267.609752][T10927] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000080000080
[  267.612228][T10927] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000
[  267.614698][T10927] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  267.617171][T10927] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  267.619634][T10927] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  267.622116][T10927]  </TASK>
[  267.623775][T10927] Kernel Offset: disabled
[  267.625160][T10927] Rebooting in 86400 seconds..

VM DIAGNOSIS:
03:13:17  Registers:
info registers vcpu 0

CPU#0
RAX=000000000052db1b RBX=0000000000000000 RCX=ffffffff8b6983e9 RDX=0000000000000000
RSI=ffffffff8dbdcd2f RDI=ffffffff8bf47460 RBP=fffffbfff1c12ee8 RSP=ffffffff8e007e10
R8 =0000000000000001 R9 =ffffed10056465bd R10=ffff88802b232deb R11=0000000000000000
R12=0000000000000000 R13=ffffffff8e097740 R14=ffffffff90851f10 R15=0000000000000000
RIP=ffffffff8b696c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977e9000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080c00000 CR3=00000000748ed000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000097 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00001a3800000000 0000006400000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000079 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff854c43f5 RDI=ffffffff9ade2c40 RBP=ffffffff9ade2c00 RSP=ffffc90007846e70
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3966666666666666
R12=0000000000000000 R13=0000000000000079 R14=ffffffff9ade2c00 R15=ffffffff854c4390
RIP=ffffffff854c441f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880978e9000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000032df6ffc CR3=0000000062ec3000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000018800000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000026 RBX=000000000000000a RCX=1ffff920000a71b2 RDX=ffff8880236fa440
RSI=ffffffff815f11ec RDI=000000000000000a RBP=0000000000000017 RSP=ffffc90000538d00
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000032 R11=0000000000000000
R12=0000000000000046 R13=0000000000000000 R14=000000000000000a R15=ffffffff87b06fd0
RIP=ffffffff815f11f2 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880979e9000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f728ecf8 CR3=000000004ed49000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000097 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73f2ff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=ffff88802b3414a0 RCX=ffffffff81aea199 RDX=ffff8880205bc880
RSI=ffffffff81aea173 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900069f7938
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffed1005668295 R13=0000000000000001 R14=dffffc0000000000 R15=ffff88802b53b180
RIP=ffffffff81aea17a RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097ae9000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffff5258380 CR3=000000000e180000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 00c800a400000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000